The European Union’s General Data Protection Regulation (GDPR) came into force earlier this year. It establishes the rights of EU citizens with regard to data protection and privacy, and it regulates the collection, processing and export of personal data outside the region. Sweeping data privacy regulation like the GDPR is soon to be the rule — not the exception. This has sparked a necessary discussion about how blockchain-based technologies apply within the context of the regulation, due to the public nature of transaction data in most applications, where there is a credible risk of identifiable information being linked back to a specific individual.
Consumers demanding protection of data
The risks associated with storing and processing personal data result in information being stolen from millions of people each year, sometimes with life-altering consequences. As a result, consumers are increasingly demanding better protection and care of their data, and businesses are awakening to the fact that such protection is critical. With breaches leading to public outcry and revenue losses in the billions of dollars, putting the control of data back into the hands of customers reduces liability while empowering individuals.
Zcash supports regulatory requirements
As a privacy-protecting digital currency, Zcash is particularly well-positioned to support the regulatory requirements. Shielded addresses enable users to send and receive Zcash without publicly disclosing their addresses or the amount transacted. According to a recent TechGDPR report contracted by the Zcash Company to analyze the use of Zcash within a subscription payment system, these private addresses prevent publicly transmitted information from being linked back to an individual, therefore making them compliant for GDPR purposes and out of the scope of the regulatory requirements.
GDPR compliant by default
This is precisely the reason Germany-based company Least Authority (a sibling to Zcash Company) included shielded addresses as a component in their design of P4, a private periodic payments protocol, as described in a recent press release.
Shielded addresses are GDPR compliant by default, which is an important contrast to a scenario where compliance is sought after the fact. These addresses are never at risk of leaking data in a post-compliance scenario because they neither store nor transmit identifiable information at any point in the transaction process. In most other blockchain implementations transaction data is always public, and prevailing guidance suggests the destruction of private keys for compliance.
Within Zcash, users may consent to sharing transaction data with select third parties. This is permitted under GDPR as long as the third party can demonstrate that it has been authorized by the individual.
Zcash a meaningful mechanism for consent
We are at the beginning of what promises to be a longer journey toward privacy-by-design in the realm of blockchain technology. We believe the Zcash Company is uniquely positioned to lead the charge in advocating for an individual’s right to consent to the processing and sharing of personal data. We are committed to continued exploration about where privacy-preserving blockchain technologies intersect with regulatory compliance mandates and how Zcash can serve as a meaningful mechanism for consent within the boundaries of compliance.