Document Type
Article
Publication Date
Spring 3-2025
Abstract
Blockchain technology enables decentralized, peer-to-peer transactions and data management, offering transparency while raising data privacy and consumer protection concerns. As the current administration promotes blockchain adoption, including cryptocurrency, more users and businesses will likely integrate the technology. This thesis provides a framework to help businesses adopt blockchain while ensuring compliance with the California Consumer Privacy Act (CCPA). To prevent data mishandling and legal penalties, consumers and businesses must stay informed about the risks and evolving state privacy laws.
A CCPA-compliant approach retains blockchain’s benefits through a permissioned model, storing only non-personal (neutral) data on-chain while keeping personal information off-chain in a cloud database subject to auditing. This model reduces transmission-stage data breaches common in permissionless blockchains and enhances security through smart contracts. However, blockchain’s immutability poses challenges for data deletion requests. While hashing can obscure consumer data, it does not comply with the CCPA since it restricts a consumer’s right to access collected information. Similarly, while encryption can safeguard sensitive business data, it does not exempt businesses from complying with consumer privacy rights.
Amendments to the CCPA, effective January 1, 2025, classify encrypted data as “personal information” and require pseudonymized data to be separately protected to prevent reidentification. The European Union’s General Data Protection Regulation (GDPR) reinforces this by stating that pseudonymization alone is insufficient to protect personal data. To align with consumer protections, states should mandate that permissionless blockchains share only neutral data and define blockchain developers as data controllers. Given that 70% of blockchain hacks occur at the transmission stage, encouraging permissioned models could mitigate data leaks.
This thesis calls for multistate collaboration to establish uniform regulations supporting seamless business operations. It also acknowledges the federal limitations of H.R. 6572, the Deploying American Blockchains Act of 2023, and the potential for congressional amendments under the current administration, which could preempt state laws under the Supremacy Clause.
Recommended Citation
Buenrostro, Erika, "Adopting Permissioned Blockchain Models to Enhance Consumer Protection and Comply with Consumer Protection Laws" (2025). Featured Student Work. 16.
https://repository.usfca.edu/studentwork/16
Included in
Antitrust and Trade Regulation Commons, Banking and Finance Law Commons, Business Organizations Law Commons, Communications Law Commons, Constitutional Law Commons, Consumer Protection Law Commons, Health Law and Policy Commons, Intellectual Property Law Commons, International Trade Law Commons, Internet Law Commons, Law and Politics Commons, Legal Education Commons, Legal Profession Commons, Marketing Law Commons, National Security Law Commons, Privacy Law Commons
