CNIL Privacy guidance on blockchain and EU fake news Code of practice

The French data protection authority (CNIL) has published a report on blockchain compliance with the GDPR and EU is tackling fake news with a new Code of Practice on disinformation.

French data protection authority assesses how to make blockchain GDPR compliant

Lately the debate on blockchain technology has started to focus on its compatibility with the GDPR, or as some prefer, on GDPR compatibility with blockchain.

Since blockchain relies on a distributed ledger system that is decentralized and immutable, it’s intended to be a permanent, tamper-proof record outside the control of any governing authority. That’s the main reason it is such an attractive and useful technology and also the main reason it may not be compatible with the GDPR, considering that personal data stored on the blockchain can’t be deleted.

While the blockchain regulation rush goes on across the world, the French Data Protection Authority (CNIL) produced a report analyzing the privacy compliance of such technology and devising technical solutions that make it possible to get closer to the conformity requirements of the GDPR, such as permitting the much debated right of erasure.

Since this technology will unleash its full disruptive potential in the next years, according to the CNIL, it is particularly important to adopt a privacy-by-design approach in order to ensure the full compliance with the applicable and the upcoming data protection laws.

My view is that blockchain is a risk for privacy compliance since all the recorded information is meant to remain forever on the ledger, but at the same time – if adequate safeguards are adopted – it might be a valid support to privacy compliance since it is fully transparent as to the modalities of processing of recorded personal data.

 EU adopts Code of Practice to fight against fake news

The exposure of citizens to large scale disinformation, including misleading or outright false information, is a major challenge for Europe. In the last years, the phenomenon is having a bigger impact than ever as social media and online platforms speed up the spread of such news and enable a global reach without much effort from the author.

In order to address the spread of online disinformation and fake news the EU institutions have been working together with representatives of online platforms, leading social networks and advertising industry which eventually found an agreement on a self-regulatory Code of Practice.

The Code and other initiatives set forth by the European Commission are essential steps in ensuring transparent, fair and trustworthy online campaign ahead of the EU elections in spring 2019.

Signatories of this Code have committed to take action in 5 areas:

  • Disrupting advertising revenues of certain accounts and websites that spread disinformation;
  • Making political advertising and issue based advertising more transparent;
  • Addressing the issue of fake accounts and online bots;
  • Empowering consumers to report disinformation and access different news sources, while improving the visibility and findability of authoritative content;
  • Empowering the research community to monitor online disinformation through privacy-compliant access to the platforms’ data.

As the Cambridge Analytica scandal has recently shown, tech companies must be ready to investigate and fight malicious political propaganda which poses a serious threat both to citizens’ right to democracy and to companies’ share value.

If you would like to receive more information please contact  Tommaso Ricci, @