Global regulators call for Facebook to reveal Libra's data protection policies

Since its launch, Facebook's stablecoin has garnered widespread concern about user privacy

The Information Commissioner's Office (ICO) has issued a joint statement to Facebook's Libra subsidiaries expressing concerns about the company's data protection framework to accompany its upcoming stablecoin.

The British ICO joined Albania, Australia, Canada, Burkina Faso and the USA's data protection officials, alongside the EU's Data Protection Supervisor Giovanni Buttarelli, as signatories to the statement.

In it, the signatories jointly asked Facebook and the 28 other companies behind the Libra project to answer questions about how its data policies will adhere to data protection laws.

This international effort to address Facebook and the Libra Network is a significant one because data protection regulators have never had to govern a cryptocurrency before.

The signatories acknowledge the "broad public statements" made by Facebook and its subsidiary Calibra on the topic of privacy, but note that data handling practices regarding the safekeeping of sensitive information haven't been specifically addressed.

"Additionally, given the current plans for a rapid implementation of Libra and Calibra, we are surprised and concerned that this further detail is not yet available," the statement read.

In response, the collective data watchdogs expect the Libra Network to satisfactorily address a heavily detailed list of questions including how assurances will be made regarding its robust data protection measures, compliance of data processors and the uniform application of compliance policies across all departments and arms of the Libra Network.

The statement also references Facebook's questionable data dealings from years gone by, concerning "hundreds of millions of users", and how the company's mere involvement in the project presents additional privacy concerns.

"The ambition and scope of the Libra project has the potential to change the online payment landscape, and to offer benefits to consumers," said Elizabeth Denham, UK information commissioner. "But that ambition must work in tandem with people's privacy expectations and rights.

"Facebook's involvement is particularly significant, as there is the potential to combine Facebook's vast reserves of personal information with financial information and cryptocurrency, amplifying privacy concerns about the network's design and data sharing arrangements." 

This joint statement isn't the first time Facebook's Libra coin has garnered harsh criticism from the industry. Back in July, US treasury secretary Steven Mnuchin branded Facebook's cryptocurrency "a national security risk" before adding the tech giant had much more work to do before he could be comfortable with the idea of its release.

Shortly after Libra's June 2019 announcement, industry experts were quick to throw speculation in the direction of the cryptocurrency. One cryptography expert said that Libra suffers fundamental design flaws which could enable third-party data sharing.

Libra is a stablecoin announced by Facebook earlier this year - a cryptocurrency tied to a fiat currency such as a dollar or euro so the wild Bitcoin-esque price fluctuations wouldn't be an issue to contend with. It will operate much like how Bitcoin does now, using an electronic wallet to exchange funds over a managed blockchain network.

Facebook has said Libra will use "all the same verification and anti-fraud processes that banks and credit cards use, and we'll have automated systems that will proactively monitor activity to detect and prevent fraudulent behaviour".

However, as today's statement indicates, this hasn't done enough to assure regulators of the currency's data protection compliance and we can only wait and see if Facebook opens up about its policies to appease the likes of the ICO.

Featured Resources

Consumer choice and the payment experience

A software provider's guide to getting, growing, and keeping customers

Download now

Prevent fraud and phishing attacks with DMARC

How to use domain-based message authentication, reporting, and conformance for email security

Download now

Business in the new economy landscape

How we coped with 2020 and looking ahead to a brighter 2021

Download now

How to increase cyber resilience within your organisation

Cyber resilience for dummies

Download now

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

16 Jun 2021
Q&A: Enabling transformation
Sponsored

Q&A: Enabling transformation

10 Jun 2021
What is HTTP error 400 and how do you fix it?
Network & Internet

What is HTTP error 400 and how do you fix it?

16 Jun 2021