Uncertainty regarding the compatibility of blockchain technology and the European Union’s General Data Protection Regulation (GDPR) has often been highlighted as a potential obstacle to the development and widespread implementation of blockchain systems involving personal data.

To address tensions between blockchain technology and the GDPR, Commission Nationale de l’Informatique et des Libertés (CNIL), the French data protection regulator, published an initial report analyzing certain fundamental questions regarding the interaction between blockchain technology and the GDPR’s requirements (the “Report”). The Report was the first guidance issued by a European data protection regulator on this topic.

CNIL’s Approach to Identifying Blockchain Data Controllers and Data Processors

The Report highlights the challenges of identifying data controllers and data processors in the blockchain context – an important distinction that determines which set of regulatory obligations applies.

In discussing the likely classification of the various types of persons and entities involved in a blockchain, the CNIL primarily distinguished between (i) participants (i.e., those who transact on the blockchain) that have the ability to determine what data will be entered into a blockchain or have permission to write on it or cause data to be written to it, and (ii) miners or other validators (i.e., those who do not transact and instead validate transactions submitted by participants). The CNIL also provided an analysis as to how to classify smart contract developers and natural persons who enter personal data in a blockchain, distinguishing, with respect to the latter, between those engaging in personal or household activities and those engaging in professional or commercial activities.

When a smart contract coding vulnerability resulted in the Parity wallet “freeze” that compromised over $150 million worth of user funds, we discussed the pitfalls of unsecure code in the context of cryptoassets and the extent to which software developers might be held liable to their users for losses arising

Virtual worlds similar to the OASIS in Steven Spielberg’s upcoming film Ready Player One may be closer than we think – and provably scarce, blockchain-based digital assets could provide the leap forward that gets us there. Already, developers are testing early implementations.

Since CryptoKitties launched at the end of 2017, promptly causing a traffic jam on the Ethereum network and proving that crypto-collectible “games” leveraging blockchains can be a hot commodity, a number of copycats have sprung up.

While interesting, this first generation of blockchain games has been a relatively simple series of experiments. Meanwhile, developers have taken note of the potential synergies between blockchain-based digital assets and the mass-market video game and virtual/augmented reality space. As they explore potential ways of using blockchain technology to make virtual worlds and interactions more immersive and to build better bridges between in-game and real-world commerce, there are a number of legal issues to consider.

The Colorado Senate is considering a bill to utilize blockchain or other distributed ledger technology for a variety of purposes, including to improve the state government’s operations and cybersecurity.

Senate Bill 18-086 (which was introduced on January 16, 2018) focuses on exploring a number of “transformative improvements” that distributed ledger technologies can offer to state governments, including reducing fraud in state-controlled programs, mitigating risk through improved risk evaluation and quantification, and enhancing cybersecurity and protection of personal information.

The recent Parity wallet “freeze” provides yet another example of a coding vulnerability in a smart contract (rather than a flaw in the underlying blockchain or cryptography) resulting in an exploit that compromises cryptocurrency worth millions. It again highlights some of the pitfalls of insecure code in the context of digital assets and raises questions regarding the extent to which software developers can be held liable to its users for losses suffered due to those oversights. As blockchain-related software that serve as storage vaults for digital assets continue to proliferate, it will be interesting to see how industry standards and the existing software liability regime in the U.S. and other jurisdictions evolve to reflect the critical role of secure software in the “Internet of Value.”

The Parity Wallet “Freeze” Explained

Parity Technologies made available, on an open source basis, multi-signature software “wallets” that users could use to store the keys to Ether cryptocurrency, which are necessary to use Ether.  Those multi-sig wallets were smart contracts built to run on the Ethereum blockchain and, unlike standard Parity “accounts” or other cryptocurrency wallets, required more than one digital signature (private key) before Ether associated with them are approved to be transferred.

On November 8, Parity Technologies announced that “devops199”, a user of the prominent web-based software development platform Github, had exploited a software vulnerability in Parity’s multi-sig wallets, resulting in Ether tied to over 500 multi-sig wallets, then valued at over $150 million, becoming completely unusable. Among impacted users were many high-profile blockchain startups that used Parity’s wallet platform to raise funds through initial coin offerings (ICOs).  This marked the second time this year that Parity’s wallet software has been compromised, with the prior time being July 19, when hackers exploited another software bug to steal over $30 million in Ether.

2018 promises great inroads in the realm of “quantum computing.”  While conventional computers use binary data or bits (i.e., 0s and 1s) to store and process information (a bit can either store a 0 or 1), a quantum computer operates based on the laws of quantum mechanics and uses quantum bits or “qubits,” which can be in a “superposition” state of zero and one at the same time (e.g., a qubit can store a 0, 1, or a summation of both 0 and 1).  Ultimately, it is expected that quantum computers will be able to solve complex computations exponentially faster – as much as 100 million times faster — than classic computers.

While currently not ready for general commercial applications, quantum computers could someday allow scientists and others to solve very complex problems in chemistry, applied mathematics, biology and engineering, and also push huge advances in areas such as artificial intelligence, machine learning, large database searching and big data processing.

How could quantum computing impact blockchains?

Discussions about “blockchain” technology seem to be everywhere these days, with potential applications spanning industries as diverse as banking, healthcare, real estate, law enforcement, entertainment, and even wine and jewelry sales. Different applications of blockchain present different and unique challenges and opportunities for data security and privacy, but there are three general categories currently preoccupying legal privacy experts. The first involves the necessary bridge between the physical-cyberspace boundary; the second involves sensitive information actually stored on the blockchain; and the third involves the very existence of blockchains themselves.