Proving GDPR, CCPA, and Privacy Compliance with Hedera… | Hedera Hedera Network Services Token Service Mint and configure tokens and accounts. Consensus Service Verifiable timestamps and ordering of events. Smart Contracts Run Solidity smart contracts. HBAR The Hedera network's native cryptocurrency. Insights How It Works Learn about Hedera from end to end. Explorers View live and historical data on Hedera. Dashboards Analyze network activity and metrics. Network Nodes Understand networks and node types. Devs Start Building Get Started Learn core concepts and build the future. Documentation Review the API and build using your favorite language. Developer Resources Integrations Plugins and microservices for Hedera. Fee Estimator Understand and estimate transaction costs. Open Source Hedera is committed to open, transparent code. Learning Center Learn about web3 and blockchain technologies. Grants Grants & accelerators for your project. Bounties Find bugs. Submit a report. Earn rewards. Ecosystem ECOSYSTEM Hedera Ecosystem Applications, developer tools, network explorers, and more. NFT Ecosystem Metrics Analyze on-chain and market NFT ecosystem metrics. CATEGORIES Web3 Applications Connect into the innovative startups decentralizing the web on Hedera. Enterprise Applications Learn about the Fortune 500 companies decentralizing the web on Hedera. Wallets & Custodians Create a Hedera account to manage HBAR, fungible tokens, and NFTs. Network Explorers Hedera mainnet and testnet graphical network explorers. Developer Tooling Third-party APIs, integrations, and plugins to build apps on Hedera. Grants & Accelerators Boost your project with support from the Hedera ecosystem. Partner Program Explore our partners to bring your vision into reality. Hedera Council Over 30 highly diversified organizations govern Hedera. Use Cases Hedera Solutions Asset Tokenization Studio Open source toolkit for tokenizing assets securely. Stablecoin Studio All-in-one toolkit for stablecoin solutions. Hedera Guardian Auditable carbon markets and traceability. Functional Use Cases Data Integrity & AI Reliable, secure, and ethically governed insights. Sustainability Enabling fair carbon markets with trust. Real-World Asset Tokenization Seamless tokenization of real-world assets and digital at scale. Consumer Engagement & Loyalty Mint, distribute, and redeem loyalty rewards. Decentralized Identity Maintain the lifecycle of credentials. Decentralized Logs Scalable, real-time timestamped events. DeFi Dapps built for the next-generation of finance. NFTs Low, fixed fees. Immutable royalties. Payments Scalable, real-time, and affordable crypto-payments. HBAR Overview Learn about Hedera's token, HBAR. Treasury Management Hedera’s report of the HBAR supply. Governance Decentralized Governance Hedera Council See the world's leading organizations that own Hedera. About Meet Hedera's Board of Directors and team. Journey Watch Hedera's journey to build an empowered digital future for all. Transparent Governance Public Policy Hedera's mission is to inform policy and regulation that impact the industry. Meeting Minutes Immutably recorded on Hedera. Roadmap Follow Hedera's roadmap in its journey to build the future. Resources Company What's New Partners Papers Careers Media Blog Technical Press Podcast Community Events Meetups Store Brand Navigation QUICKSTART Proving GDPR, CCPA, and Privacy Compliance with Hedera Consensus Service technical Jun 15, 2020 by Paul Madsen Head of Identity, The HBAR Foundation Regulations like the General Data Protection Regulation (GDPR) in the EU and the California Consumer Privacy Act (CCPA) specify strict rules for how businesses collect, store, and share individuals’ personal data. A key principle of the GDPR is that an organization must be transparent in communications with data subjects when providing information about the processing of their data. The GDPR requires that data controllers inform data subjects about how their data will be processed - including detailing the type of data collected, the purpose for which it is collected, and the data subject's rights with respect to any collected data, including the rights of access, of rectification, and of erasure. Additionally, according to the GDPR, not only is an organization responsible for complying with data protection principles – it is also responsible for demonstrating that compliance. In other words, it is not enough to do right, an organization may need to be able to prove that it did right. Hedera Consensus Service (HCS) can help with both GDPR implications, which we have explored in-depth in our new paper, Data Privacy Compliance using Hedera Consensus Service. By using HCS an organization can address the requirement of transparency in communications with a data subject and, in so doing, create an audit trail of the underlying data processes in support of demonstrating compliance. Managing a User's Search History As an example, consider a search engine that collects users’ search history in order to provide a customized experience. That search history may be considered personal data and must be processed in compliance with GDPR (if the search engine serves EU citizens). The search engine will use HCS to commemorate key interactions with a user, Carol. For instance, after obtaining Carol’s consent for the collection of search history, the terms of that consent (not the search data itself) would be logged via an HCS message sent to the Hedera Hashgraph mainnet. It would likely not be the actual consent terms sent in the message but rather a hash of those terms. After being assigned a consensus timestamp, that message (and the consent details within) could be stored by the search engine (and even perhaps a separate application Carol uses to manage her consent decisions). If Carol wished to subsequently modify or remove her consent, then those changes would be recorded through additional HCS messages. That ”consent receipt,” logically backed by the trust of the Hedera mainnet as to its integrity and provenance, would subsequently provide to Carol cryptographically secure evidence of the consent she gave to the search engine. Concretely, the search engine would be unable to later claim that Carol had given a less restrictive consent – the consent receipt records the details of the consent and the date on which it was given. Critically, the consent receipt, and its history, also provides to the search engine a mechanism to demonstrate GDPR compliance as it is a concrete manifestation of the search engine’s practices and processes that GDPR stipulates. The search engine can point to the history of the receipt, and its cryptographic trust from the Hedera network, as evidence it has instituted the necessary policies and procedures. Similarly, HCS can be used to enable a model of Decentralized (sometimes referred to as ‘Self-Sovereign’) Identity – a model of identity management that can give users more control over their identities and related data – this empowerment consistent with the GDPR’s fundamental principles. Hedera has recently defined specifications and released an SDK that support how Decentralized Identity model can be implemented via HCS messaging. We explore the above, and more broadly the relationship between HCS & privacy regulation compliance, in a new paper called, Data Privacy Compliance using Hedera Consensus Service. Share This Back to blog What is gRPC, gRPC-Web, and Proxies? Ed Marquez Pragmatic Blockchain Design Patterns – Integrating Blockchain into Business Processes Michiel Mulders Zero Cost EthereumTransaction on Success: Hedera's New Fee Model for Relay Operators Oliver Thorn Hedera Adopts Chainlink Standard for Cross-Chain Interoperability To Accelerate Ecosystem Adoption Hedera Team Hedera Developer Highlights March 2025 Michiel Mulders Hedera Release Cycle Overview Ed Marquez View All Posts Sign up for the newsletter CONNECT WITH US Transparency Open Source Audits & Standards Sustainability Commitment Carbon Offsets Governance Hedera Council Public Policy Treasury Management Meeting Minutes LLC Agreement Node Requirements Community Events Meetups HBAR Telegram Developer Discord Twitter Community Support FAQ Network Status Developer Discord StackOverflow Brand Brand Guidelines Built on Hedera Logo Hedera Store About Team Partners Journey Roadmap Careers Contact General Inquiry Public Relations © 2018-2025 Hedera Hashgraph, LLC. All trademarks and company names are the property of their respective owners. All rights in the Deutsche Telekom mark are protected by Deutsche Telekom AG. All rights reserved. Hedera uses the third party marks with permission. Terms of Use  |  Privacy Policy