Government

Subscribe to Government via RSS

States have long been “laboratories of democracy” where policymakers can try out certain innovative policies on a local or regional level that could eventually, if successful, become national programs. On the tech side, some states have sought to establish themselves as laboratories of blockchain. For example, this past week Vermont announced that it will work with vendors to launch a pilot program permitting new captive insurance companies to register with the Vermont Secretary of State using blockchain.

Across the country, Wyoming has been especially active in this area and reportedly desires to be a corporate-friendly “Delaware of the West” [subscription required] as well as a haven for blockchain and fintech business activity. To that end, the Wyoming legislature has advanced several blockchain-related bills through committee since the new year (following an active 2018, which saw the state pass a number of regulatory measures related to blockchain and digital assets).

Uncertainty regarding the compatibility of blockchain technology and the European Union’s General Data Protection Regulation (GDPR) has often been highlighted as a potential obstacle to the development and widespread implementation of blockchain systems involving personal data.

To address tensions between blockchain technology and the GDPR, Commission Nationale de l’Informatique et des Libertés (CNIL), the French data protection regulator, published an initial report analyzing certain fundamental questions regarding the interaction between blockchain technology and the GDPR’s requirements (the “Report”). The Report was the first guidance issued by a European data protection regulator on this topic.

CNIL’s Approach to Identifying Blockchain Data Controllers and Data Processors

The Report highlights the challenges of identifying data controllers and data processors in the blockchain context – an important distinction that determines which set of regulatory obligations applies.

In discussing the likely classification of the various types of persons and entities involved in a blockchain, the CNIL primarily distinguished between (i) participants (i.e., those who transact on the blockchain) that have the ability to determine what data will be entered into a blockchain or have permission to write on it or cause data to be written to it, and (ii) miners or other validators (i.e., those who do not transact and instead validate transactions submitted by participants). The CNIL also provided an analysis as to how to classify smart contract developers and natural persons who enter personal data in a blockchain, distinguishing, with respect to the latter, between those engaging in personal or household activities and those engaging in professional or commercial activities.

This past summer, Ohio adopted legislation (SB220) that primarily provides for a legal safe harbor from certain data-breach related tort claims to covered entities that implement a specified cybersecurity program that “reasonably conforms” to a recognized cybersecurity framework for the protection of personal information and “restricted information” or comply with certain industry-specific federal privacy laws. This legislation is intended incentivize businesses to adopt heightened levels of cybersecurity through voluntary action.

Beyond cybersecurity, SB220 also includes language amending Ohio’s version of the Uniform Electronic Transactions Act (UETA) to incentivize blockchain investment and innovation in the state by allowing transactions recorded on the blockchain to be recognized under it. Ohio’s UETA generally stipulates that records or signatures may not be denied legal effect solely because they are in electronic form and that a contract may not be denied legal effect because an electronic record was used in its formation (a discussion of the extent to which any provision of Ohio’s UETA is preempted by the Federal E-Sign Act (15 U.S.C. § 7001) is beyond the scope of this post). In pertinent part, SB220 amends the definition of “electronic record” under the UETA to provide that “a record or contract that is secured through blockchain technology is considered to be in an electronic form and to be an electronic record.” It also amends the definition of “electronic signature” to clarify that a signature that is “secured through blockchain technology is considered to be in an electronic form and to be an electronic signature.” While one could argue that signatures secured using blockchain are already presumably valid under the UETA, such a law expressly takes up this issue and signals the state’s pro-blockchain stance.

On June 14, 2018, the New York State Department of Financial Services (the “DFS”) announced that the agency granted a virtual currency license (or “BitLicense”) to bitcoin wallet and vault provider Xapo, Inc., and authorized the blockchain financial services company Paxos Trust Company LLC to expand their business to offer exchange and custodial services to cryptoassets beyond bitcoin. Days later, the DFS announced that it had approved the BitLicense application of financial services and mobile payment provider Square, Inc. (which already possessed a state money transmitter license and whose Cash App offers a method to trade bitcoin). These developments followed last month’s approval of Gemini Trust Company to provide additional virtual currency products and services (including custodial services and trading of Zcash, Litecoin and Bitcoin Cash). With the latest approval of Square, the DFS has granted a total of nine virtual currency charters or licenses.

At last week’s Yahoo! All Markets Summit in Palo Alto, SEC Division of Corporation Finance Director William Hinman delivered a speech sure to send shockwaves through the crypto world. Applying the Howey test (which sets forth the elements necessary for determining whether a transaction involves the offer or sale of

On April 17, 2018, the New York Attorney General’s Office (“OAG”) launched a Virtual Markets Integrity Initiative and sent letters to thirteen cryptoasset trading platforms requesting, through a questionnaire, disclosures on their operations, internal controls, and safeguards to protect customer assets.  The questionnaire focused on six major topic areas, including: 1) Ownership and Control, 2) Basic Operation and Fees, 3) Trading Policies and Procedures, 4) Outages and Other Suspensions of Trading, 5) Internal Controls, and 6) Privacy and Money Laundering.  The OAG characterized the initiative as a mechanism to “increase transparency and accountability” on “platforms used by consumers to trade virtual or ‘crypto’ currencies like bitcoin and ether.”  Notably, the thirteen trading platforms were only given two weeks to respond to the questionnaire.

While cryptoasset exchanges already face regulatory scrutiny from the SEC, the CFTC, and certain state regulators (including other agencies within New York), among others, the OAG determined  that their mandate to protect customers/ investors and ensure the fairness of New York’s financial markets necessitated further action.  Two of the targeted trading platforms –  Coinbase and Kraken – publicized markedly different responses to the OAG’s inquiries, the content of which sheds light on how some of the industry’s key players are approaching regulation; and perhaps, how regulators should be approaching some of the industry’s key players.