31 - Marc Dimech

Marc Dimech How could Distributed Ledger Technology and Smart Contracts bring about a paradigm shift in Consumer Rights legislation?

Marc E. Dimech has recently obtained his Bachelor of Laws (Honours) Degree. Currently sitting for the Master of Notarial Studies course at the University of Malta, Marc takes particular interest in contract, commercial and succession law.

id-dritt

1. Introduction

G

ive or take in the past two years, there has been a surge in two different, yet slightly intertwined, technological advancements that could, and probably will, bring about a paradigm shift in our law sometime in the near future. These technologies are Distributed Ledger Technology, also known as DLT in short, and Smart Contracts. These two groups, ‘which have also brought about the emergence of crypto-currencies, will be widespread and it will impact many industries’1, not only law. They are built in a way that would make obligations between two or more parties easier, not just from a practical point of view, but also from a legal perspective. Yet, this would also bring up a number of questions – do the advantages of these two types of technologies outweigh the risks? Are any risks, no matter how few or low level, too perilous, making these concepts’ existence from a legal point of view questionable, notwithstanding their countless advantages? If legislators were to implement such technologies in our law, how would the already existing legislations need to change to accommodate them? Thus, how would both Distributed Ledger Technology and Smart Contracts specifically affect consumer rights - should consumers be afforded more rights to protect their interests in case of implementation, or are their already existing rights by default reinforced? To understand this, it is pivotal that an in-depth explanation of how these two pieces of technology work is given, as this would serve to better understand in what way consumer rights are affected, if at all. Without background knowledge of how they work, an explanation of their effect would be pointless. An overview of Subsidiary Legislation 378.17, or ‘Consumer Rights Regulations’, will also be laid out. ‘The purpose of these regulations is to implement Directive 2011/83/EU of the European Parliament and of the Council...’2 In turn, this European Directive is the ‘Consumer Rights Directive’, which applies to the majority of contracts between traders and consumers, and 1 ‘Blockchain and Smart Contracts – An Introductory Legal Perspective’ <http://www. ils.com.mt/2017/10/blockchain-and-smart-contracts-an-introductory-legal-perspective/> accessed 1 September 2018. 2 Consumer Rights Regulations (2013), 1(2).

328

Technology Law

its aim is to protect the latter by affording them certain rights, as they are not on the same playing field as traders when it comes to entering into an obligation. Thus, the law makes sure to safeguard consumers’ interests by regulating how these transactions are handled.

2. What is Distributed Ledger Technology? In Maltese Law, we find a definition of this term in the second article of the Malta Digital Innovation Authority Act, as well as in the second article of the Virtual Financial Assets Act. Both these acts describe this type of technology as being ‘a database system in which information is recorded, consensually shared, and synchronised across a network of multiple nodes’3. An important aspect of distributed ledgers is that they ‘do not have a central administrator or a central data storage’4. There are essentially two fundamental characteristics in any system or infrastructure which is DLT-based (for example, Blockchain).5 First is the ‘ability to store, record and exchange information in digital form across different, self-interested counterparties’6, whilst not needing a central record-keeper, and without the need for mutual trust among counterparties, which has so far been so fundamental. Information or data are stored across numerous stores, or ‘ledgers’, in which all of them ‘have the exact same data records, and are collectively maintained and controlled by a distributed network of computer servers, called nodes’7. Thus one finds a peer-to-peer element. Secondly, it needs to be ensured that there is no double spending; that is, that the same asset or token cannot be sent or be part of a transaction more than once. Otherwise, the confusion this would create would be huge.

3 Virtual Financial Assets Act, Chapter 590 of the Laws of Malta, Article 2. 4 Claudio Scardovi, Restructuring and Innovation in Banking (Springer 2016) 36 5 ‘Distributed Ledger Technology (DLT) and Blockchain’. (World Bank Group, 2017). <http://documents.worldbank.org/curated/en/177911513714062215/pdf/122140-WP-PUBLIC-Distributed-Ledger-Technology-and-Blockchain-Fintech-Notes.pdf> accessed 2 April 2019. 6 ibid 2. 7 ibid 1.

329

id-dritt

2.1 How does Distributed Ledger Technology Work?

Essentially, in its most simple form, this form of technology refers to one large database, which is independently held and updated by each participant or device, or in more specific jargon, by each node, in a very large network. Decentralised ledgers work in such a way that the records are not, in any way, shape or form, made available to multiple nodes by one central authority. Instead, as already mentioned, these records are constructed independently and held by every node, each one having access to them. In other words, each and every node or participant on the network processes every single transaction, allowing it to come to its own conclusions, after which it votes on those very same conclusions to make sure the majority agree with the conclusions. ‘Once there is this consensus, the distributed ledger has been updated, and all nodes maintain their identical copy of the ledger’. 8 9 10

3. What are Smart Contracts? Don Tapscott, ‘one of the world’s leading authorities on the impact of technology on business and society’11, explained the term ‘smart contract’ in a very simple manner – ‘it’s a contract that self-executes, and has a payment system built into it, sort of like a contract that has built-in lawyers, governments and a bank account’12. In Malta, we find a definition of smart contracts in the Malta Digital Innovation Authority Act. In Article 2, this provision states that: ‘’smart contract’’ means a form of innovative technology arrangement consisting of: (a) a computer protocol; and, or 8 J. Carlos Severino Cardoso, ‘Blockchain and Smart Contracts for the Internet of Things - an Architecture for Sensor Data Availability’ (2018) <http://recil.grupolusofona.pt/bitstream/ handle/10437/9275/thesis_jose_cardoso%20%281%29.pdf?sequence=1> accessed 2 April 2019. 9 Nolan Bauerle, ‘What is a Distributed Ledger?’ (Coindesk) <https://www.coindesk. com/information/what-is-a-distributed-ledger> accessed 2 April 2019. 10 Oliver Belin, ‘The Difference Between Blockchain & Distributed Ledger Technology’ (TRADEIX) <https://tradeix.com/distributed-ledger-technology/> accessed 14 April 2019. 11 ‘About’ <http://dontapscott.com/about/> accessed 14 April 2019. 12 Roxana Flores, ‘What are smart contracts?’ <https://blockchainflashnews.com/whatare-smart-contracts-a-self-executing-contract/> accessed 14 April 2019.

330

Technology Law

(b) an agreement concluded wholly or partly in an electronic form which is automatable and enforceable by execution of computer code, although some parts may require human input and control and which may be also enforceable by ordinary legal methods or by a mixture of both13. It would be fair to say that smart contracts have a number of defining features which make them stand out from traditional contracts. Firstly, and very importantly, there is the removal of an intermediary, resulting in less time consumption and less transaction costs - something which makes it very attractive to a consumer. A very common and practical example of an intermediary is a bank, which would be done away with due to the selfexecutory nature of these contracts. Nick Szabo, a legal scholar, computer scientist and one of the pioneers in automated self-enforcing contracts, stated that: Smart contracts often involve trusted third parties, exemplified by an intermediary, who is involved in the performance, and an adjudicator, who is invoked to resolve disputes arising out of performance (or lack thereof). Intermediaries can operate during search, negotiation, commitment, and/or performance14 Whereas these entities are all still involved in this type of contract, they are in-built in the contract, and physically removed from the equation. In addition to this, another defining and closely related feature is the reduction of human involvement, mitigating the possibility of human mistakes.

3.1 How do Smart Contracts Work? A smart contract contains the agreement or obligation between the said parties, with all the relevant clauses between party A and party B - the same as with traditional contracts. For example, since smart contracts are selfexecutory, the agreement would state, give or take, that when A receives payment from B, only then will B acquire ownership of the object, or asset, in 13 Malta Digital Innovation Authority Act, Laws of Malta, Article 2. 14 Nick Szabo, ‘The Phases of Contracting’ (1998) <http://www.fon.hum.uva.nl/rob/ Courses/InformationInSpeech/CDROM/Literature/LOTwinterschool2006/szabo.best.vwh. net/phases.html> accessed 14 April 2019.

331

id-dritt question from A. Thus, A will cease to be the owner, and instead the records of the object or asset in question will be updated to reflect the transaction, making B the owner. ‘Smart contracts are automatically executed once the conditions of the agreement are met’15. This will all happen on the platform on which the smart contract is located - this is where the data, which will be updated the moment the obligation is fulfilled, will show who the new owner is. Once the obligation has been agreed upon, and the contract programmed accordingly, it cannot be retracted - yet another defining feature. Thus, both parties would feel safe in performing their obligation, as they would be safe in the knowledge that they cannot be cheated in any way. Without the existence of a smart contract in this scenario, both parties would have to pay a number of fees to a series of third-party entities, for example, lawyers or banks. Also, it would take quite some time to sort out all the necessary paperwork. Yet, when smart contracts are used, there are no commissions, unless stated in the contract’s terms itself, and no delays related to human intervention to process the agreement and update the relevant records.

4. Advantages of Implementation There are multiple advantages if we were to implement such technologies. Transparency, for example, is crucial, and highly sought after. Obligations, whether contractual or not, are built on trust, and the element of transparency helps to build this trust between parties. An obligation in the form of a smart contract is made transparent once it is recorded in a public ledger, one which all the parties to an obligation would have access to. That same ledger stores all the necessary information on the object or items of the agreement, thus promoting transparency between the parties. ‘A distributed ledger can allow all the information that is stored to be easily and freely viewable, which can add a huge amount of desired transparency to a variety of industries’16. One must also mention that potential parties to a new and separate future obligation will have access to the information on the same object or asset which they might want to acquire. For example, A sells his car to B and this transaction is recorded in the ledger, along with the properties of the car, such as its make, colour, year of manufacture, mileage, engine power, type 15 Ray King, ‘What Is a Smart Contract and How Does it Work?’ <https://www.bitdegree. org/tutorials/what-is-a-smart-contract/> accessed 4 March 2019. 16 Matt Crook, ‘What is distributed ledger technology?’ (Liquid, 13 October 2013) <https:// blog.liquid.com/distributed-ledger-technology> accessed 4 March 2019.

332

Technology Law

of transmission etc. 5 years later, C might want to purchase that same car from B. C would have all the information he needs on the object (in this case, the car) in the ledger, thus eliminating the possibility of fraudulent behaviour from B when it comes to selling the car. Another advantage related to these technologies is efficiency. Due to a lack of intermediaries, such as banks, transactions are concluded much quicker – ‘you no longer need a trusted third party when you make a transaction’17. As a simple example, let us imagine a scenario where farmers are granted a certain amount of money by the government if, due to a lack of rain over the course of twelve months, their produce does not grow enough, making them of unsatisfactory quality to the market. In this case, they would be unable to make a living, and thus may be eligible to receive that amount of money. If a smart contract is used for this kind of obligation, and it is (manually) programmed to detect the amount of precipitation over twelve months, then at the end of those twelve months, the program would establish whether the farmer party to the obligation satisfies the requirement, and the amount of money in question would be transferred to him immediately, on the day the twelve month period closes. Without such technology, the farmer would most probably need to get in touch with a lawyer, who would then begin the process to have his client given what is due to him by acquiring proof of the precipitation over the course of the twelve months or lack thereof, and so on. This would come at a cost to the farmer, not merely financially, but also in time lost to have the amount promised sent to him. Also, the contract would be easily accessible in the ledger, and one would not need to waste time going over huge amounts of paper contracts. Another example is in the case when ‘a group of football enthusiasts agree on a wager on which team is going to win the Premier League. At the end of the season, the smart contract would retrieve the information from the official website of the Premier League and automatically distribute the winnings to the person who successfully predicted the winning team’18. The automatic distribution of the winnings is what makes it so efficient and attractive to the parties. One final advantage is that of immutability, somewhat related to security. Immutability essentially means that once a record has been uploaded into 17 Ray King, ‘What Is a Smart Contract and How Does it Work?’ <https://www.bitdegree. org/tutorials/what-is-a-smart-contract/> accessed 4 March 2019. 18 James Debono, Jens Buedinger, ‘How smart contracts may affect the legal community’ Times of Malta, (5 November 2017) <https://www.timesofmalta.com/articles/view/20171105/ business-news/How-smart-contracts-may-affect-the-legal-community.662296> accessed 14 April 2019.

333

id-dritt

the ledger, then that same record cannot be changed or cancelled - it is there for good. Therefore, to denote a change, a new record has to be created. Thus, as long as the ledger remains distributed, the data inputted in it cannot be tampered with, and a trail is created. For this reason, immutability goes hand in hand with security, as no individual is capable of changing a record for his own personal gain. Smart contracts on a decentralised platform are fair, as they are not controlled by any one central party. Instead, they are found in a distributed ledger, ‘a shared database run by many computers (called nodes) belonging to many different people. Because of this, not one single person or company has control of it. It means it is near impossible to hack it — the hacker would need to hack more than half of the nodes if they wanted to attack the blockchain or the smart contracts that run on it. Therefore, smart contracts can run safely and automatically without anyone being able to change them!’19. Being almost hack-proof means that more and more people would trust these types of technology, as they can trust that their interests are safeguarded, with very little, if at all, possibility of a catastrophe. In fact, smart contracts on a distributed ledger are encrypted and distributed amongst the nodes on the network, guaranteeing no changes or a loss of the data. Trust is implicit to this type of technology.

4.1 Disadvantages of Implementation On the other side of the coin, one big issue is that of data protection and privacy, or rather, the issue as to whether there is any data protection and privacy. ‘Maintaining privacy is the most difficult technical issue with any distributed ledger’20. A decentralised distributed ledger is available to everyone, running on a very large number of computers, on which every kind of asset can be stored, transacted, moved, exchanged and even managed without the need of any single intermediary. Whereas at first glance it would be reasonable to assume that this is advantageous due to transparency and an equal availability of information across the database, and despite it being very difficult to hack, there is a downside to this. A number of questions arise, such as ‘how much information should be made available on the ledger?’; ‘how much information is really necessary?’. In cases of a decentralised 19 Ray King, ‘What Is a Smart Contract and How Does it Work?’ <https://www.bitdegree. org/tutorials/what-is-a-smart-contract/> accessed 4 March 2019. 20 Stephen Diehl, ‘Transaction Privacy in Distributed Ledgers’ (Adjoint, 18 September 2018) <https://www.adjoint.io/news/entry/transaction-privacy-in-distributed-ledger-solutions> accessed 14 April 2019.

334

Technology Law

distributed ledger, it is not one entity, usually a company, which holds all of a person’s (sometimes sensitive) information, but this information is spread out across a number of nodes, meaning that there is more than one place from which to access the information. There is not one central authority holding all the information but parts of the data are held in numerous nodes. Because there is no one central authority responsible to look out for malicious users and attacks, if a malicious transaction is actually made, in such a case it is impossible to reverse or delete it. It is also important to mention the General Data Protection Regulation, a legislative instrument which first and foremost aims to give control to all individuals within the EU over their personal data. This piece of legislation, which was implemented on May 25th 2018, holds an important distinction in regard to this topic, found in Article 17 - dealing with the right to erasure or the ‘right to be forgotten’. To quote the first part of this article: 1. The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies: (a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed21. Whenever a transaction takes place, it is recorded in the distributed ledger, and since that same record is immutable and it is impossible to delete, one can argue that this technology’s very nature goes against what the GDPR outlays. Thus, this would make the aforementioned technology incompatible with EU law. On the other hand, a traditional contract does not have this obstacle, as it can easily be deleted or destroyed, making it compatible with EU law. Therefore, the issue here revolves only with regards to smart contracts. There are also some disadvantages which are relatively minor when compared to the above. One of them is that despite the fact that these 21 Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (Data Protection Directive) [2016] OJ 2 119/43.

335

id-dritt

technologies are quite advanced and reduce human intervention to a minimum, leading to much fewer human errors, this factor is not completely done away with. For example, people are still needed to write the code of a smart contract. The problem lies with the fact that the smallest of mistakes in the programming process could result in a calamity, which could potentially be worth even millions in costs or expenses, especially since a smart contract in a distributed ledger cannot be subsequently altered.

5. Critical Analysis Thus, how would consumer rights legislation be affected with the introduction of such technologies - positively or negatively? And how would the law need to change in order to keep providing the best possible protection to consumers once these alien technologies are implemented? To determine whether consumer rights legislation would need to change (and how) in order to allow the use of these two types of technologies to take place with no setbacks on consumers, the first order of business is to decide on whether the rights in question will be affected positively or negatively with the use of these technologies. One needs to look at both the benefits and the risks, and determine whether the former outweighs the latter. Having highlighted the advantages and disadvantages of implementing these technologies, it is fair to say that determining whether the benefits outweigh the risks is nothing short of being considered a challenging feat. Fundamentally, it comes down to one’s subjective outlook on the topic - those that are pro-technology and progress will say that the benefits outweigh the risks, while more conservative individuals will state that the issue of data protection and privacy is too delicate to play around with. Trying to take an objective point of view as much as possible, the benefits do seem to slightly outweigh the risks. The technology is first and foremost still in its infancy, meaning that it can only progress and improve as time passes, experience is gained and more studies are conducted. Besides this, the number of benefits that come out of these technologies seems to surpass the risks, in the sense that, were the technologies to be implemented as they are today, there would be a higher chance of success thanks to the advantages the technologies bring about, rather than failure due to their 336

Technology Law

inherent disadvantages. Another important point which can be made is the fact that the law can cater for any risks which may arise, and provide fail-safe provisions and legislations to extinguish any possible backlash from the risks mentioned. It is imperative to keep in mind that it is physically impossible to replicate the benefits such technologies would provide to the traditional method; thus, the only possible option is to eliminate the risks from the new, technologybased method. With the above information in mind, consumers stand to gain a lot if distributed ledger technology and smart contracts were to be introduced in Maltese law. The average consumer’s life would be made drastically easier if such technologies were to be implemented. Risks do exist, but it is fair to point out that no technology is really 100% risk-free. The benefits in this situation do seem to outweigh the risks, and for good reason. Since it is in the interest of any person who seeks to purchase goods and services for his own personal use to have business conducted quickly, efficiently and at the least possible cost, then introducing and implementing distributed ledger technology and smart contracts would be indeed beneficial to consumers. ‘Anything that saves large amounts of money will always generate a lot of interest’22. Both DLTs and smart contracts promise just that – a system which conducts transactions instantaneously, without the need of any third parties, and safely; overall, a system which encourages people to trade and do business with peace of mind. How would consumer rights law need to change to accommodate the introduction and implementation of DLT and smart contracts? Fundamentally, there are two ways such a change may occur. The first possibility is that of keeping the present laws in place, and merely amend and update them where necessary to include all that comes with the availability of DLT and smart contracts. On the other hand, one finds the possibility of creating a new piece of legislation catering specifically for those situations in which consumers are affected due to DLT and smart contracts. Nevertheless, the difference between the two is minimal - it is merely a question of structure. Creating a new piece of legislation may be considered better and administratively easier, so as not to overload the already existing provisions, and to make the 22 Brian Slater, ‘Distributed Ledger Technology: Do the benefits outweigh the risks?’ (TABB Group, 21 September 2016) <https://tabbforum.com/opinions/distributed-ledger-technology-do-the-benefits-outweigh-the-risks/> accessed 15 April 2019.

337

id-dritt

process of finding the relevant laws easier. Any necessary changes would not need to be drastic, immaterial of which one of the aforementioned methods would be applied. In its very essence, the end result of conducting business in the traditional method and via DLT or smart contracts is identical; it is simply the method which is different. So, changes that would need to take place need to be related to the method only. This makes any alterations that may need to occur minor ones, if at all needed. For example, under the Consumer Rights Regulations, the first three subarticles of article 4, whose information is also replicated in article 5 in one way or another, - ‘the main characteristics of the goods or services’23, ‘the identity of the trader’24 and everything that comes with it, such as their name, address, telephone number etc, as well as ‘the total price of the goods or services inclusive of taxes’25 (where it can be calculated) - are written in a manner in which no real change to these provisions is necessary in order to adapt them to the technologies at hand. Since these things can be easily listed down in a smart contract on a distributed ledger, it does not matter that they can be represented in this technological way. Therefore, it does not make any difference from a legislative point of view. This means that the already existing provisions do not need to change in order to accommodate this new technology. The same argument can be made for the rest of the provisions found in Articles 4 and 5, respectively, of the Consumer Rights Regulations. However, in case new legislation dealing specifically with consumer contracts entered into via smart contracts on a distributed ledger were to be created, it would be well advised if legislators were to implement the notion that everything mentioned in these two articles is still to be presented to the consumer before they enter into a contractual obligation. Whether one provision is created which states that everything that is mentioned in Articles 4 and 5 of the Consumer Rights Regulations is to be made clear in the smart contract, or whether each provision underneath both sets of articles is restated, thus having each and every requirement stipulated separately rather than having them all grouped up underneath one heading, makes no real difference. It 23 Consumer Rights Regulations, Subsidiary Legislation 378.17 of the Laws of Malta, Article 4(1)(a). 24 Ibid, Article 4(1)(b). 25 Ibid, Article 4(1)(c).

338

Technology Law

would be up to the legislators to decide which option is most feasible and the easiest, although a stronger argument for the first option can be made, as any additions or removals from articles 4 and 5 of the Consumer Rights Regulations would be automatically accounted for, rather than having to also amend the new document every now and again. All this would reinforce the need to provide all the information a consumer needs to have made available to them before they proceed with any contract. What would need to change with regards to consumers’ rights in order to continue protecting this group of individuals within society has to do with protection from the disadvantages of DLT and smart contracts. One big issue which needs to be handled is the notion found in Article 17 of the General Data Protection Regulation26. The right of data erasure once the reason for which such data is collected ends is clearly highlighted in the first point of the first sub-article: ‘the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed’27. Also, this erasure is to take place as soon as possible, without any unnecessary hold-ups – ‘the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay’28. Thus, this is also in the consumers’ interest, and it is the legislators’ responsibility, to provide such a right in the law. Firstly, it continues to promote consumers’ rights, and providing them with the best possible protection there is. Secondly, it is also required to eliminate any incompatibility with EU law; rather, it would complement it. On this point, the legislators here would effectively be hitting two birds with one stone. The law does provide for the scenario in which data which needs to be erased is made public (in this case, available to all the nodes on the network). In fact, the following sub-article stipulates that: where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal 26 Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (Data Protection Directive) [2016] OJ 2 119/43. 27 ibid (Emphasis added). 28 ibid (Emphasis added).

339

id-dritt

data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data29. Since literally deleting data and records on a distributed ledger might currently be technologically impossible, this leaves two possible options. The first option is to follow what this sub-article states. However, as it has already been stated, erasure is impossible, thus, requiring all the nodes on the network to delete their copy would not solve anything. The only sensible option, technology permitting, is to program the code of the DLT so as to hide the transaction from everyone but the parties who were part of the transaction, once this is accomplished of course. For extra security, the code of this technology would need to make such record viewable only, without the ability to share with third parties in any way, shape or form. This would be a big step forward with regards to one of the most prominent, if not the most prominent, disadvantages there is - the issue of having data protection and privacy threatened. After all, one needs to keep in mind that ‘the GDPR was fashioned for a world where data is centrally collected, stored, and processed’30, and not for distributed ledgers. Another possible, not to mention prudent, scenario would be for legislators to cap the number of nodes on a network. This would decrease the possibility of abuse or disadvantages towards consumers, by decreasing the number of entry points on the network, making the inputting of malicious transactions more difficult to carry out. Another important point is that ‘there’s the concern that users will have false information about them listed online as this brings its own problems if it can’t be properly corrected and the false records totally expunged’31. In case this scenario takes place, such false information would be available only to the limited number of nodes on the network, and not to a greater audience. At the same time, this also brings about another advantage, in the sense that since this technology is so new, 29 Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (Data Protection Directive) [2016] OJ 2 119/44. 30 Michèle Finck, ‘Blockchains and Data Protection in the European Union’ [2018] 4(1) European Data Protection Law Review, 17 <https://edpl.lexxion.eu/data/article/12327/pdf/ edpl_2018_01-007.pdf> accessed 13 March 2019. 31 ‘Deleting Information from a Distributed Ledger or Blockchain’ (Kwôri, 30 May 2016) <http://www.kwori.co.uk/blog/2016/5/30/deleting-inforhttp://www.kwori.co.uk/ blog/2016/5/30/deleting-information-from-a-distributed-ledger-or-blockchainmation-from-a-distributed-ledger-or-blockchain> accessed 2 April 2019.

340

Technology Law

it would be beneficial to set up this technology on a small scale first, in order to allow experts to study and analyse the way it works on a small platform, giving them enough information to make an educated assumption as to how it would work on a larger scale; and provide all the necessary components to make it work on such a scale, and further on in the future, maybe even on a national scale. On an equally important note, human involvement is not completely done away with, which naturally leaves room for human error. It would thus be reasonable for legislators to create specific provisions which would bestow to consumers rights related to recourse, or else compensation, in case anything goes wrong, including due to human error and gross negligence - tort. The Maltese Civil Code itself caters for instances of tort32. An element of flexibility should, and needs to be present in those situations where an error is not too serious and is fixable, so long as the consumer is not too gravely injured. This is due to the fact that this technology is still very new, and therefore even experts in the field will still have many limitations in their expertise, meaning that it might be impossible for them to cater for every scenario possible. Nevertheless, consumers need to be protected in those cases where there is serious damage or negligence due to human involvement, with the parties at hand needing to take responsibility for their actions, and be held liable. In addition to this, legislators cannot forget those situations in which consumers suffer injury through extraneous causes. While there might not be an individual or a company to blame, if a consumer suffers injury, no matter by what, then they should have some sort of recourse or compensation. This may be monetary in nature, or else in the form of a benefit or service, and this can be provided either insurance companies or by a government grant. On a final, more specific, yet smaller note, local legislators would need to keep in mind and clearly stipulate in the law at which point in a long-distance contract is the transaction concluded. Thus, essentially the issue revolves around the moment in which the smart contract executes - for example, at which point does the transfer of money need to occur. Chapter 426 of the Laws of Malta, or the E-Commerce Act, needs to be read and analysed, and kept as a benchmark with regards to any new provisions that would need to be created. It is after all ‘an act to provide in relation to electronic commerce and to provide for matters connected therewith or ancillary thereto’33. At the same time and running parallel, on an EU level, the Electronic Commerce 32 33

Civil Code, Chapter 16 of the Laws of Malta, Title IV. Electronic Commerce Act, Chapter 426 of the Laws of Malta, Preamble.

341

id-dritt

directive or Directive 2000/31/EC34 would also need to be considered. Clarifying things of this nature will help make things easier for lawyers to interpret, and for consumers, since everything is distinctly stipulated for them with regards to their rights. They will know exactly when they can act or when they can institute proceedings in case of injury etc‌ if they are informed when the contractual obligation is concluded. Clarifying the stages of these types of contracts with this type of technology will give the consumers a better understanding of where they stand with regards to their rights.

6. Conclusion In conclusion, the above points may not be exhaustive, but they are certainly the most obvious, and arguably, pressing issues, and it would be fair to say that taking note of them when drafting new legislation would improve the already existing one in the sense that it would update it with regards to the ongoing implementation of these new technologies. It would be insensible if no changes and/or amendments are made to the current legislation on consumer rights with the introduction of distributed ledger technology and smart contracts. Any new elements which affect society, and by consequence the law in place, need to be accounted for. Whenever any new component is created, it brings about with it the positives and negatives. The legislators’ duty is to determine what these are, and then make sure that the law they legislate takes them into account, and caters for their existence. In such situations, changes or alterations would indeed be required due to the risks that consumers would face. A number of provisions would need to be added or amended, in order to bestow more rights on the consumer, so as to cater for the new risks or disadvantages of the implementation of distributed ledger technology and smart contracts. Whilst any advantages are more than welcome, disadvantages need to be accounted for, and thus providing new and stronger rights to consumers would balance out the risks that implementation would bring about. It is crucial for all those states around the globe which are interested in implementing and allowing obligations and contracts to be entered into and 34 Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (Directive on electronic commerce).

342

Technology Law

conducted in such a manner, to start from a national level. If all states do this, then eventually there would be a number of different pieces of legislation in each respective country dealing with the same situations. Once such pieces of legislation are found in a number of different countries, then the EU could potentially come into the equation and harmonise the different laws.

343