It seems like digital exchanges are popping up more and more frequently than ever, as cryptocurrency appears to be gaining popularity despite the recent dip in price over 2018.
User data has been a significant talking point of late, across many industries, not just crypto.
Consumers want, and have been granted more control over their data, and what those companies they have given their data to can do with it.
We all know, however, that cryptocurrency and blockchain technology is a new industry, and in many ways, it’s still finding its way.
The way in which it uses consumer data is part of that growing stage, but it’s a particular area where those who operate within the industry will have to grow up fast.
Challenges posed by the blockchain industry to protection of personal data
The blockchain is unlike any other technology out there at the moment. The very aspects that attract people to it are among those that could cause headaches for personal data protection.
Blockchain technology sells itself as decentralized and distributed, which is a huge positive in most ways, except in data protection.
How can you identify and hold responsible the entity for processing the personal data if you can’t determine who’s actually responsible?
We all know that transparency is another major selling point of blockchain technology, and this causes more issues with personal data.
One of the most significant talking points when it comes to personal data over the past few years has been the introduction of the General Data Protection Regulation (GDPR) within the European Union, which was created to provide EU citizens with a much higher level of control over their own data.
While this approach may work perfectly fine in more traditional industries, it causes quite the paradox of sorts within the blockchain sphere.
A quote from Andries Van Humbeeck, Blockchain consultant for TheLedger, sums the situation up perfectly –
“And here is the paradox: The goal of GPDR is to “give citizens back the control of their personal data, whilst imposing strict rules on those hosting and ‘processing’ this data, anywhere in the world.
“Also, one of the things GDPR states is that data “should be erasable.” Since throwing away your encryption keys is not the same as ‘erasure of data,’ GDPR prohibits us from storing personal data on a blockchain level. Thereby losing the ability to enhance control of your own personal data.”
So, how would a crypto exchange approach this situation?
It honestly depends on where the exchange is based, and more importantly where its client base is situated.
For those exchanges which operate in the European Union the GDPR regulations have to be dealt with and abided by, and there aren’t many exchanges which don’t offer services to customers based within the EU.
Larger, more popular exchanges such as Binance, BitForex, and Huobi are all pretty well versed on the GDPR laws, and although dealing with larger exchanges can be a no-brainer for many traders and crypto investors, sometimes a smaller exchange is a better option.
Can you be sure that those less popular exchanges who perhaps don’t operate under the same level of scrutiny are taking the same precautions as the larger exchanges mentioned?
The truth is, you can’t be. You simply have to do your homework and educate yourself before you invest any of your money.
GDPR states that customer data should be erasable, and this is something that is posing a lot of issues for crypto exchanges.
From what I can see, there’s only one exchange operating within Europe that actually claims to be able to handle this aspect of GDPR.
ETERBASE, a new exchange operating out of Liechtenstein calls itself “the first regulation-compliant European cryptocurrency exchange,” and claims that it can deal with complete customer data removal, as required by GDPR.
With the scope and reach of this new regulation you have to imagine that other exchanges will be following suit, but for the time being, it’s not something that is common.
The crypto space is somewhere that is still unregulated for the most part, especially in the US and Europe, but if mainstream acceptance and trust from institutional investors are to be gained, this will have to change sooner rather than later.