AI & Privacy in Crypto World
In the ever-evolving intersection of technology and privacy, few areas captivate the imagination quite like the crypto world. As cryptocurrencies surge and blockchain technology reshapes industries, the role of artificial intelligence (AI) becomes increasingly pivotal. These innovations not only promise unprecedented efficiency but also bring forth new challenges in safeguarding personal data and ensuring regulatory compliance. The world of finance is being revolutionized by two powerful forces: cryptocurrency and artificial intelligence. While both hold immense potential, their intersection raises intriguing questions. Can AI be the key to unlocking the full potential of crypto, or will it introduce a whole new set of challenges?
Transcript of the Conversation
Punit 00:00
Crypto is a word of its own. And I'm talking about cryptocurrencies
and crypto in general cryptography. It's a world of its own. And it does create
privacy challenges. And also AI can be used. So how about talking about AI and
privacy in the crypto world with a person who has been in the army? Who has
been in the risk assessments? Who has been in the data protection, and who is
also in the crypto and business development and so on. Rather, I would let him
explain what does he do and introduce himself and I'm talking about none other
than Gokhan Polat whom I met at ISACA Dublin event, and we became good friends,
and he's here to share his knowledge and wisdom.
FIT4Privacy 01:00
Hello, and welcome to the Fit4Privacy podcast with Punit Bhatia.
This is the podcast for those who care about their privacy. Here, your host
Punit Bhatia has conversations with industry leaders about their perspectives,
ideas and opinions relating to privacy, data protection and related matters. Be
aware that the views and opinions expressed in this podcast are not legal
advice. Let us get started.
Punit 01:28
So here we are with Gokhan. Gokhan, welcome to the Fit4Privacy
podcast.
Gokhan 01:34
Thank you, Punit. It is very nice to see again.
Punit 01:36
Absolutely. It's always a pleasure to see you. And as you're an
expert in many fields, let me ask you a question in the crypto world. What is
happening in this crypto world because I see AI is happening robotics is
happening. Privacy is happening digital disruption is happening. But also the
crypto world is a lot happening, what's happening in this crypto world.
Gokhan 01:58
Crypto world is interesting area because I find myself not a crypto
expert or blockchain expert because it is a totally different area. But I
defined myself to take risks experts, so for technologists, experts, we cannot
stop learning. And like I read a survey about for example, health workers for
doctors, for example, it says for a doctor, he can go on to earn money make
money with without improving his skills for three years. But for the tech
experts, it's just for four to eight days, maybe these numbers is decreasing,
because we see every day different kinds of technology, technological
improvement, and yes, we are affected business life is affected by technology
very dramatically. And AI blockchain IoT different kinds of zero trust
different kinds of approaches different kinds of methodologies are again, again
reinvented and yes, in crypto sector, we see dramatical changes because now,
the government and institutions pay too much attention about this topic, and
they try to make legitimize it, they see there is a huge money going somewhere
coming somewhere and some organization also using this transaction to save
items to save themselves from restrictions of international community, like a
organization terrorists, organized organizations or bands. But these
organizations go on to earn money, make money or on sanctions month
transactions using this kind of technology. So nowadays, we see a government
and institutions pay too much attention about this topic. USA for example,
every day we hear about new legislation last year in 2023 for example, European
Union, a new legislation mica they aim to control crypto sector blockchain
sector because now that the clients there are yes this sector this blockchain
this technology has huge potential but some scam guys some issues, mind that
person also used to manipulate innocent people's you know, assets so, or they
can use this technology to manipulate other kinds of actions. So, this is very
important. And again, AI is become very strongly and we see European Union immediately
increasing its efforts to legitimize this AI area because now we see AI affects
everybody. Let me give you an example. I like to write about nip things, and I
use writing for learning a new area gaining new skills. I do not write just
about the things I know well, I sometimes also prefer to write or prepare an
article blog about the things I do not know. And in this process, I learned a
lot. But nowadays, I become very lazy because right now I have Copilots. I have
Google Bard, ChatGPT or other kinds of AI applications and its effects my
creativeness. It is also has affected in other technologies like blockchain
technology, AI, effects, blockchain technology, Blockchain effects, AI
technology, or they totally affect communities behaviors. Now business
processes changing, and business people try to understand what's going on
because it is very fast, very fast. I tried to be very close to, for example,
Blockchain community in Istanbul and see a lot of new faces I haven't known
before and they are very smart. They know very deeply about these topics. I
cannot imagine. At some point I ask, How long have you been in this sector,
they say young people say, eight years. It's is very interesting, this people
born in technology world, and they are very easy to get used to this stuff. But
the guys like me, should sit one extra time. And it is a again, true for our
classical business understanding, because maybe business world cannot follow
this technology or legislation. Legislative organization cannot follow this
technology properly. And discard this may cause some costs and governmental
organization again, see this problem I'll try to stop or a little bit how can I
explain slowdown, but it is very hard. It's very hard, because there is a
community who needs and they are very eager to increase the capacity of these
technologies. They use AI to increase blockchain technology effectiveness, or
they create new kinds of tokenization. Now we see some agriculture, I didn't
become a tokenized. Now villagers who has no understanding about maybe
accounting may be a techie. Now, their items they think they produce become
tokenization become the topic of blockchain technology. It's very interesting.
Punit 07:53
So let me slice it into multiple parts what you said. One, you're
saying that technology is changing very, very, very fast. Second years, a lot
of legislation is coming. Third, you're saying that the young people are
adopting it much faster and much quicker?
Gokhan 08:09
Much. They expect that they have expectation? I mean, the
legislation, government organization companies, they should support these new
ideas.
Punit 08:19
Yes, yeah. And the forth, you're saying that a lot of use cases of
it. But while you say the young people are picking it up fast, I think you and
me are also very young. And I'm very curious to ask you, how did you end up in
this I mean, what has been your journey, your story that you have acquired, so
much of knowledge and so many varying topics?
Gokhan 08:42
As I mentioned in the beginning, I am myself as a technology
expert, but for example, now I work for Averest, a company which is providing
technology, consultants and training in especially in emerging technology and I
started a position here as a strategy and business development needs. You know,
it's very interesting, because I generally worked as for example, Enterprise
Risk Management directors, cyber security consultant, Risk Services senior
manager, I generally to have this kind of positions, but in this company, I
started with this strategy and business development and this company, my first
thing is guiding my company in emerging technology area because of my
understanding, with attending this kind of community, technology, communities
events, there is a big change that we will see we are seeing, but we will see
very dramatic change in business life. So by myself, I try to first understand
the technology from risk mindset because I'm an expert, and risk doesn't mean
that it is just about the treads, it has also have can explain opportunities.
And I see some opportunities to catch this opportunity, I should first
understand how I can create new business cases from this area. So nowadays, I
am dealing with creating new training sessions with experts, data analytics,
data science experts, AI experts, data protection experts, and blockchain
experts. I go attend a meeting, I meet with someone, I might to my office, we
make talk with them understand their vision, and I try to figure out how can I
put this vision in my you know, target objectives or vision. So, I am creating
a community of technology experts all over the world. For example, as you
remember, I also asked you about data presentation because we are at my
company, also part of ISACA training partner of option training partner, ISACA
people CERT is secured, we are on the way of Cloud Security Alliance and I
guess, IPP. So, these organizations have very strong products, but to provide
to meet with these products with the client who needs them is not easy, because
sometimes clients cannot find the right address, right Punit? because there are
lots of companies they are doing good marketing stuff, but they do not provide
what clients this my now aim is to understand this technology transformation
change and how it affects our understanding, then try to understand my clients
expectation in different markets because we are operating in London, in
Amsterdam, in Istanbul, Turkey, a Neve office in the whole Riyadh Barcelona,
every each place has common problems concern pain points, but there are other
kinds of pain points too, because demographic effects, economic effects,
political effects, not just technology. So I am trying to increase by the way
my touch points like now I am speaking with you with Punit. Who's Who is data
protection experts who interest with emerging technologies, who is leadership
in the ISACA, Brussels. And who's attending some organizations. So, connection
with Punit. And the people like Punit also increased my understanding it is understanding
I am creating my own contents. This is nowadays my first and challenging topic.
Punit 13:01
Know that that's very true. It is other people's knowledge which
allows us to acquire more knowledge and also bringing knowledge to other people
sometimes teaching guiding coaching consulting, that allows us to solidify our
own knowledge. And before we get to philosophy GL about how do we acquire
knowledge? Let's go back to the main topic. We were talking about crypto, and
we were saying it's emerging technology but the other emerging technologies AI,
does crypto use AI in any way.
Gokhan 13:36
Yes. Okay. Let me explain, widely using my choosing, okay. Vance, I
have an experience as Enterprise Risk Management Director at a crypto exchange
company, a well known company in Turkey. And this company I haven't experienced
because I stayed for a while. And I was so built about, you know, cyber
governance, internal audit, risk management, internal control, and fraud
prevention, and KYC AML Compliance. All these functions are under my control.
So from my side, I can explain. Crypto sector is very fast. They earn, they
make money, the fast but they should be trustable. If client doesn't believe in
you, your processes, your approaches, then it changes the vendor or crypto
exchange very fast because it is just an application not downloading and you
create your profile. You swipe you, you carry your assets very fast very
quickly. And you go on and it is a problem because this community is client
communities have strong communications through Telegram, Discord, Twitter, if
you had a problem about trust it, it is easy to disseminate all over to you
know, your community. So, we also use AI in our processes it I am sure all
crypto exchanges use AI very efficiently because for KYC AML process for
example, I need to onboard new clients to increase my profits, but I cannot
onboard every client because legislation organization enforcement to first
check if the guy is true guy, if this guy has any malicious activities in his
in his history. So, first in generally conversation intervene on site
understand if this guy's this guy, but this has some problems, because it takes
too much time, I should train my colleague my personal in this process, I
should trust him, because it is sometimes can create new kinds of problems,
personal problems, and they should also record all personal data of that new
client. So, nowadays KYC AML use efficient AI technologies. Now, we are
minimizing human touch in this process AI first see the client check the
evidences he or she provided match them if AI believes that this guy is true
guy, then we can onboard him and it never stops, then then we also check
transactions, there are millions of transactions happening all day. So, many of
you cannot follow them and you cannot understand which transaction is true,
which transaction is created by true and honest people and this time ml tools
also using AI checks this transaction and if they see a productive activity, it
provides alerts and be directly informed governmental organization otherwise
governmental organizations or this kind of problem if I if I cannot inform
government or organization in time, it may cause problems and others I collect
last as you see I am collecting lots of private sort of personal data in this
process KYC AML process and discuss another problem, this cost data
minimization problem cause I should I should collect loss to personal data. So
how I can categorize them, how can I record them? How can I sometimes choke
maybe sustain its integrity and again, I cannot do it by mice human
probabilities. Now again, we are using AI technology in this data retention
data coding Rita juice, which processes and began use it use AI in for example,
data analytics, because I collect a cluster of data about data protection
problems, but I also another problem, because my computer's going past short.
So I should catch them how I am calling I have lost a client data. If I use
data analytic tools, which is supported by AI, I can see easily the changing
trends expectations on my clients. If my client is happy with my products
services, I can see only with using AI tools, but I can do else I also help to
do about cybersecurity. There are tools about threat intelligence. If cyber
attackers aim to a my company or not. These AI technologies algorithms check
dark bet and see if there is attack coming or not. What else I can it helps me
to predict about crypto changing crypto, crypto portfolio which coin which
cryptocurrency will increase in some determined time periods. It also can help
us to guess about it with the help of AI technologies. And it is in the use
cases of AI and blockchain technology increasing
Punit 20:00
But what you're saying will also lead to privacy challenges?
Because you're saying use this crypto with AI on KYC then you analyze what data
has been provided artifacts are provided ID card is provided an information is
matched, now, does it not raise some privacy concerns? And how are those
concerns being managed because it's getting a little bit tricky, if you really
look at it from a privacy lens perspective
Gokhan 20:31
Privacy, yes, you are very true. This is a challenging because for
Kim KYC and AML AML we should collect last top personal data we should make in
target with a client we should ask for their evidences, we record these
evidences sometimes, we also should use third parties to make phone calls and
phone calls are recorded, imagine you have a client a third party is making a
phone call with this client, they ask some personal information and this they
record this information. So, they give a this kind of data should be analyzed
in in a periodically and should be put in retention period. So you will not
able to make it manually. This is another case for AI side yes AI also if you
do not for example, the rules algorithms of ai ai also can also cause some
discrimination problems. In Turkey for example, we have lots of people coming
out of Turkey, their names are different, their ethnic or religious traits are
different, if we cannot for example, create strong rules for KYC AI supported
KYC tools, then maybe this KYC will reject our proper client because of him
will not understand about a ethnicity to naming you know, that maybe they have
different kinds of names different kinds of facial site. So, this may also
cause another data protection problem, what else okay, I am collecting lots of
data as I also find a data classification, I also is you know, some application
use data with a some technology use data and sometimes business owners do not
understand how this technology collects and record this data. So, without AI
again, again, we will not able to find where is my data and solve this kind of
problems. First, we should understand what kind of use cases we are in there
are lots of different solutions. So, people are business owners first a create
a strong business case, what is their problem, what can they use, what kind of
technology, they should use in my inner again, previous previous experiences,
before I buy or implement a technology, I made two assessment first, first is
about business case, which kind of business problem I have, and is to satisfy
this expectations, my business will and if this tool pass this than second test
is coming. It's about totally technological and data protection area. How this
technology collects the data, where it's a keeps the data, if it will cause a
problem with my other technologies, our technology experts also analyze it. So
for this kind to solve this kind of problems, I guess people should know the
reality of their problems and the reality of the technology they plan to implement.
And second, they should also have a strong audit functions. Because after a
time, the usage of technology is maybe change, too. positions may change. And
they should be certain if they use this technology in a proper way, in
compliance with the it illegal legislation, Oregon, in compliance with their,
like risk management cybersecurity policy. Because it because business needs
sometimes we do not pay attention about data protection stuff or people become
forget. So audit can remind us the importance of this.
Punit 25:23
Yeah, I think apart from audit, maybe it will also be interesting
to contact the Privacy Officer or DPO. And they can help with the legitimate
basis for such processing because you need to be knowing why you're processing
this data. And what's the reason legitimate reason, legal reason for
processing. But before we get into the DPO role, I think last time when we met
you were also talking about the CSA, CSA framework, in CSA framework. And I
think that can also assist in protecting privacy. Do you want to touch upon
that because you've been part of that? And it'll be very interesting for
people. What is this CSA blockchain? And how does it allow privacy as as a
framework?
Gokhan 26:08
You never forget anything? I
like your this trinity, which is great. Yes, classic utilize SFC in the name,
cloud, it is related about cloud Cloud Security Alliance aims to increase
awareness of how can explain awareness of us which include in IT security. So
it's creating lust of services, certification standards. And lastly, classic
utilize also see other kinds of technologies affect us the job tech clutch, and
it declares it declared AI cloud Bill blockchain and other technology quantum
quantum computing is our AR in our target. So it creates it started to create
with groups working groups, it start to make analysis of this technologists and
created some documentation upon its followers, for participants or for the
public. And I also attended the working group of blockchain governance, almost
one year before and in this group. When I attended they were created last have
documentation about blockchain like blockchain top 10, risk, Blockchain common
cybersecurity problems and how you can solve it this kind of temptations and
when I first attended them, they were on they were creating two new
documentation. One of them is DLT and blockchain technology privacy framework,
and other one is cybersecurity framework with these frameworks, it is in the
back beta test period. Now, I guess, later, we will be able to see these
products with these products, we are aiming to help organization who wants to
use blockchain technology and have some doubts about security and privacy. What
should they do what what kind of audit checks controls, they should apply, they
will able to see a generic documentation to analyze the blockchain technology
usage from the governance side to take all the architectural side. And for
example, nowadays, I am dealing with a increasing the controls what kind of
controls we should apply and for specific risk blockchain risk, or I am
checking dimension to control section of this documentation.
Punit 29:03
No problem. So, essentially, it's kind of a control framework, which
gives you controls for privacy, cybersecurity, risk
Gokhan 29:10
Risk assessment and Control.
Punit 29:12
Yes. Okay, that's interesting. I think we will aim to put the link
or more details in the show notes. Now, in this world, which on one hand is
scary if you extrapolate what quantum AI can do, and blockchain will do, but on
the other hand, it's also a lot of opportunities for business to leverage these
technologies and maybe be more competitive. What do you see happening in the
future of next say, three to five years?
Gokhan 29:44
I guess put it if I tell you something about three or five years,
it will be that. How can I explain? Logical because
Punit 29:54
How many years you want to tell?
Gokhan 29:56
I don't know values. Maybe value because Yeah, I mean, I guess
Punit 30:01
2025 Let's say
Gokhan 30:03
Yes 2025. For example, people see, I guess, different kinds of
generic. We are now in degenerative AI period. And we can create lots of, for
example, text. And it also created some images. Maybe we will see fake images,
fake videos, more often only for the AI side. And for blockchain side, this
also be you can be used for example, we talk about KYC AML onboarding. Now,
also the malicious people maybe will activate this skills for to make malicious
activities, and we will see this kind of problems. Second for the metaverse
sites. Again, I'm not an expert of Metaverse of blockchain, because it is a
another topic and I guess, this vision, this alternative way of life will be
more white separate. I mean, because of the technology because of the AI, we
cannot create last of digital twins with the help very easily without paying
too much effort in blockchain site. I guess in crypto site, we will see the
increase in energy station it is very obvious. In Turkey for example, we are
waiting for a new legislation. And it will declared because the crypto sector
is very popular in Turkey and the government want to control it. And second, we
will see AI usage in crypto area independent by like Metaverse the like because
thanks to AI technology we can create a digital twins without small efforts can
be compared in previous times. And we will saw we will see also different kinds
of cyber attacks, malicious activities just in general be solves almost I guess
17 successful cyber attacks to crypto ecosystem. And these were not brute force
attacks. These were smart, you know, phishing attacks, they use telegram they
use twitter and they use fake profiles created by maybe this kind of
technologists and maybe we will be able to we will go on to see new creative
attack types. And, again, why now we are seeing big financial institutions are
stepping into crypto sector very strongly. It's not just my understanding, I
guess the usage of crypto will be wide separate and will be increased and
people see different kinds of usage in a blockchain in crypto sector.
Punit 33:30
Okay, so essentially what we are going to see is more and more
usage of AI crypto world. And both on the positive side, a lot of use cases and
also by the negative side of things, but that's always the case. So with that,
I would say if someone really wants to talk to you and want to contact you
based on this conversation, what would be the best way for them to talk to you?
Gokhan 33:59
It is easy to they can connect with me in LinkedIn because I am
using LinkedIn very often I get very effective. And I have also email, I can
share it. I can share my email now or when whenever they want whenever you
want. They can write me and maybe I will come to Brussels and visit you and we
can meet over there too. But LinkedIn is a very popular and very effective way
of communication nowadays.
Punit 34:33
Okay.
Gokhan 34:33
They can write that
Punit 34:34
Preferred option. And with that, I have to say in a sense of time,
thank you so much. It was wonderful to have you and have a wonderful day.
Gokhan 34:44
Thank
you Punit. It is very important for me to attend these kind of initiatives. And
a kind of today's show because increasing awareness in data protection,
especially in the emerging technology is very crucial. Thank you Punit.
Punit 34:59
Thank you so much.
FIT4Privacy 35:02
Thanks for listening. If you liked the show, feel free to share it
with a friend and write a review. If you have already done so, thank you so
much. And if you did not like the show, don't bother and forget about it. Take
care and stay safe. Fit for privacy helps you to create a culture of privacy
and manage risks by creating, defining and implementing a privacy strategy that
includes delivering scenario based training for your staff. We also help those
who are looking to get certified in CIPPE CIPM, and CIPT through on demand
courses that help you prepare and practice for certification exam. Want to know
more? Visit www.fit4privacy.com. That's www.fit4privacy.com. If you have
questions or suggestions, drop an email at hello(at)fit4privacy.com.
Conclusion
As we move forward into a future shaped by rapid technological advancements, understanding the nuances of AI-driven innovations in the crypto world is crucial. Gokhan Polat's perspective reminds us of the dual nature of these developments—offering tremendous opportunities while demanding vigilant attention to privacy concerns. Whether you're an enthusiast, a business leader, or a privacy advocate, staying informed about these evolving dynamics will undoubtedly shape how we navigate the exciting yet challenging terrain ahead.
ABOUT THE GUEST

Gokhan Polat, a visionary leader on a mission to transform challenges into opportunities and foster growth in every endeavor. With a rich background in strategic growth, risk management, and community building, Gokhan has honed his skills in the dynamic realm of crypto asset services. As a seasoned leader, he navigated the intricacies of enterprise risk management, mastering the art of problem-solving in high-stakes environments.
Driven by a profound desire to empower others, Gokhan co-founded the Databulls community, cultivating a vibrant space for learning and collaboration in the tech and business spheres. This experience reinforced his belief in the transformative power of collaboration and shared knowledge. Gokhan leads strategy and business development at his company, where he thrives on crafting and executing ambitious plans that fuel sustainable growth. His strategic acumen and collaborative approach empower teams to surpass expectations and achieve remarkable results.
Gokhan's leadership style is characterized by a human touch, fostering strong, motivated teams through open communication, trust, and a focus on personal development. With strategic foresight, he translates vision into actionable plans, driving growth and maximizing team potential. His deep industry knowledge, spanning both crypto and professional services, equips him with invaluable insights into diverse domains. Gokhan is a champion of community, believing in the transformative power of collaboration and meaningful connections. With a passion for building something great together, Gokhan is poised to inspire, innovate, and lead in the ever-evolving landscape of business and technology.

Punit Bhatia is one of the leading privacy experts who works independently and has worked with professionals in over 30 countries. Punit works with business and privacy leaders to create an organization culture with high AI & privacy awareness and compliance as a business priority by creating and implementing a AI & privacy strategy and policy.
Punit is the author of books “Be Ready for GDPR” which was rated as the best GDPR Book, “AI & Privacy – How to Find Balance”, “Intro To GDPR”, and “Be an Effective DPO”. Punit is a global speaker who has spoken at over 50 global events. Punit is the creator and host of the FIT4PRIVACY Podcast. This podcast has been featured amongst top GDPR and privacy podcasts.
As a person, Punit is an avid thinker and believes in thinking, believing, and acting in line with one’s value to have joy in life. He has developed the philosophy named ‘ABC for joy of life’ which passionately shares. Punit is based out of Belgium, the heart of Europe.
For more information, please click here.
RESOURCES
Podcast https://www.fit4privacy.com/podcast
Listen to the top ranked EU GDPR based privacy podcast...
EK Advisory BV
VAT BE0736566431
Proudly based in EU
Contact
-
Dinant, Belgium
-
hello(at)fit4privacy.com