Cryptocurrencies evolved as an extra-state mechanism in a reaction to the centralised nature of fiat currencies. Privacy of users was at the core of this concept. But, with the spread of this sector, know your customer (KYC) verification, which is a norm in the banking world, has become commonplace. This bothers purists who feel that the crypto world should protect its users at all costs and tech enthusiasts who feel that law and technology may not be on the same page in a blockchain-based scenario.

KYC standards are designed to protect financial institutions against fraud, corruption, money laundering and terror financing. This multistep process establishes customer identity, helps understand the nature of customers’ activities and qualifies that the source of their funds is legitimate.

All major Indian crypto exchanges—WazirX, Bitbns, Unocoin, ZebPay, Giottus and CrossTower—include the KYC procedure for their respective customers. Giottus says that its users have to comply with KYC formalities before they can start transactions. “Our KYC process includes PAN card declaration and one photo ID proof, such as Aadhaar, driving license or passport. Every user has to input a bank account as an additional compliance mechanism. Our team verifies all documents and does a penny check of the bank account,” says Vikram Subburaj, CEO, Giottus.

Weighing in on the privacy versus KYC debate, Kumar Gaurav, founder and CEO of Cashaa, a cryptocurrency bank, says that crypto exchanges and wallets are becoming similar to financial institutions. He adds that KYC procedures need to be added into the cryptocurrency anti-money laundering programmes for these entities “in order to secure transactions, help them be aware of customers and how they use crypto services and reduce identity thefts and frauds”.

Investors, however, are always curious. Purushottam Anand, advocate and founder of law firm Crypto Legal says that the Data Protection Bill, 2019, envisages important rights, including the right to update personal data, withdraw consent for sharing data and be forgotten, to users. “Most decentralised blockchains—for example, Bitcoin and Ethereum—maintain an immutable record of transactions connected through a chain, which makes it impossible to modify, correct or delete any details recorded in previous blocks,” he says.

It will be challenging for public blockchains to comply with the right to be forgotten, if granted by Parliament. Crypto projects using such decentralised blockchains will have to embed technological solutions in their model to ensure compliance with these requirements, which may not be acceptable to the larger global coding community.

Tax officials have told Outlook Business that they have gathered intelligence on high-volume crypto transactions, without explaining the process they used to gather this information. Chairman of the Central Board of Direct Taxes J.B. Mohapatra says, “This data is for understanding the market as well as the investors who participate in the market. It was used for the assessment of individual investors to understand where there was a high risk, say, if someone traded in Rs 10,000 crore of cryptocurrencies. We would rather concentrate on them than a small investor.”

At the same time, sources have said that the Reserve Bank of India had tasked an internal enquiry team to probe the misuse of cryptocurrencies for criminal activities and has already gathered data on them. However, it has not made the findings public even when the strong stance the central bank has taken against cryptocurrencies seems to be based on these findings.

At least one crypto exchange has confirmed that it does not share customer data with the government. Vikas Ahuja, CEO of the Indian arm of crypto exchange CrossTower, says, “CrossTower does not share any investor data with any government body. No government body has ever asked for any investor data from us.”

Echoing this opinion, former finance secretary Subhash Chandra Garg says that the government has other priorities. “I do not think that the government has any interest in breaking into the privacy of crypto investors. What the government is rightly interested in is the profits made by crypto investors.” He supports the government’s preference to obtain the requisite investor data. “These capital gains ... must be taxed. For getting the taxes, whatever returns and reasonable information the government needs has to be provided by crypto investors. This is not a breach of their privacy,” he added.

Investors cannot let their guards down at any state. Edul Patel, CEO and co-founder of Mudrex, says, “Crypto investors need to be alert towards hacking and permanent loss in case of forgotten passwords to keep their crypto assets safe.”