Hey guys, I am a crypto-enthusiast and supporter of Enigma. I study European law and I write a bachelor thesis now on the topic of GDPR Compliant solutions in the blockchain space. I use Enigma as an example. However, I still have a lot of problems with understanding the technicalies of this project. Therefore, I would be very glad to get an answer to some of my concerns from more experienced collegues. That is why I decided to ask here my questions. I would be very gratefuly for help with them. Sorry for my limited understanding of Enigma, I am trying to catch up.
- I found two descriptions with respect to layers on which Enigma is built. On webpage, it is stated that Enigma is composed of Protocol, Platform and Application layer. On more specific article related to GDPR and Enigma (https://blog.enigma.co/gdpr-and-enigma-were-updating-blockchain-s-privacy-policy-d245ab00da07), I have read that Enigma is built of Protocol, Verification and Storage layer. How do they relate to each other?
- If I understand correctly, Protocol layer is built off-chain and it allows for the computation of data. Verification layer is synonymous to Platform Layer? I am really not sure. Nevertheless, the other two are built on Ethereum blockchain? Could someone give me a hand with understanding of this classification?
- How does it work with respect to the storage of data. I understand that data is splitted between nodes in accordance with multi-party computation. However, where does an invidual – data subject access his data? Which layer is responsible for that?
The other questions are more GDPR specific.
- Firstly, GDPR targets data controllers and data processors with respective obligations. Who is data controller with respect to Enigma. Is it the team of Enigma or the individual himself? I understand that that is the goal to achieve data sovereignty. However, how does it work at the moment?
- Who is data processor? Are nodes interacting with individual qualified as data processors in the light of GDPR? I understand that it is quite difficult question as data is also anonymised, but how is it legally resolved?
- My last question and actually the most important for my thesis, how is the right to be forgotten performed on Enigma? Is an individual able to erase his data? How does it work? Which layer is responsible for that? Does it happen off-chain or it is achieved forgetting the key to the service? I will be super grateful for answer to this question as my deadline for thesis is approaching and I am still a bit lost.