Despite a few bumps along the way, cryptocurrencies and the blockchain have been taking the world by storm. However, they store up all sorts of worries about data privacy.
In August, the ICO joined global regulators from the US, Canada, EU and Australia in expressing concerns about Facebook’s Cryptocurrency Libra. You can find an excellent detailed analysis on the Global Regulatory platform from data privacy lawyer Shiv Daddar.
In essence, though, regulators are concerned about two things: a lack of clarity so far about how the data will be processed and the involvement of Facebook itself whose own record with data is less than squeaky clean.
“To date, while Facebook and Calibra have made broad public statements about privacy, they have failed to specifically address the information-handling practices that will be in place to secure and protect personal information,” says the statement.
The regulators issued a list of questions which they would like answered, such as how customers will be profiled and shared among the 28 founding members of Libra.
Ultimately, though, this statement is about trust or the lack of it. Regulators are concerned about the role of firms who may play fast and loose with personal data and the nature of the technology itself.
Cryptocurrencies and the blockchain are still presenting a bit of a puzzle for regulators. On the one hand they recognise its potential and want to give innovation space to breathe, but on the other the technology itself gives real cause for concern.
For example, data stored on the blockchain is immutable. In theory, this makes it more secure, but it’s also difficult to satisfy regulatory demands to allow customers to have their data changed or deleted.
However, as this letter demonstrates, it’s also the identify of the data controller which will also attract scrutiny. Facebook’s track record as a reliable data processor is patchy to say the least.
It was fined $5bn by regulators for its role in the Cambridge Analytica scandal and could face billions more. The EU is currently handling a total of 11 separate investigations which, taken together, could inflict fines on the scale that might make even a giant such as Facebook wince.
Understandably, then, the mere fact of Facebook’s involvement is a red flag for regulators. It’s a bit like a football player who has a reputation for diving. Once referees have that in their mind, they will be less likely to give a foul.
This is an issue of trust. Technology needs to comply with regulatory obligations and be shown to comply. This is particularly tricky because regulations can change which means compliance must be an ongoing process.
Any organisation handling the data needs to be whiter than white, not only to please the regulators but to reassure a public which is becoming increasingly concerned about how its data is being used. Once an organisation gets a track record for bad behaviour, it’s very difficult to turn things around.