Crypto-assets' markets regulation: EDPS Opinion on the European Commission's Proposal

On 24 June 2021, the European Data Protection Supervisor (EDPS) issued an Opinion on the European Commission’s Proposal to regulate the crypto-assets’ markets.

The proposed Regulation includes a series of obligations and requirements concerning the trading of electronic money tokens, rules on the authorisation and supervision of those issuing and/or providing electronic money tokens, rules to protect individuals purchasing electronic money tokens. Overall, the Regulation seeks to prevent abuse in the crypto-assets’ markets.

The EDPS made a number of recommendations concerning this proposal, in particular on the responsibilities of those issuing crypto-assets.

As per the proposal, it is envisaged that issuers of crypto-assets may process the personal data of those purchasing crypto-assets by using various technologies and infrastructures, such as blockchain - a type of technology used in this case to record the purchasing and issuing of crypto-assets. Concerning the processing of individuals’ personal data, issuers of crypto-assets may be considered as data controllers, since they decide for which purposes individuals’ data may be processed and in what capacity, as well as the overall configuration of the crypto-asset project.

Given the type of personal data that may be processed and the infrastructure possibly used for this processing, the EDPS recommends that the issuers of crypto-assets - as possible data controllers - carry out a Data Protection Impact Assessment (DPIAs). A DPIA would allow issuers of crypto-assets to evaluate the risks of all possible processing operations, and measures to mitigate such risks, as per the obligation set out in the General Data Protection Regulation applicable to EU Member States.

In its concluding remarks, the EDPS suggests that issuers of crypto-assets explain in a transparent and simple way to individuals purchasing crypto-assets how their personal data may be processed. (edps.europa.eu/ photo: pixabay.com)

The Opinion is available here

Comments

Post a Comment

Popular posts from this blog

Ombudsman inquiry on Commission President’s text messages is a wake-up call for EU

Image
The European Ombudsman inquiry into the Commission’s handling of a request for text messages between its President and the CEO of a pharmaceutical company is a wake-up call for all EU institutions about ensuring accountability in an era of instant messaging. One year after the initial request by a journalist, the Commission has still not clarified whether messages reported to concern major vaccine procurement deals exist and whether the public is entitled to see them. The Ombudsman had asked the Commission, in a finding of maladministration in January, to conduct a more thorough search for the text messages. The Commission’s recent response failed to say whether it had looked directly and correctly for the text messages and if not, why not. While the response recognised that work-related text messages can be EU documents, it reiterated that the Commission’s internal policy is, in effect, not to register text messages. The Ombudsman has closed  the inquiry  and upheld...
Read more

Annual Report on the execution of the European Court's judgments and decisions

Image
The Secretary General of the Council of Europe, Alain Berset, has called for further efforts to implement judgments from the European Court of Human Rights. Commenting on the  annual report for 2024  on the execution of the Court’s rulings, published today, the Secretary General said: “ This report shows what a concrete, positive impact judgments from the European Court of Human Rights have on the daily lives of the people of Europe. While a lot has been achieved, more needs to be done. The efficient execution of the Court's judgments is essential for the rule of law and democratic accountability in Europe .” The annual report from the Council of Europe’s Committee of Ministers shows that 992 cases were transferred from the European Court of Human Rights to Committee, which supervises their implementation by member states, in 2024. Of those 992 new cases, 194 were “leading” cases – often requiring action to be taken by states to prevent the same violations happ...
Read more

Cancellation of a flight: The refund of the airline ticket price must include the commission collected by an intermediary at the time of purchase (CJEU)

Image
Judgment of the Court in Case C-45/24 (15.1.2026)- Verein für Konsumenteninformation : Cancellation of a flight: the refund of the airline ticket price must include the commission collected by an intermediary at the time of purchase. It is not necessary for the airline to know the exact amount of that commission. Several travellers purchased airline tickets on the booking portal of the Opodo travel agency [1] for a KLM return flight from Vienna (Austria) to Lima (Peru). Since the flights were cancelled, KLM reimbursed the amount they had paid, minus approximately € 95 that Opodo had charged them as agency commission. The air passengers concerned assigned their potential rights to reimbursement to a consumer protection association. That association contends, before the Austrian courts, that the reimbursement of the cost of the airline tickets by the airline in question should include the agency commission charged to passengers, as in the present case, by a travel agency acting as that a...
Read more

Fully-funded PhD position in AI, Law and Public Power

Image
Erasmus University Rotterdam School of Law, department Law & Markets, is looking for a fulltime PhD researcher in AI, Law and Public Power (4,5 years with 20% teaching tasks). PhD AI, Law and Public Power Are you curious about how artificial intelligence is changing state actor powers? Do you want to conduct critical and in-depth legal research at the intersection of technology, law and power? And would you like to combine that with academic teaching? Then this PhD position at Erasmus School of Law is for you. Within the Law & Markets team, you will spend 4.5 years researching the legal regulation of AI in the public sector. How do we protect fundamental rights when algorithms help decide on who receives public benefits, how to perform enforcement or how to enact environmental policy? What is the role of the state, and where is the limit of government power in a data-driven society? You will have plenty of space to choose your own research angle and work in a multidisci...
Read more

ECHR Rules on Employee Data Privacy: The Guyvan v. Ukraine Judgment

Image
This case before the European Court of Human Rights (ECHR) primarily concerned a complaint under Article 8 (Right to respect for private and family life) of the European Convention on Human Rights, specifically regarding the processing of data from an applicant's work mobile telephone by his employer. Facts The applicant, was an employee whose work mobile phone was also used for private calls. In the context of an internal investigation related to the use of the phone, his employer, P. company, obtained detailed information from the mobile phone operator. This information included the date, time, and type of communication (incoming/outgoing), and details about international roaming services. The employer requested this data to verify the applicant's presence at his workplace. The applicant subsequently lodged a civil claim against the company, arguing that the collection and processing of his personal data were unlawful and requesting that the company be ordered to provid...
Read more

Personal data collected by means of body cameras worn by ticket inspectors on public transport – Legal basis for the obligation on the data controller to provide information to the data subject (CJEU)

Image
Judgment of the Court of Justice in Case C-422/24 (Storstockholms Lokaltrafik) dated 18.12.2025 - GDPR: If a body camera is used during a ticket inspection, certain information must be provided immediately to the passenger concerned. The most important information may be indicated on a warning sign, while other information may be provided in an easily accessible place. A public transport company in Stockholm (Sweden) equips its ticket inspectors with body cameras to film passengers during ticket inspections. The Swedish Authority for Privacy Protection fined that company for breaching several provisions of the General Data Protection Regulation (GDPR). [1]  Among other things, it considers that the use of body cameras allowed personal data to be collected directly [2] from the persons filmed, who had not been provided with sufficient information in that regard.  The company disputes that there has been a breach of the obligation to provide information. It maintains that it col...
Read more

The rules of UEFA on ‘homegrown players’ could be contrary to EU law (ECJ)

Image
According to the Judgment of the Court of Justice (21.12.2023) in Case C-680/21 (Royal Antwerp Football Club),  the rules of UEFA and the Belgian football association on ‘homegrown players’ could be contrary to EU law. A footballer and a Belgian club are challenging UEFA’s rules and those of the Belgian football association that require a minimum number of ‘home-grown players’ to be included in teams. The Court holds that that requirement could infringe both competition rules and the free movement of workers. However, the national court in charge of the case will have to verify whether or not that is the case. UEFA (Union of European Football Associations) requires football clubs to have a minimum number of ‘home-grown players’ in their teams. The Belgian football association (URBSFA) has adopted similar rules. In both cases, those rules define ‘home-grown players’ as players who are trained at national level, although UEFA’s rules also refer to players trained within a given club....
Read more