We are submitting a proposal to create a European subnet on the Internet Computer, which will offer a GDPR-aligned infrastructure for decentralized applications. The EU subnet is a significant step towards enabling data sovereignty in the EU, as it lays the foundation for developers and enterprises to actively ensure their applications are GDPR-compliant.
This post focuses on how the Internet Computer (IC) blockchain’s European subnet provides a GDPR-ready infrastructure.
The General Data Protection Regulation (GDPR) imposes strict rules on data protection and privacy. Traditional blockchain technologies face challenges in complying with these regulations, due to their immutable and distributed nature. The Internet Computer differs for its ability to combine a set of permissioned subnet blockchains with a DAO-controlled governance system, which allows subnets to contain servers distributed within one geographical area. If the proposal for the European subnet is adopted, it would allow dapps to be compliant by:
- Ensuring data is processed and stored within the EU to align with GDPR’s jurisdictional requirements.
- Providing the platform and tamperproof infrastructure necessary to build GDPR-compliant applications.
Due to its hybrid architecture and customizable canister smart contracts, the Internet Computer allows the following features that are crucial for GDPR compliance:
- State on the Internet Computer is not public
- Data amendment and deletion is possible
- Dapps have full data and access control
- Decentralized network, where node providers go through a rigorous vetting process before being voted in by token holders.
In addition to the above features, there are two upcoming features on the Internet Computer, that will enable developers to further enhance the privacy and security of user data within the regulation of GDPR:
- VetKeys, currently under development, will allow distributed decryption, where no single node holds the complete decryption key. This approach enhances data security, preventing unauthorized access.
- AMD SEV-SNP, also in development, aims to secure the boundary node Virtual Machine (VM), isolating it from potential external threats. This technology creates a digital fortress around data, ensuring that all node machines within the European subnet are shielded from all unauthorized access, keeping data secure and highly confidential – encrypted both at rest and in memory.
By creating a European subnet on the Internet Computer, developers and enterprises will become able to:
- Build and deploy applications within a GDPR-aligned infrastructure.
- Leverage a platform that balances blockchain’s decentralization with regional data sovereignty needs.
Note: the proposed creation of a European subnet only means that it will become possible to create GDPR-compliant applications. Developers and enterprises will still need to take further measures to ensure services and applications meet all GDPR requirements.
Having a European subnet on the Internet Computer is a pivotal step in enabling the development of applications aligned with the GDPR and paving the way for digital sovereignty in Europe.
Please feel free to give feedback or ask questions. Open discussion is welcome.