Bitcoin Forum

I realized that recently many ICOs and even some airdrops require participants/investors to submit personal data and documents such as passports or IDs to the organizer of the ICO/airdrop for reasons of KYC/AML. Now many people are wondering if their data is protected and what will happen with it. I would thus like to make you aware of the EU data protection regulation that will enter into force in May 2018 and that was designed to protect (EU) consumers in cases where their personal data is processes. Processing means any operation, which is performed on personal data such as sharing, disseminating, structuring etc.
 
So what are a few of the basic rights and obligations contained in the regulation:
 
- data may only be processed if the consumer has given consent and in case it is really required. This consent may be withdrawn at any time.
- data may only be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
- the company has to be able to prove that the consumer has given consent to the processing
-you may request infomation about your data being processed at any time
- you have a right "to be forgotten" so you can always request that the company deletes your personal data
-a personal data breach (e.g. hack) has to be reported to the supervisory authorities and in case of a high risk directly to the individual
- fines of up to 20.000.000 € in case of breaches of the regulation
 
You may now wonder why should e.g. companies based in the US or Asia worry about respecting the rights guaranteed by the EU data protection regulation. After all their legal seat is outside the territory of the EU. Well, the data protection regulation also applies in cases where data of an EU citizen is processed even if the company is not located within the EU and goods or services are offered to EU citizens. Of course a company running an ICO may always argue that a token is not a good. So this is a question that would need further clarification by the European Court of Justice.
 
So we see that at least EU citizens have a strong set of rules that protects them. However enforcing these rights is always a bit tricky in particular in case of "digital" companies.

This is the standard rules on the protection of personal information which exist in most countries. What this gives you? Fine? Lol! How can you prove who has become a source distribution of your data? Access to these data has several sources. If you need complete privacy you need to live on a desert island.

Basically they are linking their method same as the bank do in order to prove that their client their dealing is a legit one, and is capable of producing income in a legal basis, I mean if you are not into something suspicious or illegal activities then why should you be afraid of covering up your identity, you shouldn't be wary of something like this.

You have totally misunderstood the question here - it is not whether you should submit proof of identity to the service providers, but whether there are any safeguards in place to protect your data.
Even if you have 'nothing to hide', your personal data (say passport copy) could be used to impersonate you. Data protection laws exist to ensure that companies are held liable if they are careless with personal information.

This is exactly the point. If you share your personal data with someone it is important to be aware of the fact that not anything can be done with it but rather that there are quite strict rules around it.

I do also understand the point that was raised by Lancusters. Of course it is difficult to know who the source of a possible data breach is, but if you always think first before you submit your data to someone you should be able to narrow it down. Once you have done so you have a right to receive the respective information from the concerned companies. Of course there will always be companies that are not willing to comply with the rules governing their activities but this is a problem not specific to data protection and this is also the reason why we have sanctions.

I don't see how the Keiser Reich can enforce their laws outside their jurisdiction. The whole point of Brexit is so that we can tell them to poke their laws up their Keiser Pass. However, data protection laws are important, and hopefully the ICO will be administered from a locstion that does have competent data protection laws. It is difficult to see how they can be enforced, or the reasons some of the details are required.

I don’t want to get into a discussion about Brexit since you seem to be quite emotional about this, but rest assured that there are ways to enforce EU law outside the territory of the EU. I don’t know if you have heard of bilateral/multilateral assistance agreements. If not you should maybe Google it. It also seems that you should maybe read up a bit on your beloved Brexit if you believe that the EU, which you elegantly refer to as “Keiser Reich”, will not be able to enforce EU data protection laws after Brexit.

Btw. it’s Kaiser not Keiser  ;).

Recently i had to submit KYC to Bounty program in order to be paid for it. As I was doing it , I was thinking of the security question. Lets be real how good can be data storage of ICO's data server, do they even think of security of collected data. They collected thousands of participants data . I will definitely try to exercise the right to ask them to my data being deleted after May.


I do not know why are you referring to Brexit , seems a bit off topic. But if the company wants to operate in EU, which it will want to do in most cases, they will have to comply.
And I believe there is already some what similar situation  in the ICO world with US and US regulation regarding prohibition of their customers to participate in ICO's. Responsibility of compiling with this law applies to company and  everyone is complying, because they do not want to face the consequences.

Its still good to have those institution that do really imposing some laws to those companies who do gather informations into people they are dealing with but yet we cant still be sure if there would be no underground leaks on using such information this is why people would really bother or still hesitate sharing up sensitive information.We dont like for someone to impersonate us when those informations will leak.

I agree that leaks will happen anyway but this is a good movement form EU authority.  Regarding leaks and sensitive information, I recently discovered that my long term password was leaked after some hack which happened 4 years ago from some-kind of webpage where i was registered. Now , I am using 2FA whenever possible , this is the safest way to protect your login details .

all also want to provide a legal identity if the company that requires it can be accounted of course the company that we already know and admit.
because the abuse of identity is also often happen moreover this is between countries that clearly rules about the identity of different.
being alert and not being harmed is a natural thing to do.

Well its still way more better to have this movement rather than on nothing at all. Risk is always there and if you do tend to send any documentation then you should be aware on the possible situation that might happen. If you can afford to disclose your identity then proceed but if not we can just simply not follow on what is being asked.Aside from documentation been submitted we should really take care of our log-in details on whatsoever sites or things we are engage to.

KYC/AML is a good protection to all aspects, it was used to protect the banks, together with the savings of more clients. This is used to identify the source of income of suspicious people. In our country it was do that even in the crypto currencies, they were strictly implement this because they wants to protect the assets of the company, the reputation of the organization and even the the clients of their business.

Using this KYC/AML they can avoid the possible evil jobs, also they can prevent those people who wants to make wrong things to other. In addition they can also eliminate any terrorizing thinking of some people, especially the fraudster.

In the EU crypto exchanges and wallet providers will also soon be required to respect AML obligations. I know that some of you won’t like this as it goes against the anonymity of cryptos, but it serves an important purpose, the fight against the financing of terrorist and criminal activities. I also think that it will give cryptos less of a shady image.

I do somehow already expect from this matter on which sooner or later if crypto cant really be stopped or completely banned they would rather do in other way which would really be regulated and coming to a point to follow traditional verification processes which once being implemented then we no have a choice but to obey it.

I understand that such rules come into force from May this year for the countries of the European Union. That is, from this time on, the ICO companies will not have the right to require and receive identification data and copies of passports without the consent of the investor or the participant in the campaign of generosity. This is very interesting information.

Just wanted to update this thread since the EU GDPR is applicable since yesterday. As of now, you will be able to rely on the rights stated above.
I have already noticed that a lot of service providers like banks etc. have sent me new forms so that I can give my express consent to what they are doing with my data. I am wondering if any ICOs will follow.

That's great. I really hope this becomes a standard in terms of data protection. Data use and consent are covered by those long agreements that no one reads for the most part, but it's still great that there are very specific rules now. The right to be forgotten is especially attractive considering how pretty much everyone can be Googled at this point.

ICOs are going to be tricky because most are built to raise money and bail anyway, but I'm sure the legitimate ones would abide by this for extra legitimacy even if they're not required. This could very well be a new factor in figuring out which projects are legit.

I fully agree! A good ICO will have proper legal advisors behind the project that will make sure the rules are respected.

if I can assume you just follow the rules as there is a new regulation that is KYC because it is for our good that our money is always protected from the thieves.

Why would an ICO  need to use KYC laws?  they aren't a bank and you aren't opening an account..
and why would anyone give an ICO any of that info?
A bunch of random people make a coin... bad enough they can run with your money, now they can sell or use your ID info as well?
awesome, double fraud bang for your buck.   where do I sign up?




If you believe an ICO should follow kyc I have one for you.
I only need your:
social security number
birth date
passport or government ID document  (scanned in, both sides, so everyone can read everything clearly)
legal address (and any others over the past 5 years)
and a copy of your credit report.. they need to make sure only good people get this ICO... (you deserve it, it's exclusive) actually just check this box and we can order one for you shipped right to us, see how awesome we are, thinking of your convenience.   see you on the moon

At least in the EU any company has to comply with AML/KYC rules if certain thresholds are met. So there is a good reason for ICOs to ask for ID/passport.

Yes, but why require identification data and copies of documents from signatory campaign participants? We are not investors of the ICO project. I think this is just arbitrariness on the part of the ICO team. I have not seen anywhere so that any of them justified their demand to pass the KYC check by the participants of the campaign of generosity. The only logical conclusion here is that the ICO campaign requires bounty hunters to undergo such a check after the end of the ICO only with the aim of not paying the earned tokens.

You are just simply pertaining or do focus on bounty campaign which do ask KYC requirement in the end of the sale.I agree that it doesnt really have any sense why they would require such thing yet they are not really investors and just promoting the company?I dont see it was right for them to comply with those things.Intentional or not, having that kind of thing being asked would really put us on doubts as a participant. Data protection is main concern on here but we cant be sure if those informations are kept and wont really exposed out.

Any KYC/AML is against crypto decentralization, you lose your privacy by following KYC/AML when dealing with crypto. I think that is why Satoshi created Bitcoin addresses with 34-36 characters and not with user names, name surname and these kind of data.

I think he wanted to create a better system than the already existing banking system which is tied exactly to KYC/AML procedures.

It may sound harsh, but it doesn't really matter what Satoshi envisioned Bitcoin to become in this case. We have to deal with authorities all trying to figure out what's going on in the centralized part of our ecosystem.

Most people when buying their first coins do that through one of the many exchanges we have, and when fiat is involved, you are subject to everything related to the KYC/AML policies. It's up to you whether or not to proceed.

If you don't want to deal with any of this, then you should avoid centralized services and just focus on local trades. It's impossible to expect governments to let crypto gain ground without doing anything.

But then we don't have much of a choice if that is what the government wants. Government doesn't want to lose their control of the people that's why they are implementing this rule regarding KYC/AML. If you are not doing anything illegal then you shouldn't be afraid of this. There are rules anyway as to what point they can use our data so if we wanted to continue to use cryptocurrency then we have to abide by the rules. I know that decentralization is the key for us to have freedom from the government but then what can we do at this point?

There are many people who abuse this freedom being unregulated so they scam others. We need protection that's why AML/KYC is required especially in ICOs wherein we don't know anymore who are legit and scam. When someone strictly follow the rules then at least we know who are the people that are accountable in case something wrong happen.

It is just in these regulations that anyone can gather confidential information. information of citizens .. In my country, the law on the protection of confidential information of citizens, which states that the collection of such information can only specially authorized state bodies, which should ensure its safe storage and preservation. From the point of view of this law, public organizations or any non-state structures, including ICO teams, do not have the right to require me to provide confidential information. Especially, if ICO commands do not pass any verification themselves and in many cases are fraudulent.

There is no safe place for hiding your data the NSA has already tracking down and violating your privacy.

The one who you trusted your personal data like social media, networking sites is similar to KYC, they have been always there and just keeping

an eye on your data.