Paper Type
Complete
Abstract
the General Data Protection Regulation (GDPR), yet decentralized enforcement across 27 member states creates uncertainty about actual privacy compliance. This study presents the first quantitative benchmarking of Crypto-Asset Service Provider (CASP) privacy practices in the post-MiCA context. Using a validated 14-item rubric grounded in GDPR Articles 5 to 35, MiCA Articles 60 to 65, and NIST/ISO standards, privacy policies from 27 CASPs across twelve EU jurisdictions were assessed across five weighted dimensions (Cohen's kappa >= 0.80). Results reveal fragmentation: scores range from 2.45 to 4.87 with a 1.82-point gap between the top and bottom jurisdictions. Crypto-specific provisions scored lowest (mean = 2.61), three times more variable than transparency. Compliance correlates with regulatory maturity (r = 0.682, p = 0.043, large effect) evidencing a privacy lottery for EU consumers and informing post MiCA policy.
Paper Number
1516
Recommended Citation
Cordoba, Francisco Jose; Khalid, Muhammad Irfan; and Themistocleous, Marinos, "Benchmarking Privacy Compliance in EU Crypto-Asset Markets: A Quantitative Analysis of GDPR and MiCA Implementation" (2026). AMCIS 2026 Proceedings. 21.
https://aisel.aisnet.org/amcis2026/sig_sec/sig_sec/21
Benchmarking Privacy Compliance in EU Crypto-Asset Markets: A Quantitative Analysis of GDPR and MiCA Implementation
the General Data Protection Regulation (GDPR), yet decentralized enforcement across 27 member states creates uncertainty about actual privacy compliance. This study presents the first quantitative benchmarking of Crypto-Asset Service Provider (CASP) privacy practices in the post-MiCA context. Using a validated 14-item rubric grounded in GDPR Articles 5 to 35, MiCA Articles 60 to 65, and NIST/ISO standards, privacy policies from 27 CASPs across twelve EU jurisdictions were assessed across five weighted dimensions (Cohen's kappa >= 0.80). Results reveal fragmentation: scores range from 2.45 to 4.87 with a 1.82-point gap between the top and bottom jurisdictions. Crypto-specific provisions scored lowest (mean = 2.61), three times more variable than transparency. Compliance correlates with regulatory maturity (r = 0.682, p = 0.043, large effect) evidencing a privacy lottery for EU consumers and informing post MiCA policy.
Comments
SIG SEC