Topic: KYC/AML requirements and (EU) data protection - page 2. (Read 393 times)

Its still good to have those institution that do really imposing some laws to those companies who do gather informations into people they are dealing with but yet we cant still be sure if there would be no underground leaks on using such information this is why people would really bother or still hesitate sharing up sensitive information.We dont like for someone to impersonate us when those informations will leak.

Recently i had to submit KYC to Bounty program in order to be paid for it. As I was doing it , I was thinking of the security question. Lets be real how good can be data storage of ICO's data server, do they even think of security of collected data. They collected thousands of participants data . I will definitely try to exercise the right to ask them to my data being deleted after May.


I do not know why are you referring to Brexit , seems a bit off topic. But if the company wants to operate in EU, which it will want to do in most cases, they will have to comply.
And I believe there is already some what similar situation  in the ICO world with US and US regulation regarding prohibition of their customers to participate in ICO's. Responsibility of compiling with this law applies to company and  everyone is complying, because they do not want to face the consequences.

I don’t want to get into a discussion about Brexit since you seem to be quite emotional about this, but rest assured that there are ways to enforce EU law outside the territory of the EU. I don’t know if you have heard of bilateral/multilateral assistance agreements. If not you should maybe Google it. It also seems that you should maybe read up a bit on your beloved Brexit if you believe that the EU, which you elegantly refer to as “Keiser Reich”, will not be able to enforce EU data protection laws after Brexit.

Btw. it’s Kaiser not Keiser  .

I don't see how the Keiser Reich can enforce their laws outside their jurisdiction. The whole point of Brexit is so that we can tell them to poke their laws up their Keiser Pass. However, data protection laws are important, and hopefully the ICO will be administered from a locstion that does have competent data protection laws. It is difficult to see how they can be enforced, or the reasons some of the details are required.

This is exactly the point. If you share your personal data with someone it is important to be aware of the fact that not anything can be done with it but rather that there are quite strict rules around it.

I do also understand the point that was raised by Lancusters. Of course it is difficult to know who the source of a possible data breach is, but if you always think first before you submit your data to someone you should be able to narrow it down. Once you have done so you have a right to receive the respective information from the concerned companies. Of course there will always be companies that are not willing to comply with the rules governing their activities but this is a problem not specific to data protection and this is also the reason why we have sanctions.

You have totally misunderstood the question here - it is not whether you should submit proof of identity to the service providers, but whether there are any safeguards in place to protect your data.
Even if you have 'nothing to hide', your personal data (say passport copy) could be used to impersonate you. Data protection laws exist to ensure that companies are held liable if they are careless with personal information.

Basically they are linking their method same as the bank do in order to prove that their client their dealing is a legit one, and is capable of producing income in a legal basis, I mean if you are not into something suspicious or illegal activities then why should you be afraid of covering up your identity, you shouldn't be wary of something like this.

This is the standard rules on the protection of personal information which exist in most countries. What this gives you? Fine? Lol! How can you prove who has become a source distribution of your data? Access to these data has several sources. If you need complete privacy you need to live on a desert island.

I realized that recently many ICOs and even some airdrops require participants/investors to submit personal data and documents such as passports or IDs to the organizer of the ICO/airdrop for reasons of KYC/AML. Now many people are wondering if their data is protected and what will happen with it. I would thus like to make you aware of the EU data protection regulation that will enter into force in May 2018 and that was designed to protect (EU) consumers in cases where their personal data is processes. Processing means any operation, which is performed on personal data such as sharing, disseminating, structuring etc.
 
So what are a few of the basic rights and obligations contained in the regulation:
 
- data may only be processed if the consumer has given consent and in case it is really required. This consent may be withdrawn at any time.
- data may only be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
- the company has to be able to prove that the consumer has given consent to the processing
-you may request infomation about your data being processed at any time
- you have a right "to be forgotten" so you can always request that the company deletes your personal data
-a personal data breach (e.g. hack) has to be reported to the supervisory authorities and in case of a high risk directly to the individual
- fines of up to 20.000.000 € in case of breaches of the regulation
 
You may now wonder why should e.g. companies based in the US or Asia worry about respecting the rights guaranteed by the EU data protection regulation. After all their legal seat is outside the territory of the EU. Well, the data protection regulation also applies in cases where data of an EU citizen is processed even if the company is not located within the EU and goods or services are offered to EU citizens. Of course a company running an ICO may always argue that a token is not a good. So this is a question that would need further clarification by the European Court of Justice.
 
So we see that at least EU citizens have a strong set of rules that protects them. However enforcing these rights is always a bit tricky in particular in case of "digital" companies.