The Swiss Federal Data Protection and Information Commissioner (FDPIC) reveals that Facebook’s Libra Association has not provided information on data protection.
This was stated in a communiqué which reported that on July 17th, 2019 the Commissioner had sent a letter to the Libra Association in Geneva asking them to define their official position on the current status of the Facebook cryptocurrency project.
The FDPIC claims to have taken note of the comments made by David Marcus during the hearing at the US Senate Committee, in particular on issues related to the governance of the Association and the role of the FDPIC as the supervisory authority.
However, there were no discussions between the Association and the Swiss Commissioner, so the latter wrote to the Association the next day to ask for clarifications, in particular on data protection.
The FDPIC assumes that, in relation to the issue of personal data, an impact assessment of the risks should be carried out, which will also specify the processing procedures envisaged and will assess the risks regarding the protection of data for those who will be involved in the project, proposing appropriate measures to minimise these risks.
In this letter, the Commissioner stated that, given that they had not received any indication as to which personal data might be processed, the Libra Association would be obliged to inform them of the current status of the project so that they could assess to what extent its competences and supervisory powers should apply.
There has not yet been a reply to this letter.
The issue of the privacy of Libra users’ data is one of the most sensitive since the data that will be stored on the blockchain will be public, and since the company owned by Facebook that will manage the transactions, Calibra, will have the obligation to know all the identities of users.
There are concerns that Libra may share this data with Facebook, greatly increasing the data collected by the social network on its users.
For now, the only justification given by David Marcus himself in this regard is that Calibra and Facebook will use two different computer systems that will not share data with each other, but this justification seems absolutely not sufficient to dispel the doubts.
It is therefore quite understandable why the Swiss Federal Data Protection and Information Commissioner needs more information on this issue, given that the Libra Association is based in Geneva.