Deployment of AI in the Workplace in France–The Importance of Consulting With the Work Forces

Jun 23 2025
Browse archives for June 23, 2025
Posted in

Privacy, Data Protection & Information Management

Tagged with ,
Share

By: Claude-Étienne Armingaud and Josefine Beil

The European Data Protection Board recently published its draft Guidelines 02/2025, which remain open to consultation until 09 June 2025. Stakeholders in the blockchain industry are encouraged to submit any observations before the finalization of these Guidelines.

The current key takeaways from this version include:

  • Avoid storing personal data directly on blockchain where possible;
  • Use encryption, hashing, and off-chain storage to protect data;
  • Implement data protection by design principles;
  • Ensure data subject rights can be exercised;
  • Conduct thorough DPIAs before implementation.

In addition, the Guidelines provide 16 practical recommendations for organizations considering blockchain adoption, balancing innovation with privacy protection:

1. Documentation: Organizations must document their rationale for using blockchain, type of blockchain needed, and technical measures used
2. Off-chain Storage: Personal data beyond necessary identifiers should be stored off-chain
3. Information: Clear communication to data subjects about processing rationale and their rights
4. Data Minimisation: Only process relevant and necessary data
5. Trust: Implement trust mechanisms through certification and independent verification
6. Legal Framework: When mandated by law, include provisions about acceptable publicity levels
7. Software Vulnerabilities: Establish procedures for handling and disclosing vulnerabilities
8. Governance: Document software changes and ensure alignment between specification and implementation
9. Consent: Ensure consent is freely given with ability to withdraw if it’s the relevant legal basis
10. Data Protection by Design: Include protection principles from the outset
11. Data Retention: Establish clear retention periods and mechanisms for deletion. This is one of the major pain points as data deletion at the individual level in a blockchain can be challenging and requires ad-hoc engineered architectures. Where deletion has not been taken into account by design (see Recommendation #16), this may require the deletion of the whole blockchain.
12-15. Security Measures: Implement comprehensive security evaluations, handle algorithm failures, document evolution, and ensure confidentiality
16. Data Subject Rights: Ensure rights cannot be restricted by technical implementation

Copyright © 2025, K&L Gates LLP. All Rights Reserved.