Liz Blythe, Partner, Technology and Communications, Russell McVeagh

Liz regularly advises on complex transactions for the procurement, supply, development, manufacturing, outsourcing and commercialisation of technology and e-commerce arrangements. This work spans traditional information technology, telecommunications and digital platforms, as well as emerging technologies such as AI, big data analytics and machine learning, IoT technology and blockchain-powered solutions. Liz assists her clients in relation to compliance with legal and regulatory requirements applicable to technology, including intellectual property and privacy law (both New Zealand privacy law and Europe's General Data Protection Regulation (GDPR)). She regularly works with companies in the technology and financial services sector, but also advises consumers of technology products and services across a wide range of industries.


Angus Hancock

Angus Hancock, Law Clerk, Technology and Communications, Russell McVeagh

Angus is a member of the Technology Team at Russell McVeagh, advising exclusively on complex transactions for the procurement, supply, and development of technology. Angus has advised on some of New Zealand's largest technology procurements over the last 12 months. Prior to joining Russell McVeagh, Angus was awarded the Thomson Reuters Prize in Legal Research for his undergraduate law dissertation at the University of Otago, which has also been nominated for an award from the New Zealand Legal Research Foundation.


[This article builds upon "Blockchain and privacy – is encryption the solution?" published on CIO and the Russell McVeagh Insights page in January 2019.]

More work is needed by organisations and Government to ensure Blockchain-powered platforms can be leveraged to their full extent.

With Blockchain-powered platforms becoming more commonplace, organisations will increasingly look to use these to store information. However, very little of our law has been designed with Blockchain in mind. Legislative requirements relating to privacy, publication of certain types of content, and destruction of records are likely to create issues for organisations interested in implementing Blockchain-powered solutions.

Nature of the technology

Blockchains are usually described as 'immutable', meaning information stored on the Blockchain cannot be changed or deleted. This promotes trust in the information stored on the chain. The distributed nodes ensure there is no central control over the Blockchain, which increases the transparency of the system and security of the information.

Blockchains can be either public or private. A private chain, also known as a permissioned chain, is only shared with certain people rather than with the public at large and allows for different access rights.  This type of chain is likely more suited to commercial use, however, it does not have some of the principled benefits of Blockchain technology.

Public chains are free for anyone to access and add to, and are the truly decentralised form of Blockchain.

The Problem: Legislative Requirements

The Privacy Act 1993

A Blockchain without capacity to correct or destroy personal information may not be practical for real-world uses in circumstances where data pertaining to individuals will be stored because it will not comply with principles of the Privacy Act relating to the correction, retention, and destruction of personal information.

Films, Videos and Publications Classification Act 1993

There has been a significant recent global movement to restrict the nature of content that can be shared on social media. Publications declared "objectionable" (such declaration having retrospective effect), pursuant to this Act, cannot be distributed or published. It may be difficult to delete that content if it is stored using Blockchain technology, which creates a risk of liability relating to that publication.

Anti-Money Laundering (AML) Law

Organisations undertaking client due diligence to comply with New Zealand's AML law must take all practicable steps to delete information relating to a client once that information is no longer required. Again, if that information is stored using Blockchain technology, fulfilling this statutory requirement would be difficult.

The situations described above outline some of the issues arising from our existing legislation, and similar issues could arise from contractual relationships and regulatory requirements (including under the listing rules of a stock exchange).

Possible solutions

"Chameleon" hash mechanisms

Blockchain could allow for the use of these, which change the information on a block without altering that block's hash and ensuring the chain is not broken or forked. Chameleon hashes are only possible with permissioned or private Blockchains, so this solution is inconsistent with a truly decentralised ledger and only appropriate in some applications.

Encryption

Effective encryption may be a possible way to ensure the security of the information. Risks to this method include the possibility of new technologies developing the ability to decrypt information by brute force or the access key could become public following a hack. The encryption method is also not useful if information is initially put onto the Blockchain unencrypted (as would likely be the case with content declared objectionable after it has already been published), as to retrospectively encrypt information would require something similar to the Chameleon hash function.

It is clear that current laws are not well suited to the use of Blockchain-powered platforms by New Zealand organisations in a number of circumstances and until attention is given to these issues by Government, the implementation of such platforms may be constrained, and potentially carry heightened risk. Ultimately, organisations will need to ensure that any implementation of Blockchain technologies has mechanisms built in to allow them to comply with legislative requirements.

* * *

Liz Blythe, Partner

Angus Hancock, Law Clerk

Russell McVeagh