By Professor Iris M. Barsan, University Paris-Est Créteil (UPEC).
Public blockchains promise privacy and transparency at the same time. At first sight this seems contradictory. First, one needs to understand technically what kind of privacy and what kind of transparency blockchains ensure. But besides the technicalities, this essential relationship between privacy and transparency on blockchains has legal consequences. Indeed, regulators criticize public blockchains. For data privacy regulators they are too transparent whereas for crime enforcement their anonymous or pseudonymous nature makes them a challenge.
From a legal perspective it is particularly data protection and privacy laws as well as the legal areas dealing with crime and fraud that are involved. Data protection and privacy laws are concerned with the permanent and very transparent nature of public blockchains whereas laws combatting money laundering and terrorist financing as well as tax laws are more interested in the money-like feature of certain tokens or crypto currencies. At first sight, one would tend to think that the link between personal data protection and AML/CFT or even tax issues is very weak. But that would be a mistake. Indeed, these subjects are, to some extent, interdependent.
This article tries to underline the link between these two topics and advocates that regulators should work together in order to determine the right amount of transparency and privacy needed on a blockchain. The more the curser is set towards privacy, the bigger the challenges for law enforcement agencies. But too much transparency also hampers business ventures. No one would like to have his or her life or business relations layed out on a blockchain.
The article first describes the technical solutions blockchain offers for privacy (I) before confronting them to the GDPR and outlining the incompatibilities between those rules and the technology (II). It then presents the initiatives of regulators in favor of extending AML/CFT rules to transactions on blockchains (III) in order to assess by way of conclusion whether such requirements actually allow to solve the conundrum between privacy and transparency (IV).
Keywords: blockchain, AML, money laundering, terrorist financing, privacy, GDPR, data protection, transparency, crypto-currencies, tokens
Blockchain technology promises to revolutionize the way we interact and do business. This distributed ledger technology aims at replacing trusted third parties through transparency thus giving the power back to the individual (1) . If trust is the glue of a centralized economy, transparency is the new mantra of distributed exchanges(2) . Hence, it is possible to transact directly with perfect strangers. But too much transparency hampers any business venture. Confidentiality is inherent to most business transactions. No one would appreciate having details of all his or her assets and income made visible to everyone else, or that others were made aware of all his or her transactions. It therefore appears that the biggest advantage of blockchains is also its biggest weakness. But at this point a second salient feature of blockchains kicks in: privacy and confidentiality. This seems somewhat contradictory but blockchains also favor anonymity and privacy.
A lot of regulators around the world criticize blockchains on the grounds that the anonymity they provide seems to enable organized crime, money laundering, the financing of terrorism or tax evasion(3) . As transactions on a blockchain are made through public keys that are either pseudonymous or anonymous, people can transact on a blockchain without revealing their identity, which makes it perfect for transactions that would not be possible in the traditional system (or so it seems). It is perhaps not surprising that there have already been a couple of money laundering schemes involving crypto currencies(4) . Not to mention cases where cryptocurrencies were used or promoted to finance terrorist organizations(5) . Furthermore, tax authorities are also somewhat skeptical because the anonymity of blockchains makes tax collection more difficult. This being said, a distinction needs to be made between truly anonymous and pseudonymous blockchains(6) . Anonymous blockchains like Monero or Dash or even zCash deliberately hide information on transacting parties and the transaction itself. On pseudonymous blockchains it is possible to gather a lot of information on the parties of a transaction and the amount spent. Even though identities behind public keys are not known, it is possible to create such a link(7) . Further, on pseudonymous blockchains one can trace and therefore blacklist the money used in an illicit transaction. This might pose some challenges in terms of fungibility(8) as it entails that a clean bitcoin will be worth more than one used in an illicit transaction. But if used properly it can also be an opportunity for authorities to combat crime. Law enforcement authorities already work on technical solutions like the TITANIUM project in order to be able to investigate illicit activities involving the darknet or crypto currencies(9) .
The relationship between privacy and transparency on a blockchain is essential. From a legal perspective it is particularly data protection and privacy laws as well as the legal areas dealing with crime and fraud that are involved. Data protection and privacy laws are concerned with the permanent and very transparent nature of public blockchains whereas laws combatting money laundering and terrorist financing (hereafter “AML/CFT”) as well as tax laws are more interested in the money-like feature of certain tokens or crypto currencies. At first sight, one would tend to think that the link between personal data protection and AML/CFT or even tax issues is very weak. But that would be a mistake. Indeed, these subjects are, to some extent, interdependent.
Barsan, Iris M., Public Blockchains: The Privacy-Transparency Conundrum (July 1, 2019). Revue Trimestrielle de Droit Financier (RTDF) N° 2 – 2019. Available at SSRN: https://ssrn.com/abstract=3445025