Pages:
Author

Topic: KYC/AML requirements and (EU) data protection - page 2. (Read 402 times)

hero member
Activity: 3010
Merit: 794
February 03, 2018, 02:24:30 PM
#9
Basically they are linking their method same as the bank do in order to prove that their client their dealing is a legit one, and is capable of producing income in a legal basis, I mean if you are not into something suspicious or illegal activities then why should you be afraid of covering up your identity, you shouldn't be wary of something like this.

You have totally misunderstood the question here - it is not whether you should submit proof of identity to the service providers, but whether there are any safeguards in place to protect your data.
Even if you have 'nothing to hide', your personal data (say passport copy) could be used to impersonate you. Data protection laws exist to ensure that companies are held liable if they are careless with personal information.
Its still good to have those institution that do really imposing some laws to those companies who do gather informations into people they are dealing with but yet we cant still be sure if there would be no underground leaks on using such information this is why people would really bother or still hesitate sharing up sensitive information.We dont like for someone to impersonate us when those informations will leak.
full member
Activity: 882
Merit: 112
Your Data Belongs To You
February 03, 2018, 07:16:55 AM
#8

I realized that recently many ICOs and even some airdrops require participants/investors to submit personal data and documents such as passports or IDs to the organizer of the ICO/airdrop for reasons of KYC/AML. Now many people are wondering if their data is protected and what will happen with it. I would thus like to make you aware of the EU data protection regulation that will enter into force in May 2018 and that was designed to protect (EU) consumers in cases where their personal data is processes. Processing means any operation, which is performed on personal data such as sharing, disseminating, structuring etc.
 
So what are a few of the basic rights and obligations contained in the regulation:
 
- data may only be processed if the consumer has given consent and in case it is really required. This consent may be withdrawn at any time.
- data may only be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
- the company has to be able to prove that the consumer has given consent to the processing
-you may request infomation about your data being processed at any time
- you have a right "to be forgotten" so you can always request that the company deletes your personal data
-a personal data breach (e.g. hack) has to be reported to the supervisory authorities and in case of a high risk directly to the individual
- fines of up to 20.000.000 € in case of breaches of the regulation
 
You may now wonder why should e.g. companies based in the US or Asia worry about respecting the rights guaranteed by the EU data protection regulation. After all their legal seat is outside the territory of the EU. Well, the data protection regulation also applies in cases where data of an EU citizen is processed even if the company is not located within the EU and goods or services are offered to EU citizens. Of course a company running an ICO may always argue that a token is not a good. So this is a question that would need further clarification by the European Court of Justice.
 
So we see that at least EU citizens have a strong set of rules that protects them. However enforcing these rights is always a bit tricky in particular in case of "digital" companies.


Recently i had to submit KYC to Bounty program in order to be paid for it. As I was doing it , I was thinking of the security question. Lets be real how good can be data storage of ICO's data server, do they even think of security of collected data. They collected thousands of participants data . I will definitely try to exercise the right to ask them to my data being deleted after May.

I don't see how the Keiser Reich can enforce their laws outside their jurisdiction. The whole point of Brexit is so that we can tell them to poke their laws up their Keiser Pass. However, data protection laws are important, and hopefully the ICO will be administered from a locstion that does have competent data protection laws. It is difficult to see how they can be enforced, or the reasons some of the details are required.

I do not know why are you referring to Brexit , seems a bit off topic. But if the company wants to operate in EU, which it will want to do in most cases, they will have to comply.
And I believe there is already some what similar situation  in the ICO world with US and US regulation regarding prohibition of their customers to participate in ICO's. Responsibility of compiling with this law applies to company and  everyone is complying, because they do not want to face the consequences.
jr. member
Activity: 154
Merit: 5
February 03, 2018, 05:29:00 AM
#7
I don't see how the Keiser Reich can enforce their laws outside their jurisdiction. The whole point of Brexit is so that we can tell them to poke their laws up their Keiser Pass. However, data protection laws are important, and hopefully the ICO will be administered from a locstion that does have competent data protection laws. It is difficult to see how they can be enforced, or the reasons some of the details are required.

I don’t want to get into a discussion about Brexit since you seem to be quite emotional about this, but rest assured that there are ways to enforce EU law outside the territory of the EU. I don’t know if you have heard of bilateral/multilateral assistance agreements. If not you should maybe Google it. It also seems that you should maybe read up a bit on your beloved Brexit if you believe that the EU, which you elegantly refer to as “Keiser Reich”, will not be able to enforce EU data protection laws after Brexit.

Btw. it’s Kaiser not Keiser  Wink.
legendary
Activity: 2828
Merit: 2472
https://JetCash.com
February 02, 2018, 10:04:11 AM
#6
I don't see how the Keiser Reich can enforce their laws outside their jurisdiction. The whole point of Brexit is so that we can tell them to poke their laws up their Keiser Pass. However, data protection laws are important, and hopefully the ICO will be administered from a locstion that does have competent data protection laws. It is difficult to see how they can be enforced, or the reasons some of the details are required.
jr. member
Activity: 154
Merit: 5
February 01, 2018, 03:32:57 AM
#5
Basically they are linking their method same as the bank do in order to prove that their client their dealing is a legit one, and is capable of producing income in a legal basis, I mean if you are not into something suspicious or illegal activities then why should you be afraid of covering up your identity, you shouldn't be wary of something like this.

You have totally misunderstood the question here - it is not whether you should submit proof of identity to the service providers, but whether there are any safeguards in place to protect your data.
Even if you have 'nothing to hide', your personal data (say passport copy) could be used to impersonate you. Data protection laws exist to ensure that companies are held liable if they are careless with personal information.

This is exactly the point. If you share your personal data with someone it is important to be aware of the fact that not anything can be done with it but rather that there are quite strict rules around it.

I do also understand the point that was raised by Lancusters. Of course it is difficult to know who the source of a possible data breach is, but if you always think first before you submit your data to someone you should be able to narrow it down. Once you have done so you have a right to receive the respective information from the concerned companies. Of course there will always be companies that are not willing to comply with the rules governing their activities but this is a problem not specific to data protection and this is also the reason why we have sanctions.
legendary
Activity: 1554
Merit: 1026
★Nitrogensports.eu★
February 01, 2018, 12:25:29 AM
#4
Basically they are linking their method same as the bank do in order to prove that their client their dealing is a legit one, and is capable of producing income in a legal basis, I mean if you are not into something suspicious or illegal activities then why should you be afraid of covering up your identity, you shouldn't be wary of something like this.

You have totally misunderstood the question here - it is not whether you should submit proof of identity to the service providers, but whether there are any safeguards in place to protect your data.
Even if you have 'nothing to hide', your personal data (say passport copy) could be used to impersonate you. Data protection laws exist to ensure that companies are held liable if they are careless with personal information.
full member
Activity: 168
Merit: 120
Basically they are linking their method same as the bank do in order to prove that their client their dealing is a legit one, and is capable of producing income in a legal basis, I mean if you are not into something suspicious or illegal activities then why should you be afraid of covering up your identity, you shouldn't be wary of something like this.
sr. member
Activity: 630
Merit: 263
This is the standard rules on the protection of personal information which exist in most countries. What this gives you? Fine? Lol! How can you prove who has become a source distribution of your data? Access to these data has several sources. If you need complete privacy you need to live on a desert island.
jr. member
Activity: 154
Merit: 5

I realized that recently many ICOs and even some airdrops require participants/investors to submit personal data and documents such as passports or IDs to the organizer of the ICO/airdrop for reasons of KYC/AML. Now many people are wondering if their data is protected and what will happen with it. I would thus like to make you aware of the EU data protection regulation that will enter into force in May 2018 and that was designed to protect (EU) consumers in cases where their personal data is processes. Processing means any operation, which is performed on personal data such as sharing, disseminating, structuring etc.
 
So what are a few of the basic rights and obligations contained in the regulation:
 
- data may only be processed if the consumer has given consent and in case it is really required. This consent may be withdrawn at any time.
- data may only be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
- the company has to be able to prove that the consumer has given consent to the processing
-you may request infomation about your data being processed at any time
- you have a right "to be forgotten" so you can always request that the company deletes your personal data
-a personal data breach (e.g. hack) has to be reported to the supervisory authorities and in case of a high risk directly to the individual
- fines of up to 20.000.000 € in case of breaches of the regulation
 
You may now wonder why should e.g. companies based in the US or Asia worry about respecting the rights guaranteed by the EU data protection regulation. After all their legal seat is outside the territory of the EU. Well, the data protection regulation also applies in cases where data of an EU citizen is processed even if the company is not located within the EU and goods or services are offered to EU citizens. Of course a company running an ICO may always argue that a token is not a good. So this is a question that would need further clarification by the European Court of Justice.
 
So we see that at least EU citizens have a strong set of rules that protects them. However enforcing these rights is always a bit tricky in particular in case of "digital" companies.
Pages:
Jump to: