Crypto-assets' markets regulation: EDPS Opinion on the European Commission's Proposal
On 24 June 2021, the European Data Protection Supervisor (EDPS) issued an Opinion on the European Commission’s Proposal to regulate the crypto-assets’ markets.Overall, the Regulation seeks to prevent abuse in the crypto-assets’ markets.
The EDPS made a number of recommendations concerning this proposal, in particular on the responsibilities of those issuing crypto-assets.
As per the proposal, it is envisaged that issuers of crypto-assets may process the personal data of those purchasing crypto-assets by using various technologies and infrastructures, such as blockchain - a type of technology used in this case to record the purchasing and issuing of crypto-assets. Concerning the processing of individuals’ personal data, issuers of crypto-assets may be considered as data controllers, since they decide for which purposes individuals’ data may be processed and in what capacity, as well as the overall configuration of the crypto-asset project.
Given the type of personal data that may be processed and the infrastructure possibly used for this processing, the EDPS recommends that the issuers of crypto-assets - as possible data controllers - carry out a Data Protection Impact Assessment (DPIAs). A DPIA would allow issuers of crypto-assets to evaluate the risks of all possible processing operations, and measures to mitigate such risks, as per the obligation set out in the General Data Protection Regulation applicable to EU Member States.
In its concluding remarks, the EDPS suggests that issuers of crypto-assets explain in a transparent and simple way to individuals purchasing crypto-assets how their personal data may be processed. (edps.europa.eu/ photo: pixabay.com)