Beyond KYC: Stricter privacy policies looming, but DeFi is here to stay


By Antoni Zolciak

Over the past year, blockchain has taken the world by storm via the decentralized finance (DeFi) industry, which continues to grow exponentially in terms of service offerings and total locked-in value (TVL). This explosion in on-chain wealth creation has sparked increased regulatory oversight, but many regulators are also focusing on another valuable asset that we’ve increasingly relegated to the internet: our personal identities. However, while some blockchain proponents fear that tough new privacy regulations will disrupt or even destroy DeFi and other industries using blockchain, the truth, we believe, is that DeFi and future privacy regulations. can and will coexist in symbiosis.

In some ways, you can be whoever you want from the moment you connect to the internet. While most people take this opportunity to “be themselves”, there will always be bad actors who assume false identities for financial gain. That’s why nearly all traditional financial institutions – and a growing number of crypto exchanges and DeFi platforms – implement Know Your Customer (KYC) and Anti-Money Laundering (AML) requirements. The kicker? The more value these organizations store in their internal systems, the more likely they are to be targeted by cyber attacks.

It is true that every platform that requires its users to complete a KYC / AML process before registering an account or withdrawing funds is essentially forcing its users to de-anonymize themselves to some extent. For many crypto supporters, this is an affront to the main tenants of the blockchain when it comes to privacy and autonomy. However, the ability of blockchain to create a more decentralized and open internet shouldn’t be an excuse to allow lawless activity, especially if we want more communities to embrace crypto and more businesses to create products and services. high quality DeFi services. After all, KYC / AML policies are not only intended to prevent users from stealing their identities, they are also intended to prevent businesses from participating in illegal transactions and other forms of malicious activity online. Ultimately, the idea behind these policies is to protect both organizations and their users. How we implement them, however, is another story.

To be clear, blockchain-based organizations are both the target of malicious activity online and a potential remedy for the myriad privacy issues that Internet users regularly face. Indeed, blockchain technology enables a new era of transparency and composability of financial instruments while simultaneously helping users protect their personal information and identities online. While it may seem paradoxical, the blockchain’s use of public key cryptography (PKC) makes all of this possible through the use of digital signatures, a concept based on ‘trap functions’, that is. that is, one-way math functions that are easy to solve in a way but almost impossible to break in reverse. These functions allow users to prove their rights to move certain blockchain assets without relying on outside authorization.

In addition, some new generation blockchains plan to implement zero-knowledge proof (ZKP) and secure multi-party computation protocols, which allow one user to prove to another user, or a group of users, that ‘a given statement is true. without disclosing any information other than the veracity of this statement. In other words, you don’t need to reveal to the service (or the service provider) anything more than what is required. You could prove that your credit history is in good condition without revealing the credit history itself, or that you are over 21 without disclosing your exact age.

The importance of this technological breakthrough cannot be understated, and ZKPs are one of the main reasons that blockchain-based industries like DeFi will continue to grow relentlessly even after privacy regulations tighten. After all, privacy-enhancing identity systems can enable users to meet future KYC requirements in a way that does not disclose any actual personal information to the platform / service requesting the KYC, as long as their information is Encrypted IDs prove they are what they say they are. they are.

While blockchain technology is helping to strengthen online privacy in several ways, the industry still has to overcome some regulatory challenges. Privacy frameworks such as the European General Data Protection Regulation (GDPR) require organizations to act as data controllers for certain customer records and identify which legal entity has the authority to act on behalf of a customer. These policies can present challenges for certain types of public blockchain projects – although most of these privacy concerns can be addressed by effectively encrypting user data in a way that can be easily shared with regulators on a selective basis and secure if necessary. In this way, a public blockchain can serve as both a privacy booster and a guarantor of transparency – depending on what needs to be accomplished and by whom.

Additionally, companies that rely on a public blockchain can deploy private smart contracts to automate more granular data exchanges and access permissions in a way that benefits both their organization and end customers. This is because public blockchains can be structured in such a way that the applications and the underlying data from which they are extracted are stored in separate layers. And while privacy policy frameworks like the GDPR have strict rules on the extent to which consumer data can be used in fully automated processes, again, this data can be effectively anonymized through public key cryptography. .

As someone who follows political discussions on both sides of the Atlantic, I think the concerns of most regulators about whether blockchain can simultaneously protect consumer privacy and ensure legal compliance are overstated. Some crypto projects already balance these priorities better than many traditional businesses, and according to several sources, more financial crimes are committed through the current global financial system than across all existing blockchain networks combined. That being said, the crypto space should proactively address real-world concerns about identity theft and money laundering, and DeFi developers have a moral responsibility to minimize harmful societal activity on their networks. .

The blockchain industry is already generating too much value in the real world for a responsible regulator to consider delegating, whether this takes the form of universally accessible financial markets or new forms of online identity management. In other words, even if future crypto laws are “tougher” from a user privacy standpoint, those laws will be designed to deter malicious actors – not to stifle blockchain innovation. Blockchain is here to stay, and industries like DeFi will continue to adapt to new policies as they arise while accelerating in the future.

Antoni Zolciak is a technology marketer with 10 years of professional experience. Involved in various public relations and marketing projects for ING, Samsung, Sony, Olympus and Nikon. Antoni gained experience in the Corporate Communications department of ABB in Zurich while employed at Admind Agency, the largest Polish branding company. Prior to joining In’saneLab as Vice President of Marketing, he worked as an Inbound Marketing Specialist for Brand24 and Codewise, the 2nd fastest growing company in Europe according to the Financial Times. He is also a member of the American Marketing Association. At Aleph Zero, he combines the roles of COO and CMO, and takes care of organizational culture.

The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.


Comments are closed.