While telecoms businesses will wish to understand the opportunities in relation to DLT, they will also need to understand the potential risks. From a technical point of view these include
- Issues of data ownership in permissioned DLT systems
- The usual notification for joining a DLT consortium is to store data, but not all data may necessarily be shared between all participants for all time.
- Participants may agree to share only some data, for some time, to some participants, for some purposes. Partners need to consider IP and data privacy issues (examined below) of such an approach.
- Technical risks as the technology is still very immature and this poses a number of potential challenges.
The telecoms industry is highly regulated. Apart from that, DLT gives rise to a number of other legal issues. While it is beyond the scope of this publication to consider all of them (for a detailed discussion, see Norton Rose Fulbright’s various publications here: FinTech Hub), set out below are some of the more pressing legal issues in relation to DLT and telecoms businesses.
Intellectual property rights
In our discussions with clients in a range of sectors, one of the themes we frequently encounter is the desire of some clients, on the one hand, to own and control the technology, and on the other hand, the importance for other clients that they and their industry achieve the benefits of economies of scale through sufficient uptake of the technology, regardless of who owns or controls it (for more information on the question of owning the technology, see Norton Rose Fulbright’s client briefing, Unlocking the Blockchain: Using Intellectual Property Rights to Protect Distributed Ledger Technology). The issues are to some extent akin to well-known disputes in relation to mobile telephony standards that have been playing out globally for some time.
In addition to deciding if it wishes to own or control the technology (which ought to be reflected in the intellectual property rights strategy of a business), a telecoms business wishing to develop or deploy a DLT solution will need to consider whether it has the intellectual property rights to do what it wants to do with the technology. Can it protect such rights if it develops them? Will its deployment infringe the rights of others? (Such issues are considered in the client briefing on intellectual property rights referred to above.)
As with many emerging technologies, it is currently uncertain whether (or to what extent and in what contexts) DLT as a discrete technology might itself be regulated (at least in the United Kingdom, and in many other jurisdictions too). It is also unclear how, say, the English courts will allocate losses when a party (whether a participant of a blockchain or otherwise) suffers loss.
DLT often relies on “smart contracts” to automate aspects of a process or transaction. Despite being called a smart contract, a smart contract (which is computer coding) may only sometimes give rise to legally binding contractual relations. Whether a smart contract does so depends on a range of factors, examined in detail in Norton Rose Fulbright’s white paper, Can Smart Contracts be Legally Binding Contracts?
Some blockchains operate pseudonymously (particularly permissionless blockchains). There is common law authority (for example, in English law) to the effect that, for a contract to arise, there needs to be sufficient certainty over who the other contracting party actually is. The potentially pseudonymous nature of a such platform hosting smart contracts creates uncertainty as to whether such a smart contract gives rise to legally binding contractual relations.
Clearly it will be important for a business relying on the contractual effect of smart contract to ensure that it actually has that effect. Specific legal advice, based on the smart contract model deployed and the arrangements relating to its deployment, will be required to determine this.
If the parties intend that a particular smart contract is to have contractual effect, they will also need to ensure that it complies with other requirements that might apply in relation to the contract. For example, statute or regulation in many jurisdictions requires that certain types of contracts must be in writing and / or signed by the parties in order to be legally valid. The electronic nature of a smart contract may also pose problems in certain jurisdictions (as smart contracts operate without regard to borders, all relevant jurisdictions should be considered).
If a dispute arises, it may be challenging for the aggrieved party to identify the other party to a smart contract (or other transaction) and bring legal proceedings against it where the platform operates pseudonymously. In the case of a permissionless blockchain there will be no central administering authority to decide the dispute. The enforcement of a court judgment or arbitration award in respect of a transaction using blockchain may be problematic in some jurisdictions, as it may be difficult to prove the existence or content of a smart contract (as the evidence may only exist in an electronic format on a distributed ledger).
There are potential solutions to such problems, however. Choosing a permissioned model obviates some of these problems, especially when it is coupled with appropriate participation agreements, dispute resolution mechanisms and governance. It is a case of ensuring compliance by design at an early stage. For more information in relation to DLT dispute and governance see
- Norton Rose Fulbright’s client briefing, Unlocking the Blockchain: Blockchain Disputes - Risks And Resolutions (forthcoming).
- Norton Rose Fulbright’s white paper (co-authored with Dr Ian Grigg), Legal Analysis of the Governed Blockchain.
The security of data held on a DLT platform is of fundamental importance. For example, as with any IT system, a blockchain could be vulnerable to hacking attempts, data loss or corruption, and transactions could also be entered into fraudulently (for example, by the misappropriation of a participant’s private cryptographic key).
Additionally, false information could be included in a distributed ledger, whether through mechanical error or human manipulation. Due to the immutability of DLT data entries, such errors can become locked into the chain. It may also be difficult to determine who would be responsible for operational defects (for example, coding errors, downtime or data lost or corrupted during transit over the Internet).
It is therefore important that those proposing to participate in a DLT platform address such risks in appropriately documented participation agreements or other binding documentation (for more information on what such documentation should provide for, see Norton Rose Fulbright’s various publications here: FinTech Hub).
DLT developments and deployments are often developed as part of consortia or within collaborations. A range of issues potentially arises at the crossroads of technological innovation and competition rules. The development of DLT – in particular by consortia and other groups – requires the businesses involved to carefully consider competition compliance. For more information, see Norton Rose Fulbright’s client briefing, Blockchain: Competition Issues in Nascent Markets.
Personal data (for example, customer data) processed or stored on DLT platforms raises significant and complex cross-jurisdictional data protection issues. These need to be addressed at the design stage so as to ensure compliance by design. The EU General Data Protection Regulation has significantly increased fines applicable to breaches of data protection requirements.
A detailed consideration of the legal position of personal data in relation to DLT is beyond the scope of this article, but a comprehensive analysis is set out in Norton Rose Fulbright’s client briefing, Unlocking the Blockchain: Identity Use Cases and Privacy Implications.