Today I am speaking with Elisenda Fabrega, Head of Legal & Data Protection Officer of . We will discuss data protection, decentralization, and compliance within the blockchain space. Brickken Hi there, what is your name, and what do you do? My name is Elisenda, and I am the Head of Legal and DPO at Brickken. My day-to-day at Brickken includes a variety of tasks, from solving queries and preparing documentation regarding corporate, contractual, compliance, and data protection topics to managing and solving questions and concerns related to the applicable laws about security and utility tokens or their non-existence of them. In short, my primary function, as well as that of the legal department at Brickken, is to assist our colleagues from other departments with legal-related topics, as well as the clients and providers of our company, to find creative solutions to contemporary legal problems. Why is data protection important for users in the blockchain space? From my point of view, data protection is not only highly important in the blockchain environment, or as I like to call it in the "digital world," but it is also extremely important in the "analog world." In this sense, I consider that data protection is applied in almost the same manner in both worlds, as its main purpose is to avoid and prevent companies or other kinds of entities from using the personal data of natural persons for their benefit or without taking into consideration the rights and interests of such natural persons. Notwithstanding, I consider that the main difference between both worlds —digital and analog— and personal data protection lies in how personal data can be obtained, extracted, and stored. Analyzing this topic in more depth, it is important to point out that in the 'analog world' the personal data can be obtained, extracted, and stored: (i) in a lawful manner, for instance, when we purchase an item online, we are willingly introducing information in web pages and providing our personal information, etc.; and (ii) in an illicit manner, when we suffer some kind of cyber-attack. However, in the 'digital world,' our data can be obtained, extracted, and stored: (i) in a lawful manner when we want to make a transaction in the blockchain environment. Our data is transformed into alphanumeric code. In this case, the difference between the 'digital' and 'analog' worlds is clear, as the digital world provides a higher level of security regarding our data as in theory can only be understood by such a person that has a public key to decrypt our message; and (ii) in an illicit manner, which can also be a cyber-attack. However, in this case, the main difference between both worlds is that the blockchain environment is practically an inviolable technology space since, to change the information it contains, a cyberattack would have to affect almost all copies of the registry simultaneously. Therefore, and to summarize, data protection is important from an overall perspective as it impacts all aspects of our life, regardless of whether we act, transact, etc., in the 'digital' or 'analog' world. However, since blockchain has specifications that the analog world does not bring, I consider that the regulator must take a step forward and adopt a regulatory approach that applies to our life due to the technological advances that occur every day. Is blockchain a viable way to protect intellectual property? Yes, absolutely. I believe that as blockchain is a decentralized and distributed immutable ecosystem that contains all the actions and transactions performed on it, it consequently provides the perfect environment for protecting intellectual property rights. For instance, imagine that there is a painter who wishes to protect their intellectual property rights regarding one of their paintings and does not know how to do it. In this case, a viable solution would be blockchain. The painter would be able to introduce a reference regarding the painting or the document that proves its authenticity and ownership in the blockchain, which will create a unique alphanumeric code. In addition, together with this alphanumeric reference, a timestamp will be created, which will provide the perfect proof of the date and the person who introduced the first reference to that painting in the blockchain. In this sense, it is important to point out that since the blockchain is immutable if a person tries to modify the block in which the reference to the painting was entered, the chain in which that block is included will be broken since the summary of that block will be no longer valid. Finally, I believe that the usefulness of blockchain to protect intellectual property rights has already been proven, as important institutions involved in protecting intellectual property rights are entering into the blockchain environment and obtaining successful results. For instance, the European Union Intellectual Property Office (EUIPO) has already successfully connected two of its search services, designated as "Design View" and "TMView," through blockchain to provide trademark and design data in real time. Moreover, it is currently implementing a "Digital Evolution Program 2025" program, and one of the projects included in it is the creation of a Blockchain Intellectual Property Rights Registry. What are the benefits of decentralization for commercial companies? There are so many benefits of decentralization for commercial companies. In this sense, from my perspective, the most important ones that I have faced in my day-to-day are: 1. Scalability: Decentralization allows companies to provide their services efficiently and in a duly manner all over the world. In addition, this global decentralization makes it easier for a company's customers to become investors in the future. 2. Innovation: By being within the blockchain environment, companies have easier access to new technologies that are developed daily and to new digital processes that can generate exponential economic growth. 3. Efficiency: Decentralization allows for faster and easier decision-making within a company. For example, there is no need for all partners or shareholders to be in the same physical place, etc. 4. Processes before public entities: In the future, if public entities are part of the blockchain ecosystem, complex processes that normally require physical displacements would be easier and faster. Therefore, I believe that decentralization can allow companies to grow faster and more efficiently. How does blockchain help compliance? I believe blockchain opens up a new possibility for companies and entities to meet their compliance obligations. It provides a quick and easy manner to check sanctioned lists, blacklists, etc. For instance, in some countries, it is mandatory that the companies and/or entities that have specific features implement and carry out a Know Your Customer (KYC) procedure. This KYC procedure has to be carried out by these companies and entities before entering into a commercial relationship with a potential client, in which the identity, suitability, risks, etc., regarding the structure, purpose, and personnel of the potential client is verified. In this case, I believe blockchain can be really useful because it is a decentralized network where data regarding sanctioned lists, blacklists, etc., can be securely stored. However, it is important to note that for the companies and/or entities to use these resources, public entities and states also need to be engaged in the blockchain environment because they have the relevant information regarding the sanctioned lists, blacklists, etc. For instance, if we are a company performing a KYC, and we need to check the Consolidated List of the European Union, we will need that the European Union shares that information in the blockchain, or if we need to verify the UN Sanctions, we will need the United Nations to share this information. So the main problem is that the incursion within the blockchain of public entities and states has proven difficult. Notwithstanding, some states have started to be interested in joining the blockchain ecosystem as it is, for example, the Monetary Authority of Singapore (MAS), which tried to create a national KYC utility to be a shared service among banks to facilitate customer verification, a project that finally did not work. However, after this failure, the MAS collaborated with the Bank of Canada and achieved cross-border and cross-currency payments using central bank digital currencies. I am intrigued to see how this topic evolves over the next few years and if more public entities finally decide to become part of the blockchain ecosystem. What made you pivot from your legal career toward being part of a decentralized tokenization platform? Working in the analog world as a Legal Counsel was always my dream. But the last few years, before starting in a decentralized tokenization platform, I was not feel challenged anymore. Instead, I was eager to learn, and one of my passions has always been finding ways to apply the law to technology to solve legal problems; once the opportunity to become the Head of Legal of Brickken was presented to me, I did not hesitate to take it. Being part of a decentralized tokenization platform has been one of the best decisions in my professional life because I learn new laws, business cases, and market opportunities every day. Still, the most important thing is that I feel that every day is a new challenge. What were your biggest challenges with data protection in the blockchain space? The main challenge I have faced in addressing data protection in the blockchain environment is that the main regulations I work with daily (for example, Regulation 2016/679) do not adequately regulate or have some "loopholes" regarding the structure and how blockchain functions. From my perspective, the challenge is that Regulation 2016/679 states that a Controller must exist, and the natural persons must be able to freely exercise against such Controller the rights recognized by such regulation, as it is, for instance, the right to be forgotten, right to limitation of the treatment, etc. However, these values clearly collide with the principles of permanence and inalterability governing the blockchain. Therefore, I can reiterate what I already stated; regulations must be modified so that the legal systems and the blockchain environment can find common ground. I am sure that it would be very interesting to see how these issues are addressed by the regulator and the experts in this field.
