The Chief Policy & Industry Relations Officer of the free and open-source web browser Brave, Dr Johnny Ryan, released a letter to the U.S. National Telecommunications and Information Administration. The main intention is to ask for the United States to implement and adopt a GDPR-like standard.
The letter starts by recommending a federal law that incorporates the NTIA’s privacy principles and follows European models. Additionally, it explicitly recommends adopting the approach to purpose specification present in the GDPR rules. Moreover, the third key recommendation is for the United States to build uppon GDPR standards in order to maintain global leadership.
In the letter, Ryan agrees with the concept present at the GDPR rules related to ‘data controllers’ and ‘data processors.’ Entities should follow these rules and implement them so as to be compliant with GDRP legislation.
It is important to mention that Brave and the Ethereum-based Basic Attention Token (BAT) are an important part of the cryptocurrency and blockchain world. And the EU Blockchain Observatory & Forum said that there are some tensions between GDRP and Blockchain Technology.
Data stored on a blockchain can be carried out across borders using decentralized nodes. That means that this data will be out of the jurisdiction of regional legislatures. So, if a blockchain is immutable, how is it possible for a user to delete the information provided? In addition to it, if the blockchain is decentralized, who acts as the responsible ‘data controller’?
According to Ryan, Brave does not store and will not store personal data of users. At the same time, Brave would only process financial transactions of BAT on the blockchain. About it, Ryan says:
“For example, if a user switches on ‘Sync,’ a feature that synchronizes settings, bookmarks, history, and related data between instances of Brave on different devices, then an encrypted copy of this information is sent to Brave in order to keep the data synchronized, but we do not have the keys to decrypt the data.”
Ryan explains that Brave decided to support federal privacy legislation because ‘self-regulation’ in the industry has already failed. One of the cases that shows this issue is related to Cambridge Analytica.
At the moment, Brave blocks by default all ads, unwanted media and cookies that collect data. Nevertheless, users have the possibility to opt-in to enable certain cookies and receive payments in BAT for the advertisements watched.
GDPR-like rules are expanding all over the world and would eventually become a standard. It will be very important for the United States to be a leader in this aspect and be a world-leader regulator promoting the best standards.