eob on Nostr: I'm not a lawyer either, but I'm pretty sure the Nostr public key and any derived ...
I'm not a lawyer either, but I'm pretty sure the Nostr public key and any derived identifier would be subject to GDPR, along with most data in a user profile, and probably all Nostr posts. That's all data tied to an identified person
But on the other hand Nostr relays are pretty lightweight and "dumb", they are not really much more than databases with a Websocket API leaving most of the "business logic" to the clients
So from a GDPR compliance point of view, I wonder whether relays would even count as data controllers (which have the most onerous compliance burden). Maybe they are just data processors acting on behalf of the clients, which would reduce the compliance burden. But that would be a question for a lawyer.
But on the other hand Nostr relays are pretty lightweight and "dumb", they are not really much more than databases with a Websocket API leaving most of the "business logic" to the clients
So from a GDPR compliance point of view, I wonder whether relays would even count as data controllers (which have the most onerous compliance burden). Maybe they are just data processors acting on behalf of the clients, which would reduce the compliance burden. But that would be a question for a lawyer.