On Sept. 16, 2022, the White House released a comprehensive framework for responsible digital asset development and, in particular, cryptocurrency. Agencies across the federal government have been working for the past six months to develop frameworks and policy recommendations to advance the six key priorities identified in President Biden’s March 9 executive order on Ensuring Responsible Development of Digital Assets: (1) consumer and investor protection, (2) financial inclusion, (3) promoting financial stability, (4) responsible innovation, (5) U.S. leadership in the global financial system and economic competitiveness, and (6) countering illicit finance. This framework comes weeks after the California Senate unanimously passed the Age-Appropriate Design Code Act on Aug. 29, 2022, reflecting an increased focus on platform accountability, transparency and consumer protection at both the state and federal levels.
This blog post will focus specifically on the framework’s implications for data, privacy and cybersecurity regulation under two large themes: (1) incoming federal guidance and (2) collaboration across federal agencies and across sectors. An alert on the potential enforcement implications of this framework can also be found here.
The framework indicates that agencies such as the Treasury and the Department of Commerce will issue guidance regarding “responsible digital assets.” Most of the proposed regulations are still developing – for example, the framework indicates that agencies will “issue guidance and rules to address current and emergent risks in the digital asset ecosystem” but does not specify which agencies are involved or the types of risks to be addressed. That said, the framework does indicate that Congress will amend existing laws, such as the Bank Secrecy Act, anti-tip-off statutes and laws against unlicensed money transmissions, to apply explicitly to digital asset service providers, including cryptocurrency and nonfungible token platforms (NFTs). President Biden is also considering creating a federal framework to regulate nonbank payment providers. These upcoming regulatory changes may result in purveyors of digital assets being subject to new or additional information security protections.
Lastly, the framework also indicates that the Office of Science and Technology Policy (OSTP) and the National Science Foundation (NSF) will develop the Digital Assets Research and Development Agenda to research topics such as next-generation cryptography as well as cybersecurity and privacy protections. The agenda has not been released at this time, though it may give insight into any federal privacy legislation to come.
Regarding cross-collaboration, the framework indicates that federal agencies will work across sectors to better provide regulatory guidance on digital assets like cryptocurrency. Specifically, the Treasury will work with U.S. firms developing new financial technologies through things like U.S. regulation-oriented tech sprints and innovation contests. Additionally, the Department of Commerce will establish a forum for federal agencies, industry, academia and civil society to exchange knowledge and ideas that could inform federal regulation, standards, coordinating activities, technical assistance and research support. The framework also commits the U.S. to promoting values like data privacy and consumer protection at international organizations, pointing to a potential expansion of federal privacy regulation in the future.
While this framework specifies a path forward for financial technology firms, the broad nature of this developing framework may have ripple effects that touch many industries involved in data and privacy beyond crypto wallets and NFT creators. More light will be shed on what these effects will look like as more information comes out, particularly with respect to the OSTP/NSF’s Digital Assets Research and Development Agenda and the Department of Commerce’s cross-sector standing forum.