Introduction
As digital asset markets and blockchain technologies evolve, so too do concerns about privacy and data protection. While the EU General Data Protection Regulation (GDPR) remains the world’s most robust privacy framework, new regulatory actions outside the EU are increasingly relevant. A key example is President Joe Biden’s Executive Order on Ensuring Responsible Development of Digital Assets, signed on March 9, 2022. This order outlines a comprehensive U.S. approach to regulating cryptocurrencies, central bank digital currencies (CBDCs), and broader financial technologies.
The executive order, while U.S.-centric, raises critical questions for GDPR-compliant organizations and EU regulators alike—especially around data privacy, cross-border transfers, and the future of digital payments.
Key Privacy and Data Protection Concerns
1. Consumer Data in Digital Asset Systems
Section 2(a) of the Executive Order underscores the need to protect consumers, investors, and businesses from the risks associated with digital assets. It explicitly notes concerns related to financial data protection, custody arrangements, and cybersecurity breaches.
These concerns echo Articles 5 and 32 of the GDPR, which emphasize data minimization, confidentiality, and integrity. However, unlike the GDPR, the Executive Order does not establish enforceable rights for individuals, such as the right to access, rectify, or erase personal data. This discrepancy creates a potential transatlantic tension as digital asset platforms operating globally must reconcile U.S. policies with GDPR obligations.
2. CBDCs and Surveillance Risks
A central pillar of the Executive Order (Section 4) involves exploring a U.S. Central Bank Digital Currency (CBDC). While touted for improving payment systems, it raises questions around data traceability and potential state-level surveillance.
The executive order’s official text acknowledges privacy implications but stops short of committing to anonymity, which could be problematic under the GDPR’s privacy-by-design principle (Article 25).
3. Cross-Border Data Transfers and Interoperability
The Executive Order calls for international cooperation and digital payment interoperability (Section 8), which may conflict with GDPR rules on data transfers to third countries without adequate protection (Chapter V). Without mechanisms like Standard Contractual Clauses (SCCs) or an adequacy decision, any transatlantic sharing of personal data via blockchain-based systems could violate the GDPR.
Conclusion
President Biden’s Executive Order is a landmark move in shaping U.S. digital finance policy, but for GDPR-regulated entities, it also signals areas of caution—especially around data rights, international transfers, and surveillance risks. As the EU and U.S. continue engaging on digital policy, ensuring compatibility between frameworks will be essential.
Organizations should remain vigilant, especially regarding CBDC development and data governance rules that may differ sharply from EU standards.