Ask HN: Is Blockchain GDPR compliant by default? - chirau
======
mtgx
Not sure, but Microsoft seems to believe that a blockchain-based identity
system would be more privacy-friendly for users and would remove many of the
compliance issues for companies, because they wouldn't have to handle the PII
themselves.

[https://cloudblogs.microsoft.com/enterprisemobility/2018/02/...](https://cloudblogs.microsoft.com/enterprisemobility/2018/02/12/decentralized-
digital-identities-and-blockchain-the-future-as-we-see-it/)

Before GDPR passed I was actually arguing that the EU should increase
liabilities and penalties for companies that store any information outside of
the data that's strictly necessary for the functioning of the service _and_
suffer a data breach exposing all of that data. This would have encouraged
companies to encrypt the data end-to-end so they wouldn't be liable in case of
a data breach. Plus, if they did that, there wouldn't be any data to steal in
the data breach anyway.

I don't think they ended up pursuing that goal per se, maybe because the
technology wasn't quite there, either, but perhaps GDPR will indirectly end-up
having much of that effect anyway, especially with blockchain technology kind
of showing the way for building those sort of systems now.

Plus, the GDPR does require consent for much of the data that you store,
unless it's strictly necessary for the functioning of the service, it's just
that it's not quite the same as outright banning the practice, because
companies could always do what they did with the EU cookie and come up with a
solution where basically 95% of the users end-up giving their "consent"
automatically. It's probably not going to be as easy as it was for the EU
cookie this time around, but I'm still expecting some of that to happen.

