Facebook headquarters Facebook Inc.'s headquarters. Photo by Jason Doiy/ALM.

Fresh off the heels of controversy surrounding the sharing of user data with Cambridge Analytica, Facebook Inc. announced on May 8 it will begin exploring different ways to incorporate blockchain into its infrastructure. Yet questions remain over how the social media company will implement the technology and what sort of legal challenges doing so could portend.

News of the decision comes as Facebook announced the largest leadership change in the company's 15 year history. David Marcus, a Facebook vice president who formerly headed the company's Messenger division, wrote in a Facebook post that he'll take lead over a “small group” tasked with determining how to “best leverage blockchain across Facebook, starting from scratch.”

But what could such leveraging look like? Facebook said in an emailed statement that it has “nothing further to share” other than it's “exploring many different applications of the technology.” In a January Facebook post, however, CEO Mark Zuckerberg cited the “centralization v. decentralization” of information enabled by blockchain as among the “most interesting questions in technology right now.” Zuckerberg also specified interest in studying cryptocurrency—digital currencies that are built upon blockchain and thus remove the need for banking institutions, governments and other third parties in transactions.

Yet blockchain's capabilities to remove middlemen extend beyond currency. Because the technology automates recordkeeping and the execution of transactions, it's also been employed for means like automated “smart” contracts and supply chain tracking, with industry groups exploring other ways to implement it.

Some experts believe Facebook could use the technology to give its users greater control over the data they generate on the site. IBM's senior VP of global industries platforms and blockchain Bridget van Kralingen told Fortune that the technology is “very suited' for Facebook's “fundamental issue” of “securing data, and making sure that if people want privacy or trackability of their data they can actually secure that.”

Blockchain, she added, “fits very well with some of the business model challenges they're actually facing,” particularly those highlighted by the Cambridge Analytica scandal, in which it was revealed that Facebook shared user data with a company hired by the campaign for then-presidential hopeful Donald Trump for political purposes.

Sharing this view is Krzysztof Gagacki, CEO of startup IOVO, which looks to use blockchain for this purpose. While he believes Facebook's move is “a PR stunt,” he told Legaltech News that by decentralizing user data, Facebook could place data privacy and security in the hands of its users while allowing the company no way to use the data without consent.

“This is a complete game changer. Right now, for Facebook, all its revenue is based on monetizing data,” Gagacki said.

Using blockchain in this sense, however, would mean that data existed on a system outside the centralized one controlled by Facebook, while allowing the data to generate on its platform. An advertiser wishing to collect a user's data would have to get permission from the user directly, thus allowing for the user to monetize their own information.

Placing data directly in the generator's hands also brings about questions of compliance for upcoming privacy laws. Brittany Kaiser, a legal expert who formerly worked for Cambridge Analytica and was recently named a board member of Gagacki's IOVO, said in an April press conference that European Union (EU) privacy laws—often touted as model frameworks—“don't go far enough” in providing users “transparency on all the types of data” being collected from them.

Gagacki noted that decentralization could shift legal data sharing responsibilities from companies to users. “Once you hold the data of your users in any centralized data [framework], you have to respect the legislation process,” he said. “In a decentralized system, [the company] no longer owns the data.”

However, EU laws have proven problematic for Facebook. An Ireland ruling threatened Facebook's ability to transfer data overseas, while provisions in the upcoming General Data Protection Regulation (GDPR) about data collection, erasure and use challenge current business practices.

“I don't see how creating a distributed worldwide ledger makes it easier to comply with GDPR. If anything it makes it harder,” Stephen Palley, leader of Anderson Kill's blockchain and virtual currency group, told LTN. Having data ring-fenced on a cloud platform, as would be the case with blockchain, he said, would create complications over guaranteeing the location of data and thus jurisdiction.

“You could theoretically create a blockchain with nodes in one jurisdiction and miners or validators in another,” he said, noting that legal issues around this approach would primarily revolve around privacy and data storage.

In Palley's view, the idea of Facebook creating a “public blockchain” is unlikely, though he sees value in the company researching it for future competition. Still, there's likely “legal dispute” as to how much liability Facebook would have in utilizing blockchain to decentralize user data.

“If you create and launch the technology and something happens to it that's bad, you might still have legal exposure,” he said of Facebook. Palley also noted potential intellectual property issues. “Just because something is on nodes that are distributed around the world doesn't mean that U.S. copyright and trademark laws don't apply. There's no safe harbor in the Digital Millennium Copyright Act for blockchain. How do you comply with the takedown letter other than shutting off your node?”

At the crux of conversations around Facebook decentralization is what Jeff Ward, director of Duke University's Center on Law & Technology called the company's “gatekeeper role,” something that has proven controversial. Facebook controls the dissemination of information, whether it be “fake news” as generated during the election or sharing user data with third parties.

Facebook and other internet companies are protected from liability for harmful content posted on their sites via Section 230 of the Stored Communications Act. However, legislation passed in March could signal future troubles for internet companies for what their users publish. Ward said “blockchain-based ways to curate content” could provide a way for Facebook to bypass such liabilities.

“The gist,” he noted, “is that all the participants on the network who are consuming, creating, passing along content do so in a way where there's some kind of an economic incentive”—which would be made possible through blockchain by a cryptocurrency or token—to vote for or against certain content.

“Here, you rely on folks to really police the community of which they're a part,” he added. “That way, they can't look at the centralized player and say, 'You're doing this wrong.'”