Semi-fungible tokens (SFTs) in the context of the GDPR

A legal consideration

The introduction of semi-fungible tokens (SFTs) has not only opened up new avenues in blockchain technology, but also poses new challenges for lawyers and data protection experts. These developments are particularly relevant to my advisory work, in which I advise clients on the legal aspects of blockchain technology, including the GDPR. SFTs give rise to complex legal issues that are important for both technology companies and consumers. In my practice, I often encounter the need to develop innovative solutions that reconcile technological progress with the strict requirements of the GDPR.

This article aims to shed light on the specific legal issues arising from the use of SFTs in connection with the GDPR. In particular, the fundamental conflict between the GDPR and blockchain systems will be examined. In my experience as a lawyer, it is essential to understand the technical characteristics of SFTs in detail and to evaluate them in the context of the current legal situation. A deep understanding of how SFTs work and how they are embedded in blockchain technology is essential in order to provide effective and legally secure advice.

By combining my legal expertise with practical experience in blockchain technologies, I strive to help clients overcome the legal challenges posed by SFTs while ensuring compliance with the GDPR. This work requires constant engagement with the latest developments in the blockchain world and flexible adaptation of legal advice to these dynamic changes.

Fundamental conflict: GDPR vs. blockchain

The GDPR and blockchain technology are in a fundamental conflict due to their different basic principles. On the one hand, the GDPR aims to strengthen the protection of personal data and give individuals more control over their data. This includes the right to be forgotten, data minimization and the need to erase data. On the other hand, blockchain systems are based on a decentralized and unchangeable structure in which data can no longer be changed or removed once it has been entered. This characteristic is in direct contradiction to some of the core requirements of the GDPR.

The role of SFTs in this context

Semi-fungible tokens (SFTs) combine the features of fungible and non-fungible tokens and thus offer greater flexibility in the handling of data. Thanks to their unique ability to change states, they can adapt to different requirements. For example, SFTs can start out as exchangeable assets, similar to traditional cryptocurrencies, and under certain circumstances transform into unique, non-exchangeable assets.

This flexibility opens up a wide range of possible applications. In the gaming industry, for example, SFTs can be used both as in-game currency and as unique collectibles or rewards. In this context, they start as general game currency and can turn into rare items that have a specific value within the game. Another application example can be found in the area of digital tickets. SFTs can be used as normal admission tickets which, after attending an event, are transformed into unique collector’s items that serve as souvenirs of the event.

However, despite their adaptability and variety of applications, SFTs must take the requirements of the GDPR into account. The main question here is how the principles of immutability of blockchain data can be reconciled with the GDPR requirements, such as the right to be forgotten and data minimization. Innovative solutions need to be found that strike a balance between the technological functionality of SFTs and data protection requirements.

Data protection challenges for SFTs

• Data minimization and storage limitation: The GDPR requires that personal data is only stored to the extent and for as long as it is necessary for the original purpose. Permanent storage in a blockchain contradicts this principle.
• Right to be forgotten: This right allows individuals to request the erasure of their personal data. However, data is permanently stored in a blockchain, which makes the implementation of this right more difficult.
• Accountability and liability: The decentralized nature of blockchain systems makes it difficult to identify a clearly defined controller for data processing, which is necessary for GDPR compliance.

Solutions and future prospects

Despite the challenges associated with their integration, semi-fungible tokens (SFTs) offer significant potential for the development of mechanisms that could enable improved compliance with the General Data Protection Regulation (GDPR). One possibility is the development of technologies or processes that allow the anonymization or pseudo-anonymization of personal data within a blockchain. This would mean that the identity of the data subjects remains protected, while their data can continue to be used within the blockchain technology.

In addition, the use of off-chain databases in conjunction with SFTs could be another way to improve GDPR compliance. In this model, personal data would be stored outside the blockchain, while only non-personal or highly anonymized data would be stored on the blockchain itself. This separation could help to harmonize the immutability of the blockchain with the data protection requirements of the GDPR.

SFTs could be particularly interesting for game providers, collector portals or companies that want to use blockchain technology. Their ability to switch between interchangeable and unique states offers flexible application possibilities. In the gaming sector, for example, SFTs could be used both as in-game currency and as rare, unique items. For collector portals, they offer the opportunity to initially offer objects as interchangeable goods that later become unique collector’s items.

These potential applications highlight the importance of ensuring that the development of SFTs and their application in different industries is accompanied by an in-depth knowledge of both the technical and legal aspects. The integration of SFTs into existing legal structures requires continuous adjustments to ensure that both the technological advantages are utilized and the legal requirements are met.

To achieve such a balance, close cooperation between technology experts, lawyers and data protection officers is essential. This interdisciplinary collaboration makes it possible to develop innovative solutions that both utilize the uniqueness of SFTs and meet the strict data protection requirements of the GDPR. Only through this integrative approach can the full benefits of SFTs be realized while at the same time safeguarding the data protection needs of users.

Conclusion

SFTs are an interesting development in blockchain technology, but raise complex legal issues, particularly with regard to the GDPR. Solving these issues requires innovative approaches and close coordination between technological development and data protection law. In this new legal territory lies the opportunity to set new standards for data protection in the digital world.

Author: Marian Härtel

Marian Härtel ist Rechtsanwalt und Fachanwalt für IT-Recht mit einer über 25-jährigen Erfahrung als Unternehmer und Berater in den Bereichen Games, E-Sport, Blockchain, SaaS und Künstliche Intelligenz. Seine Beratungsschwerpunkte umfassen neben dem IT-Recht insbesondere das Urheberrecht, Medienrecht sowie Wettbewerbsrecht. Er betreut schwerpunktmäßig Start-ups, Agenturen und Influencer, die er in strategischen Fragen, komplexen Vertragsangelegenheiten sowie bei Investitionsprojekten begleitet. Dabei zeichnet sich seine Beratung durch einen interdisziplinären Ansatz aus, der juristische Expertise und langjährige unternehmerische Erfahrung miteinander verbindet. Ziel seiner Tätigkeit ist stets, Mandanten praxisorientierte Lösungen anzubieten und rechtlich fundierte Unterstützung bei der Umsetzung innovativer Geschäftsmodelle zu gewährleisten.