The joint statement on global privacy expectations of the Libra network on Aug. 5 that is addressed to Facebook and 28 other organizations behind the Libra and Calibra projects. The letter specifically asks the companies to explain how they plan to collect and process users’ personal data according to data protection laws.
Per the statement, facebook being a firm that will handle data of hundreds million user, they tell how they intend handling users' data,
“These risks are not limited to financial privacy, since the involvement of Facebook Inc., and its expansive categories of data collection on hundreds of millions of users, raises additional concerns.”
They requested facebook to address are:
1. How can global data protection and privacy enforcement authorities be confident that the Libra Network has robust measures to protect the personal information of network users? In particular, how will the Libra Network ensure that its participants will:
a. Provide clear information about how personal information will be used (including the use of profiling and algorithms, and the sharing of personal information between members of the Libra Network and any third parties) to allow users to provide specific and informed consent where appropriate;
b. Create privacy-protective default settings that do not use nudge techniques or “dark patterns” to encourage people to share personal data with third parties or weaken their privacy protections;
c. Ensure that privacy control settings are prominent and easy to use;
d. Collect and process only the minimum amount of personal information necessary to achieve the identified purpose of the product or service, and ensure the lawfulness of the processing;
e. Ensure that all personal data is adequately protected; and
f. Give people simple procedures for exercising their privacy rights,including deleting their accounts, and honouring their requests in a timely way.
2. How will the Libra Network incorporate privacy by design principles in the development of its infrastructure?
3. How will the Libra Association ensure that all processors of data within the Libra Network are identified,and are compliant with their respective data protection obligations?
4. How does the Libra Network plan to undertake data protection impact assessments, and how will the Libra Network ensure these assessments are considered on an ongoing basis?
5. How will the Libra Network ensure that its data protection and privacy policies, standards and controls apply consistently across the Libra Network’s operations in all jurisdictions?
6. Where data is shared amongst Libra Network members:
a. What data elements will be involved?
b. To what extent will it be de-identified, and what method will be used to achieve de-identification?
c. How will Libra Network ensure that data is not re-identified, including by use of enforceable contractual commitments with those with whom data is shared?
The letter is signed by a cross-section of authorities such as the Information and Data Protection Commissioner, the Australian Information and Privacy Commissioner, the Canadian Privacy Commissioner, the President of the Commission for Information Technology and Civil Liberties, the European Data Protection Supervisor, and the United States Commissioner of the Federal Trade Commission. British Information Commissioner Elizabeth Denham said:
“We know that the Libra Network has already opened dialogue with many financial regulators on how it intends to comply with financial services product rules. However, given the rapid plans for Libra and Calibra, we are concerned that there is little detail available about the information handling practices that will be in place to secure and protect personal information.”
In July, U.S. lawmakers grilled Facebook’s David Marcus on the new project in a series of hearings at the Senate and the House of Representatives. Several legislators, including Senator and presidential candidate Elizabeth Warren, expressed concerns over data portability and privacy.
That same month, Facebook told its investors in its latest quarterly report that, while the firm expects to launch Libra next year, regulatory push back could significantly delay or prevent its release.