OAIC holds Facebook to account over Libra project
The Office of the Australian Information Commissioner (OAIC) has joined forces with international privacy regulators to demand information from Facebook and the Libra network on how they will protect personal information as part of the global cryptocurrency project.
The OAIC has initiated joint action with the UK’s Information Commissioner’s Office, with support from data protection authorities in the UK, US, Canada and EU.
The agencies have issued a joint statement on global privacy expectations of the Libra Network.
“As representatives of the global community of data protection and privacy enforcement authorities, collectively responsible for promoting the privacy of many millions of people around the world, we are joining together to express our shared concerns about the privacy risks posed by the Libra digital currency and infrastructure,” the statement reads.
“These risks are not limited to financial privacy, since the involvement of Facebook Inc., and its expansive categories of data collection on hundreds of millions of users, raises additional concerns.”
According to the authorities, many regulators have had to express previous issues where Facebook’s handling of people’s information has not met the expectations of regulators, or their own users.
Because of this, the regulators are sharing their expectations with the Libra Association, Facebook’s subsidiary Calibra and any future Libra digital wallet provider in advance.
These expectations include addressing questions such as how global data protection and privacy enforcement authorities can “be confident that the Libra Network has robust measures to protect the personal information of network users”.
In particular, Libra Network is expected to ensure that participants will provide clear information about how personal information can be used, ensure that privacy control settings are prominent and easy to use, and give people procedures for exercising their privacy rights — including deleting their accounts.
This last expectation could be a challenge given that information in distributed ledgers can never be deleted, only appended.
Libra Network will also be expected, among other things, to incorporate privacy by design principles while developing its infrastructure, undertake data protection impact assessments and ensure that its data protection and privacy policies, standards and controls apply consistently across all jurisdictions.
“This is an important step in a global regulatory movement that is holding online companies to account for how they handle personal information,” Australian Information Commissioner and Privacy Commissioner Angelene Falk said.
“Given the many initiatives taking place in our finance and technology sector, privacy must be a key component of any significant digital initiative such as Libra.”
The company has outlined plans to be carbon negative by 2030, and by 2050 to rebate all the...
We need to identify tech policies and priorities that set us up to benefit from the digitally...
Australian telecommunications operators are working to restore networks in bushfire-affected...