During its plenary session on April 8, 2025, the European Data Protection Board (EDPB) approved several essential documents concerning a certification approved by the CNIL, as well as guidelines on the use of blockchain technologies and their impact on data protection. Moreover, the committee expressed its willingness to closely collaborate with the European Bureau of Artificial Intelligence in drafting new regulations. These decisions aim to strengthen compliance with the General Data Protection Regulation (GDPR) while considering the challenges posed by these emerging technologies.
Certification: A new opinion to ensure GDPR compliance
The EDPB issued an opinion regarding a national certification, for which the CNIL has been designated as the competent authority. This certification project, proposed by the company Lexing, targets data controllers and aims to ensure that the processing of personal data carried out by the candidates complies with GDPR standards. To this end, the EDPB’s opinion contains 13 recommendations that the CNIL will take into account to establish the necessary criteria for approving this certification.
Blockchain: The importance of regulation
The blockchain technology offers many benefits but also raises concerns regarding personal data protection. One of the major challenges pertains to the right to rectification and erasure of data. Aware of these issues, the EDPB decided to adopt guidelines aimed at assisting organizations using these technologies in their compliance with the GDPR. In these guidelines, the EDPB describes how blockchains work, examining different architectures and the implications of their use on the processing of personal data.
To learn more about the potential of blockchain, please do not hesitate to consult the information available on carbon credits and on the concept of blockchain.
Collaboration with the European AI Bureau
With a view to consistent regulation, the CNIL and the EDPB have committed to establishing a close collaboration with the European Bureau of Artificial Intelligence. This cooperation aims to create guidelines concerning the interaction between the European AI regulation and data protection law. The EDPB has also published a report on the risks associated with large language models, commonly known as LLMs. This report offers tools and information that will help organizations assess risks in the context of using these advanced technologies.
For further insights into the implications of AI on data protection, you can consult the external experts’ report available on the EDPB’s website.
The future challenges to consider
The digital and technological landscape continues to evolve rapidly, bringing with it complex issues related to data protection. The ongoing work of the EDPB aims not only to clarify the regulatory requirements but also to anticipate future challenges that may arise with the development of new technologies. Blockchain and AI are particularly sensitive areas where appropriate regulation is crucial to ensure the security and compliance of processed data.
For a complementary perspective on the impact of distributed ledgers in the educational sector, see this article on education.
