Carrying on from my recent post that mentioned Steem's compliance with the new EU Privacy legislation - the GDPR - today I phoned the UK's Information Commissioner's Office to ask them some questions about it all..
The GDPR appears to represent one of the most far reaching changes to a general rule that is applied across the whole of Europe for a long time. The short version is that it places much more requirement on those who run online services and who store people's data than was the case previously. There are numerous 'rights' that are now enforced, under penalty of large fines - such as allowing people to view/edit/delete their data from any system that holds it. Big companies have been working for over a year to make sure they don't get fined.. However, smaller groups are having a few challenges getting to grips with how the legislation applies to them.
I have now spoken with a specialised lawyer on this subject, as well as listened to numerous professionals from various companies explaining how they are dealing with the situation and giving advice to website operators. Unfortunately, as I kind of expected, the lawyer didn't really seem to know as much as I did on the topics that I am most interested in and appeared to contradict the UK government's website. So today I called the government office responsible for all this, again, to get my questions answered.
Today's call was much more successful than my first one - even if I did have to wait on hold for over 90 minutes:
I learned that my own social network can be exempt from the entire process of compliance since I can define it as being a hobby - which it is, since hobbies are defined as being basically 'an activity that is done that is not your main business'. Ureka doesn't involve money, so it appears to be fine for me to just do nothing!
Steem & The GDPR
I also asked about Steem from the perspective of a witness. This took quite a lot of time and I explained the basics of what Steem witness servers are. The agent I spoke with was interested and agreed that the situation appears to be a grey area, in a sense. She stated to me that if there is no 'data controller' - e.g. a legal entity that is responsible for determining what kind of data is stored by the system/network, then the system cannot fall under the control of the GDPR!
I asked specifically if this meant that Steem would be deemed illegal automatically because there is no controller and she said 'no, it would not be illegal and would also not need to conform to the GDPR'. The reason why she thought there was no controller was because Steem, the blockchain, is an open source code project that - as far as I am aware - is not owned/controlled by a legal entity. If Steemit inc. wants to claim ownership of the code and it's copyright, then they are - as far as I am aware - then the data controller and may be subject to large fines if Steem is found to not be exempt after all.
I did not ask about Steemit.com, but I suspect that it will be much more difficult to class Steemit.com as being exempt and Steemit inc. will indeed need to add the kind of features that Google and other such sites have added to make their site compliant. Once again, the kinds of features that are required are listed here.
So now I feel quite a bit more relaxed. The agent advised me to send them an email to get a more detailed answer to the questions from more 'expert' people - however, she said that it would take about 5 months to get a reply! LOL
I have been advised by experts that the government is mainly focused on getting compliance from banks and mega corporations - with less pressure being applied to everyone else for the foreseeable future. Top Tip: This does not mean though that Steemit inc. should think that they will not get hassled or fined for non compliance.
Wishing you well,
Vote @ura-soul for Steem Witness!
(Witnesses are the computer servers that run the Steem Blockchain.
Without witnesses there is no Steem, Steemit, DTube, Utopian or
Busy... You can really help Steem by making your 30 witness votes count!
Don't forget, there are more than the 50 witnesses you see on the witness voting page in steemit.com)