Publication
Proposed changes to Alberta’s Freedom of Information and Protection of Privacy Act
Alberta is set to significantly change the privacy landscape for the public sector for the first time in 20 years.
Global | Publication | July 2017
Society is transforming at an unprecedented rate: from rewriting the traditional social contract between government and citizens, to online retailers waging war against bricks-and-mortar, these changes are building blocks to a new economic reality.
The sharing economy has the potential to bring about renewed trust in the advantages of globalisation, and to speed up economic development worldwide. For the time being it’s also missing an infrastructure that builds trust and which does not rely on a centralised system. Blockchain, supporting distributed ledger technology (DLT), could grow into that infrastructure, and thus enable fast and trusted exchanges in a decentralised network. Businesses and governments alike are currently investigating the potential of blockchain. It will be critical that they maintain a holistic view of the risks and opportunities that DLT technology holds beyond their specific industry, supply chain or regulatory focus.
A highly versatile technology, blockchain can be designed to match the exact requirements of its users. At the same time, it is important to understand the trade-offs and limitations of deploying the technology, particularly at scale. Blockchain should not be considered as a single technology solution that can solve all problems.
In a report released earlier this year Data61, the CSIRO’s research lab examined the risks and opportunities for three use cases for blockchains, being supply chain, open registry and payment systems. In the report, Data61 highlighted a number of the currently known limitations to blockchain implementations. For example, it noted that current blockchain systems such as Bitcoin cannot match the maximum throughput of conventional transactional processing systems, which raises the issue of scalability. Similarly, the fact that all data on the blockchain is publicly readable and immutable raises potential issues about confidentiality and the ability to erase information. The report also noted that some of these limitations (such as scalability) are the subject of research and developments which may be addressed in the future, but some of the limitations are an inherent property of blockchains.
Versatility is one of blockchain’s key advantages. The technology can be adapted to most sectors of activity, and to a large share of processes that do not involve sensitive information or require human oversight. Most industries have jumped on the blockchain development bandwagon, and according to independent sources banks are expected to quintuple their investment in the technology over the next two years. The technology is bringing together finance and insurance companies, while other sectors such as healthcare and agriculture are also investigating the technology’s capabilities.
At this time, interest in potential blockchain applications includes enabling payments and financial transactions, actioning “smart contracts”, and managing complex supply chains. While blockchain can support a decentralised and trusted open database with immutable transactions, there are several legal risk areas which private business should take into account:
At its core, blockchain is a distributed database that allows any participating node to retrieve and verify its content. All data in this database is accessible to any participating node. While data stored on the blockchain can be (and generally is) stored encrypted or in a de-identified way (for example, a BitCoin address consists of nothing more than a string of random-looking alphanumeric characters), the transactions on the blockchain are readable (so that participating nodes can process and verify the transactions). For example, a processing node will be able to determine that address A sent 5 BitCoins to address B at a particular time (but will not be able to tell the identity of the person in control of address A and address B). While de-identification is a useful means to protect privacy, the risk of re-identification through data-matching will need to be considered, especially over the long term. For example, if the owner of address A is identified (at any time), then all BitCoin transactions made by that address A will be associated with that person. In BitCoin, this privacy risk can be addressed by the user not reusing any BitCoin addresses. Another way to address the privacy risk is to operate a permissioned blockchain that only permits trusted entities to process (and therefore view) the blockchain.
In conventional transactions, trust between the parties is generally established through identity verification. Similarly, identity verification is a core aspect of the ‘know your client’ requirement that applies to many businesses and transactions. Blockchain implementations are naturally geared towards enabling automated processing where the identity of the underlying actors are not relevant or automatically masqueraded. While identity can be verified separately and linked to the on-chain data, this creates privacy risks as described above.
By its nature, a blockchain is an ever growing sequential chain of chronological transactions that is linked by the rules implemented in that blockchain. For example, reversing an incorrect transaction on a blockchain requires a new transaction (which must generally be initiated by the relevant user, given the de-centralised nature of blockchain) to reverse the economic effect of the old transaction, rather than deleting the old transaction. While this permanency is beneficial in many use cases, it may not be appropriate for certain use cases. For example, in the case of a fraudulent transaction involving a blockchain-based asset registry or BitCoin, the court may order the reversal of the transaction, but the lack of central control means that the enforcement of that order is difficult if the fraudulent actor cannot be found or compelled to initiate the reverse transaction. At present, such issue can be addressed by creating a ‘fork’ of the blockchain, but that requires consensus of the community and may result in a fractured community. Developments are also being made to develop blockchains that can be edited in certain circumstances, but such a model requires a central administrator, which removes the benefits of a fully decentralised model.
It is important to recognise that the perceived immutability and integrity of a blockchain is based entirely on its implementation, and the level of trust offered by the blockchain reflects the subjective views of its users. For example, BitCoin implements a ‘proof of work’ regime that effectively requires an attacker to control a majority of the network processing power in order to control and revise transaction history. Users of BitCoin place inherent trust that such an attack would be difficult to carry out in practice. Similarly, users of ‘smart contracts’ (which should be seen as computer code implemented to represent a particular transaction, such as an arbitrage or hedging transaction, or automatic payment upon occurrence of certain activities) place their trust on the accurate coding of the ‘smart contract’, and the proper execution of the code through the blockchain. The current laws relating to electronic transactions are silent on whether such trust is sufficient such that the blockchain is automatically enforceable, and it remains to be seen how a court would react if, say, a participant in a smart contract claims that the transaction should be reversed because it was implemented incorrectly and does not reflect the intent of the parties.
While cost-effective in the long-run, blockchain requires high capital investment in the early stages. Organisations engaging in platform design should protect resulting IP sooner rather than later in the process to avoid issues. However, protection of software IP in the context of blockchain has its own challenges, as participants of the blockchain will likely demand a full copy of the source code and its implementation to satisfy itself that the implementation is sound and reflects the intended operational rules. Many blockchain technologies are also either based on open source software, or released as open source software, which further limits the ability to claim exclusive IP protection.
While legislatures will unlikely regulate blockchain as a technology itself, the implementation of blockchain in particular use cases may be the subject of additional regulatory scrutiny (for example, within the financial or health sectors). At this time, we are not aware of any regulations that govern particular blockchain implementation (including BitCoin, which has received a fair degree of regulatory scrutiny in the context of how it sits within existing regulatory frameworks). However, we estimate that with rapid technological development there will come a regulatory change that companies should prepare for.
Public institutions are equally involved in the race to develop blockchain applications. In some cases, national government branches are trialling the use of blockchain to simplify record-keeping and enhance efficiency, such as the projects developed by Sweden, Brazil and Georgia for centralised land registries.
In Australia, while the federal government commissioned the CSIRO’s research arm, Data61, to conduct a study into the opportunities and risks presented by blockchain technology, the Victorian government is taking things a step further, by investigating the potential of the technology through its participation in the Australian Digital Currency and Commerce Association.
Taking into account the joint focus of public institutions and private business on developing blockchain solutions in the near future, the idea of public-private partnerships has great potential. Many issues could benefit from such partnerships, amongst them food safety, welfare benefit management and healthcare. An excellent example of a joint initiative involving blockchain is the ID2020 project driven by the UN in partnership with Accenture and Microsoft. The platform in question would be designed to support to creation and documentation of legal identification to over one billion people living without official documents worldwide, which is critical to them accessing a broad range of basic services including education and healthcare.
Dialogue between stakeholders in the public arena and private business can only accelerate innovation and safeguard from potential risks including noncompliance with evolving regulation, and unilateral development of systems rather than co-design of shared platforms.
The sharing economy has proven its ability to connect French bakers to American foodies, and Australian globetrotters to Peruvian homeowners. If developed with global standards in mind, blockchain has the potential to deliver faster and improved services to citizens and consumers across the globe.
To prove this claim, China is currently conducting a multipronged effort. A variety of state-owned enterprises (including the People’s Bank of China and the ICBC) and privately-owned companies including online retailer Alibaba and tourism giant Wanda, are racing to develop blockchain applications within their respective industries.
While the results of the blockchain race are yet uncertain, the technology has a clear potential to redesign the way interaction between states, businesses and individuals occurs across the globe. Smart risk management, and a holistic view of operational exposures, legal and regulatory issues, and strategic risks, will be key to blockchain delivering measurable value in the future.
Publication
Alberta is set to significantly change the privacy landscape for the public sector for the first time in 20 years.
Publication
On December 15, amendments to the Competition Act (Canada) (the Act) that were intended at least in part to target competitor property controls that restrict the use of commercial real estate – specifically exclusivity clauses and restrictive covenants – came into effect.
Subscribe and stay up to date with the latest legal news, information and events . . .
© Norton Rose Fulbright LLP 2023