Financial Regulators from North America, Britain, and Asia are seeking an urgent, formal exemption from the EU’s GDPR regulation to avoid its possible impact on cross-border investigations, including those relating to cryptocurrencies.
The European Union's General Data Protection Regulation (GDPR[1]) was implemented on May 25, 2018, after years of discussion and recent lobbying by international regulators.
As reported by Reuters[2] on June 25, officials are warning that a failure to explicitly exempt market regulators from GDPR could jeopardize international investigations into market manipulation and fraud, including those related to cryptocurrencies, as well as any subsequent enforcement actions. This includes investigations being conducted by the US.
In its directive to protect the personal data privacy for EU citizens, GDPR imposes new conditions and extra privacy safeguards for cross-border personal data transfers. Before GDPR came into force, a clear exemption existed for regulators to gain and share information relevant to investigations into alleged or potential misconduct when such information sharing was in the public interest. Bank and trading account information was included in this exemption.
Though GDPR has a similar exemption, regulators argue that the language therein lacks clarity, and leaves them exposed to legal uncertainty. Cross-border information sharing, they say, could be challenged on the grounds that privacy protections in other countries are less robust than those offered by the EU.
The way that a blockchain records user and transactional data could also conflict with GDPR. The new regulation is designed for traditional centralized data storage methods. On a blockchain, encrypted records are stored on a decentralized, distributed ledger, and that data is publicly viewable anywhere in the world. In effect, the data of EU citizens could already be leaving Europe, which could be seen as illegal under GDPR.
GDPR's "right to be
