The IOG team gave a great update earlier across a broad range of topics.
One point that got me a little worried was an update around Atala Prism where they mentioned that DID documents will be stored on the Cardano public blockchain.
My question is if these DIDs will just be for public organisations, or if they will be for individuals too?
If they are for individuals, even if the DID documents contain no personally identifiable information (PII), the DID itself, if identifying a user, could be seen as PII with correlation concern and GDPR risk.
Also with a public blockchain there’s no way to adhere to the “right to be forgotten” if you bake PII into a block. This opens up all types of legal issues if a DID of an individual is publicly associated with them and they want it removed.
Hopefully at a minimum you generate a new DID and key pair per relationship to reduce correlation risk.
I expect the Atala team knows all this already, but wanted to raise it just in case given how important the area is. Also for others like me who may be interested in the Self Sovereign Identity space.