February 25, 2020

February 25, 2020

Subscribe to Latest Legal News and Analysis

February 24, 2020

Subscribe to Latest Legal News and Analysis

Blockchain and Data Protection: Trustless Should Not Mean Distrusted

Amidst the international tidal wave caused by the entry into force of the EU General Data Protection Regulation (“GDPR”) in May 2018, many half, or even false truths have been spread about hindrance on a global scale of innovative technologies. However, we must keep in mind that Europe has adopted a long-standing position of technology-neutral regulations and data protection is no exception.

Indeed, from a GDPR perspective, no technology would be prohibited or regulated by nature – only its application to a specific purpose may be regulated, inasmuch as it involves personal data -whether relating to the participants and miners or the payload data itself- and falls within its broad geographical scope .

The French Data Protection Authority (the “CNIL”) has just published a white paper analyzing the key aspects of blockchain-based services and reiterated that a case-by-case analysis would be required in order to assess the roles of the parties involved, the resulting regulatory undertaking and how the rights of the individuals could be ensured on solutions that are oftentimes confusing “anonymization” (which sits outside the scope of GDPR) and mere “pseudonymisation”. To that extent the last section of the white paper addresses how operational considerations in the implementation of a blockchain-based solution could safeguard the privacy of individuals, even though erasure of the blockchained data is at ends with the core philosophical tenets of the blockchain.

While many RegTech solutions aim at facilitating global compliance, this first reflection on the compatibility of blockchain and GDPR, two key buzzwords of 2018, is welcome and should initiate a concerted discussion among the European stakeholders in the coming months.

Copyright 2020 K & L Gates


About this Author

Claude-Étienne Armingaud, KL Gates, Paris, data protection lawyer, commercial contracts attorney

Claude-Etienne Armingaud’s practice focuses on the representation of public and private companies in the area of information technologies and intellectual property law. Mr. Armingaud provides counsel to his clients at all stages of their corporate life cycle and in wide-ranging transactions, including in connection with litigation compliance matters, intellectual property protection and development, data protection strategic operations, and other commercial contracts.

Mr. Armingaud regularly advises start-up companies in matters relating to...