Congress’s privacy bill could kill many blockchain projects

With public trust in big tech companies at an all-time low, Congress is once again considering sweeping privacy legislation. But the rise of blockchain technologies and the nascent decentralized web means that these sweeping proposals are already out of date. Without major revisions, these bills risk suffocating decentralizing technologies.

The 118th Congress has held many hearings on privacy, and it is critical that lawmakers consider how their proposals may affect technological innovation. To balance conflicts between the right of individuals to control their information and the need for innovation, lawmakers should abandon one-size-fits-all proposals in favor of the time-tested, sectoral approach to privacy.

While there are several comprehensive privacy bills floating around Capitol Hill, the one with the most momentum is the American Data Protection Act (ADPPA). This bill would strictly regulate how companies collect, process or transfer user data by requiring companies to minimize data collection and giving consumers the right to opt out of data collection, among other things.

Related: Did regulators intentionally cause a run on the banks?

The ADPPA is a well-intentioned piece of legislation designed to give consumers more control over their information. The bill also reflects the desire of many legislators to avoid a patchwork approach to privacy by creating a national standard for comprehensive privacy.

Unfortunately, when it comes to privacy regulations, the past is prologue. Similar approaches to comprehensive privacy protections have failed to take into account nascent technologies, such as blockchain networks, which significantly chill innovation. For proof of this, look no further than the EU’s General Data Privacy Regulation (GDPR).

In addition to inhibiting investment and innovation in traditional technology industries, GDPR is completely incompatible with decentralizing technologies such as blockchains that lack centralized controllers. In fact, the European Parliamentary Research Service admitted as much in a 2019 report. One of the biggest discrepancies between GDPR and blockchain technologies is the question of which entity is being regulated.

Among more traditional Internet companies, it is relatively easy to find out who collects, processes and transmits data because it is usually centralized. In a decentralized system like a blockchain network, that question becomes significantly more difficult to answer. When thousands of computers use open source code to verify public transactions, who or what collects, processes or transmits covered data? Like GDPR, the ADPAA is silent on this issue, as well as many others related to how decentralized networks must comply.

The EU’s response to such inconsistencies in the GDPR is that innovators should build technologies that comply with the law despite the fact that it is practically impossible to do so. This onerous requirement has contributed to a lack of technological innovation across Europe. The same would likely happen here if the US were to implement the ADPPA as written. Many blockchain projects would move offshore or close entirely, taking with them enormous potential for economic growth and innovation.

Fortunately, there is an alternative approach that the United States can take that can both limit the problems of a patchwork approach to privacy law and allow flexibility for innovative technologies. The answer is to divide comprehensive proposals for privacy into nuanced, sector-specific legislative proposals. For example, Congress could pass legislation establishing privacy rules aimed specifically at e-commerce sites and social media services or even update existing laws such as the Children’s Online Privacy Protection Act that regulate data collection for minors instead of creating omnibus, one-size-fits-all fits all rules.

Related: Lawmakers should check the SEC’s wartime consigliere with legislation

Historically, this is the approach that the US has taken to privacy in other industries. From financial information laws to health information laws, policymakers have traditionally crafted privacy rules tailored to specific contexts. The Health Insurance Portability and Accountability Act, for example, governs the flow of health information, while the Gramm-Leach-Bliley Act was designed to protect consumers’ financial privacy. These rules almost always preempt state-level rules and are generally more politically palatable than comprehensive, one-size-fits-all legislation.

Through a sectoral approach to privacy legislation, legislators can create rules tailored to different contexts that harmonize with blockchain technologies. If legislators believe that a sectoral approach does not go far enough to protect consumers’ information, they should at least draft comprehensive data protection legislation in a way that will not harm innovation and force innovators offshore. After all, there is a reason why most of the best and brightest technologists choose to live, work and build in the United States. It would be foolish to push them and their innovations away with short-term legislation.

The views, thoughts and opinions expressed herein are those of the authors alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.