Deciphering blockchain's role in Danish decision-making: evaluating opportunities and challenges through the prism of due process

ABSTRACT

This paper explores the benefits and pitfalls associated with integrating a common blockchain model within a distinct administrative environment, focusing particularly on its effects on decision-making processes. The study is grounded in the doctrine of procedural due process, a holistic concept encompassing intertwined administrative rules and principles, designed to promote fairness and justice in decision-making, which can be succinctly distilled into three core principles: accuracy, integrity, and transparency. On initial examination, these principles seem to correspond with the fundamental characteristics of blockchain technology, which are identified as authenticity, integrity, and transparency. In our analysis, we measure the extent to which the attributes of blockchain technology align with the principles of the due process doctrine. An essential component of this assessment includes a meticulous examination of the practical merging of each characteristic within the decision-making procedure. The approach and practical applications explored in this study highlight the potential of blockchain technology to enhance adherence to due process, especially in areas where traditional trust-based systems have faltered in maintaining basic procedural safeguards. However, given the intricate complexity tied to its implementation, this technology should be regarded as a fallback option, strictly reserved for situations where the benefits of its utilisation unmistakably outweigh the numerous inherent risks. In the ensuing sections of this paper, we will delve deeper into these risks and propose actionable mitigation strategies.

KEYWORDS:

• Permissioned blockchain
• due process
• decision-making
• digital administration
• accuracy
• integrity
• transparency

1. Introduction

Denmark has been recognised for its extensive digitalisation efforts in public administration, showcasing an impressive array of over 8,000 IT solutions, including various self-service applications.¹ While these systems offer significant convenience to citizens, their limited interoperability has led to a fragmented digital infrastructure.² Recognising this challenge, the Danish government has placed a strong emphasis on promoting interoperable systems and decentralised cooperation, actively exploring the potential of blockchain technology as part of the solution.³

In 2018, the Danish Ministry of Business and Industry revealed Denmark's participation in the European Blockchain Partnership. This collaboration served as a strong indication of Denmark's recognition of the potential benefits offered by blockchain technology, particularly in terms of enhancing transparency and fortifying systems against errors and data tampering.⁴ Building on this partnership, Danish authorities have since undertaken exploratory efforts to examine and implement blockchain applications across a wide range of sectors. For instance, the Danish Maritime Authority is examining the incorporation of blockchain to boost efficiency, security and transparency in its services and operations.⁵ The Danish Tax Agency has collaborated with a private vendor to devise a blockchain system that records essential information about registered motor vehicles, such as inspection reports, mileage, claims, outstanding fines, and more.⁶ The Ministry of Foreign Affairs is contemplating the use of blockchain for emergency aid distribution, while the Danish Business Authority explores its potential in automating business reporting processes.⁷ Additionally, the social pedagogical municipal sector has tested a blockchain pilot for contract management.⁸

Denmark is not the only country delving into the utilisation of blockchain technology for public sector applications. Numerous other European nations, as well as the European Union (EU), are contemplating its adoption. Estonia, for instance, has leveraged blockchain to secure the precision of civic data, preserving its integrity, and averting unauthorised alterations.⁹ Conversely, Germany is assessing the application of blockchain technology in the federal asylum process with the aim of streamlining and augmenting transparency in the application and decision-making procedures.¹⁰ At the EU level, the European Blockchain Services Infrastructure (EBSI) operates as a collaborative initiative between the European Commission and the member states of the European Blockchain Partnership. Its primary function is to facilitate the provision of cross-border public blockchain services.¹¹

These initiatives appear to be unified by a common intent: to capitalise on the widely acclaimed data governance capabilities of blockchain technology, particularly its ability to guarantee authenticity, uphold integrity, and ensure transparency. While these attributes are undeniably advantageous for entities managing substantial volumes of data, like public administration, they also remain a topic of continued academic discourse. Certain experts posit that blockchains augment authenticity by facilitating tamper-proof data storage,¹² while others dispute this belief, arguing that blockchains are not intrinsically unalterable and can, in fact, be vulnerable to changes.¹³ Likewise, some academics acknowledge the transparency offered by the interconnected, tamper-evident structure of blockchains.¹⁴ However, others counter that the inherently transparent and publicly accessible nature of blockchains may inadvertently result in data privacy concerns.¹⁵ Central to this discourse is the understanding of how the specific type of blockchain deployed, its domain of application, and its envisioned use case intertwine. These elements collectively determine the data governance attributes of the technology.¹⁶

The extent to which these aspects have influenced Danish blockchain projects is currently indeterminate due to the absence of publicly accessible documents that outline the anticipated benefits and associated risks of implementation. To date, Denmark has not made any risk assessments public, leading to an undefined view of the potential advantages of these projects and whether they outweigh the accompanying risks and complications. Given the series of major public IT controversies that have beleaguered Denmark in the past decade, it is crucial to conduct thorough assessments to prevent future errors, delays, and potential erosion of public confidence in the digital overhaul of public administration.¹⁷

The current landscape of blockchain projects in Denmark appears to exhibit limited success. For instance, a project spearheaded by the Maritime Administration has encountered a delay exceeding 31 months and a budget overrun surpassing 100%.¹⁸ Similarly, a project conceived by the Danish Tax Agency for the automotive sector has been uncommunicative for years, suggesting potential implementation hurdles.

Given the escalating efforts to infuse blockchain technology across a spectrum of public sectors for various applications, including decision-making processes, this article aims to perform an in-depth exploration of the prospective benefits and drawbacks that come with such implementation. We will particularly examine the possible pros and cons of deploying a commonly utilised type of blockchain within a specific administrative domain, emphasising its impact on decision-making processes.

Our analysis will be grounded in the procedural due process doctrine, a concept that comprises administrative rules and principles designed to promote fairness and justice in decision-making. This doctrine, which we will further expound upon in the following sections, necessitates measures that safeguard the accuracy, integrity, and transparency of decision-making processes. Interestingly, these principles align with the inherent features of blockchain technology; generally renowned for its capacity to verify the authenticity, integrity, and transparency of data and processes. In light of these parallels, we pose the question: can blockchain technology be effectively leveraged to fortify procedural due process in administrative decision-making, and if so, how?

Our exploration commences by delineating the research approach, encompassing technical, legal, and practical facets pertinent to our research question. We then provide a succinct summary of the essential features and attributes of blockchain technology, followed by a discussion on the most suitable type of blockchain for administrative integration. Subsequently, we introduce a case study from the Danish administration, where decisions have been made without observing due process, which forms the bedrock of our subsequent analysis of blockchain integration. In this section, we hypothesise about the potential impact of integrating a blockchain within this specific domain on due process. Finally, we present our primary insights and conclusions derived from the study.

2. Research approach

The importance of adopting a contextualised and pragmatic approach when analysing the legal implications of blockchain technology is underscored by Eliza Mik. She emphasises that ‘technically, any assertion about blockchains as a whole should be qualified with regard to a particular blockchain. Thus, any legal assessment should focus on the specific type of blockchain under consideration and its intended application.'¹⁹ This assertion highlights the need to recognise the heterogeneity of blockchain technology, as different blockchains may exhibit distinct characteristics and serve various purposes. Consequently, an analysis of the legal implications of blockchain technology must take into account the unique features and intended use of the specific blockchain in question, a perspective we concur with.

Our aim is to investigate the potential role of blockchain technology in facilitating a just and equitable administrative decision-making process. Specifically, our study will assess the ability of blockchain technology to maintain procedural due process within the administrative framework. We employ ‘procedural due process’ as an umbrella term for fundamental administrative procedural safeguards such as fair hearing, accessibility, and confidentiality (the terms ‘due process’ and ‘due process doctrine’ are used synonymously to denote the concept of procedural due process). While it diverges from the Due Process Clause of the US Fourteenth Amendment, it upholds comparable foundational principles.

Procedural due process demands an enlightened decision-making process that employs reliable and comprehensive data for precise and reviewable decisions. Confidentiality throughout the decision-making process is essential to shield individuals from adverse outcomes while maintaining the integrity of information. Additionally, transparency and participation are crucial to ensure fairness and justice for all involved parties. These fundamental obligations, subsumed under the due process umbrella, can be distilled into three aspects concerning accuracy, integrity, and transparency.

To assess the efficacy of blockchain technology in promoting due process, we employ a comparative methodology that contrasts the broadly recognised attributes of blockchain, such as authenticity, integrity, and transparency, with the requirements of the due process doctrine. This approach enables us to determine the extent to which blockchain technology can bolster due process in administrative decision-making, while also identifying potential constraints or challenges. Our study ventures beyond the realm of the due process doctrine by taking into account the complementary principles articulated in Article 5 of the General Data Protection Regulation (GDPR).²⁰ These principles aim to endorse accuracy, integrity, and transparency in the processing of personal data, with a goal to protect the rights and freedoms of data subjects.²¹ Although these principles bear a distinct focus from the due process doctrine, which seeks to guarantee fairness in decision-making, they remain closely intertwined.

While we do not posit that it is impossible to develop a blockchain system designed for the stated due process objectives that fully sidesteps GDPR regulations, our analysis indicates that doing so would require significant sacrifices to the inherent technological features of blockchain technology. We argue that at a minimum, to guarantee a practical level of due process assurance from blockchain integration, the processing of certain referential pseudonymous data is inevitable, which we will elaborate on and exemplify in the following sections. This viewpoint is further corroborated by the Danish maritime and automotive blockchain projects, which operate under comparable conditions, incorporating on-chain processing of pseudonymized data such as licence plate details or a hashed representation, to aid decision-making within each field.²² Similarly, the German blockchain pilot project for asylum decisions appears to involve on-chain processing of pseudonymized personal data, as far as can be deduced from its white paper.²³

After defining the aim of blockchain application and setting the general criteria for our legal evaluation, it is crucial to pinpoint the most appropriate type of blockchain that aligns with our objective. Blockchain technology is generally categorised into three types: private permissionless, public permissionless, and permissioned, each with varying degrees of private and public access. Our study zeroes in on a private permissioned blockchain, which we will delve into more deeply in the following sections, starting with a rudimentary overview of the technology and its diverse components.

3. Blockchain technology and typologies

A blockchain is a decentralised digital ledger that records data transactions, replicated across a network of computer systems, referred to as ‘nodes’.²⁴ Each block in the chain contains multiple transactions, and the ledger of each participant is updated with a record of every new transaction added to the blockchain. This data is stored chronologically in an unalterable, verifiable manner, making the ledger a form of ‘long data’ rather than ‘big data’. Hashing, a key technique, ensures the immutability of data within the blockchain by generating a unique, fixed-length output (hash) based on the input (for example, a text string or a document). This hash serves as a digital fingerprint of the original input. Any modification to the input would result in a different hash, thereby affirming the data's integrity.²⁵

Apart from ensuring data integrity, hashing also guarantees the authenticity and transparency of the ledger. Each block in the chain is sealed with a hash of its contents, and this process is repeated for every new block, linking the blocks via their hashes to form the ‘blockchain’. Unlike traditional databases, a blockchain uses a shared ledger maintained by a network of nodes, which provide computational resources and storage capacity. To reach consensus on the current state of the distributed ledger, consensus algorithms like Proof of Work, Proof of Stake, or Practical Byzantine Fault Tolerance are utilised. These algorithms effectively establish consensus among numerous anonymous nodes and are prevalent in public, permissionless blockchains. The terms ‘permissionless’ and ‘public’ refer to blockchains that allow open participation, with the ledger being accessible to anyone for reading.

However, integrating a permissionless public blockchain into the decision-making process of public administration poses several significant challenges, including breaches of confidentiality and accountability issues arising from anonymous participation. In contrast, a ‘permissioned’ and private blockchain operates within a restricted group of participants, with the ledger being inaccessible to the public. Controlled access to the blockchain enables the enforcement of regulations. However, this leads to centralisation, potentially undermining some of the benefits associated with a blockchain solution. Still, by including autonomous entities like independent agencies as trusted participants in operating the blockchain, a degree of decentralisation can be preserved. This approach strikes a balance between regulatory enforcement and decentralisation, retaining some of the advantages of blockchain technology.

Furthermore, in this context, there is no need for a complex consensus algorithm based on mathematical problem-solving. A voting-based consensus mechanism, where nodes vote to add blocks, is sufficient. Compared to permissionless blockchains, this approach offers faster transaction speeds (as transactions require approval from a limited number of participants), lower energy consumption, and enhanced scalability (since a smaller set of nodes can validate transactions, the network can potentially handle a larger volume of transactions). Therefore, it is not surprising that the permissioned private (or hybrid) blockchain type is widely used in various administrative blockchain initiatives, such as the Swedish property rights registry, Danish maritime and automotive blockchain projects, the EU's EBSI project, and the German pilot for asylum procedures. Accordingly, our forthcoming analysis will utilise the same blockchain type, specifically, permissioned private.

4. Deciphering blockchain's role in decision-making through the prism of due process

4.1. Establishing context

As a precursor to assessing the potential of blockchain technology in augmenting due process, we will first examine a segment within the Danish administration that struggles considerably with upholding due process. This particular sector embodies the challenges intrinsic to preserving due process within conventional trust-based decision-making systems, and it offers a promising potential for the implementation of blockchain technology as a means to enhance due process adherence in decision-making.

4.1.1. The Danish social sector

In Denmark, individuals seeking social benefits must submit their applications through a centralised public portal, www.borger.dk, which acts as a unified access point. These applications are subsequently dispatched to the applicant's local municipality, which bears the responsibility of decision-making in accordance with the Social Services Act.²⁶ Municipal decisions can be appealed to the national appeals body, Ankestyrelsen (henceforth referred to as ‘ANS’), which also functions as a supervisory authority in the realm of social benefits, continuously monitoring municipal activities.²⁷

In 2015, nearly one-third of appeals related to a social provision allowing parents to obtain financial aid while caring for a sick child at home were sent back to the municipalities by ANS due to insufficient justification or overlooked critical facts.²⁸ In 2016, ANS undertook a review of 94 social decisions from ten different municipalities using a random sampling method. The review disclosed that in over half of the cases, ANS couldn't ascertain whether the compensation criteria were met due to inadequate documentation. Sometimes, essential information such as medical records, reports from educational institutions or day care centres, and employment status data were missing. A subsequent probe in 2019, focusing on cases returned to municipalities for reassessment, identified deficient documentation as the main reason for referrals,²⁹ highlighting the issue's persistent nature.³⁰

The appeal process for social decisions necessitates a substantial degree of trust between ANS and the municipalities, the latter being charged with selecting which files to present during the appeal. However, this trust is frequently compromised as ANS regularly faces inadequate documentation, which could originate from a range of factors, including municipalities’ failure to gather sufficient information during the discovery phase or poor document management practices. Regardless of the root causes, the shortfall in document management within municipalities, paired with a lack of transparency in the appeals process for both ANS and beneficiaries, emphasises the urgent need for enhancements in this sector. In the subsequent sections, we delve into the potential contribution of blockchain technology in tackling these issues.

4.2. The three dimensions of due process and their correspondence with blockchain technology attributes

The following analysis is grounded in the distinct context of the Danish social sector, adopting a case-based approach to effectively account for the unique attributes of the specific blockchain type and its domain of application. We aim to evaluate the feasibility and practicality of enhancing document management practices and other aspects integral to due process within the decision-making process for social benefits in Denmark, through the integration of a permissioned private blockchain. The forthcoming analysis is divided into three sections, each aligning with one facet of due process: accuracy, integrity, and transparency. Each section begins with a brief overview of pertinent regulations, followed by an assessment of the potential benefits and drawbacks of employing a permissioned blockchain to achieve the desired due process objectives.

4.2.1. Accuracy

According to the doctrine of due process and the data quality principle outlined in Article 5(1)(d) GDPR, it is incumbent upon the administration to ensure the accuracy of data collected for decision-making purposes. These principles necessitate the rectification of incorrect information or data that, despite being factually accurate, could induce confusion or uncertainty. Nonetheless, these principles do not prohibit the processing of inaccurate information in specific instances, such as when a doctor provides legally required information about an applicant's diagnosis to a public official, which later turns out to be incorrect, or when an incorrect date of birth for an applicant's child is recorded. In these cases, faulty records should not be deleted but supplemented with correct data to ensure a comprehensive record of events. Furthermore, these principles dictate that information must be complete; therefore, failure to record pertinent information related to an impending decision would result in an incomplete, and hence inaccurate, record of events.

To effectively examine how the integration of a permissioned blockchain in the social domain could facilitate compliance with these principles, it is necessary to consider both (1) the technical mechanisms used to ensure data accuracy and (2) the types of data that need to be processed on the ledger to guarantee precise and lawful documentation during the decision-making process.

1. From a technical standpoint, a blockchain employs a hashing algorithm to protect the integrity of data stored on-chain. Essentially, this algorithm embeds a hash into each block, computed using the hash profile of the previous block.³¹ This hash is not solely derived from the hash of the previous block (which would result in identical hashes) but also includes the data stored within the respective block, such as a text string. By acting as a unique identifier, the hash serves as a robust method for verifying the authenticity of data stored on the blockchain. When combined with the collective validation mechanism overseen by the nodes, this procedure ensures that the information recorded on the blockchain is tamper-evident. Any changes made to the data within a block will inevitably alter its corresponding hash, rendering the block invalid. This would cause a disruption in the chain, as the affected block would no longer maintain a connection to its preceding and subsequent blocks.

2. The degree to which this technical property contributes to ensuring and enhancing an accurate record of events is contingent on the data uploaded to the ledger from the municipality's local case system, taking into account that the blockchain records data in an immutable and distributed manner. Basically, all cases can be segmented into two broad categories of information: primary information, which directly relates to the case, and metadata, which pertains to the case but is not directly related. Primary information includes actual files, such as notes, statements and records, while metadata encompasses case and document numbers, thematic indicators (e.g. indicating that a document pertains to ‘consultation at a school’ or ‘medical certificate’) and issue dates. Uploading primary information to the blockchain involves processing personal and confidential data on-chain, posing increased risks to individuals due to the decentralised nature of the blockchain, which enables wider dissemination and circulation of such information. The challenges of enforcing the right to erasure on-chain further compound these risks. Additionally, this processing activity must comply with the data minimisation principle under Article 5(1)(c) GDPR, which stipulates that personal data should be adequate, relevant, and limited to what is necessary for the purposes for which they are processed. In this case, uploading primary information to the blockchain is not strictly necessary to achieve our objective, as a less intrusive alternative exists.

The alternative involves keeping the primary information off-chain within the systems of the relevant municipalities processing the case. In this approach, when a new document is issued and journaled on the case locally, a corresponding hash is created and uploaded to the distributed blockchain. Whether intentional or accidental, any alterations made to a document off-chain would result in a hash value that deviates from the hash stored on the blockchain, representing the authentic version of the document. This method offers the same tamper-evident assurances as the previous approach while processing significantly less data on-chain. An attempt to alter the hash on the blockchain ledger to match the hash of a tampered document would prove futile, as it requires consensus among network participants to change the state of the blockchain. Moreover, as previously mentioned, the blockchain ledger links the hashes from previous and current blocks, offering an added layer of systemic protection against tampering.

A limitation of this approach, however, lies in the fact that a hash is irreversible and thus cannot be traced back to the off-chain document from which it originated. Without the ability to link the on-chain hash to its off-chain source, we cannot validate the authenticity of the source. To facilitate this verification, it is necessary to create a bridge between the on-chain and off-chain environments. To address this, we propose uploading additional metadata from the case to the blockchain, such as the case and file numbers, alongside the hash (which we generate from the off-chain case files).

While case and file numbers forge a vital link between the on-chain and off-chain layers, necessary for hash verification, this alone does not ensure the accuracy of the recorded events. Consider a scenario where ANS has access to the on-chain data for an appeal case. With this access, ANS could verify the number of documents submitted by the municipality by comparing it to the case file count recorded on the blockchain. This method could help quickly identify discrepancies and facilitate further scrutiny, such as periodic sampling checks, to investigate the root cause of any differences. Nonetheless, according to a general principle of administrative law, an administrative authority is only required to provide information to another body if it is deemed relevant to a decision that the requesting body needs to make.³² The authority holding the information bears the responsibility for determining its relevance.³³ Therefore, a discrepancy between the number of files on the blockchain ledger and the received case dossier does not necessarily indicate an inaccurate or incomplete record of events. It is possible that the municipality did not consider certain documents necessary for the appeal case and, as a result, omitted them from the dossier sent to ANS.

To aid ANS in identifying cases where a discrepancy between the off-chain and on-chain file count may result from potential malpractice by the initial authority, we propose enriching the blockchain ledger with additional metadata associated with the off-chain documents. This metadata could include descriptors such as ‘school consultation’, ‘children's interview’, ‘medical declaration’, ‘new caseworker assigned’, and ‘access request rejection’. The integration of such references would enable ANS to better understand the implications of a specific document's absence from the case dossier. This approach would not only offer the necessary oversight but also maintain the confidentiality of the documents, as the thematic references (descriptors) would only reveal events, not individuals.

Furthermore, to enhance the accuracy and reliability of the recorded events, it would be advantageous to incorporate the issue dates of the documents into the blockchain ledger. This would create an immutable chronological timeline of the case, offering all stakeholders, including applicants, clarity about the municipal body's actions and timeline of events. This approach aligns with the Danish Ombudsman's recommendation, who advocates for an immutable issuance date for digital documents to preserve their integrity and authenticity. A recent case involving the City of Copenhagen underscores the significance of such measures, where the Ombudsman was alerted to a situation where the date on a digital letter from the city was modified during the submission from ANS to the Ombudsman's office.³⁴

The proposed blockchain approach offers a means to supply a verifiable summary of the case to the appellate body, thereby fostering a more comprehensive review of the case and potentially enhancing the accuracy of decision-making at the initial and appellate levels. Moreover, providing stakeholders access to such data on-chain could bolster their capacity to monitor proceedings, obtain relevant documents, verify document authenticity, and detect any missing information. For example, in social cases, party hearings are common, and the absence of a document related to this theme on-chain may trigger inquiries from the applicant.

By affording all stakeholders on-chain access and oversight of the decision-making process, this approach could bolster the accuracy aspect of procedural due process. However, it does not offer guarantees against the misconduct or incompetence of case workers. The quality of the data stored on the blockchain ledger is contingent on the quality of the input. Nonetheless, the consciousness of being logged on the blockchain might deter case workers from bypassing processes, potentially leading to improved data accuracy.

In conclusion, the incorporation of blockchain technology holds the potential to enhance the accuracy of the decision-making process within the social domain. Yet, a holistic evaluation of its impact on the doctrine of due process must consider not only its effect on accuracy but also its influence on integrity and transparency. The sections that follow offer a comprehensive analysis of these facets.

4.2.2. Integrity

Administrative law is instrumental in preserving the integrity of information, particularly in protecting individual privacy. This involves preventing public officials from unauthorised access or personal misuse of citizens’ personal information.³⁵ The GDPR reinforces the importance of data integrity by obligating the data controller³⁶ to put in place appropriate measures to avert unauthorised or illegal processing, accidental loss, destruction, or damage of personal data.³⁷ ‘Measures’ refer to any tools or methods a controller can use to achieve the intended processing purpose. Article 32(1) of the GDPR offers a non-exhaustive list of factors that controllers must contemplate when evaluating the appropriateness of a measure, such as the current state of technology and risks of varying degrees of likelihood and severity to the rights and freedoms of individuals. Thus, controllers must acknowledge technological advancements like blockchain that may present novel opportunities for data protection.³⁸ Article 32(1) of the GDPR also enumerates risk mitigation measures such as ensuring the integrity, availability, confidentiality, resilience, and pseudonymisation of personal data.³⁹

In the previous section, we highlighted the significance of including specific metadata on the blockchain to achieve our goal of accurate decision-making through the adoption of blockchain technology. This metadata comprises a hash generated from off-chain documents related to the social case, along with a case and file number, a thematic reference, and issue dates of the documents. In this section, we will delve deeper into the previous approach and focus on how the blockchain safeguards the integrity of this data. We will start by exploring how a permissioned blockchain integrated into the social domain technically upholds data integrity. Subsequently, we will analyse how this specifically applies to the aforementioned metadata and how it aligns with the legal principles of integrity.

Technically speaking, a blockchain employs a verification mechanism to maintain data integrity. This mechanism involves connecting the hashes assigned to each block in a sequential structure, akin to dominos, meaning that any alteration to a block can have a ripple effect, jeopardising the entire chain. When a new block is proposed for addition to the existing chain, the nodes within the network collaborate to verify that the proposed block connects accurately to the previous. Only upon this confirmation, and assuming no other discrepancies throughout the chain, is the block appended. This rigorous validation process ensures not only the authenticity and accuracy of the data, as previously discussed, but also the integrity and continuity of the blockchain.

Moreover, the regular synchronisation and distribution of the blockchain ledger among the nodes offer high security by creating multiple backup points, thereby ensuring fault tolerance in the event of a node failure or compromise. This aligns with Article 32(1) of the GDPR, which mandates the restoration of the availability and access to personal data in the event of physical or technical incidents. However, to preserve the benefits of decentralisation, especially in a public sector context where system operation outsourcing is common, it is crucial to implement contractual terms that prohibit nodes from outsourcing their processing operations to the same subcontractors.⁴⁰ While the blockchain assures data availability, it lacks a mechanism to prevent unauthorised access to the data stored on its ledger. Hence, additional security measures, such as access controls and encryption, are essential to limit access to staff members, visitors at the managing agency or organisation, or sub-providers.

With regard to the impact of the proposed blockchain solution on individuals’ rights and freedoms as per Article 32(1) GDPR, it is crucial to acknowledge that distributing personal data across multiple decentralised nodes can pose greater risks to individuals than traditional client-server systems. To mitigate these risks, suitable measures must be taken, one of which is pseudonymisation, as articulated in Article 32(1)(a) GDPR. Pseudonymisation involves obscuring personal identifiers in data by replacing elements such as names and addresses with random sequences, which de-identifies the individual while retaining the option of re-identification through additional information.⁴¹ As previously discussed in relation to data accuracy, we propose confining the decision-related data stored on the blockchain ledger to pseudonymised metadata, which includes a hash of each document in the case, a case and file number, a thematic reference, and the issue dates of the documents.

While this approach mitigates many concerns, it does not completely address the implications for individuals’ rights and freedoms stemming from the inherent immutability of a blockchain. Once metadata is uploaded to the blockchain ledger, it is there to stay, as data removal from a distributed ledger poses significant challenges. This raises questions regarding the practical enforcement of the right to erasure. For instance, even a minor modification like erasing a single character of on-chain data alters the hash of the affected block entirely. This change then cascades through the chain, as subsequent blocks are linked with the original hash of the altered block. As a result, the modified block has a completely different hash, leaving subsequent blocks with an invalid reference hash. This disruption means new blocks cannot be validated and added to the chain. To effectively erase information from a blockchain, you need to remove the data from all distributed copies, requiring consensus among nodes and the re-linking of all hashes associated with the blocks succeeding the altered one. This process could even necessitate creating an entirely new chain, known as ‘forking’. The blockchain's immutability is a double-edged sword – it ensures data integrity but challenges personal integrity by providing no practical means for information removal.

Nonetheless, individuals must be allowed to exercise their right to erasure in compliance with legal requirements when the processing of their personal data is no longer necessary for the purpose for which it was collected.⁴² In our case, where the blockchain processes data to ensure due process, this purpose is no longer justified once a final decision has been reached, the appeal process has not been exhausted within the specified time frame, or no request for review has been made. At this juncture, the data linked to the resolved case is no longer required to be processed on the blockchain to accomplish the intended purpose. The processing of such data may, however, still be considered legally necessary under specific circumstances, even after a final decision has been made, as specified in Article 17(3)(b) GDPR.

This provision encompasses situations where processing is required to fulfil a legal obligation or to perform a task that falls within the exercise of official authority. An example of a task that falls within the exercise of official authority is the obligation to document all relevant aspects of a case, even after its conclusion, for a certain period. The consideration of the authority's documentation was the basis for a 2018 ruling by the Danish Data Protection Authority (DPA) in response to a complaint from an individual who requested a municipality to delete his personal information related to a previous case. The complainant argued that the information was no longer necessary for the municipality to retain since the case had been concluded. However, the DPA determined that the municipality’s obligation to document and maintain records of all aspects of the case outweighed the complainant’s interests in having his personal information deleted.⁴³ The DPA ruling did not disclose the time frame between the municipal decision and the deletion request and therefore did not address for how long the processing can continue after the decision has been made based on the exercise of official authority tasks. According to established Danish practice, case files are generally considered necessary for official tasks for up to five years after the conclusion of the case, for documentation purposes (sometimes longer). After this period, the case files are regularly disposed of.

Considering these factors in our scenario suggests that the metadata from the social case stored on the blockchain can be legally processed for approximately five years from the case's conclusion. After this period, when the municipality disposes of the case files locally, the GDPR no longer governs the data on the blockchain, as it no longer corresponds to an identifiable individual. A hash referencing a deleted document content and the case and file numbers referring to a discarded case cannot be tied from the blockchain to a particular individual, regardless of the supplementary information such as the issue date or a thematic reference, like ‘medical certificate’ or ‘party hearing of school.’ These references pertain only to events, not individuals.

However, the assertion that this approach sufficiently anonymises the on-chain data is not entirely uncontroversial. While Carol R.W. De Meijer has advocated for this approach,⁴⁴ Anisha Mirchandani has voiced reservations, indicating that hashed personal data might still be regarded as pseudonymised data under GDPR even if the personal data is deleted off-chain.⁴⁵ Mirchandani's argument appears to suggest that a hash in itself can be considered personal data. We will explore these positions and their implications for our scenario in the following section.

According to the European Court of Justice's ruling in C-582/14 (Patrick Breyer), a hash stored within a blockchain-based system that serves as a referential marker for off-chain case-specific data may be classified as personal data. This aligns with the Court's argument that a dynamic IP address can be considered personal data if the website provider can identify the registered individual legally and without substantial practical difficulty by accessing required information from a third party. The question of whether a hashed version of personal data is viewed as personal data under the GDPR thus hinges on the ease of re-identifying the individual. If the steps taken to re-identify the individual do not present significant practical difficulties, then the hashed version of personal data is not considered anonymous and falls within the GDPR's purview. Conversely, if re-identification poses substantial practical difficulties, the hashed version of personal data may be deemed anonymous and, therefore, outside the GDPR's scope.

Unlike encryption, hash values cannot be traditionally reversed, which minimises the risk of decryption. However, if the range of possible input values is known, it is still possible to ascertain the original input value of a hash. This is referred to as a ‘hash collision’. For instance, if a dataset has been pseudonymised by hashing national identification numbers, the original ID can be determined by applying a hash function to all possible input values and comparing the outcomes to the values in the dataset, a process known as a ‘brute force attack’.⁴⁶ Unlike the Danish CPR number, which has a consistent input value of 10 digits, our scenario involves generating hashes based on various types and lengths of social case files. Therefore, the input values vary, making it extremely difficult, if not impossible, to determine the original input value (i.e. the document content) by applying a hash function to all potential inputs. As such, the risk of re-identification through a hash collision attack is not a concern because executing such an attack would entail significant practical difficulties. In our case, the concern raised by Mirchandani does not apply, as the GDPR would no longer govern the on-chain hashes generated from discarded case files due to the Breyer-doctrine of significant practical difficulties.

However, in exceptional circumstances when a case holds historical, administrative, or legal significance, archival legislation mandates its indefinite preservation.⁴⁷ In such instances, the case files are transferred from the local administrative case system to a separate historical archive, managed by an independent authority. If such a situation were to occur in our scenario, the metadata processed on-chain could be associated with the archive, thereby falling within the GDPR's purview if re-identification could be accomplished without significant practical difficulties. In this case, the municipality would no longer have a legitimate processing purpose under the GDPR, making the on-chain processing of metadata unlawful. As a result, it is imperative to adopt measures that ensure the ongoing on-chain processing of related metadata remains outside the GDPR's scope. In our view, there are two possible methods to achieve this objective.

The first method entails modifying the case number of the original case file prior to its archival. This modification would impose substantial practical difficulty in tracing the on-chain metadata back to the specific case, thereby effectively anonymising the on-chain data. However, it is crucial to understand that this approach requires alterations to the document's content, which may contradict the intentions of archival legislation that seeks to ‘preserve’ documents in their unaltered state. The second method proposes a system alteration that automatically generates two document numbers when a new case document is created. One number would serve the conventional role of organising the documents locally, while the other would create a link between the blockchain solution and the local case. Only this latter document number would be uploaded to the blockchain. This number could be locally erased during the archival process as it would hold no association with the actual documents or case. Both methods present potential solutions to navigate the intricacies of GDPR regulations. However, the second method is more in line with the objectives of archival legislation as it ensures the preservation of original and authentic documents while maintaining on-chain anonymity.

If re-identification presents significant practical challenges, the metadata would be considered anonymous, requiring no further measures. As elucidated by the ECJ in Case T-557/20, SRB v EDPS, if the data recipient lacks any additional information enabling them to re-identify the data subjects and does not possess lawful means to access such information, the transmitted data can be deemed as anonymised and therefore, not personal data. The entities responsible for the blockchain, the nodes, may be considered recipients of the metadata processed on-chain, irrespective of whether they overlap with the authorities operating the local case management systems from which this metadata originates.

Upon archiving, the question arises whether these nodes possess any additional information that would enable them to re-identify the data subjects and have legal means to access such information. The answer depends on the archival legislation of the respective country. In Denmark, for example, archives containing social cases are only accessible after a 75-year retention period from the time of archiving. This lengthy retention period is due to the sensitive nature of the information these cases hold, such as details from school consultations, interactions with parents, medical reports, annual statements, and pay slips.⁴⁸ Given this restricted access, the situation aligns with the criteria of the Breyer doctrine, at least temporarily. By the time the retention period concludes, which is likely to be more of academic interest than practical relevance, the case becomes publicly accessible, and hence the metadata can be linked to the archived files with relative ease. However, as most data subjects are presumably deceased by this point, and since the GDPR does not apply to the processing of information of deceased individuals, time essentially resolves the issue. That being said, it is important to note that archival legislation typically includes exceptions that permit earlier access, underscoring the need to factor in this legal domain in the deliberations.

Permissioned blockchains offer numerous advantages such as tamper-proof record-keeping, broad accessibility, and continuous availability. Overall, the risks posed to data subjects appear minimal, provided the types of information to be recorded on the blockchain ledger are carefully managed, and the nuances of archival laws are thoughtfully considered. Although the proposed approach holds significant potential for ensuring due process and integrity in decision-making processes, a comprehensive assessment of the blockchain network's configuration is crucial. This assessment should consider the actors involved and the number of participants needed to effectively contribute to the solution. However, given the scope of this article, a detailed exploration of every aspect of this complex issue is unfeasible. We acknowledge this limitation and encourage further research in this area. As we progress, our focus now transitions to the final aspect of our due process analysis, which concerns transparency.

4.2.3. Transparency

In the section on accuracy, we detailed the types of information from a social case that necessitate on-chain processing to ensure precise case handling, while also adhering to the principles of integrity, which we explored in the following section. This information includes the hashes of off-chain case files, case numbers, document numbers, thematic references, and issue dates (metadata). In this section, we delve deeper into how the on-chain processing of such information can enhance the transparency of the decision-making process within the social sector.

In line with the previous sections, we commence by delineating the general legal obligations associated with maintaining transparency in public administrative processes. Transparency in the decision-making process is a fundamental component of due process. This is evident in various legal provisions that dictate access to case files, mandate hearing procedures, and define design requirements for new public IT systems to facilitate accessible and prompt requests for access.⁴⁹ Transparency is also a critical requirement in data protection law, as embodied in Article 5(1)(a) of the GDPR, which stipulates that personal data processing must occur in a transparent manner. The GDPR further elucidates this principle in Articles 13-14, which assert the data subject's right to be informed about the processing purposes. Article 15 outlines the data subjects’ right to access their personal data. Moreover, Article 12 of the GDPR mandates that the controller must provide information in a concise, transparent, intelligible, and easily accessible manner. If the information is provided electronically, it should be in a readily accessible format. This all underscores the importance of transparency in both decision-making processes and data protection practices.

Transparency is heralded as one of the primary benefits of blockchain technology.⁵⁰ By employing hashing algorithms and securing data in immutable blocks, information can be traced with ease and integrity preserved.⁵¹ In our context, the blockchain presents an opportunity to provide real-time updates to all stakeholders involved in a social case through a front-end interface. Drawing on guidance provided by the European Data Protection Board (EDPB) on privacy dashboards,⁵² informational dashboards could be integrated on the blockchain, and linked to the municipal system via an API bridge, periodically initiating pull requests from the local case systems for predesignated metadata categories. This approach could streamline the process of requesting and accessing documentation, as stakeholders can actively participate and more readily locate documents related to their cases by referencing the document number, issue date, and theme listed on the blockchain dashboard. Document transparency would be one potential benefit, but procedural transparency could also be improved, making it easier to identify and react to irregularities.

Consider, for example, a caseworker handling a social benefits case. The caseworker receives a statement from the applicant's employer without involving the applicant, even though this is required by law. When the statement is logged in the case file, the document number and theme, ‘statement from employer’, would automatically be logged onto the blockchain. As long as the applicant has access to this information, he or she would be promptly notified of this procedural step, allowing them to respond and request a consultation. Furthermore, if a decision has already been made, the information on the dashboard could assist the applicant in building a stronger appeal case.

The dashboard could also be designed to fulfill the GDPR's requirements for mandatory disclosure of information to data subjects, as outlined in Articles 13 and 14. However, to comply with the principles of data integrity discussed in the previous section, such information should not be attributable to a specific individual, either independently or in combination with additional metadata processed on-chain.

Another facet of transparency, extending beyond informational access, pertains to accountability. This presents a challenge in the decentralised structure of the blockchain. Under the GDPR, the controller, defined as the entity that determines the purposes and means of processing, holds primary responsibility for the lawful processing of personal data. In the context of a distributed blockchain ledger involving multiple participants, joint controllership is established per Article 26 of the GDPR to the extent that they jointly determine both the purposes and means of processing.

Determining joint controllership requires assessing the influence each participant has on the purpose and means of processing. This is specifically done by evaluating the reasons for processing (i.e. the purpose) and the methods of processing (i.e. the means used to achieve that purpose).⁵³ This evaluation can be inferred from the agreement regarding the purpose and scope of processing among the entities subscribing to the blockchain system.⁵⁴

Contextual factors, such as a voting-based consensus algorithm, can provide additional evidence to demonstrate actual control over the means of processing. For example, if the algorithm ensures that a participant can influence the collective validation process, which determines which blocks are permitted to be stored on the blockchain ledger, this may serve as sufficient proof of influence.

Despite any internal agreements that may redistribute controller responsibilities, data subjects retain their GDPR rights against each controller.⁵⁵ This, to some extent, alleviates the complications of not being able to pinpoint where data responsibility resides within a decentralised network.

5. Conclusion

The approach and use case presented in this study underscore the potential of blockchain technology to enhance adherence to due process, particularly in sectors where conventional trust-based structures have struggled to restore necessary procedural safeguards. However, given the highly complex nature of its application, the deployment of blockchain-based solutions should be seen as a last resort, reserved for instances where the benefits unequivocally surpass the associated risks.

The Danish Agency of Digital Government, housed within the newly established Ministry of Digitisation, has cautioned against the adoption of nascent technologies in public services without a clear demonstration of their advantages outweighing the risks.⁵⁶ With blockchain technology still in a phase of ongoing development and maturation, a careful and thorough evaluation of the risk profile associated with each specific use case is paramount.

Furthermore, due to the innovative nature of the technology, the potential for substantial data processing through distributed network operation, challenges associated with data removal from the blockchain ledger, and the uneven power distribution between public bodies controlling the operation and data subjects participating in it, a Data Protection Impact Assessment (DPIA) would be mandatory.

In conclusion, the aim of this study was not to propose blockchain technology as a universal solution for procedural injustices. Instead, it sought to stimulate informed and educated discussions among lawmakers and policymakers, promoting a realistic appraisal of blockchain technology's potential within administrative decision-making processes, while also underscoring the considerable work required to transform technological features into regulatory layers that provide genuine value. This study serves as a basis for further research and development, shedding light on the possibilities of blockchain technology while also acknowledging its limitations and the careful considerations required for its successful implementation.

Disclosure statement

No potential conflict of interest was reported by the author(s).

Additional information

Notes on contributors

Jøren Ullits

Jøren Ullits is an associate professor at the University of Southern Denmark, with a particular research interest in the intersection between technology and law. His research focuses on the development of digital administrative solutions that comply with administrative law, administrative principles, and data protection legislation.

Notes

1 European Commission, 'Digital Economy and Society Index (DESI) 2022' (2022) 14, in which Denmark is considered one of the most digitalised EU nations <https://ec.europa.eu/newsroom/dae/document.cfm?doc_id=67086> accessed 1 January 2023, UN, 'UN E-Government Surveys' (2018) and (2022) ranking Denmark in 1st place due to its extensive transformation of administrative processes <https://publicadministration.un.org/en/Research/UN-e-Government-Surveys> accessed 1 January 2023.

2 These digital solutions encompass a range of services, such as registering businesses, obtaining building permits, filing taxes, enrolling in educational programs, communicating with healthcare providers, and accessing social services, among others.

3 The Danish Government, the Danish Regions and the Association of Municipalities (KL), 'Digitalisation pact – A New Direction for Public Collaboration' (March 2019) <https://digst.dk/media/19919/digitaliseringspagt-en-ny-retning-for-det-faellesoffentlige-samarbejde.pdf> accessed 1 January 2023, in Danish.

4 Ministry of Industry, Business and Financial Affairs, 'Denmark Signs Joint European Blockchain Declaration' (2018) <https://em.dk/nyhedsarkiv/2018/juni/danmark-underskriver-faelles-europaeisk-blockchain-erklaering> accessed 12 January 2023, in Danish.

5 Ministry of Finance, ‘Strategy for Denmark’s Digital Growth’ (2018) <https://eng.em.dk/media/10566/digital-growth-strategy-report_uk_web-2.pdf> accessed 12 January 2023.

6 Deloitte, 'Blockchain in the Public Sector' (2017) <http://publicperspectives.dk/wp-content/uploads/2018/01/Blockchain-i-den-offentlige-sektor.pdf> accessed 12 January 2023, in Danish.

7 Ibid.

8 Kombit, 'Blockchain in a Municipal Administration' (2018) <https://www.kombit.dk/indhold/blockchain-i-en-kommunal-administration> accessed 25 January 2023, in Danish.

9 e-estonia, 'KSI Blockchain in Estonia’ (2020) <https://e-estonia.com/wp-content/uploads/2020mar-faq-ksi-blockchain-1-1.pdf> accessed 25 January 2023.

10 The German Federal Office for Migration and Refugees ‘Development of a GDPR-compliant blockchain solution for the German asylum procedure’ 2019 <https://www.bamf.de/SharedDocs/Anlagen/EN/Digitalisierung/blockchain-whitepaper.pdf?__blob=publicationFile&v=2> accessed 25 January 2023.

11 EBSI, 'What is EBSI?' <https://ec.europa.eu/digital-building-blocks/wikis/display/EBSI/What+is+ebsi> accessed 25 January 2023. See also Consensus blog, 'Which Governments are Researching CBDCs Right Now?' <https://consensys.net/blog/enterprise-blockchain/which-governments-are-using-blockchain-right-now> accessed 2 February 2023.

12 Primavera De Filippi and Aaron Wright, Blockchain and the Law: The Rule of Code (Harvard University Press 2018), 33-37, 46; Marc Pilkington, 'Blockchain Technology: Principles and Applications', in F. Xavier Olleros and Majlinda Zeghu (eds), Research Handbook on Digital Transformations (Edward Elgar Publishing 2016), 225; Mihalis Kritikos, 'What if Blockchain Offered a Way to Reconcile Privacy with Transparency?' (2018) European Parliamentary Research Service 1 <https://www.europarl.europa.eu/RegData/etudes/ATAG/2018/624254/EPRS_ATA(2018)624254_EN.pdf> accessed 2 February 2023; Asger B Pedersen, Marten Risius and Roman Beck, 'A Ten-Step Decision Path to Determine When to Use Blockchain Technologies' (2019) 18 MIS Quarterly Executive 99, 99; Svein Ølnes, Jolien Ubacht and Marijn Janssen, ‘Blockchain in Government: Benefits and Implications of Distributed Ledger Technology for Information Sharing’ (2017) 34 Government Information Quarterly 355, 359.

13 Daniel Conte de Leon and others, 'Blockchain: Properties and Misconceptions' (2017) 11 Asia Pacific Journal of Innovation and Entrepreneurship, 286, 290; Michèle Finck, Blockchain Regulation and Governance in Europe (Cambridge University Press 2018), 30; Angela Walch, 'The Path of the Blockchain Lexicon (and the Law)' (2016) 36 Rev Banking & Fin L 713, 738.

14 De Filippi and Wright (n 12), 37, 69; Kritikos (n 12) ; Julie Maupin, ‘The G20 Countries Should Engage with Blockchain Technologies to Build an Inclusive, Transparent, and Accountable Digital Economy for All’ (G20 Insights, 16 March 2017) <http://www.g20-insights.org/wp-content/uploads/2017/03/g20-countries-engage-blockchain-technologies-build-inclusive-transparent-accountable-digital-economy.pdf> accessed 2 February 2023; Pedersen, Risius and Beck, 'A Ten-Step Decision Path to Determine When to Use Blockchain Technologies', 99; Ølnes, Ubacht and Janssen (n 12).

15 Daniel Conte de Leon and others (n 13); Michèle Finck (n 13); Angela Walch (n 13).

16 See in this regard, Asger B Pedersen, Marten Risius and Roman Beck (n 14), which offers a decision path to determine whether the application of blockchain is justified and, if so, which kind of blockchain technology to use.

17 Recent controversies in the Danish public sector encompass a range of issues, including a severely postponed digital real estate registration system, a now-defunct debt collection system, a countrywide AI-based property valuation system presently in breach of legal regulations, and the obligatory rollout of a new national authentication application. This application, which serves as the gateway to all public digital services and banks, proved to be excessively complicated for a significant portion of the population, thereby inadvertently barring them from these services.

18 Jakob Engelund Vistisen, 'The Maritime Administration's Blockchain Nightmare: Three Years Behind Schedule and 100% Beyond the Budget', News Medium Ing, September 20, 2021 <https://pro.ing.dk/digitech/artikel/soefartsstyrelsens-blockchain-mareridt-tre-aar-forsinket-og-100-procent-over> accessed 2 February 2023, in Danish.

19 Eliza Mik, 'Blockchains – A Technology for Decentralized Marketplaces', in Larry A. DiMatteo, Michel Cannarsa, and Cristina Poncibò (eds), The Cambridge Handbook of Smart Contracts, Blockchain Technology and Digital Platforms (Cambridge University Press, 2019) 160, 162. The same is concluded in a blockchain whitepaper by the German Federal Office for Migration and Refugees, stating that 'there is … no ‘one’ type of blockchain'. See the German Federal Office for Migration and Refugees ‘Development of a GDPR-compliant blockchain solution for the German asylum procedure’ 2019, 15.

20 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

21 Article 5 GDPR stipulates several requirements that must be met when processing personal data. Notably, personal data must be processed transparently 5(1)(a), accurately 5(1)(d), and with appropriate security measures in place to safeguard the data 5(1)(f).

22 The GDPR treats pseudonymised personal data with the same security standards as non-pseudonymised personal data, regardless of whether the hashing technique used for pseudonymisation is irreversible. This stance is endorsed by the Article 29 Working Party in its Opinion 05/2014 on Anonymisation Techniques, 20, ratified on April 10, 2014.

23 The German Federal Office for Migration and Refugees ‘Development of a GDPR-compliant blockchain solution for the German asylum procedure’ 2019, 22: 'In order to implement the requirements of the GDPR, particularly the right to erasure, no personal data is stored on the blockchain. Indeed, the current plan is for there to be no other data stored on the blockchain for each process update other than the individual asylum application’s unique, pseudonymised attribution characteristic' (our italics).

24 Despite numerous attempts to define and categorise blockchain technology, a universally accepted definition of this complex concept remains elusive. One definition, offered by InterPARES Trust, characterises blockchain as 'an open-source technology that supports reliable, immutable records of transactions stored in publicly accessible, decentralized, distributed, automated ledgers'. InterPARES Trust, 'Blockchain' <https://interparestrust.org/terminology/term/blockchain> accessed 10 February 2023. Although the provided definition offers some insights, it is incomplete as blockchains may not always be open-source, publicly accessible or decentralised. Numerous terms are used to describe blockchain, some interchangeably or with subtle differences, while others signify entirely distinct concepts. For example, blockchain is occasionally referred to as distributed ledger technology (DLT), shared ledger technology (SLT), or distributed databases, perhaps in an attempt to dissociate it from negative connotations linked to illicit activities like pyramid schemes and the Silk Road. These intricacies highlight the difficulties in arriving at a unified definition of blockchain and underscore the multifaceted nature of the technology. See Angela Walch (n 13), 713, 719, 722.

25 It is extremely unlikely, but two inputs can emit the same hash, referred to as a hash collision.

26 The Social Services Act (LBK nr. 170 of January 24, 2022) <https://www.retsinformation.dk/eli/lta/2022/170> accessed 10 February 2023.

27 There is no administrative court in Denmark.

28 ANS, ‘Case Law Study on Loss of Earnings According to § 42 of the Service Act’ (2017) <https://ast.dk/publikationer/ankestyrelsens-praksisundersogelse-om-tabt-arbejdsfortjeneste-efter-servicelovens-ss-42/@@download/publication> accessed 25 February 2023, in Danish.

29 ANS, ’Evaluation of Referred Decisions’ (2019) <https://ast.dk/publikationer/rapport-evaluering-af-hjemviste-afgorelser-2019/@@download/publication> accessed 25 February 2023, in Danish.

30 In the realm of disability benefits, another report found that a staggering one in three cases from 2013–2021 lacked sufficient documentation. See Casper Lykkegaard Pedersen, Kåre Kildall Rysgaard, ’There have been mistakes for years in disability cases. State auditors are criticising that the ministry does not rectify them’, DR <https://www.dr.dk/nyheder/indland/fejl-paa-fejl-i-handicapsager-ministre-faar-kritik-lade-fejl-i-handicapsager> accessed 4 March 2023, in Danish.

31 To illustrate, the hash of block 1 (A) is combined with the hash of block 2 (B) to produce AB. The hash of block 3 (C) is then combined with AB to produce ABC and so on.

32 This principle has been enshrined in the Danish Administrative Act Sect. 31: 'To the extent that an administrative authority is entitled to disclose a piece of information, such authority shall disclose the information to another administrative authority if so requested provided that the information is of significance to the activities of that authority or to a decision to be made by such authority' (unofficial translation).

33 A similar principle can be inferred from the necessity criteria outlined in Articles 6 and 9 GDPR.

34 The Danish Parliamentary Ombudsman, case no. 21/02499 of 14 February 2022 <https://www.ombudsmanden.dk/find/nyheder/alle/endelige_kommunale_dokumenter/brev_til_ankestyrelsen> accessed 4 March 2023, in Danish.

35 See for example in the Danish Administrative Act Sect. 27: ‘any person employed by or acting on behalf of a public administration body is subject to a duty of confidentiality' and Sect. 32 'no person employed by or acting on behalf of a public administration body may obtain confidential information in that connection if such information is of no significance to the performance of his tasks' (unofficial translations).

36 Article 4(7) GDPR: the physical or legal person, public authority, agency, or other body that determines the purposes and means of processing personal data.

37 Article 5(1)(f) GDPR.

38 EDPB, 'Guidelines 4/2019 on Article 25', adopted on November 13, 2019, 8(19).

39 Additionally, Article 25 GDPR mandates that suitable data protection measures be incorporated into any system from its inception, rather than being appended as an afterthought.

40 According to data from Gartner, the MPM Database, and McKinsey (Global IT spending by vertical, Q1 2015), Denmark ranks among the European countries that outsource the largest proportion of public services. At present, the country's outsourced IT services encompass a wide range of functions, including NemID, Digital Post (public post), tinglysning.dk, the business register (virk.dk), and the common medicine card. A concrete example of the potential issues that can arise from outsourcing is the case of the health data loss in Roskilde Municipality. In this incident, approximately 80,000 documents from the municipality's health and care system were lost due to a server failure at a subcontractor based in India, which had been hired by KMD, the municipality's data handler. The situation was further exacerbated by KMD's failure to carry out necessary backup procedures. See Ing/version 2 (May 28, 2018) <https://www.version2.dk/artikel/kmd-mistede-82000-filer-fra-roskilde-indisk-leverandoer-forsoemte-it-vedligehold> accessed 2 April 2023.

41 Defined in Article 4(5) GDPR as a method of data processing that cannot be directly attributed to a specific individual without the use of additional information.

42 Article 17 GDPR.

43 Danish Data Protection Authority, case no. 2018-32-0286 <https://www.datatilsynet.dk/afgoerelser/afgoerelser/2019/jul/klage-over-manglende-sletning> accessed 20 April 2023, in Danish.

44 Carol R.W. De Meijer, 'Blockchain Versus GDPR and Who Should Adjust the Most', FINEXTRA (Oct. 9, 2018) <https://www.finextra.com/blogposting/16102/blockchainversus-gdpr-and-who-should-adjust-most> accessed 11 May 2023.

45 Anisha Mirchandani, 'The GDPR-Blockchain Paradox: Exempting Permissioned Blockchains from the GDPR' (2019) 29 Fordham Intell Prop Media & Ent LJ 1201, 1230.

46 See WP29 Opinion 05/2014 on Anonymisation Techniques adopted on 10 April 2014, 20.

47 See, for example, Section 7 of the Danish Archive Act (L 1943 of December 15, 2020).

48 Section 23 of the Danish Archive Act (L 1943 of December 15, 2020).

49 As for the design requirement, it is referred to in the Danish Public Access Act (Consolidation Act No. 145 of 24 February 2020) Section 1(2): ‘Authorities and similar entities subject to the law must ensure that the transparency considerations stated in sub-section 1 are upheld to the greatest extent possible in the selection, establishment, and development of new IT solutions’ (unofficial translation).

50 Kritikos (n 12); Perspectives, ‘Using blockchain to drive supply chain transparency’ (Deloitte, 2017) <https://www2.deloitte.com/content/dam/Deloitte/us/Documents/process-and-operations/us-blockchain-to-drive-supply-chain-innovation.pdf> accessed 14 May 2023; Charles Silver, ‘How The Transparency Of Blockchain Drives Value’ (Forbes, 14 February 2020) <https://www.forbes.com/sites/forbestechcouncil/2020/02/14/how-the-transparency-of-blockchain-drives-value> accessed 16 May 2023.

51 The technical intricacies of this feature have been elaborated upon in previous sections.

52 See Article 29 Working Party, ‘Guidelines on Transparency under Regulation 2016/679’ (2017) 17/EN WP260 rev.01, para 39, and ‘Guidelines on Automated individual decision-making and Profiling for the purposes of Regulation 2016/679’ (2017) 17/EN WP251rev.01, Annex 1, endorsed by the European Data Protection Board during its first plenary meeting.

53 Article 26 GDPR states that 'where two or more controllers jointly determine the purposes and means of processing, they shall be joint controllers'.

54 Article 26 GDPR states that 'where two or more controllers jointly determine the purposes and means of processing, they shall be joint controllers'.

55 See Article 26(1) and (3) GDPR.

56 As stipulated in national guidelines for the design and implementation of public IT projects, see the 'IT Project Model' by the Danish Agency for Digitisation. <https://digst.dk/en/guides/it-project-model> accessed 16 May 2023.