Blockchain, Automation and Fundamental Rights: Ensuring the Protection of Privacy and Personal Data in European Union Law

Oleksii Terlyuk; Ivan Terlyuk

This article explores the interaction between emerging digital technologies − particularly blockchain and artificial intelligence − and European Union law in the field of personal data protection. The research applies methods of legal analysis of EU legal norms and comparative law (notably in the context of Council of Europe practices and other jurisdictions). Particular attention is paid to the legal and ethical challenges posed by the immutability of blockchain records, the absence of a centralized data controller, and the use of automated decision-making without human involvement. The study assesses how current regulations − especially the General Data Protection Regulation (GDPR) and the Artificial Intelligence Act (AI Act) − enable the realization of the fundamental right to privacy in the context of digital transformation. Drawing on case law of the Court of Justice of the European Union (CJEU), positions of the European Data Protection Board (EDPB), and national supervisory practice, the article substantiates the need to adapt legal mechanisms to the specificities of decentralized and high-risk systems. It proposes ways to improve legal regulation through a combination of technological and normative tools, including the implementation of Privacy by Design principles and interdisciplinary ethical compliance (a system of measures, rules, and procedures aimed at ensuring that an organization’s activities conform to established legal and ethical standards). The conclusion emphasizes the need to reconceptualize digital human rights as a complex category encompassing not only legal safeguards but also democratic oversight of algorithms and technological transparency. Ultimately, it is underscored that human beings − as bearers of rights and autonomous dignity − must remain at the center of the digital legal order, not merely as objects of data processing.

artificial intelligence

automated decision-making

digital human rights

decentralized technologies

AI Act

1. De Filippi, P., Wright, A. (2018). Blockchain and the Law: The Rule of Code. Harvard University Press. 312 r. DOI: https://doi.org/10.2307/j.ctv2867sp (Аccessed: 12.07.2025)

2. Posibnyk z yevropeiskoho prava u sferi zakhystu personalnykh danykh. Vydannia 2018 roku / Ahentsiia Yevropeiskoho Soiuzu z pytan osnovopolozhnykh prav; Rada Yevropy; Yevropeiskyi Sud z prav liudyny; Yevropeiskyi inspektor iz zakhystu personalnykh danykh. B.m., 2018, 432 p. [In Ukrainian].

3. Hyliaka O. (2023). Pravo na pryvatnist ta zakhyst personalnykh danykh v umovakh tsyfrovizatsii. Visnyk Natsionalnoi akademii pravovykh nauk Ukrainy. Tom 30. № 1. P. 15-30. [In Ukrainian].

4. Tarasenko L. (2024). Tsyfrovi prava: pravova pryroda ta evoliutsiia. Visnyk Lvivskoho universytetu. Seriia yurydychna. Vypusk 79. P. 123–133. [In Ukrainian].

5. Terliuk O., Terliuk I. (2025) Rozvytok informatsiinoho suspilstva: pravovi naslidky ta vyklyky dlia publichnoho upravlinnia. Visnyk Natsionalnoho universytetu «Lvivska politekhnika». Seriia: "Iurydychni nauky" . Tom. 12, № 1 (45), P. 258-265. DOI: https://doi.org/10.23939/law2025.45.258 [In Ukrainian].

6. Terliuk Oleksii (2024). Pravove rehuliuvannia blokchein-tekhnolohii u publichnomu upravlinni: aspekty mizhnarodnoho ta ukrainskoho dosvidu vykorystannia. [Monohrafiia]. Lviv: Rastr-7, 260 s. [In Ukrainian].

7. EUR-Lex – Access to European Union Law (Dostup do zakonodavstva Yevropeiskoho Soiuzu). Retrieved from: https://eur-lex.europa.eu/homepage.html (Аccessed: 15.07.2025)

8. Konventsiia pro zakhyst osib u zviazku z avtomatyzovanoiu obrobkoiu personalnykh danykh vid 28.01.1981. Retrieved from: http://zakon4.rada.gov.ua/laws/show/994_326 (Аccessed: 01.07.2025) [In Ukrainian].

9. Dyrektyva 95/46/IeS Yevropeiskoho parlamentu i Rady pro zakhyst osib u zviazku z obrobkoiu personalnykh danykh i vilnym obihom tsykh danykh vid 24.10.1995. Retrieved from: https://zakon.rada.gov.ua/laws/show/994_242 (Аccessed: 01.07.2025) [In Ukrainian].

10. Khartiia osnovnykh prav Yevropeiskoho Soiuzu. (2007/C 303/01). Retrieved from: https://eur-lex.europa.eu/eli/treaty/char_2007/oj (Аccessed: 09.12.2024) [In Ukrainian].

11. Dohovir pro funktsionuvannia Yevropeiskoho Soiuzu (konsolidovana versiia 2016 roku). Retrieved from: https://eur-lex.europa.eu/collection/eu-law/treaties/treaties-force.html... (Аccessed: 08.03.2025) [In Ukrainian].

12. Rehlament Rady YeS 2016/679 pro zakhyst fizychnykh osib shchodo obrobky personalnykh danykh ta pro vilnyi rukh takykh danykh, a takozh pro skasuvannia Dyrektyvy 95/46/EC (Zahalnyi rehlament zakhystu danykh) vid 27.04.2016. Retrieved from: https://eur-lex.europa.eu/ legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN (Аccessed: 02.07.2025) [In Ukrainian].

13. Google Spain SL, Google Inc.v. Agencia Española de Protección de Datos (AEPD), Mario Costeja González. Judgment of the Court (Grand Chamber) of 13 May 2014. Retrieved from: https:// eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:62012CJ0131&from=EN (Аccessed: 13.07.2025)

14. Rishennia Sudu YeS u spravi Shrems I. Retrieved from: https://www.datawo.org/schrems-i/ (data zvernennia: 13.07.2025) [In Ukrainian].

15. Shrems II: korotkyi zmist – vse, shcho vam potribno znaty. Retrieved from: https://www.gdprsummary.com/schrems-ii/ (Аccessed: 13.07.2025) [In Ukrainian].

16. Ievropeiskii komisii poiasnyly blokchein ta rozpodilenu lohistyku zghidno z GDPR. 4 chervnia 2019 r. Silvan Yonherius. Retrieved from: https://techgdpr.com/blog/blockchain-dlt-under-the-gdpr-explained-to-the... (Аccessed: 01.07.2025) [In Ukrainian].

17. Ethics Guidelines for Trustworthy AI. Retrieved from: https://op.europa.eu/en/publication-detail/-/publication/d3988569-0434-1... (Last accessed 10.07.2025)

18. Rehlament (IeS) 2024/1689 Yevropeiskoho Parlamentu ta Rady vid 13 chervnia 2024 roku, shcho vstanovliuie harmonizovani pravyla shchodo shtuchnoho intelektu […]. Retrieved from: https://eur-lex.europa.eu/eli/reg/2024/1689/oj/eng (Аccessed: 05.07.2025) [In Ukrainian].

19. European Data Protection Board, EDPB. Retrieved from: https://www.edpb.europa.eu/edpb_en (Аccessed: 05.07.2025)

20. Sud YeS - C-511/18 - La Quadrature du Net ta inshi. Retrieved from: https://gdprhub.eu/index.php?title=CJEU_-_C-511/18_-_La_Quadrature_du_Ne... (Аccessed: 01.07.2025) [In Ukrainian].

21. Plenty to retain? Opinion of the Advocate General in Joined Cases C-293/12 and 594/12, Digital Rights Ireland ltd and Seitlinger and others by Orla Lynskey. Retrieved from: https://www.europeanlawblog.eu/pub/plenty-to-retain-opinion-of-the-advoc... (Аccessed: 02.07.2025)

22. Iak Yevropeiska komisiia pryimaie rishennia shchodo shtuchnoho intelektu ta vykorystovuie yoho. Retrieved from: https://www.ombudsman.europa.eu/en/case/en/65545 (Аccessed: 01.07.2025) [In Ukrainian].

23. Ievropeiske ahentstvo z kiberbezpeky (ENISA). Retrieved from: https://www.enisa.europa.eu/ (Аccessed: 02.07.2025) [In Ukrainian].