The Right Balance Between Blockchain Privacy and Blockchain Compliance
Privacy can exist on a spectrum. When it comes to this hot topic of blockchain privacy and compliance, it’s easy to think in absolute terms. But the unfortunate truth is that this is rarely a binary, even in real life.
This conversation is increasingly important as different jurisdictions start to regulate the roles of individuals, businesses, and governments in the context of blockchain compliance.
Privacy, Technology, and Policy
We’re always being selective about our privacy in everyday interactions. We choose to share identity, financial information, or personal interests to everyone ranging from close relatives to online strangers to large corporations to the government.
These disclosures happen because that personal information is necessary to the other party and we expect to receive a service or good in return. For example, a company might need your financial information to process a payment or your identity in order to comply with KYC or AML.
At the end of the day, individual and enterprise users alike have a right to customize their own privacy settings depending on the context. We should think about blockchain privacy in the same way. True privacy means that everyone fully owns their information and can be selective about how to share it.
In a functioning society, this will sometimes mean making disclosures to satisfy business terms or legal requirements. The goal is to make users aware of what, how, why, and who they share their sensitive details with and give them proper tools to manage the process.
Revealing Secrets Selectively
There’s a reason, however, why we’ve become used to talking about blockchain privacy in the wrong way. The internet’s current server-based architecture lets a handful of centralized entities collect and manage the information of billions of users. As a result, people think about privacy as a “take it or leave it” deal in exchange for convenience.
But now we’re at a place where we can digitally emulate real life when it comes to privacy. Web3’s infrastructure puts users back in a position where they can access company services while their information stays with them and not in a remote server. Zero-knowledge proofs even lets them prove claims without revealing any information at all.
Whose Choice Is It?
All of this leaves us with the question of who gets to choose what. There’s a balance to strike in terms of how information is shared between individuals, businesses, and government institutions.
Individual Prerogative
The decision to reveal personal information should always remain in the hands of individuals. However, government institutions will still choose when and how to enforce their own terms. This leaves individuals in a position where they’re incentivized to provide information on their own in return for a service, benefit, or protection.
A perfect example of how this exists with the European GDPR regulations. Here, individuals always have the option to opt-out of any data exchange before every interaction. This lets them retain their agency. At the same time, it provides businesses the guidelines to operate effectively and within defined boundaries.
Business Models
Just as individuals can define their own privacy decisions, businesses also have a right to enforce their own policy requirements. It wouldn’t be disagreeable for businesses that rely on ad revenue to require certain disclosures in exchange for better services. Both ends of the market can decide what to accept and reject, without a centralized middle man.
But we’re seeing recent legislation that could tilt the balance too far in the opposite direction of GDPR. Florida’s “Digital Bill of Rights” (SB262) will require digital services to disclose important competitive information about their business models and comply with individual privacy requests that are operationally unfeasible.
Government Protection
This leads us to the role of governments. It would be naive to expect that governments won’t maintain some degree of enforceability over critical information, especially in matters of national security. Everyday concerns matter, too.
The INFORM Consumers Act offers clear protections for buyers against the epidemic of counterfeit goods that exists in online marketplaces. The new regulation rightfully requires platforms to verify vendors’ identities to ensure consumer protection against fraud.
The Right Understanding
However, this is not to say that heavy-handed actions around blockchain compliance enforced by government institutions are justified. A lot of the fear mongering around blockchain privacy is due to a fundamental misunderstanding by regulators on how anonymous transfers actually work.
Web3 simply returns privacy to its rightful place as an individual prerogative and makes it negotiable. This is the outlook that should inform the conversation about the roles that individuals, businesses, and governments play in blockchain compliance and any resulting regulations.
Tune in to the Aleph Zero podcast to go in-depth and learn more about blockchain compliance and compliant solutions in web3. Join the Aleph Zero community for updates on the latest developments on web3 privacy.