This is How Facebook’s Novi Can Share Libra User Info With Others

Sead Fadilpašić
Last updated: | 5 min read

Social media giant Facebook‘s subsidiary Novi Financial has retained the right to share the information of Libra users with the third parties, with users’ consent, and in certain cases – “without further notice.”

Source: Adobe/ink drop

As reported, in May, Facebook rebranded its Calibra subsidiary, responsible for the Libra project, saying that the first product Novi Financial will introduce is the Novi digital wallet designed for Libra digital currencies. However, previously, Facebook stated that these currencies can be stored on other wallets too.

In either case, as Facebook is criticized for its lax approach towards privacy, let’s take a closer look at how Novi can share Libra user data.

What kind of information is collected?

Per Novi’s website data policy (updated on May 26, 2020), there are two types of information collected when interacting with it: those directly provided by the user (full name, email address, and countries selected as of interest), and those collected automatically during a user’s interaction with the website (browser type, operating system, pages visited, IP address, time zone, language, mobile operator, first-party cookie IDs and settings, etc).

“The list of attributes that they collect is fairly standard (and probably the minimum required) in terms of what would be necessary to fight fraud, money laundering activities and ultimately decide if a transaction is legitimate or suspicious,” Claire Hatcher, Global Head of Fraud Prevention Solutions at cybersecurity and anti-virus provider Kaspersky, told Cryptonews.com.

She added that if Novi wasn’t analyzing this data in some way, they would be unable to detect suspicious activity or any anomalies, which “would leave the end consumers’ money vulnerable to nefarious actors.”

“Organizations must meet their obligations under the GDPR’s [General Data Protection Regulation] ‘right to be informed’ in order to provide transparency for users,” a spokesperson of the UK Information Commissioner’s Office (ICO) told Cryptonews.com, adding that organizations must explain what personal data they process, why they process it, and who they may share that data with.

How is the collected data used?

The data is used to comply with legal obligations, Novi wrote, to analyze the way the website is used, and for sending marketing material.

There are, however, instances in which Novi shares information “with certain third parties without further notice to you.”

“We share information globally, both internally within the Facebook Companies and externally with our partners and with those you connect and share with around the world in accordance with this policy,” the website stated.

The third parties as listed are:

  • Authorized third-party vendors and service providers, including Facebook, which Novi says “support[s] the Website”; this entails providing technical infrastructure services, business analytics, conducting the website, and data processing.
  • Affiliates, including other Facebook products; users’ email addresses will not be shared with Novi affiliates “for their own purposes.”
  • Legal purposes, in case of responding to subpoenas, court orders, legal processed or claims, law enforcement requests, government inquiries, etc.
  • Business transfers: Novi may share information “in connection with a substantial corporate transaction, such as the sale of a website, a merger, consolidation, asset sale, or in the unlikely event of bankruptcy.”

Novi added that they “may share information for any other purposes disclosed to you at the time we collect the information or pursuant to your consent.”

Kaspersky’s Hatcher said that from a regulatory standpoint, in most countries any Personally Identifiable Information (PII) should be encrypted and that there are ways of using that data without actually seeing it. The safety of the consumers’ data is down to the measures Novi has in place to protect and encrypt it – and this is “down to their own security systems and not something that would be publically available.”

“To compound the issue further for cryptos and fintechs sometimes the regulatory compliance framework is not as stringent as that of a traditional bank,” Hatcher said.

The information is “generally” kept as long as it serves the purposes for which it was collected, Novi wrote. This is “a case-by-case determination that depends on things like the nature of the data, why it is collected and processed, and relevant legal or operational retention needs.”

Organizations must also put in place appropriate security measures to ensure the integrity and confidentiality of personal data, according to the ICO.

Under “applicable laws,” users can access, edit, and delete their information provided to Novi. They can also “restrict and object to certain processing” of the data, such as direct marketing, or in situations when Novi is “performing a task in the public interest or pursuing our legitimate interests or those of a third party.”

“Should individuals in the UK have any concerns about the ways in which an organization is collecting and using their personal data, they can complain to the ICO,” the spokesperson said.

Marketing and ads

“I compared [Novi’s] privacy and data collection statement to that of my own personal banking provider, and whilst the lists of attributes are similar, what is interesting is the level of detail around privacy concerns on Novi is much less,” Hatcher said.

“Also interesting is the fact that they call out that one of their main purposes for collection is for marketing purposes!”

As reported, Mark Zuckerberg, CEO of Facebook, said during a shareholder call in late May, that Libra will make the process of commerce and payments “a lot easier,” helping the economy.

“Ads is our basic business,” he said, and businesses will bid for what an ad is worth to them.

Meanwhile, Hatcher said that, from a trend perspective, more companies like Novi will appear over the coming years, “as consumers demand innovation from their financial services on how they use, store and interact with their finances in the online world.” She added: “those fintechs will need to have both a strong fraud prevention strategy as well as strict measures to keep their customers sensitive data secure.”
___

Learn more:
Bitcoin, Privacy, and Freedom at Times of Social Unrest
Bitcoin’s Wasabi Too Strong For Europol
Brave Files Data Use Complaint Against Google
Crypto Privacy Is a Financial Tonic to Government Intervention
Facebook’s Libra Has Changed. But It Still Might Be a Win for Bitcoin