Replying to Avatar Éamonn

So, what are the implication of European privacy regulation on Nostr?

Any relay which has any clients connecting to it from the EU is subject to GDPR

One that seems problematic is GDPR's right to erasure ("right to be forgotten"). As I understand it Nostr cannot really delete posts
Avatar
HoloKat 2y ago

I am not sure if GDPR applies to nostr or relays? Maybe someone can correct me...

GDPR applies to this data, which nostr doesn't even collect:

- Name

- Email

- Username

- Location

- Physical descriptions

Nostr does not use emails. It does not ask for names, does not collect location information (Well, I guess relays see your IP, so maybe it does apply in that regard). Does not collect any personally identifiable information.

Except for user IP, I don't think there's any other data that is relevant in the eyes of GDPR? I'm not a lawyer, maybe someone knows otherwise.

My guess is if you are a relay operator, you can oblige a takedown request (for things like illegal content, GDPR ... etc...) but there's nothing stopping other relays from ignoring your actions and not following through.

I don't know if there's any way to sidestep that either. Curious to hear other thoughts 🤔

Reply to this note

Please Login to reply.

Discussion

Avatar
Éamonn 2y ago

I'm not a lawyer either, but I'm pretty sure the Nostr public key and any derived identifier would be subject to GDPR, along with most data in a user profile, and probably all Nostr posts. That's all data tied to an identified person

But on the other hand Nostr relays are pretty lightweight and "dumb", they are not really much more than databases with a Websocket API leaving most of the "business logic" to the clients

So from a GDPR compliance point of view, I wonder whether relays would even count as data controllers (which have the most onerous compliance burden). Maybe they are just data processors acting on behalf of the clients, which would reduce the compliance burden. But that would be a question for a lawyer.

Avatar
HoloKat 2y ago

Yeah who knows … I tend to not care what EU thinks about anything 🤣 😂