“The world’s most valuable resource is no longer oil, but data” -The Economist in an article about the rise of a new economy called ‘Data’
With an increasing number of people attaching value to privacy and data control, it is the prerogative of the governing bodies to bring regulations into data protection and that is exactly what The EU General Data Protection Regulation (GDPR) has enforced.
The GDPR was established in 1995 as a directive to protect EU citizens from privacy and data breaches. But, the world has progressed into an extremely data driven enterprise and the laws have to be in accordance with that. With that in mind, after four years of preparation and debate, the GDPR has been approved by the EU Parliament and will come into enforcement from the 25th of May 2018. It is designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to reshape the way organizations across the region approach data privacy.
This brings us to the question, what is personal data?
The GDPR defines personal data as the following:
“Any information related to a natural person or ‘Data Subject’ that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address”.
These are all the details that are provided by the consumers voluntarily which can be monetized in the form of advertising revenue / targeted marketing. And, professional networking sites are the holy grail of personal data source.
Unfortunately in today’s world of professional networking platforms, one side effect of privatized data is that you aren’t in full control of your professional history. But if it is your name, e-mail, past experiences and future goals, shouldn’t you be at the controlling end of the deal?
If you’re not paying for the product, you are the product.
This is exactly what Dock.io is setting out to correct. We believe that since it is your information, you should be the sole controller of that data and you must have the power to choose how best to disperse the said information.
Dock.io is a decentralized protocol for professional data, reputations, and networking management built entirely on blockchain where we allow apps to share data formats and let users move seamlessly between them, providing a more trusted and connected internet.
But Will Dock.io Be GDPR Compliant?
The GDPR defines Data Subject rights in such a way so as to keep the future of data subjects in safe hands.:
- Right to Access:- Right for data subjects to obtain from the data controller confirmation as to whether or not personal data concerning them is being processed, where and for what purpose. Further, the controller shall provide a copy of the personal data, free of charge, in an electronic format. This change is a dramatic shift to data transparency and empowerment of data subjects.
- Data Portability:- The right for a data subject to receive the personal data concerning them, which they have previously provided in a ‘commonly use and machine readable format’ and have the right to transmit that data to another controller.
- Privacy by Design:- At its core, privacy by design calls for the inclusion of data protection from the onset of the designing of systems, rather than an addition. It also calls for controllers to hold and process only the data absolutely necessary for the completion of its duties (data minimisation), as well as limiting the access to personal data to those needing to act out the processing.
- User Data:- The right for a user to change and/or delete their personal data whenever they should choose.
- Right to Access:- Dock User data functions in such a way that only users are allowed to share their data.
- Data Portability:- Dock makes professional history easily portable between platforms on its network.
- Privacy by Design:- Data will be encrypted and only accessible with private keys that Dock Users have control of.
- User Data:- Before we determine whether dock.io is compliant in this area, we must first define what it means to “delete” data. The only way to truly delete data is by physically destroying the hardware it’s on. In reality, when people “delete” data from the internet they are simply scrambling the binary (0’s and 1’s) that represent the data to make it unrecognizable.
- With the IPFS, data is encrypted so that only the recipient with the private key of the public key that was used to encrypt the data can decode it. This means that even though anyone can fetch data from IPFS, it is useless and unreadable to anyone other than designated recipient. Therefore user data will be unrecognizable in a similar way to how data is deleted on the internet. In light of this, we believe dock.io to be GDPR compliant