In the past decade, a large number of privacy laws have been passed, the most radical in Europe and elsewhere, and the latest is GDPR. There are many parts of GDPR, but the most prominent are: (i) the requirement to expressly agree, (ii) the legal basis for processing the data, (iii) the right of the user to download all the data, and (iv) the right of the user to request the deletion of all data. . Other jurisdictions are also exploring similar rules.
Data localization rules
India, Russia and many other jurisdictions are increasingly developing or are exploring rules that require domestic user data to be stored domestically. Even if there is no clear law, people are increasingly concerned about the transfer of data to countries that believe that data is not adequately protected.
Shared economic regulation
It is difficult for a shared economy company such as Uber to prove to the court that they should not be legally classified as employers based on the extent to which the application controls and directs the driver's activities.
The recent Fincen Guide attempts to clarify which categories of cryptocurrency-related activities are subject to US regulatory approval requirements and which activities are not subject to this restriction. Is it a managed wallet? Supervised. Do you have a wallet for users to control their own funds? Unregulated. Running an anonymous hybrid service? If you are operating, you are regulated. If you are just writing code… Unregulated.
(Note: The FinCen Guide is published by The Financial Crimes Enforcement Network, the US Treasury Department's organization that regulates domestic and international financial crime.)
As Emin Gun Sirer pointed out, the Fincen Cryptographic Guide is not accidental; instead, it attempts to separate developers' apps that actively control money from applications that developers cannot control. The guide carefully distinguishes how the regulations for multi-signature wallets (private keys held by both operators and users) are regulated, sometimes not:
If a multi-signature wallet provider restricts its role to creating an unmanaged wallet, a second authorization key needs to be added to the wallet owner's private key to verify and complete the transaction, then the provider is not a currency sender because it does not Accept and transfer value. On the other hand, if… the value is represented as an entry in the provider's account, the owner does not interact directly with the payment system, or the provider maintains completely independent control over the value, then the provider is also eligible to become the currency sender.
Although these events occur in different contexts and industries, I think there is a common trend that is working. The trend is that control of user data, digital property and activities is rapidly shifting from assets to liabilities. In the past, every control you had was good: it gave you more flexibility to earn income, if not now, in the future. Now, every point of control you have is a responsibility: you may be subject to regulation. If you show control over the user's cryptocurrency, you are a currency sender. If you have "the sole decision on the fare, and if the driver chooses not to take the ride, you can charge them a default fee, prohibit the driver from picking up the passenger who does not use the application, and suspend or disable the driver's account." You are the employer. . If you control the data of your users, you must ensure that you can justify it, have a compliance officer, and give your users the right to download or delete data.
If you develop an application and you are lazy and afraid of legal issues, there is an easy way to ensure that you are not violating any of the new regulations above: Do not build a centrally controlled application. If you build a wallet where users hold their own keys, you are still "just a software provider." If you build a "decentralized Uber" that is really just a smooth user interface that combines a payment system, a reputation system, and a search engine, and you don't control these components yourself, then you won't be subject to many of the same The impact of legal issues. If you build a website just… don't collect data (static pages? But that's impossible!) You don't even have to think about GDPR.
This method is certainly not realistic for everyone. In many cases, without the convenience of centralized control, it will only cost too much for developers and users, and in some cases, business model considerations require a more centralized approach to be relatively better (for example, if Software on the server makes it easier to prevent non-paying users from using the software). But we are certainly far from the possibilities offered by exploring more decentralized approaches.
In general, the unintended consequences of the law, when a person only wants to ban certain things, such as surgery, obstructing the entire activity category is considered a bad thing. However, here, I will argue that there is a lot of positive results from the "I want to control more things just in case" to "I want to control fewer things just in case", the developer's mindset The mandatory change also has many positive consequences. Voluntary waiver of control and voluntary measures to deprive yourself of mischief is not natural for many people, although ideas in the project drive decentralization and maximize decentralization, at first glance, these services will continue to be mainstream This is not obvious. What this regulatory trend does, however, is that it provides a great boost to applications that are willing to take the path of minimizing centralization and maximizing user sovereignty.
Therefore, even these regulatory changes can be said to be detrimental to freedom, at least if one cares about the freedom of application developers. And the theme of turning the Internet into a political focus will inevitably produce many negative chain reactions, and control becomes a special trend of responsibility in a strange way, relative to the application developer's strategy of maximizing total degrees of freedom, more passwords. Punk's (even if not intentional!). Although the current regulatory landscape is far from optimal from the perspective of almost everyone's preferences, it inadvertently handles minimizing unnecessary centralization and maximizing user control over its assets, private keys, and data. change. This is a powerful hand to carry out its vision. Using it will be very beneficial to the change. (chain smell ChainNews)