Playing By the Rules: establishing effective DLT communities
What is a distributed ledger?
Distributed ledger technology (DLT) continues to enable the explosion of crypto-currencies, that we have seen over the last few years. As well as being the driving force behind Bitcoin, it has many other applications that make it useful and relevant to businesses in a range of industries.
A distributed ledger is an asset database that can be shared across a network of multiple sites, geographies or institutions. Distributed ledgers are decentralised to eliminate the need for a central authority (or intermediary) to process or authorise transactions.
All participants within a network have access to their own identical copy of the ledger, which is subsequently timestamped and given a unique cryptographic signature. Any changes made to the ledger are reflected in all copies almost immediately. Entries may be updated by one, some or all of the participants, subject to rules agreed by the network. Distributed ledgers provide a verifiable and auditable history of all information stored on any particular dataset.
DLT is being used today to verify the provenance of commodities, ensuring for instance that conflict diamonds do not find their way into the legitimate jewellery trade. Every transaction between members of this DLT community is logged so that each participant in the community can track diamonds from the date they are mined to the date they are sold in their cut form as an item of jewellery.
In a business-to-business context, ledgers are only accessible to agreed participants with the secure login details required to access the DLT database. DLT is a more secure solution than a traditional database because each participant has a copy of the entire ledger (thereby meaning that a fraudster would need to alter various independent copies of the database held by multiple separate individuals). It is also more secure because the numerical (or cryptographic) value of each line in the database is dependent on the previous line, which is dependent on the line before that and so on. The logic which supports the hype around DLT security is not that a distributed ledger is incapable of being manipulated or falsified, but rather that it only becomes worth mobilising the kind of processing power required to falsify a distributed ledger if the potential value to the criminal is significantly greater than the cost of marshalling the processing power required to break the underlying cryptographic code.
Creating a DLT and setting up the rules of the DLT community is an expensive business, in terms of expenditure on a technology platform provider and on legal support to draft and negotiate the rules applicable to the DLT community. On the upside, it can help clients to market their goods and services in new ways, by providing verifiable quality assurances not easily available using other methodologies. It is not the right solution for all businesses, but in the right context, it can be game-changing for some.
Data privacy implications of DLT
Distributed ledgers pass data (including potentially commercially sensitive and personal data) only to those participants who are party to a deal and reasonably require access to such information.
Businesses need to understand that parties with access to personal data would be required to enter into contractual agreements with respect to the use, processing and cross-border transfers of the respective data to comply with national data privacy laws, including the European General Data Protection Directive incorporated into English law as the Data Protection Act 2018.
Due diligence
Companies should make sure that their lawyers and accountants are involved in due diligence on their chosen technology provider, to make sure that changes in tax rules and the addition of new jurisdictions can be easily supported without major (and expensive) software re-writes. Good legal advice can help draft, review or amend the applicable technology provider agreement to ensure that interests are properly protected.
Mirkwood Evans Vincent is a leading technology law firm in the UK. With our IR Global connections to specialist colleagues in the technology legal sector all over the world, we can help you to ensure that you get the right agreements in place in a cost-effective way, first time, every time.