Beyond KYC: Stricter Privacy Policies are Looming, But DeFi is Here to Stay

By Antoni Zolciak

Over the past year, blockchain has taken the world by storm via the decentralized finance (DeFi) sector, which continues to grow exponentially in terms of service offerings and total value locked (TVL). This explosion in on-chain wealth creation has drawn increased regulatory scrutiny, but many regulators are equally focused on another valuable asset we’ve increasingly relegated to the internet – our personal identities. However, while some blockchain proponents are concerned that new, heavy-handed privacy regulations will disrupt or even destroy DeFi and other blockchain-enabled industries, the truth, as we see it, is that DeFi and future privacy regulations can and will coexist symbiotically.

In some ways you can be whoever you want the moment you log on to the internet. While most people use this opportunity to “be themselves”, there will always be bad actors who assume false identities for financial gain. That’s why nearly all traditional financial institutions – and a growing number of crypto exchanges and DeFi platforms – implement “Know Your Customer” (KYC) and Anti-Money Laundering (AML) requirements. The kicker? The more value these organizations store within their internal systems, the more likely they are to be targeted by cyberattacks.

It’s true that every platform that requires its users to complete a KYC/AML process before registering an account or withdrawing funds is essentially forcing its users to deanonymize themselves to some extent. For many crypto proponents, this is an affront to blockchain’s core tenants of privacy and autonomy. However, blockchain’s ability to create a more decentralized and open internet should not be an excuse for allowing lawless activity – especially if we want more communities to adopt crypto and more businesses to build high-quality DeFi products and services. After all, KYC/AML policies are not only meant to prevent users from identity theft, they are also meant to prevent businesses from taking part in illegal transactions and other forms of malicious online activity. Ultimately, the idea behind these policies is to protect both the organizations and their users. How we implement them, however, is a different story.

To be clear, blockchain-based organizations are both a target of malicious online activity as well as a potential remedy for multiple privacy issues internet users regularly face. This is because blockchain technology enables a new era of transparency and composability of financial instruments while simultaneously helping users protect their personal information and online identities. While this may sound paradoxical, blockchain’s use of public key cryptography (PKC) makes this all possible through the use of digital signatures, a concept based on “trapdoor functions,” i.e. one-way mathematical functions that are easy to solve in one way but nearly impossible to crack in reverse. These functions allow users to prove their rights to move certain blockchain assets without relying on the outside authorization. 

Additionally, some next-gen blockchains plan on implementing zero-knowledge proof (ZKP) and secure Multi-Party Computation protocols, which make it possible for a user to prove to another user, or a group of users, that a given statement is true without divulging any information other than the veracity of that statement. In other words, you don’t need to reveal to the service (or the service provider) anything more than what’s required. You could prove that your credit history is in good condition without revealing the credit history itself, or that you’re over 21-years-old without disclosing your exact age.

The importance of this technological breakthrough cannot be understated, and ZKPs are a big reason why blockchain-based sectors like DeFi will continue to grow unabated even after the privacy regulations tighten. After all, privacy-enhancing identity systems may enable users to fulfill future KYC requirements in a way that doesn’t divulge any actual personal info to the platform/service requesting the KYC, as long as their encrypted credentials prove that they are who they say they are.

While blockchain technology helps strengthen online privacy in many ways, there are still some regulatory challenges the industry must overcome. Privacy frameworks such as Europe’s General Data Protection Regulation (GDPR) require organizations to act as data controllers for certain customer records and identify which legal entity has the authority to act on a customer’s behalf. These policies may present some challenges to certain types of public blockchain projects — although most of these privacy-focused concerns can be addressed by effectively encrypting user data in a way that can be easily shared with regulators selectively and securely when required. This way, a public blockchain can serve as both a privacy enhancer and a guarantor of transparency – depending on what needs to be accomplished, and by who.

Additionally, businesses building on a public blockchain can deploy private smart contracts to automate more granular data exchanges and access permissions in a way that benefits both their organization and end customers. This is because public blockchains can be structured in a way in which applications and the underlying data they pull from are stored in separate layers. And although privacy policy frameworks like GDPR have strict rules on the extent to which consumer data can be utilized in fully automated processes, once again this data can be effectively anonymized via public key cryptography.

As someone who follows policy discussions on both sides of the Atlantic, I believe that most regulators’ concerns over whether blockchain can simultaneously safeguard consumer privacy and ensure legal compliance are overblown. Some crypto projects already balance these priorities better than many traditional businesses, and according to multiple sources, more financial crimes are committed via the current global financial system than on every existing blockchain network combined. That being said, the crypto space should proactively address real-world concerns regarding identity theft and money laundering, and DeFi developers have a moral responsibility to minimize societally harmful activity on their networks.

The blockchain sector is already generating too much real-world value for any responsible regulator to consider delegalizing it, whether this comes in the form of universally accessible financial markets or new forms of online identity management. In other words, even if future crypto laws are “stricter” from a user privacy standpoint, these laws will be designed to deter malicious actors – not stifle blockchain innovation. Blockchain is here to stay, and industries like DeFi will continue adapting to new policies as they arise while accelerating into the future.

Antoni Zolciak is a technology marketer with 10 years of professional experience. Involved in various public relations and marketing projects for ING, Samsung, Sony, Olympus, and Nikon. Antoni gained experience at the Corporate Communications department of ABB in Zurich while employed at Admind Agency, the largest Polish branding firm. Before joining In’saneLab as VP of Marketing, he worked as an inbound marketer for Brand24 and Codewise, the 2nd-fastest growing company in Europe according to The Financial Times. He’s also a member of the American Marketing Association. At Aleph Zero, he combines the roles of COO and CMO, as well as takes care of the organizational culture.

The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.