Published on JD Supra on October 3, 2018
The French Data Protection Authority (“CNIL”) recently became the first data protection authority to provide guidance as to how the European Union’s General Data Protection Regulation (“GDPR”) applies to blockchain.
A few key takeaways from the CNIL report are as follows:
The CNIL notes that its analysis is focused only on blockchain and not the broader category of distributed ledger technology (DLT). Although the CNIL indicates that it may offer guidance on GDPR’s applicability to other DLTs in the future, it chose to focus its analysis on blockchain because DLT solutions that are not blockchains do not yet lend themselves to a generic analysis. (The CNIL’s full report (in French) and introductory materials accompanying the report can be found here).