Privacy and Transparency: Data Protection in the Digital Age

The world is currently being pulled in two opposing directions. On the one hand, there is a drive towards transparency as governments and corporations develop tools to track and analyse peoples’ activities, in the name of public policy and commercial opportunity. On the other, a growing feeling that people should have a right to privacy and to control their own data, whether as citizen or consumer. The tussle between these forces touches on big themes of public safety, social cohesion, value creation and control. How can they be reconciled and what has this got to do with art?

Transparency in the Digital Age

The push towards transparency is sometimes framed in terms of the data generated, often unwittingly, by peoples’ online activities. These trails are gathered and used by big tech firms to generate commercial returns, build dominant positions through the power of network effects and, depending on how conspiratorially minded you are, actively shape society in their preferred image.  

However, this trend is predated by an equally far-reaching push by governments to know more about their citizens. Of course, totalitarian states have always collected files on their population, but democratic governments increasingly seek to peer into people’s private affairs, often under the guise of law enforcement.

One area they have been particularly interested in has been financial transactions. Since the US passed the Bank Secrecy Act in 1970 to deter money laundering through secret bank accounts, there has been a proliferation of legislation around the world requiring financial institutions to verify the identities and profiles of their clients (KYC) and monitor transactions for suspicious activities that could indicate money laundering or terrorist financing (AML).  

Moreover, states’ push for transparency is spreading out from the financial sector into other markets where high value assets are actively traded. Obvious examples include property, crypto assets and, of course, art. Anti-money laundering provisions were introduced to the art market for the first time in February 2020, and this is likely to be merely the first step.

The Cost of Transparency

Although commercial and government mandated data collection may have different motivations, both impose significant costs on their subjects. In the case of commercial data, these are opportunity costs that arise from denying individuals the intrinsic value in their data. In the case of state mandated data, the costs are more direct. A LexisNexis Risk Solutions survey of financial institutions estimated that respondents spent USD214bn in 2020 on financial crime compliance. A 2018 survey by Refinitiv put the number even higher, at 3.1 percent of revenues, or USD1.3 trillion, which is only slightly less than the survey’s estimate of the value of financial crime itself. These costs are ultimately borne by the customers of the financial system.

The Forces of Privacy

The forces of privacy may appear somewhat feeble by comparison. On the legislative side, the General Data Protection Regulation (GDPR) has introduced constraints on an organisation’s ability to collect and keep personal data, including a limited “right to be forgotten”. But it is on the private side that the really interesting developments have occurred.

The introduction of crypto-currencies, based on permission-less public blockchain systems, has created a mechanism for individuals to transact globally and anonymously. The fact that the identity of Satoshi Nakamoto, founder of bitcoin, remains hidden to this day despite being believed to hold large quantities of bitcoin, bears witness to the privacy and user control built into the system he created.

Faced with this, authorities, are increasingly regulating the crypto exchanges which provide the entry points to the blockchain networks and the custodians that hold tokens on behalf of those that lack confidence to manage their own wallets. In doing so, it would be a shame if they ended up imposing costs similar to those borne by the traditional financial system, thereby killing the possibility of users’ own control of their privacy and encouraging centralisation in the hands of the biggest firms, who are able to meet the compliance costs.

A Better Approach: Self-Sovereign Identity 

A more effective solution might build on the idea of self-sovereign identity (SSI). Under SSI, users register with agencies that verify different aspects of their identity – name, age, nationality, qualifications or whatever. The agency gives the user cryptographic credentials for the attributes it has verified which she can present during a transaction to prove to a counterparty that she meets his eligibility criteria, without having to give up any other information about herself. In this way, the user retains full control over what she divulges and to whom.

Artclear's Approach: Empowering Art Owners with Control Over Their Data

At Artclear, we are applying the idea of SSI at several levels. The Artclear fingerprint is a mechanism to link data and expert opinion on the history and authenticity of works of art to the works themselves; the picture’s own SSI.  We are also creating legal and operational frameworks to link digital ownership tokens to the artworks to which they pertain. These tokens can be held anonymously but, in a world where financial crime prevention will become increasingly important, the ability to combine them with identity credentials from other agencies to give comfort to transaction counterparties will become increasingly attractive.

Transparency and privacy will always pull in opposite directions. The solution to this dilemma is to give people control of their data and let them decide how best to use it. That is the approach we are taking at Artclear.