The compatibility of blockchain and the laws
Many articles describe how blockchain technology works. This article will focus instead on the compatibility of blockchain with the laws that (indirectly) regulate to it. It is designed as a preliminary look at blockchain technology in light of Indonesian laws.
The development of blockchain technology appears to be analogous to the foundational period of the internet. Today, we acknowledge an ongoing acceleration in blockchain development, in particular with regard to investment.
Tech-company database Crunchbase News reported in 2018 that global investment into blockchain and blockchain-related companies had surpassed the total amount raised during the 18-month period between July 2016 and early 2017. To be exact, investment rose from just $600 million (Rp 8.8 trillion) at the start of 2017 to well above $1.3 billion (Rp. 19 trillion) in May 2018, as reported by Rowley on techcrunch.com, and that figure continues to grow followed with the increasing number of crypto-unicorn trading platforms.
In some countries, authorities indirectly regulate blockchain as a new technology, but others take a closer look at the proliferating adoption of new technologies (including blockchain, big data, artificial intelligence, etc.) in financial services. For example, the European banking authority has mapped out a detailed survey on the scope of fintech and its subsets, but specific regulation on blockchain and distributed ledger technology remains unseen.
Meanwhile, Indonesia’s Financial Services Authority (OJK) recently enacted a long-awaited draft on financial innovation. We thought this might pertain to blockchain adoption in that sector, beyond peer-to-peer lending. The OJK’s regulation on digital financial innovation (DFI) recognizes blockchain as part of DFI, and such technology (where used) must demonstrate compliance with that regulation and the regulatory sandbox scheme thereof.
With regard to the ideas behind blockchain, regulators may decide to view blockchain as an instrument in business operations but not as a distinguished product of today’s technology. As an instrument, blockchain is indeed treated as an intermediary, much like other intermediary technology (e.g. apps, the internet, electronic systems). When we look beyond that, however, blockchain as a new technology does not fit easily into any existing legislative or regulatory paradigm in terms of interpretation, application and enforcement.
Before we elaborate further, it is worth noting down blockchain’s fundamental characteristics. In an abstract concept, blockchain can be understood as an electronic system (a) for recording (series of) data in timestamp manners (such as financial transactions through time); (b) that employs cryptography to link past ledger entries; (c) establishes a form of self-regulation, where existing ledgers or new data entries are distributed/replicated across participants; (d) with some or all network participants validating new ledgers (e.g. permissionless or permissioned blockchain architecture); that (e) requires the internet to fully operate.
When referring to permissionless blockchain, anonymity is a problematic feature from a legal and regulatory perspective. Know-your-customer (KYC) obligations and anti-money-laundering (AML) compliance may be hard to implement effectively when anyone may, without authorization, use a blockchain product, in particular Bitcoin (Christopher Millard, CLSR journal 34 (2018) 843-846 Elsevier). How can financial authorities and central banks perform regulatory oversight and audit transactions using such open blockchain technology? It seems that, for today, such openness and anonymity is incompatible with KYC and AML rules.
Thus, instead of establishing an open blockchain system, developers and businesses may try to enable some kind of authorities in the blockchain network that enable redactable and scrutable mechanisms. A legal entity should take control of a blockchain system to be held responsible in running the blockchain. This is why a legal form, like BaaS (Blockchain as a Service) providers, is desirable for businesses to simplify compliance with regulatory provisions.
With regard to data protection laws, blockchain poses several legal challenges. Ministry of Communication and Information Tech (MoCIT) Regulation 20/2016 and Government Regulation 82/2012 lay the data protection foundation for the provision of electronic systems (incl. blockchain systems). A blockchain provider or users may be both a user of electronic systems and a provider of electronic systems on the condition that they are authorized to modify the blockchain network or make decisions within the system based on a consensus algorithm.
This entails legal obligations for certification, truthful processing, access right to data subject as well as the right to erasure if requested by the data subject. In blockchain, when data is added to a chain, it is retained (so-called immutable and irreversible), where modification is only possible by updating the chain.
Given that the nodes in a blockchain system are replicated worldwide, regardless of where a participant resides, rules for international data transfer apply. In light of data protection, a controller who stores personal data in a BaaS environment shall not carry out such a transfer without equivalence of protection safeguards or fulfilling other legal requirements.
Notwithstanding the foregoing, such a controller may also be required to classify personal data into strategic, high risk and low risk types of data under the (ongoing) amendment of Government Regulation 82/2012 (implementing the ITE Law).
Blockchain technology may be used to facilitate anticompetitive behavior in a number of ways, such as price restrictions using a blockchain payment method, permissioned consortium’s blockchain and softening of price competition via a self-executing smart contract. Therefore, to monitor and scrutinize the competitive environment, should competition agencies be given permission to access blockchain for effective oversight? This is an issue for discussion.
In general, where a blockchain technology functions as an intermediary in business operations, regulations are stretched to cover “loopholes” of incompatibility under regulatory compliance. Where a blockchain system becomes a new form of technology (or platform) by altering conventional conduct or disrupting existing business models, this likely requires a novel approach to make sure regulations stay relevant.
As with drafting any contract, it will be helpful for lawyers to have a good understanding of the transactions empowered by blockchain technology, before drafting, negotiating and using legal and business-to-business terms and conditions for blockchain services.
The compatibility of blockchain and the laws
Published in The Jakarta Post, 26th November 2018
Written by: Daniar Supriyadi and Tamimi Hendartin
Member of Digital Business & Technology at Bahar & Partners Law Firm