Reddogs - stock.adobe.com

ICO joins international call for transparency around Facebook’s Libra currency

Data protection regulators from around the world have signed a statement raising privacy concerns about Libra

The UK’s Information Commissioner’s Office (ICO) has signed a joint statement with European and US regulators calling for more transparency around Facebook’s proposed digital currency and its supporting infrastructure.

The statement signed by six data protection authorities from around the world and the US Federal Trade Commission (FTC), asks Facebook and the 28 other companies behind the Libra project to provide assurances that customers’ personal data will be adequately protected.

The signatories said they were concerned about Facebook’s involvement in the digital currency, citing the company’s prior run-ins with regulators.

“Many of us in the regulatory community have had to address previous episodes where Facebook’s handling of people’s information has not met the expectations of regulators, or their own users,” the regulators said.

“Because of this, we are sharing our expectations of the Libra Association, Facebook’s subsidiary Calibra, and any future Libra digital wallet provider (collectively referred to as the Libra Network) in protecting the personal information it will handle.”

The regulators ask for specific assurances that Libra will collect only the minimum amount of data required, that the service will be transparent, and requests details of how data will be shared between Libra Network members.

They also request more detail on how data protection impact assessments will be carried out by the network and how it will ensure standards and controls are applied consistently across jurisdictions.

“Given the current plans for a rapid implementation of Libra and Calibra, we are surprised and concerned that this further detail is not yet available,” the regulators said.

Elizabeth Denham, the UK’s information commissioner, said: “Facebook’s involvement is particularly significant, as there is the potential to combine Facebook’s vast reserves of personal information with financial information and cryptocurrency, amplifying privacy concerns about the network’s design and data sharing arrangements.

“I hope this statement will prompt an open and constructive conversation to ensure that data protection is a key part of the design process and that data protection regulators are a key consultative group as the Libra proposals develop.”

Other signatories of the statement include Giovanni Buttarelli, the European data protection supervisor for the European Union; Angelene Falk, the Australian information and privacy commissioner; and Daniel Therrien, the privacy commissioner of Canada.

It was also signed by Rohit Chopra, commissioner of the US FTC, who voted against the agency’s recent decision to fine Facebook $5bn for not going far enough.

“Mark Zuckerberg, Sheryl Sandberg and other [Facebook] executives get blanket immunity for their role in the violations. This is wrong and sets a terrible precedent. The law doesn’t give them a special exemption,” he tweeted at the time.

“Facebook’s flagrant violations were a direct result of its business model of mass surveillance and manipulation, and this action blesses this model. The settlement does not fix this problem.”

In June, law makers on the Senate banking committee attacked Facebook, arguing that it takes a “breathtaking amount of arrogance” to launch a global digital currency given the company’s poor track record on privacy.

Read more about data privacy

  • Facebook COO Sheryl Sandberg invited one of George Osborne’s children to Facebook’s office as part of an intensive lobbying programme to influence European data protection legislation.
  • A week after issuing the first serious GDPR fines, the ICO has further underlined the importance of data stewardship and due diligence regarding privacy practices.
  • Facebook chief calls for new internet regulation in four key areas to define clear responsibilities for people, companies and governments, including more GDPR-aligned data protection rules.

Read more on Privacy and data protection