On February 19, 2020, the European Commission (Commission) released a communication entitled “A European strategy for data”. It lays out a vision for a “European data space” and a plan – through legislation, technical standards and public-private initiatives – for the EU to become a future leader in data and to create a more permissive data economy. For a more in-depth summary, see our New Media and Technology Law Blog.
One interesting point (among others of course) is the Commission’s highlighting of blockchain technology in its report. First referencing blockchain on page 10, the Commission highlights blockchain on page 11 in a framed provision:
New decentralised digital technologies such as blockchain offer a further possibility for both individuals and companies to manage data flows and usage, based on individual free choice and self-determination. Such technologies will make dynamic data portability in real time possible for individuals and companies, along with various compensation models.
The use of blockchain as a means of controlling the access to, and use of, data elements is one of the oft-discussed means of securing access to personal data. However, certain core features of blockchains (such as “immutability”) raise challenges in the context of applicable laws, including, for example, the feasibility of compliance with data subjects’ rights to request deletion of their data from the blockchain pursuant to the California Consumer Privacy Act (CCPA) or the E.U.’s General Data Protection Regulation (GDPR) or other law or regulation.
It seems likely that such challenges and issues will be resolved, as has often been the case with new technologies, through technological innovation or the evolution of legal frameworks, and that the use of blockchain to manage the exchange of personal information will proliferate. It is interesting to see the Commission recognize that in its document.