Korea's Privacy Law Amendment to mandate De-identification of data in NFTs

-

Sep 23 Blog

Image by starline on Freepik

What happened? 

        Korea amended their privacy legislation so that Non-Fungible Tokens are now required to de-identify personal information involved in its coding before it is encoded and linked into the blockchain. 

Why is this important? 

        Existing privacy laws have several conflicts with the nature of NFTs that are difficult to resolve, such as the right to rectify or delete one's personal information, which have not yet been adequately addressed. Korea's amendments and solution to some of the conflicts may point at a path other countries with developing privacy legislation could adopt. 


In more detail:  

        On July 19, Korea made an Amendment to the Personal Information Protection Act(PIPA) regarding Non-Fungible Tokens, the basis of Blockchain. NFTs contain several privacy risks, such as online identifiers, blockchain addresses, transactional activity, and location data. The nature of blockchain means that each transaction and the various details involved are coded and linked into the overall chain at each step of the process, which makes the transaction history publicly viewable and also makes the blockchain (and the data in it) very difficult to change or delete. 

        NFTs and Blockchains present a unique problem in existing privacy laws. For instance, the GDPR assumes there is a specified data controller (who decides on the purpose and means of data processing), whereas blockchain is decentralized with multiple players involved, which makes it difficult to properly allocate responsibility for the data. Additionally, various rights in the GDPR, such as the right to data rectification and data erasure, cannot be upheld regarding blockchain which by its nature records transactions publicly and permanently. Currently there are few if any legislation directly dealing with privacy issues related to NFTs, with some suggesting better Privacy By Design, improvements in transparency and contractual provisions, or more complex technologies such as the "Zero-Knowledge Proof" method. 

        Most privacy legislations – such as the California Consumer Privacy Act (CCPA) and the EU General Data Protection Regulation (GDPR) require by law that personal information data be deleted after a period of time, which cannot be done in blockchain. One proposed solution is to use a ‘tokenized identity’ distinct from someone’s real-life identity to enter into the smart contracts. However, given the large amount of data involved in NFTs that can be connected and used to identify a user, this method is not perfect; all it would take is one connection of a tokenized identity to someone’s real life identity for the anonymity to fail. Crypto wallets are similarly not completely anonymous, since most exchanges collect user data and have Know Your Customer protocols, which make it easy to identify a user with a wallet address. There are methods to obfuscate identification of transactions, such as using unique wallets or using a mixer service, are often too cumbersome to use. 

        Given the technical difficulty of permanently deleting personal information in an NFT, Korea’s amendment instead stipulates in s16 of PIPA that in such situations, the information must at least be rendered unidentifiable even when additional information is used (thus anonymizing the information instead of permanently deleting it). The recommended method to do so is to de-identify the personal information before it is recorded into the blockchain (whereas previously, blockchain users simply set the retention period of personal information as infinite). This method is praised for both protecting personal information while minimizing costs and interference to using such new technologies. That being said, it should also be noted that cyber-currencies such as Bitcoin may record other personal information which may not be encrypted or de-identifiable, such as the owners’ signature, photos, or videos.  


Written by Simplawfy 

      

For a more detailed breakdown of why it is difficult to destroy information in blockchains, see; 

Korean news: 

「개인정보 보호법 시행령」 개정의 의의 및 NFT 마켓플레이스의 책임 

English articles: 

NFTs: Privacy Issues for Consideration

The Tension between the GDPR & NFTs

NFTs Are a Privacy and Security Nightmare


Comments

Post a Comment

Popular posts from this blog

Seeking ChatGPT's Insight: Are the Biden Administration's 'Trump-Proofing' Efforts Legally and Morally Justifiable?

-
Image
  Recently, polls indicate that former President Trump's chances for returning to Presidency have become increasingly likely. Given this, there have been rising attempts over the past year by the Biden administration to "Trump-proof" matters so that if Trump is re-elected, he will be unable to (or at least have difficulty in) reversing or nullifying the current policy and agreements.  I decided to ask ChatGPT on this topic because I was curious on whether these efforts by the Biden administration would be successful in restraining Trump, or even whether such actions were morally and legally viable. My doubts arose because actions taken to completely deny or restrain future Presidents from changing policy or agreements (generally speaking), especially if such measures came from Executive Orders, seem to be against the democratic spirit even if they are meant to protect against possible abuse of presidential power.  My question to ChatGPT: Do you believe that the Biden admi
Read more

ChatGPT's Age-related Slogans for Biden, Trump, and Desantis.

-
Image
          Looking at the upcoming US presidential elections, two of the three (as of now) nominees seem to face questions over whether they are 'too old' to run. At 80 years old, Biden is the oldest president to serve, with Trump similarly advanced in years at 76. Compared to them, DeSantis at 44 years old is far younger. Given this potential point of debate, I asked ChatGPT 4 to theorize how these presidential candidates might defend their positions or attack their opponents on the topic of age, as well as to generate possible political slogans they could use relating to this. Here is the political strategies ChatGPT suggested, as well as some creative slogans it came up with. Keep in mind, the entire following article and slogans were generated by ChatGPT, with no edits by myself aside from the initial prompting and guiding (through more prompts) to arrive at this result.  ChatGPT 4.0:  Title: Age as a Tool: Politicking in the Prime of Life and Beyond           In today's
Read more

Unraveling the WGA’s MBA with ChatGPT: Expert Analysis or Algorithmic Bias Towards Legalese?

-
Image
On Oct 9, the Writers Guild of America (WGA) overwhelmingly voted in favour of ratifying the 2023 Minimum Basic Agreement (MBA), which will apply until May 1, 2026. While most news outlets have reported on this as a major win for the writers guild, I grew curious on whether there were any shortcomings in the agreement since the the entertainment industry’s capitulation seemed to come quite abruptly compared to their former hardline opposition to any concessions. Since I am not a legal expert on contract law, I turned to ChatGPT instead to see if it could provide a fresh perspective. Given that the WGA provided both the complete 2023 MBA as well as a summary, I chose to try inputting both into ChatGPT, focusing particularly on the Artificial Intelligence clauses. However, the results made me ponder whether ChatGPT’s analysis might be influenced by bias or randomness. ChatGPT’s analysis of the summary and the complete 2023 MBA: Upon analyzing the summary, ChatGPT initially gave off a ske
Read more