Centrifuge document on onboarding provides:
“Securitize only facilitates the initial disclosure to the issuers that you have affirmatively selected. Should you no longer want to communicate with a particular issuer after consenting to the disclosure discussed herein, or if you wish that issuer to delete the personal data it has been provided pursuant to this consent, please contact that issuer directly.” [my emphasis]
see https://docs.centrifuge.io/use/onboarding/
Rather than place an onus on investors to personally contact AOs to delete their personal data, Centrifuge’s agreements with AOs should require deletion of private data upon final termination of a pool. The agreements should also include a mechanism for optional data deletion before then at the investor’s request. Investors who are concerned about privacy (who isn’t?) would then be able to exercise that option, rather than be left to navigate a cumbersome, potentially futile, process.
Second, the onboarding doc states:
“By consenting to this disclosure via Securitize I.D., your information will be transferred to the country in which the particular issuers you have selected is located. According to EEA regulations, the United States does not provide an “adequate” level of protection for purposes of data protection, and no alternative safeguards are in place for this particular transfer. Further, the issuer you have selected may be located in the United States or in another country that does not provide such adequate levels of protection or safeguards. As such, your information may be at risk of unauthorized or unwanted access.”
Centrifuge, in contracting with AOs, should include protections that meet the highest standards even exceeding those of the U.S. and other countries. This would allay investor concerns and overcome investor hesitancy.
The above may not seem like a big deal, but it’s granular and careful attention to privacy that can help raise the project’s profile.