Without further context, I would read this as: don't doxx your customers on the blockchain unless you're able to delete every copy of it. I.e. don't put other peoples data on the blockchain.
Which in my opinion includes forcing customer to do a satoshi test. Or encouraging them to reuse addresses. Looking at you, Travel Rule...
nostr:note1fd8u7g4hwsfve834hq2qsddgwzdmx7upjrec82j50vupgc2mgt7st8kw4q
Potentially also a way to say: private* blockchains might be fine for storing customer data, as long as you can still delete individual entries.
* = which are Rube Goldberg machines that don't do anything Postgres can't
Its all very interesting bc *technically*, afaik, the blockchain itself doesnt actually keep any information that qualifies as PII under GDPR, sa names or IP addresses.
Will be interesting to see what this means for blockchain surveillance firms.
I think a Bitcoin address should be considered PII just like an IP address. With a possible exception if it's been mixed, freshly mined and held, never touched a custodian, etc. Now that would have serious implications for these surveillance companies.
I think the blockchain just isn't a "controller", or any other entity that some sort of obligation. It's only about what people put on it. So an exchange that generates a deposit address for you is now responsible to hold that PII private.
Ark.
