KYC/AML requirements and (EU) data protection

[Mc_Moneysack]

I realized that recently many ICOs and even some airdrops require participants/investors to submit personal data and documents such as passports or IDs to the organizer of the ICO/airdrop for reasons of KYC/AML. Now many people are wondering if their data is protected and what will happen with it. I would thus like to make you aware of the EU data protection regulation that will enter into force in May 2018 and that was designed to protect (EU) consumers in cases where their personal data is processes. Processing means any operation, which is performed on personal data such as sharing, disseminating, structuring etc.
 
So what are a few of the basic rights and obligations contained in the regulation:
 
- data may only be processed if the consumer has given consent and in case it is really required. This consent may be withdrawn at any time.
- data may only be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
- the company has to be able to prove that the consumer has given consent to the processing
-you may request infomation about your data being processed at any time
- you have a right "to be forgotten" so you can always request that the company deletes your personal data
-a personal data breach (e.g. hack) has to be reported to the supervisory authorities and in case of a high risk directly to the individual
- fines of up to 20.000.000 € in case of breaches of the regulation
 
You may now wonder why should e.g. companies based in the US or Asia worry about respecting the rights guaranteed by the EU data protection regulation. After all their legal seat is outside the territory of the EU. Well, the data protection regulation also applies in cases where data of an EU citizen is processed even if the company is not located within the EU and goods or services are offered to EU citizens. Of course a company running an ICO may always argue that a token is not a good. So this is a question that would need further clarification by the European Court of Justice.
 
So we see that at least EU citizens have a strong set of rules that protects them. However enforcing these rights is always a bit tricky in particular in case of "digital" companies.

[Lancusters]

This is the standard rules on the protection of personal information which exist in most countries. What this gives you? Fine? Lol! How can you prove who has become a source distribution of your data? Access to these data has several sources. If you need complete privacy you need to live on a desert island.

[cipher-x_09]

Basically they are linking their method same as the bank do in order to prove that their client their dealing is a legit one, and is capable of producing income in a legal basis, I mean if you are not into something suspicious or illegal activities then why should you be afraid of covering up your identity, you shouldn't be wary of something like this.

[jjacob]

Basically they are linking their method same as the bank do in order to prove that their client their dealing is a legit one, and is capable of producing income in a legal basis, I mean if you are not into something suspicious or illegal activities then why should you be afraid of covering up your identity, you shouldn't be wary of something like this.

You have totally misunderstood the question here - it is not whether you should submit proof of identity to the service providers, but whether there are any safeguards in place to protect your data.
Even if you have 'nothing to hide', your personal data (say passport copy) could be used to impersonate you. Data protection laws exist to ensure that companies are held liable if they are careless with personal information.

[Mc_Moneysack]

Basically they are linking their method same as the bank do in order to prove that their client their dealing is a legit one, and is capable of producing income in a legal basis, I mean if you are not into something suspicious or illegal activities then why should you be afraid of covering up your identity, you shouldn't be wary of something like this.

You have totally misunderstood the question here - it is not whether you should submit proof of identity to the service providers, but whether there are any safeguards in place to protect your data.
Even if you have 'nothing to hide', your personal data (say passport copy) could be used to impersonate you. Data protection laws exist to ensure that companies are held liable if they are careless with personal information.

This is exactly the point. If you share your personal data with someone it is important to be aware of the fact that not anything can be done with it but rather that there are quite strict rules around it.

I do also understand the point that was raised by Lancusters. Of course it is difficult to know who the source of a possible data breach is, but if you always think first before you submit your data to someone you should be able to narrow it down. Once you have done so you have a right to receive the respective information from the concerned companies. Of course there will always be companies that are not willing to comply with the rules governing their activities but this is a problem not specific to data protection and this is also the reason why we have sanctions.

[Jet Cash]

I don't see how the Keiser Reich can enforce their laws outside their jurisdiction. The whole point of Brexit is so that we can tell them to poke their laws up their Keiser Pass. However, data protection laws are important, and hopefully the ICO will be administered from a locstion that does have competent data protection laws. It is difficult to see how they can be enforced, or the reasons some of the details are required.

[Mc_Moneysack]

I don't see how the Keiser Reich can enforce their laws outside their jurisdiction. The whole point of Brexit is so that we can tell them to poke their laws up their Keiser Pass. However, data protection laws are important, and hopefully the ICO will be administered from a locstion that does have competent data protection laws. It is difficult to see how they can be enforced, or the reasons some of the details are required.

I don’t want to get into a discussion about Brexit since you seem to be quite emotional about this, but rest assured that there are ways to enforce EU law outside the territory of the EU. I don’t know if you have heard of bilateral/multilateral assistance agreements. If not you should maybe Google it. It also seems that you should maybe read up a bit on your beloved Brexit if you believe that the EU, which you elegantly refer to as “Keiser Reich”, will not be able to enforce EU data protection laws after Brexit.

Btw. it’s Kaiser not Keiser  .

[prehisto]

I realized that recently many ICOs and even some airdrops require participants/investors to submit personal data and documents such as passports or IDs to the organizer of the ICO/airdrop for reasons of KYC/AML. Now many people are wondering if their data is protected and what will happen with it. I would thus like to make you aware of the EU data protection regulation that will enter into force in May 2018 and that was designed to protect (EU) consumers in cases where their personal data is processes. Processing means any operation, which is performed on personal data such as sharing, disseminating, structuring etc.
 
So what are a few of the basic rights and obligations contained in the regulation:
 
- data may only be processed if the consumer has given consent and in case it is really required. This consent may be withdrawn at any time.
- data may only be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
- the company has to be able to prove that the consumer has given consent to the processing
-you may request infomation about your data being processed at any time
- you have a right "to be forgotten" so you can always request that the company deletes your personal data
-a personal data breach (e.g. hack) has to be reported to the supervisory authorities and in case of a high risk directly to the individual
- fines of up to 20.000.000 € in case of breaches of the regulation
 
You may now wonder why should e.g. companies based in the US or Asia worry about respecting the rights guaranteed by the EU data protection regulation. After all their legal seat is outside the territory of the EU. Well, the data protection regulation also applies in cases where data of an EU citizen is processed even if the company is not located within the EU and goods or services are offered to EU citizens. Of course a company running an ICO may always argue that a token is not a good. So this is a question that would need further clarification by the European Court of Justice.
 
So we see that at least EU citizens have a strong set of rules that protects them. However enforcing these rights is always a bit tricky in particular in case of "digital" companies.

Recently i had to submit KYC to Bounty program in order to be paid for it. As I was doing it , I was thinking of the security question. Lets be real how good can be data storage of ICO's data server, do they even think of security of collected data. They collected thousands of participants data . I will definitely try to exercise the right to ask them to my data being deleted after May.

I don't see how the Keiser Reich can enforce their laws outside their jurisdiction. The whole point of Brexit is so that we can tell them to poke their laws up their Keiser Pass. However, data protection laws are important, and hopefully the ICO will be administered from a locstion that does have competent data protection laws. It is difficult to see how they can be enforced, or the reasons some of the details are required.

I do not know why are you referring to Brexit , seems a bit off topic. But if the company wants to operate in EU, which it will want to do in most cases, they will have to comply.
And I believe there is already some what similar situation  in the ICO world with US and US regulation regarding prohibition of their customers to participate in ICO's. Responsibility of compiling with this law applies to company and  everyone is complying, because they do not want to face the consequences.

[stomachgrowls]

Basically they are linking their method same as the bank do in order to prove that their client their dealing is a legit one, and is capable of producing income in a legal basis, I mean if you are not into something suspicious or illegal activities then why should you be afraid of covering up your identity, you shouldn't be wary of something like this.

You have totally misunderstood the question here - it is not whether you should submit proof of identity to the service providers, but whether there are any safeguards in place to protect your data.
Even if you have 'nothing to hide', your personal data (say passport copy) could be used to impersonate you. Data protection laws exist to ensure that companies are held liable if they are careless with personal information.

Its still good to have those institution that do really imposing some laws to those companies who do gather informations into people they are dealing with but yet we cant still be sure if there would be no underground leaks on using such information this is why people would really bother or still hesitate sharing up sensitive information.We dont like for someone to impersonate us when those informations will leak.

[prehisto]

Basically they are linking their method same as the bank do in order to prove that their client their dealing is a legit one, and is capable of producing income in a legal basis, I mean if you are not into something suspicious or illegal activities then why should you be afraid of covering up your identity, you shouldn't be wary of something like this.

You have totally misunderstood the question here - it is not whether you should submit proof of identity to the service providers, but whether there are any safeguards in place to protect your data.
Even if you have 'nothing to hide', your personal data (say passport copy) could be used to impersonate you. Data protection laws exist to ensure that companies are held liable if they are careless with personal information.

Its still good to have those institution that do really imposing some laws to those companies who do gather informations into people they are dealing with but yet we cant still be sure if there would be no underground leaks on using such information this is why people would really bother or still hesitate sharing up sensitive information.We dont like for someone to impersonate us when those informations will leak.

I agree that leaks will happen anyway but this is a good movement form EU authority.  Regarding leaks and sensitive information, I recently discovered that my long term password was leaked after some hack which happened 4 years ago from some-kind of webpage where i was registered. Now , I am using 2FA whenever possible , this is the safest way to protect your login details .

[yohananaomi]

Basically they are linking their method same as the bank do in order to prove that their client their dealing is a legit one, and is capable of producing income in a legal basis, I mean if you are not into something suspicious or illegal activities then why should you be afraid of covering up your identity, you shouldn't be wary of something like this.

all also want to provide a legal identity if the company that requires it can be accounted of course the company that we already know and admit.
because the abuse of identity is also often happen moreover this is between countries that clearly rules about the identity of different.
being alert and not being harmed is a natural thing to do.

[stomachgrowls]

Basically they are linking their method same as the bank do in order to prove that their client their dealing is a legit one, and is capable of producing income in a legal basis, I mean if you are not into something suspicious or illegal activities then why should you be afraid of covering up your identity, you shouldn't be wary of something like this.

You have totally misunderstood the question here - it is not whether you should submit proof of identity to the service providers, but whether there are any safeguards in place to protect your data.
Even if you have 'nothing to hide', your personal data (say passport copy) could be used to impersonate you. Data protection laws exist to ensure that companies are held liable if they are careless with personal information.

Its still good to have those institution that do really imposing some laws to those companies who do gather informations into people they are dealing with but yet we cant still be sure if there would be no underground leaks on using such information this is why people would really bother or still hesitate sharing up sensitive information.We dont like for someone to impersonate us when those informations will leak.

I agree that leaks will happen anyway but this is a good movement form EU authority.  Regarding leaks and sensitive information, I recently discovered that my long term password was leaked after some hack which happened 4 years ago from some-kind of webpage where i was registered. Now , I am using 2FA whenever possible , this is the safest way to protect your login details .

Well its still way more better to have this movement rather than on nothing at all. Risk is always there and if you do tend to send any documentation then you should be aware on the possible situation that might happen. If you can afford to disclose your identity then proceed but if not we can just simply not follow on what is being asked.Aside from documentation been submitted we should really take care of our log-in details on whatsoever sites or things we are engage to.

[rhamzter]

Basically they are linking their method same as the bank do in order to prove that their client their dealing is a legit one, and is capable of producing income in a legal basis, I mean if you are not into something suspicious or illegal activities then why should you be afraid of covering up your identity, you shouldn't be wary of something like this.

You have totally misunderstood the question here - it is not whether you should submit proof of identity to the service providers, but whether there are any safeguards in place to protect your data.
Even if you have 'nothing to hide', your personal data (say passport copy) could be used to impersonate you. Data protection laws exist to ensure that companies are held liable if they are careless with personal information.

Its still good to have those institution that do really imposing some laws to those companies who do gather informations into people they are dealing with but yet we cant still be sure if there would be no underground leaks on using such information this is why people would really bother or still hesitate sharing up sensitive information.We dont like for someone to impersonate us when those informations will leak.

I agree that leaks will happen anyway but this is a good movement form EU authority.  Regarding leaks and sensitive information, I recently discovered that my long term password was leaked after some hack which happened 4 years ago from some-kind of webpage where i was registered. Now , I am using 2FA whenever possible , this is the safest way to protect your login details .

Well its still way more better to have this movement rather than on nothing at all. Risk is always there and if you do tend to send any documentation then you should be aware on the possible situation that might happen. If you can afford to disclose your identity then proceed but if not we can just simply not follow on what is being asked.Aside from documentation been submitted we should really take care of our log-in details on whatsoever sites or things we are engage to.

KYC/AML is a good protection to all aspects, it was used to protect the banks, together with the savings of more clients. This is used to identify the source of income of suspicious people. In our country it was do that even in the crypto currencies, they were strictly implement this because they wants to protect the assets of the company, the reputation of the organization and even the the clients of their business.

Using this KYC/AML they can avoid the possible evil jobs, also they can prevent those people who wants to make wrong things to other. In addition they can also eliminate any terrorizing thinking of some people, especially the fraudster.

[Mc_Moneysack]

Basically they are linking their method same as the bank do in order to prove that their client their dealing is a legit one, and is capable of producing income in a legal basis, I mean if you are not into something suspicious or illegal activities then why should you be afraid of covering up your identity, you shouldn't be wary of something like this.

You have totally misunderstood the question here - it is not whether you should submit proof of identity to the service providers, but whether there are any safeguards in place to protect your data.
Even if you have 'nothing to hide', your personal data (say passport copy) could be used to impersonate you. Data protection laws exist to ensure that companies are held liable if they are careless with personal information.

Its still good to have those institution that do really imposing some laws to those companies who do gather informations into people they are dealing with but yet we cant still be sure if there would be no underground leaks on using such information this is why people would really bother or still hesitate sharing up sensitive information.We dont like for someone to impersonate us when those informations will leak.

I agree that leaks will happen anyway but this is a good movement form EU authority.  Regarding leaks and sensitive information, I recently discovered that my long term password was leaked after some hack which happened 4 years ago from some-kind of webpage where i was registered. Now , I am using 2FA whenever possible , this is the safest way to protect your login details .

Well its still way more better to have this movement rather than on nothing at all. Risk is always there and if you do tend to send any documentation then you should be aware on the possible situation that might happen. If you can afford to disclose your identity then proceed but if not we can just simply not follow on what is being asked.Aside from documentation been submitted we should really take care of our log-in details on whatsoever sites or things we are engage to.

KYC/AML is a good protection to all aspects, it was used to protect the banks, together with the savings of more clients. This is used to identify the source of income of suspicious people. In our country it was do that even in the crypto currencies, they were strictly implement this because they wants to protect the assets of the company, the reputation of the organization and even the the clients of their business.

Using this KYC/AML they can avoid the possible evil jobs, also they can prevent those people who wants to make wrong things to other. In addition they can also eliminate any terrorizing thinking of some people, especially the fraudster.

In the EU crypto exchanges and wallet providers will also soon be required to respect AML obligations. I know that some of you won’t like this as it goes against the anonymity of cryptos, but it serves an important purpose, the fight against the financing of terrorist and criminal activities. I also think that it will give cryptos less of a shady image.

[dunfida]

Basically they are linking their method same as the bank do in order to prove that their client their dealing is a legit one, and is capable of producing income in a legal basis, I mean if you are not into something suspicious or illegal activities then why should you be afraid of covering up your identity, you shouldn't be wary of something like this.

You have totally misunderstood the question here - it is not whether you should submit proof of identity to the service providers, but whether there are any safeguards in place to protect your data.
Even if you have 'nothing to hide', your personal data (say passport copy) could be used to impersonate you. Data protection laws exist to ensure that companies are held liable if they are careless with personal information.

Its still good to have those institution that do really imposing some laws to those companies who do gather informations into people they are dealing with but yet we cant still be sure if there would be no underground leaks on using such information this is why people would really bother or still hesitate sharing up sensitive information.We dont like for someone to impersonate us when those informations will leak.

I agree that leaks will happen anyway but this is a good movement form EU authority.  Regarding leaks and sensitive information, I recently discovered that my long term password was leaked after some hack which happened 4 years ago from some-kind of webpage where i was registered. Now , I am using 2FA whenever possible , this is the safest way to protect your login details .

Well its still way more better to have this movement rather than on nothing at all. Risk is always there and if you do tend to send any documentation then you should be aware on the possible situation that might happen. If you can afford to disclose your identity then proceed but if not we can just simply not follow on what is being asked.Aside from documentation been submitted we should really take care of our log-in details on whatsoever sites or things we are engage to.

KYC/AML is a good protection to all aspects, it was used to protect the banks, together with the savings of more clients. This is used to identify the source of income of suspicious people. In our country it was do that even in the crypto currencies, they were strictly implement this because they wants to protect the assets of the company, the reputation of the organization and even the the clients of their business.

Using this KYC/AML they can avoid the possible evil jobs, also they can prevent those people who wants to make wrong things to other. In addition they can also eliminate any terrorizing thinking of some people, especially the fraudster.

In the EU crypto exchanges and wallet providers will also soon be required to respect AML obligations. I know that some of you won’t like this as it goes against the anonymity of cryptos, but it serves an important purpose, the fight against the financing of terrorist and criminal activities. I also think that it will give cryptos less of a shady image.

I do somehow already expect from this matter on which sooner or later if crypto cant really be stopped or completely banned they would rather do in other way which would really be regulated and coming to a point to follow traditional verification processes which once being implemented then we no have a choice but to obey it.

[Vektrum]

I understand that such rules come into force from May this year for the countries of the European Union. That is, from this time on, the ICO companies will not have the right to require and receive identification data and copies of passports without the consent of the investor or the participant in the campaign of generosity. This is very interesting information.

[Mc_Moneysack]

Just wanted to update this thread since the EU GDPR is applicable since yesterday. As of now, you will be able to rely on the rights stated above.
I have already noticed that a lot of service providers like banks etc. have sent me new forms so that I can give my express consent to what they are doing with my data. I am wondering if any ICOs will follow.

[jseverson]

Just wanted to update this thread since the EU GDPR is applicable since yesterday. As of now, you will be able to rely on the rights stated above.
I have already noticed that a lot of service providers like banks etc. have sent me new forms so that I can give my express consent to what they are doing with my data. I am wondering if any ICOs will follow.

That's great. I really hope this becomes a standard in terms of data protection. Data use and consent are covered by those long agreements that no one reads for the most part, but it's still great that there are very specific rules now. The right to be forgotten is especially attractive considering how pretty much everyone can be Googled at this point.

ICOs are going to be tricky because most are built to raise money and bail anyway, but I'm sure the legitimate ones would abide by this for extra legitimacy even if they're not required. This could very well be a new factor in figuring out which projects are legit.

[Mc_Moneysack]

That's great. I really hope this becomes a standard in terms of data protection. Data use and consent are covered by those long agreements that no one reads for the most part, but it's still great that there are very specific rules now. The right to be forgotten is especially attractive considering how pretty much everyone can be Googled at this point.

ICOs are going to be tricky because most are built to raise money and bail anyway, but I'm sure the legitimate ones would abide by this for extra legitimacy even if they're not required. This could very well be a new factor in figuring out which projects are legit.

I fully agree! A good ICO will have proper legal advisors behind the project that will make sure the rules are respected.

[Tigorss]

This is the standard rules on the protection of personal information which exist in most countries. What this gives you? Fine? Lol! How can you prove who has become a source distribution of your data? Access to these data has several sources. If you need complete privacy you need to live on a desert island.

if I can assume you just follow the rules as there is a new regulation that is KYC because it is for our good that our money is always protected from the thieves.