Privacy concerns as EU seeks to regulate cryptocurrencies

Move towards digitalisation of all currency raises questions about privacy of wallets

At first glance, a proposal by the European Commission to end anonymity in cryptocurrency transactions is confusing. How can one enforce a requirement to identify senders and receivers in a peer-to-peer system that has pseudonymity built in? And isn't such a proposal taking the "crypto" out of the "cryptocurrency"?

Cryptocurrencies are designed as an alternative to sovereign currencies that are overseen by a central bank. Instead, they work as a network. Anyone familiar with peer-to-peer file sharing such as BitTorrent will be familiar with the concept.

In a nutshell, each user has a “wallet” of coins, which can be stored on software or hardware, and which has a unique public identity number or “key”. Users can send coins to other wallets. The record of transactions is maintained and verified by the network as a whole: the so-called blockchain. The public identity numbers of wallets are not linked to private identity – though investigation of transactions can reveal clues – offering the “crypto” part of the currency.

This is how bitcoin works – other, newer cryptocurrencies have innovated on the concept. So how could the commission prevent anonymity in something people are doing privately at home on their computers?

It’s because most, or certainly many, cryptocurrency users rely on intermediary services to use the coins, such as wallet providers, apps and trading platforms.


The commission’s proposal is to extend anti-money laundering legislation that currently applies to the financial industry to all such crypto services. So in order to be a regulated crypto business in the European Union, companies would have to log the identities of users and receivers to ensure the traceability of transactions. They would also not be allowed to provider users with anonymous wallets, which the commission has said will be prohibited, though it has not defined what a wallet is so the meaning is not exactly clear.

Would anything stop users continuing to send transactions directly from private wallets to each other?

“We would not go as far as monitoring exchanges between citizens themselves,” an EU official said; these would not be in the regulator’s remit. “Peer-to-peer transactions . . . would be in the private domain.” A decision by one private individual to sell a car to another in exchange for a direct payment in cryptocurrency would not be covered, for example.

It would appear that people motivated to use cryptocurrencies because of the privacy aspect could still do so. But it would likely become more difficult for them to spend or exchange coins within the EU.

It's possible that there could be a stratification between regulated and unregulated cryptocurrency networks. Dedicated users could continue off grid, perhaps relying on offshore exchanges. More casual retail users would continue to use the more accessible regulated, non-anonymous apps. But it is not clear what would at this point differentiate de-anonymised cryptocurrencies from any digital currency, whether fiat or Facebook, apart from perhaps perceived gambling/investment opportunities.


One positive would be that it would be harder for scammers to target more naive users using crypto as a tool. The combination of platforms that offered an easy interface for casual users, together with anonymity and non-reversibility of transactions, was ideal for scammers and is the reason why ransomware hackers demand payments in bitcoin. It’s hard to force the victim of a scam to send a bitcoin payment if they can’t figure out how.

But the broader picture raises serious privacy concerns. It comes as private companies and central banks gear up to compete to create their own dominant, non-anonymous digital currencies. At the same time, many countries are moving towards a phase-out of cash. (It’s costly to produce, as well as having the same lack of traceability that authorities don’t like because of its attraction for bad actors, reflected in the ban on cash payments of more than €10,000 proposed by the commission in the same package.)

For many in the crypto space, the prospect of centralised entities having oversight of all transactions in a dominant currency is exactly the kind of privacy problem that makes crypto attractive.

As the banking and digital payment expert Simon Lelieveldt points out, a data breach is always just around the corner, and such a vast collection of intimate data – all payments made by anyone in the currency – would have a powerful attraction for private parties wanting to mine it to further their own interests.

Lelieveldt describes the commission’s proposal as a sacrifice of “99.8 per cent irrelevant data for the pursuit of 0.02 per cent”.

“It’s conceptually flawed,” he says, “and a violation of international treaties and arrangements such as the UN treaty on the right to privacy in a digital age.”