One aspect of European privacy law (GDPR) that has received a great deal of attention is the “right to be forgotten,” outlined in Article 17 entitled “right to erasure” (“right to be forgotten”). Simply put, “oblivion” means that organizations must completely erase records containing an individual’s data from all files on each of the following occasions
- When the person revokes their consent.
- When the purpose for which the data was collected is complete.
- When it is required by law. 4 EU Regulation 2016 679)
It is worth noting that this is not an absolute requirement and that individuals do not have an unconditional right to be “forgotten.” If the organization has legitimate and legal purposes – as stated in the regulation – for storing and processing data, subjects do not have the right to be forgotten. However, the exceptions are few compared to the multitude of uses of common data in our daily lives.
So, in the spirit of GDPR, how could Commercio. network ensure that data is deleted from all places where it is stored or processed?
The first and only fundamental rule is to NEVER put personal data on a Blockchain.
When we share a document on our blockchain via the shareDocument function we NEVER put the document itself, but rather the fingerprint (called a hash) of the document itself.