Bad facts make bad law. We see this in jurisdictions all over the world, especially when it comes to digital assets. Unfortunately, we are about to see this again — this time in the European Union — in the form of a revision to the Transfer of Funds Regulation. If adopted, this revision would unleash an entire surveillance regime on exchanges like Coinbase, stifle innovation, and undermine the self-hosted wallets that individuals use to securely protect their digital assets. The vote will likely take place this week so time is running out.
(1) digital assets like Bitcoin, Ethereum and others are a primary way criminals hide and move money
(2) law enforcement has no way to track these movements
(3) requiring collection and verification of personal information associated with self-hosted is not a violation of their privacy
The truth is that digital assets are in general a way for criminals to hide their illicit financial activity. That’s why, , by far the most popular way to hide illicit financial activity remains cash. Unlike with cash, law enforcement can track and trace digital asset transfers with advanced analytics tools. None of this requires upsetting the settled privacy expectations of wallet holders because the open architecture underlying digital assets is public and offers unprecedented transparency into transaction details. The records are also permanent — no one (not crypto companies, not governments, not even bad actors) can destroy or alter information. In short, digital assets and the immutable nature of their blockchain technology actually enhances the ability to detect and deter illicit activity. But rather than embracing and leveraging the benefits that arise from the increasing use of digital assets, the EU’s proposal would cast them aside and impose a host of new privacy invasions on wallet users.
For example, all crypto transactions will be deemed “travel rule eligible”. This means crypto is treated differently to fiat (which has a 1,000 EUR threshold), which establishes a clear advantage for traditional financial service providers over new technology, with significant anti-competition and anti-innovation implications.
Among the worst of the proposed provisions are new obligations on exchanges to collect, verify and report information on non-customers using self-hosted wallets. For instance, one provision requires exchanges to not only collect personal data about wallet users who are not their customers, but to also verify the data’s accuracy before allowing a transfer to one of their customers. In fiat terms, this would basically mean you cannot take money out of your bank account to send to someone else until you share personal data with your financial institution about that person and verify their identity. Not only is this verification requirement nearly impossible to do but requiring exchanges to engage in extensive data collection, verification, and retention about non-customers runs against core EU data protection principles of data minimization and proportionality.
Another dangerous provision would require exchanges to inform “competent authorities” of every single transfer from a non-customer’s self-hosted wallet equal to or greater than 1,000 EUR — regardless of any suspicion of bad activity. The proposal even leaves the door open to a total ban on transfers to self-hosted wallets even though there is no evidence that such a ban would have any impact on illicit activity at all. Like we said, bad facts make bad policy.
There’s precious time to act and our voices heard. A vote on Parliament’s draft proposal could come as early as Thursday, March 31st. If you care about protecting the privacy of individuals, and focusing the law on solutions that actually address legitimate concerns about the illicit use of digital assets, now is the time to speak up and be heard. We must speak with one, strong voice against this proposal before it’s too late.
About Paul Grewal
Paul Grewal is the Chief Legal Officer of Coinbase where he is responsible for Coinbase’s legal, compliance, global intelligence, risk management and government relations groups. Before joining Coinbase, Paul was Vice President and Deputy General Counsel at Facebook. Prior to Facebook, Paul served as United States Magistrate Judge for the Northern District of California. Paul was previously a partner at Howrey LLP, where his practice focused on intellectual property litigation. Paul served as a law clerk to Federal Circuit Judge Arthur J. Gajarsa and United States District Judge Sam H. Bell. He received his JD from the University of Chicago Law School and his BS in Civil and Environmental Engineering from the Massachusetts Institute of Technology.
Jan 26, 2023,
5 mins read time
Jan 25, 2023
Jan 24, 2023,
3 min read time