Author: Charlotte van Oirsouw, P.h.D. Tilburg University – Member of CHAIN, Connecting Humankind through Algorithms and Information Networks
Public institutions are increasingly experimenting with blockchain and smart contracts to provide public services. Some examples are a blockchain application to be used in debt assistance in the Netherlands or a blockchain-based smart voucher system for social care [1]. Such experimentation does not come without any challenges or questions, among others from a legal point of view. To provide blockchain start-ups that cooperate with public bodies with an idea of the challenges or questions that public bodies face when innovating with blockchain, in this blogpost I will draw a preliminary sketch of these legal challenges and questions.
More precisely, I will discuss the principles of good administration, government information and archiving regulation, privacy and data protection and competition law. An important caveat to take into account before discussing some of these challenges and questions is that the way the law regulates the deployment of blockchain for public services is highly dependent on the blockchain’s design in question. The term ‘blockchain technology’ enables a broad array of applications with mutually exclusive qualities, varying in the degree of ‘publicness’, the permissions to act on the blockchain, whether or not data is registered on-chain, and which privacy-preserving techniques (such as SSI) are installed. In short: context and design of the public-service-to-be matters.
Principles of good governance
The principles of good governance are a set of principles in administrative law that regulate public bodies and have to ensure that public bodies act in a lawful way. Some examples of principles of good governance that one can think of are the principle of adequate reasoning, which requires that public bodies provide a clear reason for the decisions they took or the principle of due care, which requires that public bodies prepare the decisions they make by collecting relevant data and balance the interests involved. A difficulty with these principles is that their interpretation is heavily reliant on their context and when these principles are not lived up to, citizens can make a case before an administrative court. Thus, when public institutions deploy a blockchain, it is crucial that these principles are lived up to, to ensure that their acts are legitimate. Since there still exists legal uncertainty in terms of how these principles should be interpreted within a blockchain context due to a lack of experience or prior cases, this is challenging for public institutions.[2]
Government information regulation and archiving
Government information regulation requires public bodies to provide information on public matters. For example, the Dutch Government Information Act requires that public bodies provide information proactively or after requests by citizens. [3] Government information regulation is often formulated without full regard towards its implications for technology, leaving questions as to what is considered “public information” under the definition of the law or when information is to be considered public. In the case of blockchain, this will be influenced by technological design. For example, is information considered public under transparency laws when information is registered on a public blockchain or a private blockchain with the policy that every citizen obtains access to the network, or when there are permissions in place in terms of reading access of information? Furthermore, many European countries have laws on archiving of public information in place, which stipulate that after a certain amount of time, public information must be archived and/or be deleted after a certain predetermined date has passed. In a blockchain context, this raises questions such as how to deal with ongoing data registrations on a blockchain when transferring or deleting information, and dependent on the blockchain’s design, how such information can be deleted when it is registered on-chain or what exactly constitutes a deletion of the information under archiving laws in relation to a blockchain. [4] The challenges and questions should be addressed a priori in the design of the blockchain application deployed by public bodies. Even then, the question remains how installed blockchain applications can be adapted to changing regulation.
Privacy and data protection
Where public institutions provide public services by using blockchain technology, there is likely to be personal data involved, which means that they should comply with the GDPR. In a blockchain, there are different types of data that may qualify as personal data, such as pseudonyms, encrypted or hashed personal data or public or private keys. The GDPR provides persons with several rights, among others the right to be forgotten in article 17, which requires that personal data is erased when one of the grounds for erasure applies. Ensuring this right can be difficult on a blockchain due to blockchain’s characteristic of immutability. This may be different in some cases where privacy-preserving techniques such as SSI or zero-knowledge proofs are included in the blockchain’s design, which claim to circumvent the necessity to store data on the blockchain. Additionally, it may be difficult to determine who are controllers as defined in article 4 (7) of the GDPR within a blockchain network. For now, a lot of legal uncertainty still remains that leaves public bodies with unanswered questions when it comes to the application of the GDPR to blockchains. [5]
Competition law
The use of a blockchain is claimed to make information more transparent in a way. While this increased transparency brings about benefits in terms of data integrity, it may also provide some challenges under competition law. In the EU, Article 101 TFEU (Treaty on the Functioning of the European Union) regulates agreements between undertakings and cartels. Dependent on the blockchain’s design, the deployment of a blockchain may bring about the following two risks to competition under existing regulation.
First, under article 101 TFEU, the mere unilateral exchange of anticompetitive information may be prohibited under some conditions. When public bodies deploy a blockchain where users (firms) have access to competitively sensitive information about each other, the use of a blockchain can increase the risk of the exchange of anticompetitive information [6], which may enhance strategic behaviour by firms leading to a loss of competition. [7] Second, when public bodies deploy a blockchain that gives users (firms) the right to set up smart contracts themselves, users may enact smart contracts that function as automatic anticompetitive agreements between users or provide automatic sanctions when violating anticompetitive agreements.[8] This is a potential risk is something that public bodies may want to take into consideration in the design phase of their blockchain.
The purpose of this blog post was to provide a brief look into some of the legal challenges and questions that public bodies face when it comes to innovating with blockchain. For a start-up, this implies that these are some of the challenges that can be expected when cooperating with a public body. Due to the early phases of many blockchain experiments, many of the answers to these questions are still to come.
Did this blog post get you interested? Want to stay tuned? Check out CHAIN at chainresearch.eu or contact me personally via c.c.k.vanoirsouw@tilburguniversity.edu.