Multinational privacy regulator issues a joint statement: six soul tortures against Libra

International data protection and privacy regulators have called on Facebook and the Libra network to explain how their global cryptocurrency program will protect personal information.

The joint initiative was initiated by the Australian Information Commission Office and the Office of the UK Information Commission and supported by data protection authorities in the United States, Canada and the European Union.


Australian Information and Privacy Commissioner Angelene Falk said:

“This is an important step in global regulatory activities and requires network companies to be responsible for the way personal information is handled.”

“Given our many initiatives in finance and technology, privacy must be the key to any important digital project such as Libra.”

The following is a joint statement issued by data protection agencies in Australia, the United Kingdom, the United States, the European Union, and other countries and organizations:

Joint statement: Libra's privacy requirements

The Global Digital Protection and Privacy Enforcement Authority has a responsibility to increase the privacy of the world's population. As their representative, we share our concerns about the risks and infrastructure of the Libra digital currency. Other agencies and legislators expressed concern about the plan. The risks involved are not just financial privacy, because Facebook's involvement and its massive data of billions of users raise more concerns. The data protection department will also work closely with other regulatory agencies.

Facebook did not meet the expectations of regulators and their users in information processing earlier, and regulators had to deal with such situations. Because of this, we announced our expectations for the protection of personal information for the Libra Association, Facebook subsidiary Calibra and future Libra Digital Wallet suppliers (collectively Libra Networks).

We, the signatories to this statement, are part of the global data protection regulatory community. Although our regulatory framework and culture are different, the potential risks of the Libra network and our expectations for protecting the personal information of the Libra network are the same for us. We support the economic and social benefits of new technologies, but this must not be at the expense of people's privacy.

In today's digital age, it is critical that companies treat their personal information transparently and with responsibility. Good privacy governance and design are key to innovation and data protection – there is no contradiction between the two.

At this stage, although Facebook and Calibra have issued public statements on privacy issues, they have not clearly stated what information processing measures will be taken to protect personal information.

In addition, given the current rapid advancement plans of Libra and Calibra, we are surprised and worried that they still have not given more details.

As a founding member of the Libra Association, Facebook has the potential to drive rapid global adoption, including those that may not have a data protection law. Once the Libra network is turned on, it will immediately become an information manager for millions of people.

The combination of huge personal information reserves, financial information and cryptocurrencies has further raised our privacy concerns about Libra's network design and data sharing methods.

We hope that the Libra network will solve the following problems satisfactorily:

1. How can global data protection and privacy enforcement agencies ensure that Libra networks have powerful measures to protect users' personal information?

The Libra network will ensure that its participants do:

a. Provide clear information on how the personal information is used (including the use of analytics and algorithms, sharing of personal information between Libra network members and third parties) so that users can express their consent with clear and informed knowledge;

b. Create privacy protection default settings that do not directly or indirectly encourage people to share personal data with third parties or weaken their privacy rights;

c. Ensure that the privacy control settings are complete and easy to use;

d. Collect and process only the minimum amount of personal information necessary to achieve the intended purpose of the product or service and ensure the legality of the process;

e. Ensure that all personal data is properly protected;

f. Authorize users with simple instructions to exercise their privacy, including deleting their accounts and fulfilling their requests in a timely manner.

2. How will the Libra network design to incorporate privacy into its infrastructure development?

3. How will the Libra Association ensure that all data processors within the Libra network are identifiable and comply with their data protection obligations?

4. How does the Libra Network plan to conduct data protection impact assessments and how can they be sustained?

5. How will the Libra network ensure that its data protection and privacy policies, standards and controls are consistently applied in all jurisdictions where the Libra network is located?

6. Where will Libra network members share data:

a. What data will be involved?

b. To what extent will it be de-identified and what method will be used to achieve anti-recognition?

c. How will the Libra network ensure that data is not re-identified, including the use of executable contractual commitments with data sharers?

We look forward to the Libra network answering these questions. Future data protection departments may follow Libra independently to ask more specific questions.

We also expect all relevant agencies to comply with laws regarding data protection and privacy. These laws are equally applicable in cyberspace and the real world.

Strong privacy protection is the foundation of innovation in the digital world. As data protection and privacy enforcement agencies, we will work together on a global scale to ensure that this is not overlooked. We encourage all organizations to work with data protection and privacy enforcement agencies when developing services that have a significant impact on privacy.

Signature bar:

Albania Information and Data Protection Commissioner Besnik Dervishi

Australian Information and Data Protection Specialist Angelene Falk

Canadian Privacy Commissioner Daniel Therrien

Marguerite Ouedraogo Bonane, Chairman of the Information Technology and Civil Liberties Committee of Burkina Faso

Giovanni Buttarelli, Director of European Data Protection, EU

British Information Commissioner Elizabeth Denham CBE

US Federal Trade Commission Commissioner Rohit Chopra