ZKP could help resolve blockchain tensions with GDPR

cointelegraph.com:

Europe commissioned a new law called GDPR in 2018. It gives EU citizens control over who collects their personal data and how it’s handled. The pop-ups on websites seeking permission to gather and access your data result from the compliance need the act has imposed. Companies globally (if interacting with EU citizens) are subject to GDPR rules with onerous fines for non-compliance. GDPR definitions were clear on data protection until blockchains became mainstream, and a few use cases challenge the boundaries of technology and regulation.

Companies storing your data are called data controllers, and those that work with your data are called data processors. The data controller is usually also the data processor, but they could be different entities. The data controller is the entity responsible for GDPR compliance and if the personal data of EU citizens are involved, including for non-EU companies (e.g., Microsoft, Meta, etc.).

GDPR definitions of personal data are complicated. Other types of data are easier to define (e.g., age, gender, race, etc.) given they link these attributes directly to an individual. However, numbers like phone numbers, IP addresses, Bitcoin wallet addresses and credit card numbers, which can be indirectly linked to individuals via companies like telcos, crypto exchanges or banks, are also considered personal by GDPR.

It covers any information relating to an identified or identifiable natural person — making the line between pseudonymity and identification very thin. Blockchains store personal data like transaction history, making them subject to GDPR.

Data on blockchains are immutable and distributed with no centralized authority. However, they conflict with privacy and GDPR. There are three specific