Great points, and the implications of GDPR on blockchain's architecture has not been lost. As pointed out, even IP addresses, email addresses, even device details - all typically collected by cookies on almost all websites, are all implicated by GDPR as they are all considered personal data. Since blockchain.com is a centralised service then yes, they must have an option for users to request for data erasure. That's not negotiable.
Any data that can be linked to you as an identity (whether that's a name or a computer) is personal data.
To be fair, I haven't seen very many blockchain-related services being GDPR compliant yet. They must also inform you and ask for explicit consent each and every time they are collecting your data, and may not prevent you from using their service if you do not consent, except where it is a necessary prerequisite for the service (for example, if using a bank to send money).
Topic: Can't delete blockchain.com (ex .info) account? (Read 181 times)
That is true that my real life identity isn't tied to the wallet. But you are forced to use an e-mail on signup, it is considered as personal data. Also because they do collect information like IP logins and user session information, that data is also tied to a person's identity according to the GDPR.
The WALLET itself might be generated from a hash or seed, but I'm sure the account linked to it is definitely stored in blockchain.com's database. After all you do need to login online to access it. It's THAT data that I asked the support to delete but they denied my request.
The WALLET itself might be generated from a hash or seed, but I'm sure the account linked to it is definitely stored in blockchain.com's database. After all you do need to login online to access it. It's THAT data that I asked the support to delete but they denied my request.
While the wallet cannot be deleted because they don't have it (nobody owns the address, you may or may not have the private key and that's all), on that you cannot do anything.
About logs and so on, there is a (small) chance you can ask support for your data to get "forgotten", also they may need it for their own protection for a number of months (6?), so don't expect this truly happen overnight.
That's an interesting question. Does a Bitcoin wallet actually contain your personal data? I'm not so sure. It contains keys and hashes and transaction history -- but are those yours? The keys were derived using an RNG, deterministic seed, etc. so I'm not sure it's personal data. The transaction history is tied to the addresses in the wallet, thus derived from the blockchain, not you personally.
Even if we could consider a wallet as personal data under the GDPR, how would blockchain.com verify that you're the data subject? You set up the wallet anonymously, right? I don't think there's any way to verify that you have the right to withdraw consent.
That is true that my real life identity isn't tied to the wallet. But you are forced to use an e-mail on signup, it is considered as personal data. Also because they do collect information like IP logins and user session information, that data is also tied to a person's identity according to the GDPR.
The WALLET itself might be generated from a hash or seed, but I'm sure the account linked to it is definitely stored in blockchain.com's database. After all you do need to login online to access it. It's THAT data that I asked the support to delete but they denied my request.
Right as of now, I have a wallet on blockchain.com with some of my addresses. I don't want to transfer out everything to new wallets, so I looked how to clean delete my account from there.. but there isn't any way?
Is this even legal following the recent GDP Regulation?
Quote from https://eugdpr.org/the-regulation/
Does this mean blockchain.com isn't GDPR compliant?
Is this even legal following the recent GDP Regulation?
Quote from https://eugdpr.org/the-regulation/
Quote
Right to be Forgotten
Also known as Data Erasure, the right to be forgotten entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data. The conditions for erasure, as outlined in article 17, include the data no longer being relevant to original purposes for processing, or a data subject withdrawing consent. It should also be noted that this right requires controllers to compare the subjects’ rights to “the public interest in the availability of the data” when considering such requests.
Also known as Data Erasure, the right to be forgotten entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data. The conditions for erasure, as outlined in article 17, include the data no longer being relevant to original purposes for processing, or a data subject withdrawing consent. It should also be noted that this right requires controllers to compare the subjects’ rights to “the public interest in the availability of the data” when considering such requests.
Does this mean blockchain.com isn't GDPR compliant?
That's an interesting question. Does a Bitcoin wallet actually contain your personal data? I'm not so sure. It contains keys and hashes and transaction history -- but are those yours? The keys were derived using an RNG, deterministic seed, etc. so I'm not sure it's personal data. The transaction history is tied to the addresses in the wallet, thus derived from the blockchain, not you personally.
Even if we could consider a wallet as personal data under the GDPR, how would blockchain.com verify that you're the data subject? You set up the wallet anonymously, right? I don't think there's any way to verify that you have the right to withdraw consent.
Right as of now, I have a wallet on blockchain.com with some of my addresses. I don't want to transfer out everything to new wallets, so I looked how to clean delete my account from there.. but there isn't any way?
Is this even legal following the recent GDP Regulation?
Quote from https://eugdpr.org/the-regulation/
Does this mean blockchain.com isn't GDPR compliant?
Is this even legal following the recent GDP Regulation?
Quote from https://eugdpr.org/the-regulation/
Quote
Right to be Forgotten
Also known as Data Erasure, the right to be forgotten entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data. The conditions for erasure, as outlined in article 17, include the data no longer being relevant to original purposes for processing, or a data subject withdrawing consent. It should also be noted that this right requires controllers to compare the subjects’ rights to “the public interest in the availability of the data” when considering such requests.
Also known as Data Erasure, the right to be forgotten entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data. The conditions for erasure, as outlined in article 17, include the data no longer being relevant to original purposes for processing, or a data subject withdrawing consent. It should also be noted that this right requires controllers to compare the subjects’ rights to “the public interest in the availability of the data” when considering such requests.
Does this mean blockchain.com isn't GDPR compliant?
Jump to: