Libra backers asked to explain approach to data protection

Out-Law News | 09 Aug 2019 | 8:14 am | 1 min. read

Regulators from around the world have called on the businesses behind the Libra project to explain in more detail how their handling of personal data from the cryptoasset initiative will comply with data protection laws.

Leaders of privacy watchdogs from the UK, US, EU, Australia, Canada, Albania and Burkina Faso issued a joint statement setting out "global privacy expectations of the Libra network".

Plans for the creation of a new Libra blockchain and cryptocurrency were outlined earlier this summer by a series of major technology and payments companies, including Facebook, Uber, eBay, PayPal, Visa and Mastercard.

Under the proposals, a new Libra blockchain would, in time, provide a decentralised, permissionless framework for the processing of payments and exchange of assets, including a new Libra cryptocurrency and remove many of the fees that currently apply to the processing of transactions.

The Libra proposals, which the companies plan to implement as early as the first half of 2020, have attracted significant media and regulator attention in recognition of the potential of the plans to challenge the traditional way in which payments are made and the associated business models of incumbents in the market.

In their statement, the data protection regulators said further information is needed from Libra's backers on their "information handling practices". They said they had concerns about the aggregation of personal data sets if Libra gains popularity among consumers and said it wants to know more about how the data collected will be protected.

Questions the data authorities have raised include in relation to the information the Libra network will provide about how personal data will be used and shared, the privacy controls that will be available to data subjects, and how those individuals will be able to exercise their privacy rights, including in relation to deleting accounts.

In addition, the watchdogs are seeking to understand more about the data security measures that will be in place as well as how the Libra network will "collect and process only the minimum amount of personal information necessary to achieve the identified purpose of the product or service, and ensure the lawfulness of the processing".

Libra backers have also been urged to explain more about data sharing arrangements within the Libra network as well as their commitment to privacy by design principles and data protection impact assessments.

UK information commissioner Elizabeth Denham said: "We know that the Libra Network has already opened dialogue with many financial regulators on how it intends to comply with financial services product rules. However, given the rapid plans for Libra and Calibra, we are concerned that there is little detail available about the information handling practices that will be in place to secure and protect personal information. I hope this statement will prompt an open and constructive conversation to ensure that data protection is a key part of the design process and that data protection regulators are a key consultative group as the Libra proposals develop."