Browsing by Subject "dApps"

In my thesis, I explore the roles and responsibilities of software developers as data controllers under the General Data Protection Regulation (hereinafter ‘GDPR’), focusing on the complexities arising from centralised and decentralised software development processes. I address two research questions: (i) taking into account the factors and considerations specific to centralised and decentralised software development processes, how can the roles and responsibilities of software developers as data controllers be determined under the GDPR? and (ii) how may the unique features of Decentralised Applications (hereinafter ‘dApps’) influence the assignment of data controllership in the context of the GDPR? To answer my research questions, I first start by establishing a comprehensive understanding of some relevant core concepts: data controllership, software development, and the varying levels of centralisation in software development. Thereafter, I analyse the roles of individuals within Software Development Companies, SDAs, open source projects, dApps, and smart contracts. In centralised development, assigning controllership is more straightforward, but some complex situations like joint controllership may arise in certain cases. Decentralised software development processes, like in open source projects, complicates the determination of data controllership due to dispersed decision-making across various roles. Examining these roles and different project categories helps to better understand potential data controllership allocations. Furthermore, I discuss specific challenges in determining data controllership in dApps and smart contracts. The totally decentralised nature of dApps and the immutability of its source code further complicates things when trying to identify a single entity with control over the processing of personal data. Additionally, establishing accountability (which is a cornerstone of data controllership), is difficult without control. Currently, no definitive guidance on this matter exists, suggesting that additional legislation may be needed to address the intricacies of decentralised systems within the context of the GDPR. Throughout my thesis, I emphasise the importance of a case-by-case analysis for determining data controllership, and provide insights into potential assessment outcomes. Overall, my research serves as a foundation for understanding software developers’ roles and responsibilities as data controllers in various development processes under the GDPR.