What’s the meaning of compliant privacy?
Over the last few years, multiple points of tension have been found between blockchain technologies and data protection regulations, including Europe’s General Data Protection Regulation (GDPR).
The GDPR is the toughest privacy and security law in the world and was put into effect by the European Union back in 2015. It levies harsh fines against those who violate its privacy and security standards, with some penalties reaching tens of millions of euros.
The tension between blockchain technology and these data protection regulations plays out in a number of domains. For example, there’s an ongoing debate on whether data typically stored on a distributed ledger — such as the public keys and transactional data — qualify as personal data for GDPR purposes.
This type of data is hashed, but does it still qualify as personal data? While many assume this is not the case, the answer isn’t clear. Such data is likely to qualify as personal for GDPR purposes, however, meaning some organizations may end up risking fines in the tens of millions of euros.
A question then arises: can personal data be sufficiently anonymized to meet the GDPR’s threshold of anonymization? Once again, there isn’t a clear answer and risking it is simply not an option.
Processing personal data to a minimum
There’s another significant point of tension between blockchain and the GDPR we’d like to address: the principles of data minimization and purpose limitation. GDPR requires personal data that is processed to be kept to a minimum and only processed for purposes specified in advance.
These principles can be a challenge for blockchains, which are continuously growing as new data is added and replicated among a different number of computers throughout the world — the nodes running the blockchain.
Furthermore, it isn’t clear how the “purpose” of personal data processing is supposed to be applied on blockchains, specifically whether it includes the initial transaction or whether it also encompasses the continued processing of data as it’s used for consensus, for example, after it was added to a blockchain.
While the GDPR defends a right to “be forgotten,” allowing anyone to get their data deleted off of the web, blockchains are made so that altering data within them is as hard as possible. Given the immutability of blockchains, it’s hard to comply with the GDPR’s requirements that personal data must be amended — as stated under Article 16 — and erased — as stated under Article 17 — in specific circumstances.
Different anonymity
Compliance is also about the use of anonymity in specific circumstances. To a very large extent, it can be exploited by bad actors looking to carry out illicit activity. For example, anonymity can be abused to launder money or other non-financial crimes.
Fully private cryptocurrency like Monero and ZCash have been delisted from numerous cryptocurrency exchanges because of this, as allowing for complete anonymity on the blockchain means bad actors are likely going to take advantage of the opportunity to carry out their affairs in the shadows.
Considering these concerns, the OMNIA Protocol is committed to implementing strict measures at the privacy relayers dAPI gateways, which act as entry points to blockchain networks. These measures would automatically reject the submission of transactions linked to illicit activities or that are part of blocklists.
OMNIA differs from privacy-centric coins like Monero, as it’s a utility token used to access OMNIA Protocol’s services that provide both off-chain privacy and guarantees at the network level, in a way comparable to Tor’s provided privacy for generic traffic.
The anonymity provided by privacy coins is achieved by obfuscating transacted amounts and wallet addresses. On the other hand, OMNIA does not interfere or facilitate in any matter this type of anonymity.
Instead, the protocol helps users protect their privacy between the application layer — which includes wallets, decentralized applications, and more — and the blockchain nodes, which actually implement the consensus mechanism.
The protocol complements its on-chain privacy with off-chain privacy, which means that its impact is at the network layer and that it protects users from specific attacks, including frontrunning.
OMNIA complements on-chain privacy solutions that protect the amount and the recipients, while preserving the compliance side of the transaction. These kind of solutions are doing so by providing a way to generate zero-knowledge reports that allow users to disclose compliance with select counterparties voluntarily.
About OMNIA Protocol
By foreseeing the state of the current blockchain application network, we have committed to preparing, researching, and applying our technical expertise to our latest project, OMNIA.
OMNIA Protocol is a decentralized infrastructure protocol for securely accessing the blockchain so that no single point of failure will ever disrupt blockchain applications or wallets integrating with it.
OMNIA’s solution is truly decentralized and requires zero technical knowledge. Therefore, all users can set up their nodes in little time and effort. Learn more about the technological marvel behind OMNIA by following our Medium or reading our whitepaper.
