The purpose of this Position Paper is to inform participants of their likely roles with respect to General Data Protection Regulation (GDPR) and is not intended to provide compliance advice for participants when they interact with data subjects. However, by connecting activities to the roles listed in the GDPR (e.g., data controller, data subject, data processor), we hope that this Position Paper can serve as a starting point for Sovrin Network participants in understanding their regulatory obligations. Although this Position Paper explicitly addresses only the GDPR, it is exemplary of our approach to data protection regulations across all jurisdictions.
Specifically, this report analyzes whether and how the GDPR applies to us, the Sovrin Foundation, in our role as an administrator and participant in the Sovrin Network. It assess whether and how the GDPR applies to other participants in the Sovrin Network, including the Stewards, Transaction Authors, Transaction Endorsers, Agencies, Developers, Holders, Issuers, and Verifiers. Some of these technical details are still under design and development; therefore, the scope of this analysis is limited to how the Sovrin Network is designed as of the date of this Position Paper.
PLEASE NOTE: THE INFORMATION PROVIDED IN THE LINKED DOCUMENT IS FOR INFORMATIONAL PURPOSES ONLY AND MAY NOT BE RELIED UPON BY ANY PARTY AS LEGAL ADVICE. PARTICIPANTS IN THE SOVRIN NETWORK SHOULD CONTACT THEIR COUNSEL TO OBTAIN ADVICE WITH RESPECT TO THE POTENTIAL APPLICABILITY OF THESE, AND OTHER LAWS, TO THEIR INTERACTION WITH THE SOVRIN NETWORK.
For further information about how Data Regulation applies to participants of the Sovrin Network or to contribute to future revisions of this body of work, please see the Data Protection page under Governance.
v 1.0 – Jan 2020