One of the most well-known points of criticism for the cryptocurrency and blockchain industry is that they lack the will to be submitted to regulation by competent authorities. This is hardly a surprise, considering one of the key premises on which cryptocurrencies were initially built: a disdain for government control and a utopian dream to move beyond fiat currencies and into a decentralized system.
Yet as digital coins took off thanks in large part to the success of Bitcoin and its underlying blockchain tech, it gradually became clear that regulation was almost inevitable even for an industry that aimed to constitute a paradigm shift. The EU General Data Protection Regulation is arguably the most talked-about regulatory instrument as of late – but what is its impact on the cryptocurrency sector?
Towards an Increasingly Regulated Cryptocurrency Industry
The new Regulation, called GDPR for short, passed into law in 2016 but came into effect on May 25, 2018, causing a frenzy for most businesses rushing to become GDPR-ready at the last minute. Its stringent requirements make it one of the most feared legislative acts ever passed in the field of data protection, and GDPR compliance has since become a top priority for companies and organizations of all kinds.
In order to fall in line with the provisions of GDPR, businesses must set up and implement a range of technical and organizational measures aimed at increasing privacy and security. This includes data discovery and classification in order to properly identify and address the risks, as well as establishing safeguards such as pseudonymizing personal data through techniques like data masking. It also mandates that companies monitor data access and are ready to respond to data breaches. In the event that any company is found not to be compliant, they are subject to a fine of up to €20 million or 4% of the organization’s yearly turnover – whichever of the two figures is higher.
The penalties that come with breaching obligations enshrined in the GDPR has seen many companies invest significant funds into ensuring compliance. But what would that mean for the cryptocurrency industry?
First of all, that traders and exchanges active in the field need to respect the requirements laid down by the EU Regulation when processing personal data of their clients – like the personal details and banking information linked to your wallet on a cryptocurrency exchange. This is perhaps not very surprising, considering that exchanges have been in some jurisdictions deemed to be subject to financial regulation like Know Your Customer (KYC) and anti-money laundering legislation. Yet it is reported that while $48 million is spent on KYC annually by financial institutions, a survey of 25 cryptocurrency exchanges, as well as wallet platforms across Europe and the US, revealed that only 32% among them were fully compliant with KYC rules. As regulation increasingly becomes the norm across the cryptocurrency industry, it is easy to understand how exchanges and the like already fall under the scope of GDPR.
Blockchain and the GDPR
However, what is slightly trickier to grasp is the delicate balance between blockchain and the GDPR – as well as specific cryptocurrencies. According to research across 600 organizations that looked into the perceived biggest barriers for worldwide mainstream blockchain adoption, a whopping 27% of respondents stated that regulatory uncertainty is the biggest issue and another 4% went for concerns over audit and compliance. Another 25% highlighted a lack of trust among users, with 6% concerned with intellectual property.
You will find more infographics at Statista
The landscape is further perplexed when we introduce privacy regulations like the GDPR. In particular, as public blockchains use data that could be used to identify the user in the context of the transparency approach and store this data immutably on ledgers, this could be in violation of the EU rules. By contrast, GDPR advocates the right to have one’s personal data deleted – which is a headache in light of the immutability of blockchain ledgers.
Furthermore, if personally identifiable information (PII) is used by cryptocurrencies in order to record and carry it transactions, then they must take measures to make sure that this data is not vulnerable to cyber-attacks.
Of course, this all makes sense in cases where the GDPR actually applies – but given that its scope covers any company providing products or services or even just monitoring the behavior of individuals that are based within the EU, it is extremely probable that every cryptocurrency will fall under its scope in that sense. Yet the emphasis on privacy that GDPR brought with it could also open up new possibilities for the cryptocurrency world.
As data protection becomes more and more critical for most companies, the emergence of new digital coins like Zcash that focus on privacy by guaranteeing user anonymity can become the perfect way to comply with the GDPR. Zcash built on the original Bitcoin code and uses a new zero-knowledge proof protocol dubbed zk-SNARK. The new tech that privacy-oriented cryptocurrencies like Zcash bring to the table with regard to user anonymity and protection could be leveraged in other industries, too, in order to build safer models to implement transactions without leaving user data exposed.
As we move towards an increasingly regulated cryptocurrency industry, adhering to the GDPR rules will have a deep impact on the sector and trigger further developments with regard to how focused on privacy the industry is.
Image Source: Pexels