Many legal traditions around the world protect the right to privacy; in the United States, it is covered by the Fourth Amendment (1), while in the European Union, it is covered by Article 8 of the European Convention for Human Rights (2). Users have the right to a reasonable expectation of privacy for their correspondence in their homes or in person, even if each definition varies between jurisdictions.
In 1995, the EU introduced its Data Protection Directive to guarantee fundamental rights regarding personal processing data. However, it is crucial to understand the context in which an EU directive (3) leaves room for member states to decide how it should be incorporated into national laws. The proliferation of data was first recognized as a problem in the late 1970s, which then picked up speed in the following decade.
It will be viewed as a suggestion rather than a rule that members must abide by, starting on a specific date to enforce the law. The General Data Protection Regulation (GDPR) (4), which became a legal requirement in 2018, followed a well-traveled journey from 1995 to 2018, beginning as a directive.
Anu Bradford coined the term "The Brussels Effect" to describe how the GDPR affected regulation in various countries, including the United States, where EU standards became the norm for privacy law. The "California Effect," (5) whereby California imposed rigorous standards that were later accepted in the United States, has been seen in several areas other than data privacy, such as environmental law and online hate speech.
Another industry is currently positioned to follow this well-worn road from EU directive to EU regulation to international regulatory standard. The Tornado Cash case, a perfect example of why regulation is so important for decentralized financial infrastructure, saw a protocol designed to disguise financial transactions and promote privacy shut down by regulators owing to the use of unscrupulous actors.
Digital securities are governed by a regulatory "gray area" in the United States, where neither the Securities and Exchange Commission nor the Commodities Future Trading Commission takes ownership of them. While there are ongoing discussions about how to regulate digital assets in California, the Senate is also anticipated to propose an amendment to the state's financial code that would make digital assets subject to the state's Digital Financial Asset Law, which, if passed, would take effect in 2025.
While the German regulator, the Federal Financial Supervisory Authority, or BaFin, went to considerable effort to encourage innovation and provide a regulatory framework for DeFi overseas, EU regulators have always condemned DeFi. The German Banking Act will reportedly be amended in 2020, bringing cryptocurrencies on par with conventional securities.
With the EU's Markets in Crypto-Assets, the legislation is advancing more quickly in Brussels. The fourth quarter of this year will see the implementation of MiCA, which will begin an 18-month transition phase for member states. Meanwhile, the recently released European Financial Stability and Integration Review 2022 shows a commendable understanding of the industry.
It also argued that the current legal framework should be reconsidered, with the focus shifting from an activity to an activity, and that DeFi is still in its infancy. However, the EU's regulation of digital security may also take a similar course to that of the GDPR.
A statement on activity-based regulation was also made by Brussels this year. It was eventually incorporated into the Markets in Financial Institutes Directive, and from there, it may become law as part of MiCAR (6). Decentralized finance will eventually become the technical layer for the whole financial market, and other regulators will follow with the help of a real-world example of DeFi regulation to build upon.
It's a practice that nations like Israel have developed, but it's unclear whether the "California Effect" or the "Brussels Effect" will have a greater impact on the United States.