Global Regulators Warn on Privacy Risks of Facebook’s Libra

Daniel Palmer
Aug 6, 2019 at 09:41 UTC
Updated Aug 6, 2019 at 11:03 UTC
news

Data protection chiefs from across the globe have united to express concerns over the privacy risks posed by Facebook’s Libra cryptocurrency project.

In a joint statement published on Monday by the U.K. Information Commissioner’s Office (ICO), data privacy commissioners from Australia, Albania, Burkina Faso, Canada, the EU, the U.K., the U.S., shared concerns that “while Facebook and [its crypto wallet-focused entity] Calibra have made broad public statements about privacy, they have failed to specifically address the information handling practices that will be in place to secure and protect personal information.”

Given that Libra is on a speedy timeline for launch (planned for as soon as 2020), the watchdogs added that “we are surprised and concerned that this further detail is not yet available.”

The privacy commissioners also set out a list of questions that Facebook is expected to address, including how the Libra Network will provide end users with clear information on how their data will be used by project participants and how it will ensure that default privacy setting will “not use nudge techniques or “dark patterns” to encourage people to share personal data with third parties or weaken their privacy protections.”

In the extensive list of questions, the group further seeks reassurance that Facebook would use “only the minimum amount” of personal data as required for the service, and “ensure the lawfulness of the processing.”

Users’ personal data must also “adequately protected” and “simple procedures” should be provided for Libra users to “exercise their privacy rights, including deleting their accounts, and honouring their requests in a timely way.”

According to the joint statement, the signees were prompted to air the concerns in part because they have previously had to address events in which Facebook’s handling of users’ information “has not met the expectations of regulators, or their own users.”

The statement comes as the latest call for information on the Libra project. Regulators from nations including Switzerland and Singapore have called for the social media giant to be more open about its plans for the project, while two U.S. Senate committees have hauled Facebook before hearings to discuss the various issues in more detail.

Facebook, for its part, responded that it won’t have access to personal financial information gathered for its planned cryptocurrency. The company’s blockchain lead, David Marcus, however, acknowledged that third-parties would potentially be building products such as wallets for Libra.

These third parties would be responsible for how their Libra wallets are built, Marcus said, saying “it will be the responsibility of these providers to determine the type of information they may require from their customers and to comply with regulations and standards in the countries in which they operate.”

In the release of the joint privacy statement, U.K. Information Commissioner Elizabeth Denham said:

“I hope this statement will prompt an open and constructive conversation to ensure that data protection is a key part of the design process and that data protection regulators are a key consultative group as the Libra proposals develop.”

Facebook image via Shutterstock