Notes of call
Important distinction for privacy law purposes to be made between being a data Controller and a data Processor:
- If a Controller, you are in control of the data and you can do interesting things with data - this leads to more stringent requirements for privacy policies and the compliance exposure for getting it wrong is higher.
- If a Processor - your role must be very passive and you must not do much with the data, there are less legal requirements. One of the key tests is: are you willing to delete the information of the user if requested?
Messaging - when a message leaves your phone, it leaves totally encrypted - we don’t know who it’s from and who it goes to - when it ends up on our servers, starts a timer of 2 days, then the message gets deleted regardless. It’s garbled text to us, we can’t read it, no metadata. Even if encrypted - still considered personal data and liable to GDPR. We cannot retroactively delete messages upon user request because we can’t - if you decide you don’t want us to have your data, your messages will be on people’s phones, we don’t store the data. We received it and they remember it.
- Example: Alice knows Bob’s contact key and vice versa, Alice sends message to Bob, her phone encrypts that. Her phone is connected to peers (think BitTorrent - similar technology, we bounce it off different peers to get a specific route). That message ends up in one of our mail servers, it’s like a glorified text message storage system. remembers time message came in, has topic, random collection of letters/ numbers, no identifying info at all. Bob comes online, receives messages from peers back and forth, topic that both Bob & Alice interested in, they can subscribe to same topic, message arrives to Bob <> Alice. If Bob offline, message stays in mail server for 2 days, once Bob online - Status talks to mail server and asks has he received messages then looks them up. Bob has to have Alice’s key to decrypt them, otherwise garbage. After 2 days, we don’t want to retain data, we delete the messages. So if Bob’s phone off for a long period of time, he will never receive message and it gets deleted.
- Confirmed: for messaging purposes, Status has a data Processor role.
Wallet - when someone places a transaction with their wallet, we can’t delete it. But we are not handling that data ourselves - it lives on the blockchain.
Web browser - allows users to browse distribute apps (special websites that interact with the blockchain) through your wallet. Wallet is your identity. If I looked at your wallet, I could see your address but that has zero identifying info to you, but it is your window to the blockchain world. Can you search for info? Yes. Does Status keep a trail of search terms that user enters? We don’t process anything with regards to the browser on our servers. Your phone remembers the last N websites you visited. When someone searches something with the browser they go to Google. When they go to a DApp, they go to IPFS (decentralised file storage system). When they interact with the blockchain, the interaction is directly between them and the blockchain provider. The data never crosses through Status at all. It’s a connection versus us processing the data.
Is there any personal data that Status would process, analyse, store or need for any purpose? Definition of personal data is wide, including dynamic IP addresses and encrypted data. We don’t do any data analysis. We are aware of IP addresses, we use those to determine how many people are online on our platform at any given time, we don’t receive that info in a way that is traceable back to someone’s wallet addresses or chat key.
What would be considered a data Controller role? Something like a referral program where Alice can invite Bob to install Status, when Bob installs, he and Alice both get an incentive. If IP addresses were tracked and remembered for any period (a temporary cache key) this would constitute a Controller role.
- Advisors will map out any Controller v Process role Status has and how the PP should be structured