Obviously, this will GREATLY limit the reach of Narrative, and I urge everyone, for your own privacy's sake, DO NOT GIVE THIS COMPANY ANY "KYC" IDENTIFICATION DOCUMENTS!

This isn't anything personal against the Narrative team, or the privately-owned company. Privacy disasters are happening on a global scale, and more and more leaks are happening to companies all around the world. Not to mention cyber-espionage from within the US, and all across the world.

This is a heads-up to the Narrative staff and their privately-owned company, that according to the GDPR, it is unlawful for any company or organization outside of the EU, or EUEA (economic area) to systematically collect the data of European Citizens without having a GDPR compliant regime in place.

There is a 10,000,000 & 20,000,000 fine for being non-compliant. In the case of Narrative, the systematic collection infers that Narrative and its staff *MUST* provide a Data Protection Officer if it wishes to be compliant:

DPOs must be appointed in the case of: (a) public authorities, (b) organizations that engage in large scale systematic monitoring, or (c) organizations that engage in large scale processing of sensitive personal data (Art. 37). 

Until Narrative is in compliance it will be acting illegally to collect ANY information from the 28 EU countries. Narrative would be acting unlawfully by collecting any personally identifying information from European Citizens, whether through opt-in or opt-out schemes.

For Narrative, this means that as soon as it collects just *ONE* piece of sensitive data from any of the following 28 countries, it will be exposing itself to the GDPR regiment.

Countries
AustriaItaly
BelgiumLatvia
BulgariaLithuania
CroatiaLuxembourg
CyprusMalta
CzechiaNetherlands
DenmarkPoland
EstoniaPortugal
FinlandRomania
FranceSlovakia
GermanySlovenia
GreeceSpain
HungarySweden
IrelandUnited Kingdom

 

 

https://eugdpr.org/the-regulation/gdpr-faqs/

https://en.wikipedia.org/wiki/...rotection_Regulation

https://eur-lex.europa.eu/eli/reg/2016/679/oj

https://www.itgovernance.eu/bl...reach-under-the-gdpr

https://twitter.com/eu_gdpr

https://twitter.com/gdpr_europe

Original Post

Hello @Michael

I'm confused: we don't know the details of Narrative's KYC, and we don't know whether they are already, or plan to be GDPR compliant when KYC goes live.

I was personally hoping Narrative would use a third party company that specialises in KYC, for this functionality, but the bottom line is we just don't know yet.

So isn't the title of this thread a little presumptive?  Unless I'm missing something here?

This is a good matter to have on our radars, but lets not be unnecessarily alarmist.  Ask questions of the @Narrative Network Team instead?

Hi @Michael,

I appreciate your concerns We are very familiar with GDPR, and the Narrative platform is indeed GDPR-compliant. We have corporately-defined Security Officer and Privacy / Data Protection Officer roles.

Rest assured that we are operating within the bounds of GDPR requirements when dealing with EU data.

We are also very aware of the sensitivity of the collected documents and information being provided for Narrative's Certification program. Narrative simply uses the documents to the extent required to prove a user's existence and identity and doesn't store data aside from non-identifiable details necessary for function of the platform (such as country of origin and month/year of birth).

Hope that helps clear up your concerns!

Brian

Was the contents the same as what you’ve posted here?  The title is incorrect (and damaging) information.  If something like that was posted about my work, on my feed, I would consider removing it too.  

Thats why I suggested you ask questions first, before presuming something that turns out to be incorrect and broadcasting it on several sites.  Just a suggestion.  

I believe the silent majority will agree that the only "damaging information" here, is the way armchair warriors of this project have responded, or attacked, these completely legitimate privacy and cyber-security concerns.

I love the idea of this blogging project, minus the ill-advised idea to intrude on the privacy of thousands, or tens of thousands of individuals worldwide. I'll be very active within the community once Beta hits, but I will NEVER submit my ID to a blogging website on US soil.

I'm so proud to speak up and alert the community to these nonsensical notions of "KYC" verification for a blogging platform.

I'm also very proud to help protect people's right to anonymity and privacy. Putting a 20% bounty on people's privacy will likely deep-six this project into oblivion...no matter how many coins are given away.

I love the project, but people's sentiments have changed. I think the decision-makers that thought up this mess are still living in 1995. People's attitudes have substantially changed with regards to privacy, and we're willing to leave ANY social network that doesn't guarantee our privacy.

https://www.inc.com/dakota-sha...t-means-for-you.html

@Michael I'm not sure if you saw my post or not. The alarm you are trying to sound is unfounded, as your legal concerns are fully mitigated. The only question is personal preference, of which yours is very clear

Narrative isn't forcing anyone to submit any documents to us. If you don't want to, there's no problem with that; it's absolutely optional. There will most definitely be people who feel very similarly to you and won't want to submit Certification documents. I also believe that many people will, as there will be real benefits to doing so within the platform (including a reputation boost among other things).

I'm not sure it will make any difference to you since you seem to have your mind made up, but for what it's worth, the company we are using to process documents is Onfido. They are founded and based in the UK, so you know they are very familiar with GDPR, as well Note that Narrative will not ever store any of the documents on our systems once they are transmitted to Onfido.

Michael posted:

I believe the silent majority will agree that the only "damaging information" here, is the way armchair warriors of this project have responded, or attacked, these completely legitimate privacy and cyber-security concerns.

I love the idea of this blogging project, minus the ill-advised idea to intrude on the privacy of thousands, or tens of thousands of individuals worldwide. I'll be very active within the community once Beta hits, but I will NEVER submit my ID to a blogging website on US soil.

I'm so proud to speak up and alert the community to these nonsensical notions of "KYC" verification for a blogging platform.

I'm also very proud to help protect people's right to anonymity and privacy. Putting a 20% bounty on people's privacy will likely deep-six this project into oblivion...no matter how many coins are given away.

I love the project, but people's sentiments have changed. I think the decision-makers that thought up this mess are still living in 1995. People's attitudes have substantially changed with regards to privacy, and we're willing to leave ANY social network that doesn't guarantee our privacy.

https://www.inc.com/dakota-sha...t-means-for-you.html

Deep breaths, my friend. Deep breaths...

Michael posted:

Update: Narrative staff censored my post, and withdrew the content on their sub-reddit, so I've added it back on Feb 12, 2019 at 1:01pm EST.

 

@Michael, why are you still trying to post that when you've been shown unequivocally that you're wrong about this?  It has been very plainly explained to you that Narrative is using a third party processor for KYC, and that third party processor is GDPR compliant.  So not only does Narrative not store any personal information: they never even receive it.  The UK based, GDPR compliant company does.  Why are you still upset?

@Michael's reddit history shows that he is antagonistic about a lot of things in general. (For transparency's sake, Michael, my reddit name is WELLinTHIShouse. My reddit history is mostly geekery and chronic illness, but feel free to ) 

There's this post in /r/GDPR and /r/privacy: https://old.reddit.com/r/gdpr/...rm_in_florida_wants/

And there are a few anti-crypto posts in general, though he's not a prolific redditor.

And he denies the racist and sexist overtones in this post: https://old.reddit.com/r/THEKE...th_some_truth_in_it/

Even other redditors find some of his posts inappropriate enough to downvote heavily.

Please tell me, Michael, did you only sign up with Narrative so you could bring your hostility here? We've all got legit questions and concerns, but even my social awkward autistic self has the social consciousness not to come in guns blazing and demanding answers and declaring I'm being deliberately ignored when those answers don't magically appear in an hour or two. That's not how this works. That's not how any of this works.

Post
×
×
×
×