Why Crypto Should Support the American Data Privacy and Protection Act

For as many privacy advancements that are happening in the crypto industry, there’s also a growing understanding that true, substantive consumer privacy cannot rely entirely on increasing access to cryptographic tools. There must also be federal action to preempt and criminalize the worst privacy abuses, and a maturing crypto industry should support those efforts – even if it means the anarchists siding with the state.

The U.S., by all measures, has lagged behind on consumer privacy regulations. This gap has created an environment where Big Tech is able to surveil and monetize your personal and sensitive data for profit. The adtech industry is a behemoth, and it has made the internet a worse place. It’s one of the reasons we need crypto to cut out the middlemen.

This article is excerpted from The Node, CoinDesk's daily roundup of the most pivotal stories in blockchain and crypto news. You can subscribe to get the full newsletter here.

The American Data Privacy and Protection Act (ADPPA), a proposed privacy-enhancing bill snaking its way through the U.S. legislative system now, would set strong limits around the type of data that companies can collect about you online. It would be, if passed, the most significant internet law introduced in decades and strongly bolster civil rights.

“There are a number of minor issues that we still believe can be tweaked in the bill, but at core it would create strong privacy protections for all Americans and block some of the most harmful data collection practices with its strict data minimization requirements (especially for sensitive data categories),” Alan Butler, executive director and president of the Electronic Privacy Information Center (EPIC), said in an email.

The bill was introduced in June and has been substantially reworked since. It’s now praised by a number of privacy experts and is likely to receive a rare amount of bipartisan support (the type of across-the-aisle agreement usually reserved for passing military budgets). But the upcoming U.S. election cycle could derail these efforts, Butler said.

Last week, EPIC was one of 50 public interest, consumer advocacy and civil rights groups that wrote a letter to House of Representatives Speaker Nancy Pelosi (D-Calif.) urging Congress to move on the bill. No crypto firms or projects signed on, either due to unawareness or disinterest. This is regrettable. Crypto has a chance to show it can contribute to the legislative process while finding another avenue to bolster digital rights.

Read more: How Crypto Can Power the Future of Work for People of Color / Opinion

ADPPA would prohibit the use of sensitive data (like precise geolocation, biometric and health information) for targeted advertising. It would also prevent companies like Google, Facebook and Coinbase (COIN) from tracking your web behavior over time and across third-party sites. It sets strong restrictions on data collection and the “transferring” of it to third parties without your consent.

“This bill would drive a stake through the shady practices of data brokers,” Butler said.

Unlike other privacy laws, ADPPA focuses on something called “data minimization” to simply cut down on the amount of information corporations can exploit. It makes privacy the default setting. Companies would only be permitted to collect and use data for 17 essential reasons, like authentication and fraud management.

That’s in contrast with other privacy-focused regulations, like the European Union’s GDPR, that are “based on consent,” as Wired magazine put it. That leads to “an endless stream of annoying privacy pop-ups that most people click ‘yes’ on because it’s easier than going to the trouble of turning off cookies.”

Crypto’s approach to privacy has primarily focused on creating tools or methods to shield your transactional history. The industry has contributed significantly to privacy and cryptography research, and has found some of the earliest consumer uses for advanced algorithms like zk-SNARK proofs.

Read more: What Happens When You Try to Sanction a Protocol Like Tornado Cash / Opinion

This code-first approach can be symbiotic with legislative efforts, or it could be crippled by them. Earlier this month, for instance, the U.S. Treasury Dept. took the unprecedented step of sanctioning the blockchain anonymizer Tornado Cash. The code is still running, but already consumer access in the U.S. is verboten, due to money laundering concerns.

“We have been supportive for decades of the development of privacy-enhancing technologies, including in the digital currency space, and are encouraged to see new tools and systems being deployed in the world of Web3,” Butler said. “However, we believe that the most important thing right now is to increase the level of privacy protections for all internet users.”

“That is why we believe it is critical for Congress to set strong, baseline privacy requirements that will push the broader use of these privacy-enhancing technologies and put the onus back on data collectors and processors to use more privacy protective systems,” he added.