Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Privacy Considerations - Specifically call out GDPR #72

Open
msporny opened this issue Oct 15, 2019 · 1 comment
Assignees
Labels

Comments

@msporny
Copy link
Member

@msporny msporny commented Oct 15, 2019

@talltree wrote:

As much as I'd love to have a magic wand to avoid privacy or GDPR issues with ... DID documents...I personally believe it can't be done. It doesn't matter if we constrain the value of a serviceEndpoint property to a URL. You can stuff almost any kind of relatively short personal data in a URL if you want to.

This is an excellent point, we should have a section in the DID Document specifically about GDPR and the challenges posed by ledger-based systems and GDPR. This includes at least: PII, URLs that contain potential PII, identifiers that could be used to track in the DID Document (even when the DID itself is potentially a one-off / pairwise thing), and other things that would trigger GDPR wrt. the entity operating the ledger or writing the ledger software or using the ledger.

@peacekeeper

This comment has been minimized.

Copy link
Contributor

@peacekeeper peacekeeper commented Oct 18, 2019

There is already quite a bit of content related to GDPR and tracking, maybe it can be improved/expanded somehow?

When talking about GDPR, the term "personal data" should be used instead of "PII".

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.