2025-12-31 04:28:02

Not long ago, a company specializing in identity verification solutions within the industry experienced a serious incident. Their third-party data provider was hacked, resulting in the leak of tens of thousands of users' real-name information. Once the event broke out, users' anger instantly surged onto the company's social media. The company's response seemed powerless: "This is a third-party issue; we are also victims."

But here’s the problem — the law doesn’t buy that. When users are scammed, the first party they look for is you, not that "mysterious third party." That’s also why many founding teams who consider themselves "only responsible for technology" are hit hard by this reality.

This leads to an almost universal but rarely openly discussed issue among projects: sharing user data with third parties.

Most project terms state simply: "We may share your data with service providers." That’s it, as if responsibility also drifts away with the statement. But some projects are starting to play a different game. For example, certain Oracle-type projects explicitly mention the concept of "joint controllers" in their terms. At first glance, it seems like a pile of legal jargon, but there’s a lot to unpack here.

"Joint controllers" means: the party receiving your data isn’t just a simple service provider. They are on the same boat as the original project, jointly deciding why and how your data is processed. Legally speaking, you are bound together; neither can run away.

This is not a word game; it’s a complete reversal of responsibility logic. Once "joint controllers" is written, the project must commit to managing these third-party partners to the highest standards. What does that mean? It means you can’t just wash your hands of it. It entails review, supervision, accountability — none can be skipped.

In other words, projects that dare to include this clause are actually tying themselves up — a heavy, inescapable shackle. It may seem like a disadvantage, but from the user’s perspective, this is the true foundation of trust.

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.

12 Likes

Reward
12
6
Repost
Share

Comment

0/400

GateUser-a5fa8bd0

· 50m ago

Basically, it's just passing the buck, but the law doesn't buy it. --- This is truly a conscientious approach. I give five stars to projects that dare to list co-controllers. --- Most projects are playing word games; anyway, users get scammed and can't find anyone to hold accountable. --- So when choosing projects, you still need to look at the terms. Don't be fooled by those pretty words. --- Adding shackles can actually build trust; this logic is interesting. --- It was about time to regulate these unscrupulous third parties. User data is treated as if it's free. --- The problem is most people don't read the terms at all. Blame themselves for not being careful. --- Web3 projects should do this better; otherwise, they're damaging their own reputation. --- That company's response was really top-notch. They still had the nerve to pass the buck. --- Supervision and review are easy to say, but actually implementing them is another matter altogether.

View OriginalReply0

RugPullAlarm

· 5h ago

Is it another excuse to shift blame to third parties? I’ve already tracked the fund flows of such projects on the blockchain; data speaks for itself. Projects that dare to include "co-controller" in their terms are indeed rare; most are just looking for excuses to avoid responsibility. I wonder who still dares to cooperate with data vendors without publicly releasing audit reports. When something goes wrong, they’ll be sued directly. Writing terms alone is useless; the key is whether the contract includes actual risk isolation mechanisms, which are the real benchmarks. If a project truly secures data safety, it’s actually easier to earn trust... but most are just betting that users won’t pursue accountability. High address concentration and vague fund flows make me suspect they’re planning to run away. Therefore, the so-called "transparency" of Web3 projects is a joke, unless all data processing can be verified on-chain.

View OriginalReply0

LiquidationWatcher

· 5h ago

It's another case of shifting blame to third parties... How could the law possibly let you get away with it? The concept of co-control is actually just the project tying itself up, but it's definitely more reliable than those hypocritical disclaimers. Most projects simply don't dare to do this; they're too cowardly. Data sharing is a murky area, with too many projects trying to cheat their way through. They promised to supervise third parties, but in reality, it's all just empty words. Who has actually checked? If any project truly writes "co-control" this time, it would be a bit conscientious... but it could also be legal advice. Let's see if any projects follow suit later; anyway, right now, it's all just word games.

View OriginalReply0

rugpull_survivor

· 5h ago

Passing the buck to third parties again, a typical Web3 trick --- Shared control is actually just writing the responsibility into stone, which seems more sincere? Not really convinced --- So which projects are really daring to do this? Please provide a list --- Haha, honestly, user data is just too valuable, everyone wants a piece of the pie --- Chains and shackles, all just to have a better excuse to pass the buck and escape blame in the end --- I've finally seen clearly, as long as the terms are vague, then it's time to run --- Honest projects are actually so rare, it's quite ironic

View OriginalReply0

TopBuyerForever

· 5h ago

Being a co-controller sounds nice, but honestly it just means sharing the blame. --- This move still depends on whether the project dares to include it in the terms. Most probably are just sneaking around. --- Wait, does that mean some Oracle projects actually want to take the blame? That's pretty ruthless. --- There are no mysterious third parties in front of the law, it's that simple and straightforward. --- Projects that dare to write "co-controller" definitely have some guts; at least they won't die easily.

View OriginalReply0

LayerZeroJunkie

· 5h ago

It's another case of passing the buck to a third party. I'm tired of this routine. --- The law isn't that easy to fool; sooner or later, you'll have to pay for your choices. --- Projects that are truly confident should have already done this; pretending not to is just that. --- The operation of joint controllers is actually quite ruthless; it locks you in yourself. --- Most projects don't dare to write such clauses at all; they're too cowardly. --- User privacy should be the direct responsibility of the project; otherwise, why should we trust you? --- It looks like adding shackles, but in fact, it's the smartest move. --- Projects that keep passing the buck every day will eventually collapse; users don't have such a short memory. --- Only those willing to include it are truly sincere; everything else is just empty talk.

View OriginalReply0