Libra, Facebook’s global digital currency plan, is fuzzy on privacy, watchdogs warn – TechCrunch

Privacy commissioners from the Americas, Europe, Africa and Australasia have put their names to a joint statement raising concerns about a lack of clarity from Facebook over how data protection safeguards will be baked into its planned cryptocurrency project, Libra.

Facebook officially unveiled its big bet to build a global digital currency using blockchain technology in June, steered by a Libra Association with Facebook as a founding member. Other founding members include payment and tech giants such as Mastercard, PayPal, Uber, Lyft, eBay; VC firms including Andreessen Horowitz, Thrive Capital and Union Square Ventures; and not-for-profits such as Kiva and Mercy Corps.

At the same time, Facebook announced a new subsidiary of its own business, Calibra, which it said will create financial services for the Libra network, including offering a standalone wallet app that it expects to bake into its messaging apps, Messenger and WhatsApp, next year — raising concerns it could quickly gain a monopolistic hold over what’s being couched as an “open” digital currency network, given the dominance of the associated social platforms where it intends to seed its own wallet.

In its official blog post hyping Calibra, Facebook avoided any talk of how much market power it might wield via its ability to promote the wallet to its existing 2.2 billion+ global users, but it did touch on privacy — writing “we’ll also take steps to protect your privacy” by claiming it would not share “account information or financial data with Facebook or any third party without customer consent.”

Except for when it admitted it would; the same paragraph states there will be “limited cases” when it may share user data. These cases will “reflect our need to keep people safe, comply with the law and provide basic functionality to the people who use Calibra,” the blog adds. (A Calibra Customer Commitment provides little more detail than a few sample instances, such as “preventing fraud and criminal activity.”)

All of that might sound reassuring enough on the surface, but Facebook has used the fuzzy notion of needing to keep its users “safe” as an umbrella justification for tracking non-Facebook users across the entire mainstream internet, for example.

So the devil really is in the granular detail of anything the company claims it will and won’t do.

Hence the lack of comprehensive details about Libra’s approach to privacy and data protection is causing professional watchdogs around the world to worry.

“As representatives of the global community of data protection and privacy enforcement authorities, collectively responsible for promoting the privacy of many millions of people around the world, we are joining together to express our shared concerns about the privacy risks posed by the Libra digital currency and infrastructure,” they write. “Other authorities and democratic lawmakers have expressed concerns about this initiative. These risks are not limited to financial privacy, since the involvement of Facebook Inc., and its expansive categories of data collection on hundreds of millions of users, raises additional concerns. Data protection authorities will also work closely with other regulators.”

Among the commissioners signing the statement is the FTC’sRohit Chopra, one of two commissioners at the U.S. Federal Trade Commission who dissented from the$5 billion settlement order that was passed by a 3:2 vote last month. 

Also raising concerns about Facebook’s transparency about how Libra will comply with privacy laws and expectations in multiple jurisdictions around the world are: Canada’s privacy commissioner Daniel Therrien; the European Union’s data protection supervisor, Giovanni Buttarelli; U.K. Information commissioner, Elizabeth Denham; Albania’s information and data protection commissioner, Besnik Dervishi; the president of the Commission for Information Technology and Civil Liberties for Burkina Faso, Marguerite Ouedraogo Bonane; and Australia’s information and privacy commissioner, Angelene Falk.

In the joint statement — on what they describe as “global privacy expectations of the Libra network” — they write:

In today’s digital age, it is critical that organisations are transparent and accountable for their personal information handling practices. Good privacy governance and privacy by design are key enablers for innovation and protecting data – they are not mutually exclusive. To date, while Facebook and Calibra have made broad public statements about privacy, they have failed to specifically address the information handling practices that will be in place to secure and protect personal information. Additionally, given the current plans for a rapid implementation of Libra and Calibra, we are surprised and concerned that this further detail is not yet available. The involvement of Facebook Inc. as a founding member of the Libra Association has the potential to drive rapid uptake by consumers around the globe, including in countries which may not yet have data protection laws in place. Once the Libra Network goes live, it may instantly become the custodian of millions of people’s personal information. This combination of vast reserves of personal information with financial information and cryptocurrency amplifies our privacy concerns about the Libra Network’s design and data sharing arrangements.

We’ve pasted below the list of questions they’re putting to the Libra Network — which they specify is “non-exhaustive,” saying individual agencies may follow up with more “as the proposals and service offering develops.”

Among the details they’re seeking answers to is clarity on what users’ personal data will be used for and how users will be able to control what their data is used for.

The risk of dark patterns being used to weaken and undermine users’ privacy is another stated concern.

Where user data is shared the commissioners are also seeking clarity on the types of data and the de-identification techniques that will be used — on the latter researchers have demonstrated for years that just a handful of data points can be used to re-identify credit card users from an “anonymous” data set of transactions, for example.

Here’s the full list of questions being put to the Libra Network:

We’ve reached out to Facebook for comment.

Update: A Facebook spokesperson sent this statement, attributed to Dante Disparte of the Libra Association:

Source: TechCrunch

Powered by NewsAPI.org

Keywords:

Libra (DC Comics) • Facebook • Globalization • Digital currency • Privacy • Watchdog journalism • TechCrunch • Privacy • Americas • Europe • Africa • Australasia • Facebook • Privacy • Cryptocurrency • Libra (Marvel Comics) • Facebook • Digital currency • Blockchain • Libra (Marvel Comics) • Facebook • Entrepreneurship • Technology • MasterCard • PayPal • Uber (company) • Lyft • EBay • Venture capital • Business • Andreessen Horowitz • Joshua Kushner • Union Square Ventures • Nonprofit organization • Kiva (organization) • Mercy Corps • Facebook • Subsidiary • Opel Calibra • Financial services • Microsoft Academic Search • Computer network • Software • Wallet (software) • Mobile app • Instant messaging • Mobile app • Instant messaging • WhatsApp • Monopoly • Open-source software • Digital currency • Computer network • Blog • Opel Calibra • Facebook • Market power • Privacy • Privacy • Information • Facebook • Customer • Consent • State (polity) • Lawsuit • Lawsuit • Person • Law • Person • Opel Calibra • Blog • Opel Calibra • Contract • Fraud • Facebook • Theory of justification • Facebook • Internet • Microsoft Academic Search • Privacy • Privacy • Watchdog journalism • Privacy • Privacy • Law enforcement • Authority • Collective responsibility • Privacy • Privacy • Microsoft Academic Search • Electronic money • Democracy • Risk management • Financial privacy • Facebook • Privacy • Federal Trade Commission • Federal Trade Commission • Facebook • Libra (constellation) • Privacy law • Canada • Privacy Commissioner of Canada • European Union • Information privacy • Giovanni Buttarelli • United Kingdom • Information Commissioner's Office • Elizabeth Denham • Albania • Data Protection Commissioner • Besnik Musaj • Teki Dervishi • Information technology • Civil liberties • Burkina Faso • Australia • Information and Privacy Commissioner of Ontario • Libra (Toni Braxton album) • Information Age • Critical theory • Organization • Transparency (behavior) • Accountability • Personally identifiable information • Information processing • Value (ethics) • Corporate governance • Privacy by design • Data • Facebook • Opel Calibra • Privacy • Microsoft Academic Search • Opel Calibra • Facebook • Libra (Marvel Comics) • Consumer • Privacy • Libra (astrology) • Cryptocurrency • Privacy • Microsoft Academic Search • Computer network • Libra (Toni Braxton album) • Personally identifiable information • User (computing) • Privacy • Personally identifiable information • De-identification • Credit card • Anonymous (group) • Data set • Libra (astrology) • Facebook • Facebook • Dante Alighieri • Libra (astrology) •