The European General Data Protection Regulation raises at least two issues in particular in this context. First: is pseudonymous information personal data? Second: how can a “right to be forgotten” be consistent with an immutable ledger? Other jurisdictions have legislation raising similar questions (highlighted, for example, by the French data protection authority, the CNIL, in October 2018). See also G Spindler and P Schmechel, 'Personal Data and Encryption in the European General Data Protection Regulation' (2016) vol 7(2) Journal of Intellectual Property, Information Technology and E-Commerce Law 163.
Other issues include how the immutable nature of blockchain can be reconciled with principles of data minimisation and storage limitation and the potential difficulty of identifying the data controller and processor in DLT systems (see European Bank for Reconstruction and Development and Clifford Chance, 'Smart contracts: legal framework and proposed guidelines for lawmakers' (October 2018), and Bacon, Michaels, Millard and Singh, 'Blockchain demystified: a technical and legal introduction to distributed and centralised ledgers' (2018) 25(1) Richmond Journal of Law & Technology).
There is a need for a clear and internationally consistent solution, particularly with regards to public blockchains.
Competition, Anti-Trust and Consumer Protection
Again, consumer protection rules differ by jurisdiction. The European Union in particular has devoted time to this issue.
In November 2017 the Council of the European Union issued regulation 2016/0148 stating that: “Effective consumer protection needs to respond in particular to the challenges of the digital economy and the development of cross-border retail trade in the EU.”
The regulation is part of the policy work connected to the Digital Single Market. The aim is to “strike a balance between the interests which are protected as fundamental rights such as a high level of consumer protection, the freedom to conduct business and the freedom of information”.
In April 2018 a proposal was brought forward to update the European Union Consumer Rights Directive to address “various consumer issues, including penalties for infringements, transparency on online marketplaces, protection for consumers of 'free' digital services, the right of withdrawal and dual quality of products”.
These regulations and proposals have some relevance to blockchains and DLT but it will be apparent that this is only indirect. In particular, it may be appropriate to look beyond direct effects on retail customers by extending the scope of parties deserving of protection in this context and to consider the impact of indirect effects.
In the US a more directly interesting question has recently been considered by a regulator. This concerns the situation where the operation of algorithms developed by multiple parties has the effect that the systems collude in fact but not by design and that no persons are directly involved in the collusive practices.
Maureen K Ohlhausen, Acting Chairman of the US Federal Trade Commission (in United States of America Federal Trade Commission, 'Should We Fear The Things That Go Beep In the Night? Some Initial Thoughts on the Intersection of Antitrust Law and Algorithmic Pricing') suggests it may be the case that no breach of anti-trust rules is committed.
One of the reasons that this is interesting is that it suggests that in order for there to be some prospect of allocating responsibility and liability in these cases, the system should have legal personality, at least so far as is needed to bring a suit against it. Otherwise there will be lacunae.
Taxation policy in a digital economy is one of the most intensively considered topics in this area. The UK government's consultation on Corporate tax and the digital economy closed in January 2018 and results are due to be published shortly. The basis of the debate relates to the ability of businesses to manage their tax affairs in relation to digital services and intangible assets by taking advantage of the ability to choose the location from where these services are provided. Decentralised systems that are not “owned” by any person will only complicate the debate further.
As published in Butterworths Journal of International Banking & Financial Law, May 2019.