Privacy

Subscribe to Privacy

The concept of the “metaverse” has garnered much press coverage of late, addressing such topics as the new appetite for metaverse investment opportunities, a recent virtual land boom, or just the promise of it all, where “crypto, gaming and capitalism collide.”  The term “metaverse,” which

On February 19, 2020, the European Commission (Commission) released a communication entitled “A European strategy for data”. It lays out a vision for a “European data space” and a plan – through legislation, technical standards and public-private initiatives – for the EU to become a future leader in

We are happy to report that our recent in-depth Practice Note on Blockchain as applied to Supply Chain Management was selected to appear as the cover story for the June/July issue of Practical Law – The Journal. Read the full text here.

Uncertainty regarding the compatibility of blockchain technology and the European Union’s General Data Protection Regulation (GDPR) has often been highlighted as a potential obstacle to the development and widespread implementation of blockchain systems involving personal data.

To address tensions between blockchain technology and the GDPR, Commission Nationale de l’Informatique et des Libertés (CNIL), the French data protection regulator, published an initial report analyzing certain fundamental questions regarding the interaction between blockchain technology and the GDPR’s requirements (the “Report”). The Report was the first guidance issued by a European data protection regulator on this topic.

CNIL’s Approach to Identifying Blockchain Data Controllers and Data Processors

The Report highlights the challenges of identifying data controllers and data processors in the blockchain context – an important distinction that determines which set of regulatory obligations applies.

In discussing the likely classification of the various types of persons and entities involved in a blockchain, the CNIL primarily distinguished between (i) participants (i.e., those who transact on the blockchain) that have the ability to determine what data will be entered into a blockchain or have permission to write on it or cause data to be written to it, and (ii) miners or other validators (i.e., those who do not transact and instead validate transactions submitted by participants). The CNIL also provided an analysis as to how to classify smart contract developers and natural persons who enter personal data in a blockchain, distinguishing, with respect to the latter, between those engaging in personal or household activities and those engaging in professional or commercial activities.

The effective date of the EU’s General Data Protection Regulation (GDPR) is fast approaching (May 25, 2018), and its impacts are already being felt across various industries. Specifically, the conflicts between the GDPR and the technical realities of blockchains raise important legal considerations for companies seeking to implement blockchain solutions

The Colorado Senate is considering a bill to utilize blockchain or other distributed ledger technology for a variety of purposes, including to improve the state government’s operations and cybersecurity.

Senate Bill 18-086 (which was introduced on January 16, 2018) focuses on exploring a number of “transformative improvements” that distributed ledger technologies can offer to state governments, including reducing fraud in state-controlled programs, mitigating risk through improved risk evaluation and quantification, and enhancing cybersecurity and protection of personal information.

Discussions about “blockchain” technology seem to be everywhere these days, with potential applications spanning industries as diverse as banking, healthcare, real estate, law enforcement, entertainment, and even wine and jewelry sales. Different applications of blockchain present different and unique challenges and opportunities for data security and privacy, but there are three general categories currently preoccupying legal privacy experts. The first involves the necessary bridge between the physical-cyberspace boundary; the second involves sensitive information actually stored on the blockchain; and the third involves the very existence of blockchains themselves.