Is Blockstack GDRP compliant?

How does the Blockstack Ecosystem (Dapps, SmartContracts & User .id sotred on the blockchain…etc) tackle to be GDPR compliant and the “right to be forgotten”?

Unless the app developer is doing something interesting, the user remains in control of all his/her data. Most Blockstack apps are completely client-side and store data in Gaia Buckets. To be “forgotten” is to simply no longer sign in to the app. Some apps also allow you to delete the data files from Gaia but you can also do this yourself without the assistance of the app. (Although I do not think an overarching data management interface exists at this point, I am planning to add it to a hardware wallet I am building.)

N.B. some apps use a central indexer like Radiks. Those apps submit copies of all data to a central server, which would arguably provide grounds to challenge the host on GDPR compliance.

Oh cool, yeah, I was exploring & planning on building the same wallet interface, a bit like something that is displayed on the Blockstack Website:

Where you can see your data “bucket/container” for each application that you have accessed and own data on it, but not have the ability to interact with this data directly through the wallet, and only be able to alter it through the native app.

Huh, yeah, I guess GDPR is ok with Blockstack then. Just built my own “mutable-blockchain” and was wondering if it can be actually be used now in real world applications…

This is the standard copy that goes out to folks who request their account be removed due to GDPR -

Thank you for your email.

We will delete this email address from our mailing list and all associated data. We will confirm once this is complete.

In addition, if you have a Blockstack ID and wish to have all data associated with that ID deleted, please provide us with the Blockstack ID and then please verify that you are the owner of the ID by updating the information in your ID’s profile to say “Delete Me” and add the current date. Once that is complete, please email us that it has been completed and we will verify and delete the associated data.

*Please note that we are only able to delete data to the extent it is on a Gaia hub hosted by Blockstack PBC. If it is hosted on a different Gaia hub, you’ll have to delete such data yourself or work with the host of that Gaia hub for deletion. As blockchain technology is immutable (unable to be changed), content can only be removed from Gaia hubs, but the app access your ID gives you will remain. *

What this means is that if you use your Secret Recovery Key, Magic Recovery Code or password to log in to an app that you had previously used with your Blockstack ID, you will still be able to get in. As such, we suggest that once the deletion process has started (on reply to this email), that you do not sign in to any Blockstack apps.

Hope that helps, but if you have any other questions please let me know :slight_smile:

Perfect, thanks you, that clears it up for me :slight_smile:

1 Like