Centralization is bad.

143 million accounts

87 million accounts

http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

Centralization is bad.

Is it?

Scaling?

Uptime?

Availability?

Metrics?

Decentralization

Quality

Is technology alone sufficient?

No.

GDPR

GDPR  "do's"

(TL;DR for devs)

• Right to be forgotten (delete)
  • also notify 3rd parties of erasure
• Restrict processing (data not visible to staff, or even publicly)
• Data portability (art. 20)
  • export human-readable version
  • export machine-readable version
  • APIs (when possible!)
• All user data must always editable by the user
• Request user consent for processing their data (opt-in)​
• Data retention (delete data after processing)
• Encrypt everything (in transit, at rest, backups)
• Keep a record of all activities where you use personal data
• Age checks (wishful thinking)

GDPR  "don't's"

(TL;DR for devs)

• Don't use data for other purposes that then ones agreed by the user
• Don't log personal data (IDs are sufficient)
• Don't use forms with more fields than necessary
• Don't rely on 3rd parties being compliant (exercise due diligence)

GDPR is not enough.

(online seat belts)

Search

News

Music

Shopping

Junior

(more)

#NOTRACKING*

* IP address is cached for 5 minutes

Trade-off?

Quality of search results

&

Serving ads

(relevance & bots)

Solution?

#NOCLOUD

And the answer that everyone is waiting for...

Let’s use the Blockchain

No.

Use the Web but decouple everything

Device

Data

App (UI)

Client-side, peer-to-peer data management

https://unsplash.com

Shifting and balancing responsibility

Image credit - https://www.infovista.com

Demo