← Back to context

Comment by raron

4 days ago

I think that depends on how do you define PII.

I suspect the ZKP proof or token is practically unique and related to you, so I could be personal data if you use the definition from GDPR.

With ZKP the entity and the original verifier shouldn't be able to match your identity to the ZKP proof or token, but the app on your phone of course can do that.

The app probably will be made some government contractor and there is no technical measure that would prevent them to just share all that data with whoever they want.

The app can be open-source and verified to not be sharing extra info, though. Of course if no-one bothers to use the verifiable version of it, then it's all pointless, but this is true regardless (they could also just not use ZKPs).