Blockchain and the Law

First Punch: Floyd Mayweather and DJ Khaled Settle with SEC Over Unlawful Touting of ICOs

The SEC recently announced its settlement of charges against boxer Floyd Mayweather and producer DJ Khaled for their failure to disclose payments they received for promoting Initial Coin Offerings (ICOs) on their social media accounts.

The federal securities laws contain an “anti-touting provision,” which regulates paid promotions of securities offerings. Specifically, Section 17(b) of the Securities Act of 1933 makes it unlawful for a person to “publish, give publicity to, or circulate any notice…or communication which, though not purporting to offer a security for sale, describes such security for a consideration received or to be received…without fully disclosing the receipt, whether past or prospective, of such consideration and the amount thereof.” Importantly, the provision applies even to those not directly offering a security for sale. The SEC’s orders instituting cease-and-desist proceedings against Mayweather and Khaled both cited violations of Section 17(b).

According to the charges, Mayweather failed to disclose $300,000 he received from three ICO issuers. He received $100,000 from Centra Tech Inc. for posting on his social media accounts that “Centra’s…ICO starts in a few hours. Get yours before they sell out, I got mine and as usual I’m going to win big with this one!” Mayweather promoted ICOs on his social media accounts a number of other times and even dubbed himself “Floyd Crypto Mayweather” in one post (not to be confused with his usual moniker, Floyd “Money” Mayweather). Khaled also received $50,000 from Centra for posts calling Centra an “ultimate winner” and a “game changer.” Centra has been the subject of its own SEC scrutiny, with the SEC filing a civil action against Centra’s founders and the U.S. Attorney’s Office for the Southern District of New York filing corresponding criminal charges. Continue Reading

Is Blockchain Technology Compatible with GDPR? French Data Protection Regulator Provides Guidance

Uncertainty regarding the compatibility of blockchain technology and the European Union’s General Data Protection Regulation (GDPR) has often been highlighted as a potential obstacle to the development and widespread implementation of blockchain systems involving personal data.

To address tensions between blockchain technology and the GDPR, Commission Nationale de l’Informatique et des Libertés (CNIL), the French data protection regulator, published an initial report analyzing certain fundamental questions regarding the interaction between blockchain technology and the GDPR’s requirements (the “Report”). The Report was the first guidance issued by a European data protection regulator on this topic.

CNIL’s Approach to Identifying Blockchain Data Controllers and Data Processors

The Report highlights the challenges of identifying data controllers and data processors in the blockchain context – an important distinction that determines which set of regulatory obligations applies.

In discussing the likely classification of the various types of persons and entities involved in a blockchain, the CNIL primarily distinguished between (i) participants (i.e., those who transact on the blockchain) that have the ability to determine what data will be entered into a blockchain or have permission to write on it or cause data to be written to it, and (ii) miners or other validators (i.e., those who do not transact and instead validate transactions submitted by participants). The CNIL also provided an analysis as to how to classify smart contract developers and natural persons who enter personal data in a blockchain, distinguishing, with respect to the latter, between those engaging in personal or household activities and those engaging in professional or commercial activities. Continue Reading

Ohio is the First US State to Allow Payment of Taxes Using Bitcoin

Today, Ohio reportedly becomes the first US state to allow taxes to be paid in the form of bitcoin. Although the program, which is spearheaded by Ohio Treasurer Josh Mandel, will not be available to individual taxpayers until a later time, businesses operating in Ohio are now able to register on OhioCrypto.com to pay 23 types of Ohio state taxes using bitcoin.

In the Office of the Ohio Treasurer’s own words, this initiative represents Treasurer Mandel’s belief “in leveraging cutting-edge technology to provide Ohioans more options and ease while interfacing with state government. The Treasurer’s office is also working to help make Ohio a national leader in blockchain technology.”

Bitcoin tax payments submitted on OhioCrypto.com will be processed through BitPay, a payment processing service provider, which will convert the bitcoin into US Dollars and then remit the cash to Ohio’s coffers. To address bitcoin market price volatility, BitPay reportedly will lock the exchange rate for a 15-minute window once a business begins the payment process. The Ohio website’s FAQs indicate the Treasurer’s intention to add other cryptocurrencies to the tax payment options in the future.

As we noted in an earlier post, the making of a payment using digital assets such as bitcoin can itself be a taxable event, a consideration which businesses should factor into their analysis of whether (and when) to take advantage of Ohio’s new option.

Registration Requirements for “Decentralized” Exchanges under the Federal Securities Laws: The Case of EtherDelta

On November 8, the SEC announced that it settled charges against Zachary Coburn, founder of EtherDelta, a type of non-custodial digital asset trading platform commonly referred to as a “decentralized exchange” or “DEX.” Coburn was charged with causing EtherDelta to operate as an unregistered securities exchange in violation of Section 5 of the Securities Exchange Act of 1934 (the “Exchange Act”) during the period between July 12, 2016 (the date Coburn launched EtherDelta’s website) and December 15, 2017 (the date Coburn ceased collecting fees from EtherDelta users following its sale to foreign buyers).

The conclusions set forth in the SEC’s order contain several key components, including that, during the relevant period:

  1. EtherDelta operated as an “exchange” within the meaning of the Exchange Act;
  2. Coburn “caused” EtherDelta to violate the Exchange Act; and
  3. At least some of the digital assets bought and sold on EtherDelta were “securities.”

We analyze these findings in more depth below. Continue Reading

CFTC Commissioner: Code Developers May be Accountable for Smart Contracts

Recently at a conference in Dubai, Brian Quintenz, who is a Commodity Futures Trading Commission (CFTC) Commissioner, expressed his personal opinion (rather than the views of the CFTC) on the conceptual challenges in applying the CFTC’s regulatory oversight to, and fostering accountability for, smart contracts that reside on decentralized blockchains. In particular, Quintenz conveyed his belief that smart contract developers could potentially be held liable for aiding and abetting activity that violates CFTC regulations through the use of a smart contract that they programmed, if they “could reasonably foresee, at the time they created the code, that it would likely be used by U.S. persons in a manner violative of CFTC regulations.”

At a high level, a smart contract is computer code encoded on a blockchain that is programmed to automate the execution of a transaction upon the occurrence of a triggering event. The CFTC regulates the U.S. derivatives markets and thus has oversight authority over futures and swaps markets, including derivatives on commodity cryptocurrencies. Among the many potential applications of smart contracts, Quintenz identified as a regulatory concern the ability of smart contracts to emulate traditional financial products, such as binary options or derivative contracts. For example, through a smart contract on a blockchain, one could bet on the outcome of a sporting event and, if the prediction is correct, the smart contract could be programmed to automatically settle the bet using a cryptocurrency transfer without the involvement of an intermediary. Applications such as this, Quintenz stated, resemble “prediction markets” and “event contracts,” which may fall within the CFTC’s purview and raise regulatory issues. Continue Reading

SEC Launches FinHub

On October 18, the SEC announced the launch of a new Strategic Hub for Innovation and Financial Technology (the “FinHub”). The FinHub provides an online portal for market participants to engage with the SEC on a range of FinTech-related issues, including distributed ledger technology and digital assets.

The FinHub contains a comprehensive repository of information relating to the SEC’s position on the issuance and transfer of blockchain-based digital assets, including links to key public statements by the SEC and its staff, prior enforcement actions, investor notices and opportunities for public input.

By clicking “Engage with FinHub” on the portal’s homepage, visitors are directed to a request form that enables them to provide the SEC with information about themselves and their projects and request a meeting or other assistance from the SEC staff. While a welcome indication of the SEC’s openness to communicate and collaborate with stakeholders in the blockchain ecosystem, developers, entrepreneurs and other market participants should carefully review the SEC’s Web Site Privacy and Security Policy and consult legal counsel to understand how the Commission may use the information you provide through the request form and for assistance with the SEC outreach process.

Ohio and California Join Other States in Passing Blockchain-Friendly Legislation

This past summer, Ohio adopted legislation (SB220) that primarily provides for a legal safe harbor from certain data-breach related tort claims to covered entities that implement a specified cybersecurity program that “reasonably conforms” to a recognized cybersecurity framework for the protection of personal information and “restricted information” or comply with certain industry-specific federal privacy laws. This legislation is intended incentivize businesses to adopt heightened levels of cybersecurity through voluntary action.

Beyond cybersecurity, SB220 also includes language amending Ohio’s version of the Uniform Electronic Transactions Act (UETA) to incentivize blockchain investment and innovation in the state by allowing transactions recorded on the blockchain to be recognized under it. Ohio’s UETA generally stipulates that records or signatures may not be denied legal effect solely because they are in electronic form and that a contract may not be denied legal effect because an electronic record was used in its formation (a discussion of the extent to which any provision of Ohio’s UETA is preempted by the Federal E-Sign Act (15 U.S.C. § 7001) is beyond the scope of this post). In pertinent part, SB220 amends the definition of “electronic record” under the UETA to provide that “a record or contract that is secured through blockchain technology is considered to be in an electronic form and to be an electronic record.” It also amends the definition of “electronic signature” to clarify that a signature that is “secured through blockchain technology is considered to be in an electronic form and to be an electronic signature.” While one could argue that signatures secured using blockchain are already presumably valid under the UETA, such a law expressly takes up this issue and signals the state’s pro-blockchain stance. Continue Reading

LexBlog