Nick Chong · 11 hours ago · 2 min read
Zcash, one of the first privacy coin to leverage zero-knowledge proofs, is further cementing its vision of privacy-protection by engineering its blockchain in a way that is GDPR compliant by “default.”
Primer on GDPR
The General Data Protection Regulation (GDPR) is the European Union’s regulation protecting personal data and privacy; its goal is to return personal data to individuals within the European Economic Area. Among EU and US companies, GDPR has been accepted as a new standard for data regulation—companies have paid a lot of attention to become compliant with these new rules.
With the GDPR we are building a European sovereignty on data. We have to do the same for the cloud, for AI, for innovation at large. #VivaTech
— Emmanuel Macron (@EmmanuelMacron) May 24, 2018
Crypto advocates claim that blockchain will return data ownership, privacy, and identity back to users. However, this vision is sometimes at odds with GDPR. Due to the immutable nature of distributed ledgers, some information is stored forever on public blockchains. And, because of Article 17, the right of erasure—colloquial known as the “right to be forgotten”—isn’t always designed into blockchain-based services.
The right of erasure revolves around the concept that a user can request the deletion of personal data at any time. This places greater responsibility on online services to more carefully store and access personal data. Moreover, these rights are especially important in an era where hacks and cybersecurity threats are becoming increasingly prevalent, giving users the opportunity to remove their personal data before it’s stolen later.
Blockchain and GDPR
Unfortunately, the idea of immutability is in some ways at odds with GDPR. Fortunately, blockchains can be engineered in a way that is compliant, like what Hyperledger Fabric is doing in its new 1.4 private data collection or Zcash which is GDPR-compliant “by default.”
Shielded addresses are GDPR compliant by default. These addresses are never at risk of leaking data in a post-compliance scenario because they neither store nor transmit identifiable information at any point in the transaction process. Learn more: https://t.co/djmivttCHv
— Electric Coin Company (@zcashco) February 18, 2019
Zcash’s Shielded Addresses and P4
Private Periodic Payment Protocol, or the P4 Protocol, (a protocol is a collection of agreements to communicate in a specific way) is used for private subscription cryptocurrency payments. The P4 Protocol was developed by Least Authority, the same company that Zcash grew out of, and utilizes shielded addresses as well as Tahoe-LAFS (a free and open source decentralized cloud storage system) for data storage, further reaffirming that Zcash’s shielded addresses are compliant.
Unlike Bitcoin and other cryptocurrencies, Zcash’s shielded addresses inherently prevent data leaks and data theft. In Zcash, transactions do not transport identifiable information, eliminating the need to track data through the transaction process. By leveraging a zero-knowledge proof technology called “Zero-Knowledge Succinct Non-Interactive Argument of Knowledge,” or zk-SNARKs for short, the Zcash blockchain can function without revealing as much information as other blockchains.
In greater detail, zk-SNARKs is a proof system that allows the Zcash software to prove that a statement is true without revealing any other information. The technology leverages “homomorphic encryption” which is a form of encryption that allows computers to perform operations on already encrypted data without compromising its security.
The P4 Protocol builds on all of these technologies, allowing decentralized applications to accept subscription payments in a GDPR-compliant way, representing another production use case for this technology. By embracing GDPR, Zcash could lead the way and encourage compliance among other blockchain and cryptocurrency projects within the ecosystem.