Privacy laws and blockchain technology have been around for over a decade; however, each continues to evolve and adapt to new technological capabilities and realities. As users and jurisdictions have recognized an individual’s rights to privacy, entrepreneurs, engineers, and businesspeople have continued to develop and enhance blockchain technology. Today, blockchain technology not only transfers value via the exchanging, creation/offering, and selling of cryptocurrencies, but has also been developed to serve national security interests, supply chain management, and a plethora of other applications. With the amount of personal information stored on these networks (where many aim to be completely ‘permissionless’ and ‘decentralized’), some have written on how such may interfere with individuals’ privacy rights with regards to the GDPR. Since then, the California Consumer Privacy Act (‘CCPA’) came into effect on January 1st, 2020. As a result, California residents now have the right to delete their data, request an accounting of data shared with third parties, correct inaccurate information, and/or request that a business cease the selling of their personal data. Given the permissionless, decentralized, and immutable nature of many blockchains, complying with the CCPA presents challenges. This article will explore how and when a blockchain may be subject to the CCPA, how to develop such (privacy by design) in order to comply with the CCPA, and demonstrate that although many see blockchain as a means for entities to escape governmental and international regulation via decentralization, recognizing and complying with user’s privacy rights may not only be just, but potentially good for business/trust.
Gustavo Alza Jr, Blockchain and CCPA, 37 Santa Clara High Technology Law Journal 231 (2021).