Thanks all for the abundant information. Obviously it would be a great help if Storj would consider this topic as an issue for wider adoption / certification.
In the meantime (trying as much as possible to find a maximum pragmatic and minimum resistance approach), I’d focus on the following from above:
- satellites are processors
- storagenodes are processors
- IPs are PII (which is unfortunate)
Now as a thought experiment: if there were no satellites, the problem would be as small as (legal) BitTorrent, there would be only P2P and an implicit consent from each SNO/uplink user (recall that you can see peer IPs in BT clients) to communicate with these peers. The company offering the infrastructure (Stroj) would be unrelated to this PII (except for user account management, but this is true for every web-shop out there).
So that would move focus to the satellite which coordinates Tardigrade’s P2P and as such not only passes PII between SNOs, but also stores relationships between them. Even though there’s no more information in there than “IP1 is related to IP2 by storing an unidentifyable data shard”, this might be an issue, also because as was pointed out above the GDPR doesn’t really merit encryption. Although I would find it hard to believe if there were no ways to get this to help the case, because encryption is the only way available to any entity processing data to enable confidentiality/privacy/security.
Since this appears a complicated avenue, let’s go back to “how others appear to do it”. Remember how many people use e.g. W*, G*, F* communication platforms; here’s just one (quickly found, arguably not the best or authoritative) article to sketch the idea: https://guild.co/blog/is-whatsapp-in-breach-of-the-gdpr-a-lawyers-view/. What caught my attention is the mention of article 6 (regarding consent and obligations). Spoiler: W* is far from GDPR compliant in the author’s view, and he’s probably quite right.
But it may put us on the right track:
every user of the platform is guaranteed to have given specific consent about the extent to which PII is shared (which in our case could be something like “limited to your IP address within the network, (highly/securely) encrypted and segmented data only accessible with your encryption key”
- it is not possible that this data is (inadvertently) shared with entities that have not given this consent
Given customary measures (I guess e.g. passing security audits to cover the second point), and we define only two types of entities: (1) uplink/storagenode users (tardigrade/SNO), (2) satellite operators (Storj company), then one would only need to ensure that:
- explicit consent is obtained from above entities for sharing of above data scope between above entities
- technical measures are in place to avoid leaking of defined data beyond the defined entities
And that sounds pretty doable… Or am I missing something obvious?
EDIT: @BrightSilence seems to have summarised more aptly and come to a more or less similar conclusion. One thing is still a bit troubling:
This would on one hand “limit the use case” for users to store company/professional data on their Tardigrade account, but this would be their responsibility and not Storj’s.