In my experience, GDPR and CCPA are both minimally enforced save for some digital ambulance chasing lawyers. And IMO the "need" for such regulation seems to stem back to some sort of elitist hatred towards Tech for making boatloads of money, but maybe I am wrong and consumers actually care? In any event, you talk about the "gray areas" of GDPR, you make the very apt point about the difficulty in defining ownership of data, and the whole custodial/honor system problem of deleting joins... and I wonder.. is this ambiguity the sort of Trojan horse that big G uses to drive a wedge into the whole crypto shebang.. or does privacy regulation blow over (as Chamath would say) as "a big nothing burger"?
The 'right to be forgotten' while very real, it is the least actual used case of GDPR. Instead, for legal reasons, you would still have to join 'a person' (e.g. email) to 'a crypto wallet' to collect consent for the data sharing needed, required and optional. (which is what 99% of those annoying GDPR prompts are for when browsing online) And that consent would have to be captured and timestamped on chain + also on off chain tables, In essence as the controller, even asking consent also makes you go the same road to verify the link between person and wallets.
Is Facebook turning into Yahoo of Web 2?
In my experience, GDPR and CCPA are both minimally enforced save for some digital ambulance chasing lawyers. And IMO the "need" for such regulation seems to stem back to some sort of elitist hatred towards Tech for making boatloads of money, but maybe I am wrong and consumers actually care? In any event, you talk about the "gray areas" of GDPR, you make the very apt point about the difficulty in defining ownership of data, and the whole custodial/honor system problem of deleting joins... and I wonder.. is this ambiguity the sort of Trojan horse that big G uses to drive a wedge into the whole crypto shebang.. or does privacy regulation blow over (as Chamath would say) as "a big nothing burger"?
Looking fwd to next week
The 'right to be forgotten' while very real, it is the least actual used case of GDPR. Instead, for legal reasons, you would still have to join 'a person' (e.g. email) to 'a crypto wallet' to collect consent for the data sharing needed, required and optional. (which is what 99% of those annoying GDPR prompts are for when browsing online) And that consent would have to be captured and timestamped on chain + also on off chain tables, In essence as the controller, even asking consent also makes you go the same road to verify the link between person and wallets.