I can see on the staging Eden app at https://eden-dev.vercel.app and in the codebase that various forms of personal information are stored on the blockchain:
- Name
- Bio
- Profile picture
- Links to social media
- And possibly a video with them in it
This is a problem for two reasons:
- Legal and ethical - Data hosted on the EOS (or WAX testnet) blockchain is immutable and cannot be deleted. Putting personal information on the blockchain that cannot later be deleted will cause all operators of the blockchain (anyone with a node) to operate illegally under several regulations, namely GDPR. This is because it will not be able to comply with the Right to be forgotten as stipulated in GDPR. GDPR is not the only regulation. More than regulation, the ethical practice of an immutable public identity with a reputation should be considered.
- Scalability - This data is probably not processed in smart contracts and only used for display. This adds unnecessary computational and storage burden on the blockchain infrastructure, which in turn is reflected in transaction fees.
The legal and ethical problem is by no means easy to solve. How does Eden team think about this? Do they have any solutions?
One strategy I would like to propose is to use a self-sovereign identity #SSI application architecture. This can be done in many ways, but in general uses the principle of personal data controlled by the user. It is designed for and users blockchain has part of its architecture, and is currently heavily supported by the EU and starting to get traction within several US states, the US federal government, Canada, not to mention industry adoption by Microsoft and IBM. There is an EOSIO SSI working group that is creating the building blocks to use SSI with EOSIO chains meeting once a week on Monday - announced here which is open and voluntary to join.