E-Privacy

The fellowship tackles the lack of international, or European, standard or technical specification that focuses explicitly on privacy and data protection capabilities of DLT systems. With this regards, ISO TS 24946 “Requirements and guidance for improving, preserving, and 
assessing the privacy capability of DLT systems” has now reached CD stage (July 2025) and will endeavour to move through this process and be completed in 2026. This process requires continued support from experts to ensure delivery, as scheduled. In this sense, the priority of this activity focuses  at the European level, CEN/CENELEC  JTC 19/WG3 to produce a European standard on PII protection within DLT which is strongly influenced by ‘DIN Spec 4997 - Privacy by Blockchain Design’ and the aforementioned ISO TS 24946. This European specification will seek to harmonise the GDPR and recent EDPB guidance to produce a technical specification intended for the European DLT ecosystem. 
This European specification will provide much needed clarity for the DLT ecosystem as regards data protection and privacy capabilities, affordances, and assessment. Further harmonisation between the international specification at ISO and the European standard will support interoperability, and ensure that privacy and data protection capabilities are harmonised globally. The main challenges concerns exacting requirements from regulations such as Article 76(3) of MiCAR, as well as Article 79(1) of the European AMLR will require navigation. Standards 
require alignment and compatibility with those legal texts, as well as corresponding regulations regarding personal data, data markets, and trust services (e.g., GDPR, Data Act, eIDAS2). Ensuring there are no gaps between regulatory texts and the proposed European standards will be a primary focus. Also, it must be ensured that there are no substantial gaps between international specifications and European standards will be the second focus. Standards alignment between ISO and CEN/CENELEC is viewed as a key outcome to benefit the global DLT ecosystem, and one that requires strong consensus building, given slightly different international privacy perspectives and preferences.

The expected impact of the project is to provide stakeholders with a certification as defined in article 42 of the GDPR, thus improving trust between actors in a context of PII processing.

I estimate that digital identities, and the way to ensure appropriate levels of assurance and handling of corresponding credentials, are key for the digital society.

SME’s will be encouraged to build services on the wallet when there are key benefits for wallet holder focusing on privacy and security when sharing personal data.