LawBytes deals this week with the guidance of the French privacy authority (CNIL) on blockchain and the new EU Code of Practice on disinformation.
French privacy authority assesses how to make blockchain GDPR compliant
Lately the debate on blockchain technology has started to focus on its compatibility with the GDPR, or as some prefer, on GDPR compatibility with blockchain.
Since blockchain relies on a distributed ledger system that is decentralized and immutable, it’s intended to be a permanent, tamper-proof record outside the control of any governing authority. That’s the main reason it is such an attractive and useful technology and also the main reason it may not be compatible with the GDPR, considering that personal data stored on the blockchain can’t be deleted.
While the blockchain regulation rush goes on across the world, the French Privacy Authority (CNIL) produced a report analyzing the privacy compliance of such technology and devising technical solutions that make it possible to get closer to the conformity requirements of the GDPR, such as permitting the much debated right of erasure.
Since this technology will unleash its full disruptive potential in the next years, according to the CNIL, it is particularly important to adopt a privacy-by-design approach in order to ensure the full compliance with the applicable and the upcoming data protection laws.
You can read an article from you Giulio on the topic “Is the blockchain privacy compliant after the GDPR?“. My view is that blockchain is a risk for privacy compliance since all the recorded information is meant to remain forever on the ledger, but at the same time – if adequate safeguards are adopted – it might be a valid support to privacy compliance since it is fully transparent as to the modalities of processing of recorded personal data.
EU adopts Code of Practice to fight against fake news
The exposure of citizens to large scale disinformation, including misleading or outright false information, is a major challenge for Europe. In the last years, the phenomenon is having a bigger impact than ever as social media and online platforms speed up the spread of such news and enable a global reach without much effort from the author.
In order to address the spread of online disinformation and fake news the EU institutions have been working together with representatives of online platforms, leading social networks and advertising industry which eventually found an agreement on a self-regulatory Code of Practice.
The Code and other initiatives set forth by the European Commission are essential steps in ensuring transparent, fair and trustworthy online campaign ahead of the EU elections in spring 2019.
Signatories of this Code have committed to take action in 5 areas:
- Disrupting advertising revenues of certain accounts and websites that spread disinformation;
- Making political advertising and issue based advertising more transparent;
- Addressing the issue of fake accounts and online bots;
- Empowering consumers to report disinformation and access different news sources, while improving the visibility and findability of authoritative content;
- Empowering the research community to monitor online disinformation through privacy-compliant access to the platforms’ data.
As the Cambridge Analytica scandal has recently shown, tech companies must be ready to investigate and fight malicious political propaganda which poses a serious threat both to citizens’ right to democracy and to companies’ share value.