May 2, 2024
by Hanoba Etomi (CIPP/E)
In an era characterised by the rapid evolution of digital transactions and the widespread adoption of decentralised technologies, the importance of data security has never been more paramount. The emergence of web 3 and blockchain technology which promotes features such as, trading of cryptocurrencies/non-fungible tokens (nfts), peer-to-peer (p2p) activities and token staking services, necessitates the need for a robust privacy framework to safeguard user data and maintain trust in the digital ecosystem.
Beyond the scope of cryptocurrencies and the blockchain, data breaches have inflicted severe financial and reputational damage on numerous individuals and tech organisations globally. For example, Amazon’s mishandling of customer data resulted in substantial fines, with the company paying over $30 million in settlements to the Federal Trade Commission (FTC).
Similarly, Meta, formerly Facebook faced a 1.2 billion Euro fine for privacy violations concerning the cross-border transfer of personal data, highlighting the imperative of adhering to privacy regulations and conducting comprehensive assessment tests before deploying new technology. Cryptocurrencies, notably Bitcoin serve as the cornerstone of the blockchain, paving the way for the broader Web 3 ecosystem, encompassing altcoins, non-fungible tokens (nfts), and staking pools. This expansion has led to a surge in tech companies offering ‘Blockchain as a service’ (BaaS), signified by the rapid growth of some of the leading cryptocurrency exchange platforms such as Binance, Coinbase and Metamask. Furthermore, the recent approval of Spot Bitcoin Exchange- Traded Products by the U.S Securities and Exchange Commission (SEC) has spurred increased adoption of cryptocurrencies, with companies like Blackrock bullishly acquiring spot bitcoin ETF positions and other [tech] companies accepting cryptocurrency as forms of payment.
Despite the promising potential of web 3, companies and users have fallen victim to online attackers, including phishing attempts, as evidenced in the case of Ledger, who reported a phishing attack, which led to a data breach incident. In order to mitigate such risks, emerging web 3 companies must prioritise privacy-centric design principles and robust security measures to protect customer data and navigate an increasingly regulated landscape effectively.
As global interest in cryptocurrencies and other blockchain activities grows, regulatory scrutiny intensifies, prompting nations to enact specific regulations governing virtual assets. For instance, Kenya established a multi-Agency group to develop a regulatory framework for virtual assets services, while Nigeria implemented New Rules on the Issuance, Offering Platforms and Custody of Digital Assets (May, 2022) and the passing of the Data Protection Act by President Bola Ahmed Tinubu in June 2023. As such, as web 3 companies seek to expand their operations globally, compliance with both crypto/virtual assets regulations and privacy laws becomes of great importance.
Some of the advantages of web 3 companies can gain from bolstering the data security measures includes:
In conclusion, safeguarding data security in web 3 is vital for building trust, enabling innovation, and navigating regulatory complexities. By prioritising privacy, adopting robust security measures, and adhering to evolving regulations, web 3 companies can uphold user trust, drive sustainable growth and shape a secure digital future.
Hanoba Etomi (CIPP/E)
Digital Lawyer & Privacy Professional