Global regulators call for Facebook to reveal Libra's data protection policies
Since its launch, Facebook's stablecoin has garnered widespread concern about user privacy
The Information Commissioner's Office (ICO) has issued a joint statement to Facebook's Libra subsidiaries expressing concerns about the company's data protection framework to accompany its upcoming stablecoin.
The British ICO joined Albania, Australia, Canada, Burkina Faso and the USA's data protection officials, alongside the EU's Data Protection Supervisor Giovanni Buttarelli, as signatories to the statement.
In it, the signatories jointly asked Facebook and the 28 other companies behind the Libra project to answer questions about how its data policies will adhere to data protection laws.
This international effort to address Facebook and the Libra Network is a significant one because data protection regulators have never had to govern a cryptocurrency before.
The signatories acknowledge the "broad public statements" made by Facebook and its subsidiary Calibra on the topic of privacy, but note that data handling practices regarding the safekeeping of sensitive information haven't been specifically addressed.
"Additionally, given the current plans for a rapid implementation of Libra and Calibra, we are surprised and concerned that this further detail is not yet available," the statement read.
In response, the collective data watchdogs expect the Libra Network to satisfactorily address a heavily detailed list of questions including how assurances will be made regarding its robust data protection measures, compliance of data processors and the uniform application of compliance policies across all departments and arms of the Libra Network.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
The statement also references Facebook's questionable data dealings from years gone by, concerning "hundreds of millions of users", and how the company's mere involvement in the project presents additional privacy concerns.
"The ambition and scope of the Libra project has the potential to change the online payment landscape, and to offer benefits to consumers," said Elizabeth Denham, UK information commissioner. "But that ambition must work in tandem with people's privacy expectations and rights.
"Facebook's involvement is particularly significant, as there is the potential to combine Facebook's vast reserves of personal information with financial information and cryptocurrency, amplifying privacy concerns about the network's design and data sharing arrangements."
This joint statement isn't the first time Facebook's Libra coin has garnered harsh criticism from the industry. Back in July, US treasury secretary Steven Mnuchin branded Facebook's cryptocurrency "a national security risk" before adding the tech giant had much more work to do before he could be comfortable with the idea of its release.
Shortly after Libra's June 2019 announcement, industry experts were quick to throw speculation in the direction of the cryptocurrency. One cryptography expert said that Libra suffers fundamental design flaws which could enable third-party data sharing.
Libra is a stablecoin announced by Facebook earlier this year - a cryptocurrency tied to a fiat currency such as a dollar or euro so the wild Bitcoin-esque price fluctuations wouldn't be an issue to contend with. It will operate much like how Bitcoin does now, using an electronic wallet to exchange funds over a managed blockchain network.
Facebook has said Libra will use "all the same verification and anti-fraud processes that banks and credit cards use, and we'll have automated systems that will proactively monitor activity to detect and prevent fraudulent behaviour".
However, as today's statement indicates, this hasn't done enough to assure regulators of the currency's data protection compliance and we can only wait and see if Facebook opens up about its policies to appease the likes of the ICO.
Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs. He has a master’s degree in Magazine Journalism from the University of Sheffield, and has previously written for the likes of Red Bull Esports and UNILAD tech during his career that started in 2015.