Steemit inc. has updated their privacy site: https://steemit.com/privacy.html and comply now with the GDPR (General Data Protection Regulation). But what is with the steem blockchain itself?
source
Personal data (Art. 4.1)
‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Pseudonymisation (Art. 4.5)
‘pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;
So by default, only pseudonymisation data are stored in the blockchain, as public keys and user names. Normally, a person cannot be identified by a username or public key. Only when the person itself publish information about themself, which allow an identification, a connection between a public key an username and a natural person exists.
Right to be forgotten (Art. 17)
Assuming, I wrote a post in which my name is included and I want it to be deleted.
Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
Means, when it is not too costly and complicated, the data should be deleted otherwise not. Steemit Inc. should ask Google and other search engines to exclude the post link from their search results.
Furthermore:
Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:
a) for exercising the right of freedom of expression and information;
d) for archiving purposes in the public interest, scientific or historical research purposes or
statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
This means for me, that blockchain data are excluded to the right to being forgotten. Deletion of blockchain data means,
- deleting of the entire blockchain or
- doing a hardfork.
The first one would overlap with a) for exercising the right of freedom of expression and information; and the second point overlap with for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance.
Conclusion
As the steem blockchain is completely public and its data are of public interest, it may protected by Art. 89: Safeguards and derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.
Thus, for me, the steem blockchain is not illegal after the GDPR is active in the EU.
As long there is no search engine in steemit (it uses google), I don't see a problem with GDPR.
Disclaimer
I'm not a lawyer and this is not a legal advice.
Hallo Holger,
ich hab das Thema auch mal aufgegriffen:
3 Gründe, warum die DSGVO auf Bitcoin nicht anwendbar ist
Das DSGVO-Erfordernis der Pseudonymisierung ist bei den meisten Blockchains gut umgesetzt, wird aber durch das geplante europaweite Kryptoregister ausgehebelt - aber nicht für Lieschen Müller und den Bäcker um die Ecke.
Die DSGVO sagt zur Pseudonymisierung, dass sie Aufwand erfordern solle, eine Identität zuordnen zu können. Durch ein Kryptoregister besteht dieser Aufwand für viele, aber nicht für die Wenigen, die uns überwachen:
Wissensasymmetrie - Wenige wissen vieles über Viele.
@holger80 : so if a user revealed him in a post and and now he or she wants to delete it, in blockchain it is not possible right? May be Google can hide it's search data. But still blockchain don't forget any data. Am I correct? So can Steem blockchain comply with this regulation?
When Steemit.inc inform google and all other sites to hide the specific steemit post everything is fine and steem will comply with this regulation. The spefic steemit post is then hard to find and this is enough.
There is no need for deleting content, as far as I understand this.
Congratulations! This post has been upvoted from the communal account, @minnowsupport, by holger80 from the Minnow Support Project. It's a witness project run by aggroed, ausbitbank, teamsteem, theprophet0, someguy123, neoxian, followbtcnews, and netuoso. The goal is to help Steemit grow by supporting Minnows. Please find us at the Peace, Abundance, and Liberty Network (PALnet) Discord Channel. It's a completely public and open space to all members of the Steemit community who voluntarily choose to be there.
If you would like to delegate to the Minnow Support Project you can do so by clicking on the following links: 50SP, 100SP, 250SP, 500SP, 1000SP, 5000SP.
Be sure to leave at least 50SP undelegated on your account.