The DFINITY Foundation, contributor to the Internet Computer blockchain, has announced the launch of a GDPR-compliant infrastructure for decentralized applications.
Thanks to this infrastructure, it is possible to create GDPR-compliant dApps, which can also be used in sectors such as healthcare or education.
GDPR and blockchain technology
The General Data Protection Regulation (GDPR) is the European Union regulation on data protection.
It came into effect in 2016, but it has only been operational since 2018.
This is a very strict regulation, especially for those who have to manage third-party data. This regulation makes the legal treatment of data of residents in EU countries different, and it is incompatible with traditional decentralized applications unless they are completely anonymous and do not store any personal data of users.
For this reason, developing GDPR-compliant dApps is quite challenging, and the solution proposed by DFINITY aims to help solve this problem.
The dApps
It should be specified that decentralized applications, or dApps, are often anonymous and do not collect any personal data from users.
The problem does not lie in the classic financial dApps where, for example, tokens are exchanged or anonymous financial instruments such as decentralized lending are used, but when classic services or functionalities that require identity recognition or the provision of personal data such as email address are to be performed by dApps.
Therefore, the solution proposed by DFINITY targets those developers who want to move away from the anonymous DeFi environment and bring to the market dApps that provide more traditional and perhaps centralized services.
DFINITY’s solution: the new GDPR-compliant blockchain
The Internet Computer (ICP) project is working on blockchain solutions that comply with regulatory requirements, including GDPR and other frameworks.
The solution is the launch of a European subnet compliant with EU regulations.
The DFINITY Foundation is based in Switzerland, and even though Switzerland is not part of the EU despite being in Europe, it also works for EU Europeans.
The new European ICP subnet provides general data protection according to GDPR rules for decentralized applications.
The subnet provides developers with a suite of tools that can be used to release dApps on the European market that protect personal and financial data according to rigorous and consolidated regulatory practices.
The ICP subnets function as a set of nodes that perform the same calculations, store the same data, and are set in the same state. The European one is geographically delimited because all the nodes of the subnet are located within the EU.
Furthermore, unlike traditional blockchains, where all data is visible to everyone, ICP allows developers to choose whether to make data public or private, and private data is encrypted and accessible only to authorized parties.
It is also possible to modify and delete data, because ICP supports data mutability, and this allows the principles of the right to rectification and the right to erasure of GDPR to be respected.
The Internet Computer (ICP) infrastructure
Internet Computer Protocol (ICP) is a decentralized cloud 3.0 protocol that allows developers to create and run services and enterprise systems directly on a public blockchain network.
The services performed on ICP are tamper-proof and can interact with the external world in a trustless manner, both with traditional web 2.0 services and other blockchains.
dApps on ICP have full control over data and access, and developers can implement their own data protection and privacy policies, manage user consent and preferences.
ICP is governed by the Network Nervous System (NNS), a decentralized algorithmic authority that oversees the operations and evolution of the network. The NNS is responsible for admitting new node providers to the network, so all node providers go through a rigorous verification process before being voted on by token holders.
The launch of the European subnet follows the approval of three proposals submitted by DFINITY to NNS, approved by 99% of ICP token holders who participated in the voting process.
The European subnet is already active and available to developers.
The comment
The founder and chief scientist of DFINITY, Dominic Williams, stated:
“Internet Computer allows for the decentralization of the entire stack. The NNS DAO that controls the network has created an internal subnet that exclusively combines nodes located in Europe, allowing web3 developers to create GDPR-compliant online services and applications. Web3 developers can now create innovative and compliant decentralized experiences for the benefit of millions of users in the EU and beyond.”
Source: https://en.cryptonomist.ch/2023/12/23/the-blockchain-aligned-with-gdpr-is-coming/