Information Commissioner's Office
ICO joins international signatories in raising Libra data protection concerns
The Information Commissioner’s Office (ICO) has joined data protection authorities from around the world in calling for more openness about the proposed Libra digital currency and infrastructure.
A statement to Facebook and 28 other companies behind the project asks them to provide details of how customers’ personal data will be processed in line with data protection laws. It asks for assurances that only the minimum required data will be collected, that the service will be transparent, and requests details of how data will be shared between Libra Network members.
The statement is signed by a cross section of authorities representing millions of people in Europe, the Americas, Africa and Australasia. These include the UK’s Information Commissioner Elizabeth Denham and her counterparts in Australia, the USA, Canada, Burkina Faso and Albania, as well as the EU’s European Data Protection Supervisor.
Ms Denham said:
“The ambition and scope of the Libra project has the potential to change the online payment landscape, and to offer benefits to consumers. But that ambition must work in tandem with people’s privacy expectations and rights.
“Facebook’s involvement is particularly significant, as there is the potential to combine Facebook’s vast reserves of personal information with financial information and cryptocurrency, amplifying privacy concerns about the network’s design and data sharing arrangements.
“We know that the Libra Network has already opened dialogue with many financial regulators on how it intends to comply with financial services product rules. However, given the rapid plans for Libra and Calibra, we are concerned that there is little detail available about the information handling practices that will be in place to secure and protect personal information.
“I hope this statement will prompt an open and constructive conversation to ensure that data protection is a key part of the design process and that data protection regulators are a key consultative group as the Libra proposals develop.”
Notes to Editors
- The Information Commissioner’s Office (ICO) is the UK’s independent regulator for data protection and information rights law, upholding information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
- The ICO has specific responsibilities set out in the Data Protection Act 2018 (DPA2018), the General Data Protection Regulation (GDPR), the Freedom of Information Act 2000 (FOIA), Environmental Information Regulations 2004 (EIR) and Privacy and Electronic Communications Regulations 2003 (PECR).
- The General Data Protection Regulation (GDPR) is a new data protection law which applied in the UK from 25 May 2018. Its provisions are included in the Data Protection Act 2018. The Act also includes measures related to wider data protection reforms in areas not covered by the GDPR, such as law enforcement and security. The UK’s decision to leave the EU did not affect the commencement of the GDPR.
- The data protection principles in the GDPR evolved from the original DPA, and set out the main responsibilities for organisations. Article 5 of the GDPR requires that personal data shall be:
- Processed lawfully, fairly and in a transparent manner in relation to individuals;
- Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
- Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- Accurate and, where necessary, kept up to date
- Kept in a form which permits identification of data subjects for no longer than is necessary; and
- Processed using appropriate technical or organisational measures in a manner that ensures appropriate security of the personal data.”
- Article 5(2) requires that “the controller shall be responsible for, and be able to demonstrate, compliance with the principles.”
- To report a concern to the ICO go to ico.org.uk/concerns.
Latest News from
Information Commissioner's Office
Superior Style Home Improvements fined and issued with enforcement notice17/09/2019 13:20:00
The Information Commissioner’s Office (ICO) has fined a Swansea double-glazing company £150,000 for making nuisance calls.
Privacy attacks on AI models16/09/2019 13:20:00
Reuben Binns, our Research Fellow in Artificial Intelligence (AI), and Andrew Paterson, Principal Technology Adviser, discuss new security risks associated with AI, whereby the personal data of the people who the system was trained on might be revealed by the system itself.
SMOs must “prepare for all scenarios” to maintain data flows when UK leaves the EU11/09/2019 14:20:00
The ICO has urged businesses to “prepare for all scenarios” as it publishes dedicated guidance to help small and medium sized organisations prepare for the possibility that the UK leaves the European Union with no deal.
Information Commissioner’s Office issues warning about historical personal details accessed through work06/09/2019 12:25:00
An ICO investigation into the actions of two former Metropolitan Police Service (MPS) officers has concluded.
Statement on the High Court judgement on the use of live facial recognition technology by South Wales Police04/09/2019 13:25:00
An ICO spokesperson responded to the statement on the High Court judgement on the use of live facial recognition technology by South Wales Police
Data minimisation and privacy-preserving techniques in AI systems22/08/2019 12:20:00
Reuben Binns, our Research Fellow in Artificial Intelligence (AI), and Valeria Gallo, Technology Policy Adviser, discuss some of the techniques organisations can use to comply with data minimisation requirements when adopting AI systems.
Statement: Live facial recognition technology in King's Cross19/08/2019 15:25:00
Statement from Elizabeth Denham, Information Commissioner, on the use of live facial recognition technology in King's Cross, London.
Statement: Live facial recognition technology in Kings Cross16/08/2019 10:10:00
Statement from Elizabeth Denham, Information Commissioner, on the use of live facial recognition technology in Kings Cross, London.
Blog: Three top issues for town and parish councils15/08/2019 10:15:00
The advent of the GDPR in May 2018 brought new data protection obligations for many organisations. Some of this presented a challenge, particularly for smaller organisations like parish and town councils, who we saw were keen to demonstrate their compliance but needed support to achieve this.