January 8, 2020
The emergence of data privacy as a consumer right over the past decade accelerated through a series of scandals and data breaches and reached a crescendo with the introduction of the European Union’s General Data Protection Regulation. Better known as GDPR, Europe established a “gold standard“ for what data privacy should mean for citizens in a connected world. Simultaneously, the Sovrin Foundation—a world-leading nonprofit devoted to providing digital identity to all—showed how a global network for digital identity based around a blockchain could provide this gold standard in practice.
Now, in a new paper, Innovation Meets Compliance: Data Privacy Regulation and Distributed Ledger Technology, the Sovrin Foundation makes the case that self-sovereign identity is the most flexible system for handling data privacy as regulations are adopted in different jurisdictions and evolve to meet changing local needs over the next decade. The paper examines how GDPR applies to participants in a blockchain network and addresses recent guidance from EU regulators and the Commission Nationale de l’Informatique et des Libertés.
In demonstrating how the Sovrin Network architecture is able to fully meet GDPR compliance requirements, the paper provides a comprehensive foundation for assessing the ability of any blockchain-based identity ecosystem to meet regulatory compliance and creates a roadmap for using blockchains as regulatory policies evolve. The paper’s arguments can be used to understand compliance of SSI systems with other data protection regulation as well.
As Heather C. Dahl, Executive Director & CEO of the Sovrin Foundation, noted, “The European Union and other regulatory authorities around the world have lit a fire under the need for data protection—and the nonprofit Sovrin Foundation, which represents a global community of privacy experts within the tech world, has responded with an elegant, scalable, and legally robust solution.”
“The Sovrin Foundation’s ecosystem represents the best of the world’s coding community when it comes to identity and privacy,” said Dr. André Kudra, Sovrin Technical Governance Board (TGB) member and CIO of esatus AG, the first German Sovrin Founding Steward. “And they have shown immense far-sightedness in making GDPR compliance a core design goal. GDPR is the EU’s export, setting the terms of debate on data privacy around the globe and the privacy requirements for anyone who wants to do business or offer services in the EU. Tireless work by Sovrin contributors means that we have the network architecture to deliver what the EU needs and what the world decides it wants to embrace as we enter a privacy-by-design future.”
The position paper is the result of over a year of intensive work by the Sovrin Governance Framework Working Group, the Global Policy Working Group, Sovrin Stewards, and Sovrin Foundation counsel Perkins Coie. “By resolving questions about how SSI can provide strong, compliant data protection, this position paper will be of huge value to regulators, organizations dealing with personal data, and individuals,” said Sovrin Trustee and Governance Framework Working Group Co-Chair Drummond Reed. “This paper marks the start of a conversation with regulators on the future of data privacy regulation, and we welcome feedback to plan the next stage of this discussion.”
For more information on distributed ledger technology and data regulation compliance or to volunteer to help the Sovrin Foundation with further work on this topic, see our new Data Protection page at Sovrin.org.
« Hyperledger Aries community drives growth & interoperability in 2020