Over the last few days my inbox has been flooded with Data Protection Policy updates and other notices. The time is upon us and the General Data Protection Regulation (GPDR) is coming into full effect.
GPDR was passed by European parliament in 2016, and came into effect on the 25th of May 2018 (imminent). In summary, the personal data collected by companies will no longer be permissible unless authorised by the user. Any data compromise (hacking, leaks etc.) must be reported to authorities within 72 hours. It gives users the power to obtain a copy of all data held about them with a legal obligation of a 30 day turnaround for this process. In essence, the user has more piece of mind with the power to even request deletion of anything undesired being stored. There were some instances where some American news sites were blocked across Europe.
Source: https://gizmodo.com/dozens-of-american-news-sites-blocked-in-europe-as-gdpr-1826319542
So the bigger tech companies have been making movements to get in line with the new law. But this doesn’t limit to the big dogs, everyone has a responsibility to comply or face a hefty fine. Whatever business size or nature, GPDR applies to all. In this instance I am of the opinion that the smaller scale businesses get stung the most. Mobilizing protocols to get in line can be costly and reengaging with existing clientele is hit and miss. With no authorisation, companies may not hold this data and this could lead to a purge of customer data if not approached in an engaging manner.
Surveys discovered that many businesses simply had no plan or awareness of GPDR compliancy. A lot of this boils down to what a company already holds, what they are allowed to keep and even understanding where it’s kept. Data management is important and if the appropriate security measures are not taken, exposure to risk opens up and a hefty fine can follow.
Source: https://www.superoffice.com/blog/gdpr/
I wanted to share an infographic about GPDR here but damn… they are detailed.
So instead, take THIS!
The world keeps spinning and GPDR is taking no prisoners (yet). But what about blockchains? Without a doubt this might have been a thought to various people across the globe. How does one regulate the personal information stored on the blockchain? Coin telegraph (HERE) share an interesting insight into how blockchains are a GPDR fiasco but can potentially give even better ownership over data by using smart contracts and trusted hardware. Perhaps a number of methods will come to light as to how blockchain data deletion can be implemented. This can lead to some deep discussions indeed.
I read recently about the passport project on ETH being cancelled. Parity have some groundwork to if they wish to pull forward with that ICO. Steemit is a social blockchain. I am all for innovation in data ownership but this type of regulation being applied over decentralized projects could stifle development and advancement. I look forward as to how new projects will innovate in the data ownership domain and how much society can begin to diverge from centralised systems.
Source
Image Source
Thanks for reading.
Momosan
I think the challenge for blockchains in complying with GDPR will be it's clause about the "Right to be forgotten". I don't see how it will be possible in a blockchain such as Steemit where everything is immortalized after the data is entered in. I am curious why we did not get the same updated privacy terms on our emails from Steemit. Could it be because we consented on it beforehand?
As I recall, GPDR is under European regulation. Perhaps due to the decentralized nature of Steemit there is currently nothing for Steemit Inc to worry about.
In terms of personal information on the blockchain, I remember reading a piece which discussed using the chain to access personal data that is stored off chain rather than on to give ownership of data. Not sure how this would work in practice.
I hope regulation won't stifle the progress of social blockchains.