Invasions

'Castles and Casualties: Recent Case Law About Procedure, Trespass and the Private Sphere' by Bruce Baer Arnold in (2019) Privacy Law Bulletin comments

 How does privacy – the protection of the private sphere from inappropriate interference – play out in Australian law? Given media coverage over the past decade members of the public and other non-specialists are likely to understand privacy as a matter of sensitive personal data, addressed through information privacy statutes such as the Privacy Act 1988 (Cth), the Census and Statistics Act 1905 (Cth) and the Health Records (Privacy and Access) Act 1997 (ACT). In contrast practitioners recognise that privacy encompasses physical and spatial integrity, for example protection from arbitrary and disproportionate searches of an individual’s dwelling place or person. They also recognise that procedure is important, with non-compliance by officials or other entities potentially invalidating searches and resulting in damages awards. 

Two recent judgments in the Northern Territory and New South Wales – O’Neill and Attalla – illustrate the salience of historic law regarding the protection of the private sphere and the scope for courts to restrict official action that is disproportionate. They also highlight concerns about misreading by law enforcement personnel of formal procedures regarding searches. This article considers those judgments.

The article considers O’Neill v Roy [2019] NTSC 23 and Attalla v State of NSW [2018] NSWDC 190 among other judgments.

ACCC Platforms Report

The ACCC's recommendations in its Digital Platforms report, released today, are

R 1: Changes to merger law 

Section 50(3) of the Competition and Consumer Act 2010 (CCA) be amended to incorporate the following additional merger factors: (j) the likelihood that the acquisition would result in the removal from the market of a potential competitor; (k) the nature and significance of assets, including data and technology, being acquired directly or through the body corporate. 

R 2: Advance notice of acquisitions 

Large digital platforms to agree to a notification protocol, to provide advance notice to the ACCC of any proposed acquisitions potentially impacting competition in Australia. The details of the notification protocol will be agreed between the ACCC and each large digital platform, and would specify: ƒ the types of acquisitions requiring notification (including any applicable minimum transaction value), and ƒ the minimum advance notification period prior to completion of the proposed transaction to enable the ACCC to assess the proposed acquisition. If such a commitment were not forthcoming from the large digital platforms, the ACCC will make further recommendations to the Government that address this issue. 

R3: Changes to search engine and internet browser defaults 

Google should provide Australian users of Android devices with the same options being rolled out to existing Android users in Europe; that is, the ability to choose their default search engine and default internet browser from a number of options. If Google does not introduce similar options for Australian Android users by six months from the date of the Report, the ACCC will submit to the Government that it should consider compelling Google to offer this choice. 

Direction for future ACCC work: Data portability 

The ACCC will revisit the applicability of the Consumer Data Right to digital platforms in the future. The ACCC considers that data portability is unlikely to have a significant effect on barriers to entry and expansion in certain digital platform markets in the short term. If data portability or interoperability were identified to be beneficial in addressing the issues of market power and competitive entry or switching, the ACCC could recommend this to government, as part of the role envisaged under Recommendation 4. However, the ACCC recognises that aside from addressing issues of market power, portability of data held by digital platforms may deliver significant benefits to current and potential future markets including through innovation and the development of new services. The ACCC will consider the benefits associated with digital platform data portability in the ordinary course as it considers sectors to which the Consumer Data Right regime may apply in the future. 

R4: Proactive investigation, monitoring and enforcement of issues in markets in which digital platforms operate 

A specialist digital platforms branch be established within the ACCC to build on and develop expertise in digital markets and the use of algorithms, with the purpose of: ƒƒproactively monitoring and investigating instances of potentially anti-competitive conduct and conduct causing consumer harm by digital platforms, which impact consumers, advertisers or other business users (including news media businesses) ƒƒtaking action to enforce competition and consumer laws relating to the conduct of digital platforms ƒƒconducting inquiries and making recommendations to Government to address consumer harm and impediments to the efficient and effective operation of the markets in which digital platforms operate, caused by market failure. This branch should be empowered by Ministerial direction to hold an extended public inquiry covering a period of at least five years and have the ability to compel relevant information. 

R 5: Inquiry into ad tech services and advertising agencies 

The specialist digital platforms branch (as proposed by Recommendation 4) be directed to hold an inquiry into competition for the supply of ad tech services and the supply of online advertising services by advertising and media agencies. Matters to be taken into account should include: ƒƒwhether a lack of transparency is impacting the efficient operation of these markets ƒƒthe prices charged by suppliers of these services and the share of advertising expenditure they retain (including whether any potential excessive margins are obtained) ƒƒhow these services are purchased and sold, including any auction and bidding processes ƒƒthe relationship between suppliers and customers of these services, including the extent to which company structures or contractual arrangements limit effective competition ƒƒthe impact of consolidation of services on competition. This inquiry should be empowered by Ministerial direction, have the ability to compel relevant information, and be completed over a period of 18 months.  

R 6: Process to implement harmonised media regulatory framework 

A new platform-neutral regulatory framework be developed and implemented to ensure effective and consistent regulatory oversight of all entities involved in content production or delivery in Australia, including media businesses, publishers, broadcasters and digital platforms. This would create a level playing field that promotes competition in Australian media and advertising markets. The framework should reflect the evolving media landscape and be underpinned by a sound policy rationale based on the functions or impact of the regulated entities. The framework should include the following matters: ƒƒ

Underlying principles: clear platform-neutral guiding principles that are applicable across media formats and platforms, and adaptable to new services, platforms and technologies ƒƒ 

Extent of regulation: determination of the appropriate extent of regulation and determining appropriate roles for self-regulation and co-regulation. ƒƒ 

Content rules: a nationally-uniform classification scheme to classify or restrict access to content consistently across different delivery formats. ƒƒAdvertising restrictions: a consistent system of advertising restrictions across all delivery platforms, including online and offline channels. 

Enforcement: appropriate monitoring and enforcement mechanisms accompanied by meaningful sanctions. Given the significance of this reform, the ACCC recommends it be approached in stages to ensure that regulatory disparities of immediate concern are promptly addressed. 

R 7: Designated digital platforms to provide codes of conduct governing relationships between digital platforms and media businesses to the ACMA 

Designated digital platforms to each implement a code of conduct to govern their relationships with news media businesses. Each platform’s code of conduct should ensure that they treat news media businesses fairly, reasonably and transparently in their dealings with them, and contain at least the following commitments: ƒƒthe sharing of data with news media businesses ƒƒthe early notification of changes to the ranking or display of news content ƒƒthat the digital platform’s actions will not impede news media businesses’ opportunities to monetise their content appropriately on the digital platform’s sites or apps, or on the media businesses’ own sites or apps ƒƒwhere the digital platform obtains value, directly or indirectly, from content produced by news media businesses, that the digital platform will fairly negotiate with news media businesses as to how that revenue should be shared, or how the news media businesses should be compensated. The ACMA will publish guidelines regarding how the code should be developed and what should be included in the code. I 

n performing its role under this recommendation, the ACMA shall closely consult with the ACCC. The ACMA will also designate the digital platforms that will be required to implement a code; review and approve the content of the codes (after consulting news media businesses). The ACMA will enforce the codes and have appropriate investigative and information gathering powers and the capacity to impose sufficiently large sanctions for breaches to act as an effective deterrent. The ACMA will also have the ability to require digital platforms to amend their codes in specific ways, if it considers that the objectives of the code are not being achieved. 

Digital platforms will have nine months to develop a code, and will be required to demonstrate that they have consulted fully with news media businesses in drafting their code, and carefully assessed the issues raised by them. The duration of the code will be proposed by the digital platform and subject to approval by the ACMA. If a digital platform is unable to submit an acceptable code to the ACMA within nine months of designation, the ACMA should create a mandatory standard to apply to the designated digital platform. 

R 8: Mandatory ACMA take-down code to assist copyright enforcement on digital platforms 

A mandatory industry code be implemented to govern the take-down processes of digital platforms operating in Australia. The code will enable rights holders to ensure the effective and timely removal of copyright-protected content from digital platforms. The mandatory code should be enforced by the ACMA and have appropriate sanctions and penalty provisions. The content of the code should be developed by the ACMA in consultation with industry including rights holders and digital platforms, and include a framework for cooperation between rights holders and digital platforms which provides guidance regarding key issues of concern for stakeholders including: ƒƒ

Cooperation framework: a framework for cooperation between rightsholders and digital platforms to proactively identify and prevent the distribution of copyright-infringing content online, including an appropriate division of the responsibility for monitoring online content for copyright-infringement. ƒƒ 

Communication: measures to improve the ease of communications between rightsholders and digital platforms, including requirements for designated agents of digital platforms to be available during Australian business hours as well as appropriate periods where key Australian live events are broadcasted. ƒƒ 

Timeframes: reasonable timeframes for the removal of infringing content and processes targeted at the timely removal of particularly time-sensitive content such as live commercial broadcasts. ƒƒ 

Bulk notifications: mechanisms for rightsholders to make bulk notifications to address repeated infringements of the same content and to sanction users who commit multiple or regular infringements. ƒƒ 

Proof of copyright: measures to streamline the process by which rightsholders may prove copyright ownership, particularly in cases where there is joint-authorship. 

R 9: Stable and adequate funding for the public broadcasters 

Stable and adequate funding should be provided to the ABC and SBS in recognition of their role in addressing the risk of under-provision of public interest journalism that generates broad benefits to society. 

R 10: Grants for local journalism 

The Regional and Small Publishers Jobs and Innovation Package should be replaced with a targeted grants program that supports the production of original local and regional journalism, including that related to local government and local courts. The program should be platform-neutral and administered at arm’s length from Government, with eligibility criteria designed by an independent expert committee. Due to its broader scope than the Regional and Small Publishers Jobs and Innovation Package, which provided AU$20 million per year, the program should provide a greater amount of funding – totalling in the order of AU$50 million per year. The Government should review this program after three years of operation to assess its effectiveness and to determine whether it should be expanded to other areas of public interest journalism at risk of under-provision by the Australian commercial media market. 

R 11: Tax settings to encourage philanthropic support for journalism 

Tax settings should be amended to establish new categories of charitable purpose and deductible gift recipient (DGR) status for not-for-profit organisations that create, promote or assist the production of public interest journalism. To be eligible for ‘registered charity’ and DGR status through these new categories, organisations will need to comply with existing accountability measures overseen by the Australian Charities and Not-for-profits Commission (ACNC). The new charitable purpose and DGR categories should require minimum levels of transparency, impartiality and independence. For organisations that produce journalism, this should include compliance with existing industry codes such as the Australian Press Council Standards of Practice. In assessing applications for registered charity and DGR status under the new categories, the ACNC and the Australian Tax Office should consider the advice of an independent expert committee. 

R 12: Improving digital media literacy in the community 

A Government program be established to fund and certify non-government organisations for the delivery of digital media literacy resources and training based on frameworks currently used by the Online Safety Grants Program and Be Connected program administered by the Office of the eSafety Commissioner. The resources and training should be broadly delivered through community centres, libraries, schools and seniors centres for the benefit of all Australians. 

R 13: Digital media literacy in schools 

The Terms of Reference for the review of the Australian Curriculum scheduled for 2020 should include consideration of the approach to digital media literacy education in Australian schools. 

R 14: Monitoring efforts of digital platforms to implement credibility signalling 

An independent regulator, such as the ACMA, should be directed to monitor the voluntary initiatives of digital platforms to enable users to identify the reliability, trustworthiness and source of news content featured on their services. In undertaking this role, the regulator should be empowered to obtain data and information from digital platforms relevant to its inquiries, publicly report on its findings and make recommendations in relation to regulatory action if platforms’ voluntary initiatives are ineffective. 

R 15: Digital Platforms Code to counter disinformation 

Digital platforms with more than one million monthly active users in Australia should implement an industry code of conduct to govern the handling of complaints about disinformation (inaccurate information created and spread with the intent to cause harm) in relation to news and journalism, or content presented as news and journalism, on their services. Application of the code should be restricted to complaints about disinformation that meet a ‘serious public detriment’ threshold as defined in the code. The code should also outline actions that constitute suitable responses to complaints, up to and including the take-down of particularly harmful material. 

The code should be registered with and enforced by an independent regulator, such as the ACMA, that: ƒƒis given information-gathering powers enabling it to investigate and respond to systemic contraventions of code requirements ƒƒis able to impose sufficiently large sanctions to act as an effective deterrent against code breaches ƒƒprovides frequent public reports on the nature, volume and handling of complaints received by digital platforms about disinformation ƒƒreports annually to Government on the efficacy of the code and compliance by digital platforms. 

While the code should focus on addressing complaints about disinformation it should also consider appropriate responses to malinformation (information inappropriately spread by bad-faith actors with the intent to cause harm, particularly to democratic processes). In the event that an acceptable code is not submitted to the regulator within nine months of an announced Government decision on this issue, the regulator should introduce a mandatory industry standard. 

The code should be reviewed by the regulator after two years of operation, and the regulator should make recommendations as to whether it should be amended, replaced with an industry standard, or replaced or supplemented with more significant regulation to counter disinformation on digital platforms. 

R 16: Strengthen protections in the Privacy Act 

16(a) Update ‘personal information’ definition: 

Update the definition of ‘personal information’ in the Privacy Act to clarify that it captures technical data such as IP addresses, device identifiers, location data, and any other online identifiers that may be used identify an individual. 

16(b) Strengthen notification requirements: 

Require all collection of personal information to be accompanied by a notice from the APP entity collecting the personal information (whether directly from the consumer or indirectly as a third party), unless the consumer already has this information or there is an overriding legal or public interest reason. The notice must be concise, transparent, intelligible and easily accessible, written in clear and plain language, provided free of charge, and must clearly set out how the APP entity will collect, use and disclose the consumer’s personal information. Where the personal information of children is collected, the notice should be written at a level that can be readily understood by the minimum age of the permitted digital platform user. To provide consumers with a readily understood and meaningful overview of an APP entity’s data practices and as a means of reducing their information burden, it may also be appropriate for these requirements to be implemented along with measures such as the use of multi-layered notifications or the use of standardised icons or phrases. 

16(c) Strengthen consent requirements and pro-consumer defaults: 

Require consent to be obtained whenever a consumer’s personal information is collected, used or disclosed by an APP entity, unless the personal information is necessary for the performance of a contract to which the consumer is a party, is required under law, or is otherwise necessary for an overriding public interest reason. Valid consent should require a clear affirmative act that is freely given, specific, unambiguous and informed (including about the consequences of providing or withholding consent). This means that any settings for data practices relying on consent must be pre-selected to ‘off’ and that different purposes of data collection, use or disclosure must not be bundled. Where the personal information of children is collected, consents to collect the personal information of children must be obtained from the child’s guardian. It may also be appropriate for the consent requirements to be implemented along with measures to minimise consent fatigue, such as not requiring consent when personal information is processed in accordance with a contract to which the consumer is a party, or using standardised icons or phrases to refer to certain categories of consents to facilitate consumers’ comprehension and decision-making. 

16(d) Enable the erasure of personal information: 

Require APP entities to erase the personal information of a consumer without undue delay on receiving a request for erasure from the consumer, unless the retention of information is necessary for the performance of a contract to which the consumer is a party, is required under law, or is otherwise necessary for an overriding public interest reason. 

16(e) Introduce direct rights of action for individuals: 

Give individuals a direct right to bring actions and class actions against APP entities in court to seek compensation for an interference with their privacy under the Privacy Act. 

16(f) Higher penalties for breach of the Privacy Act: 

Increase the penalties for an interference with privacy under the Privacy Act to mirror the increased penalties for breaches of the Australian Consumer Law. 

R 17: Broader reform of Australian privacy law 

Broader reform of Australian privacy regime to ensure it continues to effectively protect consumers’ personal information in light of the increasing volume and scope of data collection in the digital economy. This reform should have regard to the following issues:  

1. Objectives: whether the objectives of the Privacy Act should place greater emphasis on privacy protections for consumers including protection against misuse of data and empowering consumers to make informed choices.
2.  Scope: whether the Privacy Act should apply to some of the entities which are currently exempt (for example small businesses, employers, registered political parties, etc.).  

3. Higher standard of protections:whether the PrivacyAct should set  a higher standard of privacy protection, such as by requiring all use and disclosure of personal information to be by fair and lawful means.  

4. Inferred information: whether the Privacy Act should offer protections for inferred information, particularly where inferred information includes sensitive information about an individual’s health, religious beliefs, political affiliations.  

5. De-identified information: whether there should be protections or standards for de-identification, anonymisation and pseudonymisation of personal information to address the growing risks of re-identification as datasets are combined and data analytics technologies become more advanced.  

6. Overseas dataflows: whether the Privacy Act should be revised such that it could be considered by the European Commission to offer ‘an adequate level of data protection’ to facilitate the flow of information to and from overseas jurisdictions such as the EU. 

7. Third-party certification: whether an independent certification scheme should be introduced. 

R 18: OAIC privacy code for digital platforms 

An enforceable code of practice developed by the OAIC, in consultation with industry stakeholders, to enable proactive and targeted regulation of digital platforms’ data practices (DP Privacy Code). The code should apply to all digital platforms supplying online search, social media, and content aggregation services to Australian consumers and which meet an objective threshold regarding the collection of Australian consumers’ personal information. The DP Privacy Code should be enforced by the OAIC and accompanied by the same penalties as are applicable to an interference with privacy under the Privacy Act. The ACCC should also be involved in developing the DP Privacy Code in its role as the competition and consumer regulator. The DP Privacy Code should contain provisions targeting particular issues arising from data practices of digital platforms, such as: 

1. Information requirements: requirements to provide and maintain multi-layered notices regarding key areas of concern and interest for consumers. The first layer of this notice should contain a concise overview followed by more detailed information in subsequent layers. The final layer of the notice should contain all relevant information that details how a consumer’s data may be collected, used, disclosed and shared by the digital platform, as well as the name and contact details for each third party to whom personal information may be disclosed.  

2. Consent requirements:requirements to provide consumers with specific,opt-in controls for any data collection that is for a purpose other than the purpose of supplying the core consumer-facing service and, where consents relate to the collection of children’s personal information, additional requirements to verify that consent is given or authorised by the child’s guardian.  

3. Opt-out controls: requirements to give consumers the ability to select global opt-outs or opt-ins, such as collecting personal information for online profiling purposes or sharing of personal information with third parties for targeted advertising purposes.  

4. Children’s data: additional restrictions on the collection, use or disclosure of children’s personal information for targeted advertising or online profiling purposes and requirements to minimise the collection, use and disclosure of children’s personal information.  

5. Information security: requirements to maintain adequate information security management systems in accordance with accepted international standards.  

6. Retention period: requirements to establish a time period for the retention of any personal information collected or obtained that is not required for providing the core consumer-facing service.  

7. Complaints-handling: requirements to establish effective and timely mechanisms to address consumer complaints. The ACCC considers that this recommendation could align with the Government’s March 2019 announcement to create a legislated code applying to social media and online platforms which trade in personal information. 

R 19: Statutory tort for serious invasions of privacy 

Introduce a statutory cause of action for serious invasions of privacy, as recommended by the Australian Law Reform Commission (ALRC). This cause of action provides protection for individuals against serious invasions of privacy that may not be captured within the scope of the Privacy Act. The cause of action should require privacy to be balanced against other public interests, such as freedom of expression and freedom of the media. This statutory cause of action will increase the accountability of businesses for their data practices and give consumers greater control over their personal information. 

R 20: Prohibition against unfair contract terms 

Amend the Competition and Consumer Act 2010 so that unfair contract terms are prohibited (not just voidable). This would mean that civil pecuniary penalties apply to the use of unfair contract terms in any standard form consumer or small business contract. 

R 21: Prohibition on certain unfair trading practices 

Amend the Competition and Consumer Act 2010 to include a prohibition on certain unfair trading practices. The scope of such a prohibition should be carefully developed such that it is sufficiently defined and targeted, with appropriate legal safeguards and guidance. The ACCC notes the current work on this issue being undertaken as part of the Consumer Affairs Australia and New Zealand (CAANZ) process, and will progress its support for the recommendation through that forum. 

R 22: Digital platforms to comply with internal dispute resolution requirements 

The development of minimum internal dispute resolution standards by the ACMA to apply to digital platforms. The standards should, among other things, set out requirements for the visibility, accessibility, responsiveness, objectivity, confidentiality and collection of information of digital platforms internal dispute resolution processes. They should also set out the processes for continual improvement, accountability, charges and resources. All digital platforms that supply services in Australia, and have over one million monthly active users in Australia, will be required to comply with the standards. Once published, relevant digital platforms will have six months to comply with the standards. Breaches of the standards would be dealt with by the ACMA, which will be vested with appropriate investigative and information gathering powers and the capacity to impose sufficiently large sanctions for breaches to act as an effective deterrent. 

R 23: Establishment of an ombudsman scheme to resolve complaints and disputes with digital platform providers 

The establishment of an independent ombudsman scheme to resolve complaints and disputes between consumers and digital platforms, and businesses and digital platforms. The ACMA and the relevant ombudsman will determine the nature of complaints and disputes that would be subject to the scheme. At a minimum, it should cover complaints or disputes from businesses relating to the purchase or performance of advertising services and complaints or disputes from consumers, including in relation to scams and the removal of scam content. 

The ombudsman should have the ability to compel information, make decisions that are binding on digital platforms, order compensation in appropriate cases and compel digital platforms to take down scam content. The ACCC recommends that the ACMA and the Telecommunications Industry Ombudsman (TIO) investigate the feasibility of the TIO taking on this role. If the ACMA and the TIO conclude that it is not feasible for the TIO to undertake this role, a standalone ombudsman should be created to resolve complaints about digital platforms.

Citizen Scoring

The ‘golden view’: data-driven governance in the scoring society' by Lina Dencik,  Joanna Redden, Arne Hintz and Harry Warne in (2019) 8(2) Internet Policy Review comments 

 Drawing on the first comprehensive investigation into the uses of data analytics in UK public services, this article outlines developments and practices surrounding the upsurge in data-driven forms of what we term ‘citizen scoring’. This refers to the use of data analytics in government for the purposes of categorisation, assessment and prediction at both individual and population level. Combining Freedom of Information requests and semi-structured interviews with public sector workers and civil society organisations, we detail the practices surrounding these developments and the nature of concerns expressed by different stakeholder groups as a way to elicit the heterogeneity, tensions and negotiations that shape the contemporary landscape of data-driven governance. Described by practitioners as a way to achieve a ‘golden view’ of populations, we argue that data systems need to be situated in this context in order to understand the wider politics of such a ‘view’ and the implications this has for state-citizen relations in the scoring society. 

The authors argue

 Questions about how data is generated, collected and used have taken hold of public imagination in recent years, not least in relation to government. While the collection of data about populations has always been central to practices of governance, the digital era has placed increased emphasis on the politics of data in state-citizen relations and contemporary power dynamics. In part a continuation of long-standing processes of bureaucratisation, the turn to data-centric practices in government across Western democracies emerges out of a significant moment in the securitisation of politics, the shrinking of the public sector, and the rise of corporate power. In the case of the United Kingdom, this is particularly brought to bear through an on-going austerity agenda since the financial crisis of 2008. Data analytics, in this context, is increasingly viewed and sold as providing a means to more efficiently target and deliver public services and to better understand social problems (Beer, 2018). 

As government has entered into this space, adopting the processes, logics and technologies of the private sector, this raises major questions about the nature of contemporary governance and the socio-technical shaping of citizenship. Of particular concern is how new and often obscure systems of categorisation, risk assessment, social sorting and prediction may influence funding and resource decisions, access to services, intensify surveillance and determine citizen status or worth. The proliferation of data sharing arrangements among government agencies is raising concerns about who is accessing citizen data, the potential for highly personal profiling, function creep and misuse. At the same time, the black boxed nature of big data processes, the dominant myths about data systems as objective and neutral, as well as the inability of most to understand these processes makes interrogating government data analytics systems difficult for researchers and near impossible for citizens without adequate resources (Pasquale, 2015; O’Neil, 2016; Kitchin, 2017). 

Moreover, the empirical underpinning for a more thorough understanding of these dynamics remains obscure as the implementation of data analytics in public services is only emerging. In this article we therefore contribute with an overview of developments of data analytics in public services in the particular case of the UK. Drawing on research carried out for the one-year project ‘Data Scores as Governance’, the article provides the first integrated analysis of the use of such systems in the UK and of the often polarised views and approaches among stakeholders. In mapping this emerging field, we explore the way these data systems are situated and used in practice, engaging with the myriad negotiations and challenges that emerge in this context. 

The article identifies an upsurge in data-driven forms of what we term ‘citizen scoring’ - the use of data analytics in government for the purposes of categorisation, assessment and prediction at both individual and population level. It demonstrates citizen scoring as a situated practice that emerges from an amalgamation of actors, imaginaries and political and economic forces that together shape and contest what was described in our research as a desired ‘golden view’ of citizens. The article thus highlights the heterogeneity of data practices, and points to the need for a nuanced understanding of the contingency of data systems on significant contextual factors that moves us beyond an engagement with the technologies themselves, towards a wider politics of their development, deployment, implementation and use as part of understanding the nature of citizenship in an emerging ‘scoring society’.

'Social Credit Systems in China' by Chuncheng Liu comments

 In 2014, the State Council of the People’s Republic of China (State Council) issued a blueprint, aimed to build a Social Credit System (SCS) to solve various social problems in the society by evaluating, classifying, awarding and punishing people based on their trustworthiness. Since 2014, various local experiments had been enacted in many Chinese cities with various innovating use of digital technologies. 

Based on the data I have collected from governmental policies (both central and local) and newspapers articles, this paper comprehensively explores and articulates the complicated multiplicity character of current Chinese SCSs and examine relationships among them. There are two broad fields of SCS experiments now: governmental and commercial. Commercial SCSs for institutions were developed in the 1990s, while commercial SCSs for individual, such as sesame score, started only after 2015. Both of these commercial credit systems are supervised by the People’s Bank of China (PBOC), China’s central bank. For governmental SCSs, we can further divide two levels of SCSs: national and municipal. Governmental national SCSs have two systems led by different governmental agencies. The first one is a financial credit system led by PBOC. The second is a blacklist-based system led by the Supreme People’s Court (SPC) and the National Development and Reform Commission (NDRC), a macroeconomic management governmental agency under the State Council. On the municipal level, different municipal governments are experimenting their own SCSs and propose different conceptualizations of what “(dis)credit” and “(mis)trustworthiness” are. 

After showing the multiplicity of Chinese SCSs, I will historize current SCSs and shows that many elements and assumptions of SCSs after 2014 can be traced back to a broader People’s Republic of China’s (PRC) political history. At last, I will propose an alternative theoretical framework to understand Chinese SCSs beyond a simple repressive and direct political project, but a symbolic system with performative power.

Reputation

'The Dark Side of Reputation' by Emily Kadens in (2019) 40(5) Cardozo Law Review comments 

Reputation is the foundation of theories of private ordering. These theories contend that commercial actors will act honestly because if they do not, they will get a bad reputation and others will not want to do business with them in the future. But economists and scholars of networks increasingly realize that reputation has its defects. Mixed in with trustworthy and useful reputation information on which commerce of all sorts relies is inaccurate, distorted, misguided, or outright fraudulent information. Much of the existing literature about reputation’s flaws focuses on unintentional distortions caused by biases, the requirements of social niceties, and the dearth of fully representative information. This Article, by contrast, approaches the problem of the distortion of reputation from the dark side. It uses a rich set of sixteenth- and seventeenth-century English court cases and merchant correspondence to examine how the deliberate manipulation of reputation, and, importantly, people’s failure to verify the gossip and rumors creating such reputation, enabled fraud. It turns out that reputation was “a complex process,” even in interconnected early modern markets in which merchants did business face-to-face and participated in active gossip networks. Even being caught, tried, and found guilty of a serious fraud did not necessarily undermine one’s business and perceived trustworthiness in these networks, which raises questions about how much the merchants depended upon reputation when making decisions about whom to trust.

Virtual Assets and AML/CTF

The Financial Action Task Force (FATF) Guidance For A Risk-Based Approach: Virtual Assets and Virtual Asset Service Providers comments

 In October 2018, the FATF adopted changes to its Recommendations to explicitly clarify that they apply to financial activities involving virtual assets, and also added two new definitions in the Glossary, “virtual asset” (VA) and “virtual asset service provider” (VASP). The amended FATF Recommendation 15 requires that VASPs be regulated for anti-money laundering and combating the financing of terrorism (AML/CFT) purposes, licenced or registered, and subject to effective systems for monitoring or supervision. In June 2019, the FATF adopted an Interpretive Note to Recommendation 15 to further clarify how the FATF requirements should apply in relation to VAs and VASPs, in particular with regard to the application of the risk-based approach (RBA) to VA activities or operations and VASPs; supervision or monitoring of VASPs for AML/CFT purposes; licensing or registration; preventive measures, such as customer due diligence, recordkeeping, and suspicious transaction reporting, among others; sanctions and other enforcement measures; and international co-operation.

The FATF also adopted the present Guidance1 on the application of the RBA to VAs and VASPs In June 2019. It is intended to help both national authorities in understanding and developing regulatory and supervisory responses to VA activities and VASPs, and to help private sector entities seeking to engage in VA activities, in understanding their AML/CFT obligations and how they can effectively comply with these requirements.

This Guidance outlines the need for countries and VASPs, and other entities involved in VA activities, to understand the ML/TF risks associated with their activities and take appropriate mitigating measures to address them. In particular, the Guidance provides examples of risk indicators that should specifically be considered in a VA context, with an emphasis on factors that would further obfuscate transactions or inhibit VASPs’ ability to identify customers.

The Guidance examines how VA activities and VASPs fall within the scope of the FATF Recommendations. It discusses the five types of activities covered by the VASP definition and provides examples of VA-related activities that would fall within the VASP definition and that would be excluded from the FATF scope. In that respect, it highlights the key elements required to qualify as a VASP, namely acting as a business on behalf of the customers and actively facilitating VA-related activities.

The Guidance describes the application of the FATF Recommendations to countries and competent authorities; as well as to VASPs and other obliged entities that engage into VA activities, including financial institutions such as banks and securities broker- dealers, among others. Almost all of the FATF Recommendations are directly relevant to address the ML/TF risks associated with VAs and VASPs, while other Recommendations are less directly or explicitly linked to VAs or VASPs, though are still relevant and applicable. VASPs therefore have the same full set of obligations as financial institutions or DNFBPs.

The Guidance details the full range of obligations applicable to VASPs as well as to VAs under the Recommendation approach. This includes clarifying that all of the funds or value- based terms in the FATF Recommendations (e.g., “property,” “proceeds,” “funds,” “funds or other assets,” and other “corresponding value”) include VAs. Consequently, countries should apply all of the relevant measures under the FATF Recommendations to VAs, VA activities, and VASPs.

The Guidance explains the VASP registration or licensing requirements, in particular how to determine in which country/ies VASPs should be registered or licensed – at a minimum where they were created; or in the jurisdiction where their business is located in cases where they are a natural person, but jurisdictions can also chose to require VASPs to be licensed or registered before conducting business in their jurisdiction or from their jurisdiction. The Guidance further underlines that national authorities are required to take action to identify natural or legal persons that carry out VA activities without the requisite license or registration. This would be equally applicable by countries which have chosen to prohibit VA and VA activities at national level.

Regarding VASP supervision, the Guidance makes clear that only competent authorities can act as VASP supervisory or monitoring bodies, and not self-regulatory bodies. They should conduct risk-based supervision or monitoring, with adequate powers, including the power to conduct inspections, compel the production of information and impose sanctions. There is a specific focus on the importance of international co-operation between supervisors, given the cross-border nature of VASPs’ activities and provision of services.

The Guidance makes clear that VASPs, and other entities involved in VA activities, need to apply all the preventive measures described in FATF Recommendations 10 to 21. The Guidance explains how these obligations should be fulfilled in a VA context and provides clarifications regarding the specific requirements applicable regarding the USD/EUR 1 000 threshold for VA occasional transactions, above which VASPs must conduct customer due diligence (Recommendation 10); and the obligation to obtain, hold, and transmit required originator and beneficiary information, immediately and securely, when conducting VA transfers (Recommendation 16). As the guidance makes clear, relevant authorities should co-ordinate to ensure this can be done in a way that is compatible with national data protection and privacy rules.

Finally, the Guidance provides examples of jurisdictional approaches to regulating, supervising, and enforcing VA activities, VASPs, and other obliged entities for AML/CFT.

The  Guidance states

1. New technologies, products, and related services have the potential to spur financial innovation and efficiency and improve financial inclusion, but they also create new opportunities for criminals and terrorists to launder their proceeds or finance their illicit activities. The risk-based approach is central to the effective implementation of the revised Financial Action Task Force (FATF) International Standards on Combating Money Laundering and the Financing of Terrorism and Proliferation, which FATF members adopted in 2012, and the FATF therefore actively monitors the risks relating to new technologies.

2. In June 2014, the FATF issued Virtual Currencies: Key Definitions and Potential AML/CFT Risks in response to the emergence of virtual currencies and their associated payment mechanisms for providing new methods of transmitting value over the Internet. In June 2015, the FATF issued the Guidance for a Risk-Based Approach to Virtual Currencies (the 2015 VC Guidance) as part of a staged approach to addressing the money laundering and terrorist financing (ML/TF) risks associated with virtual currency payment products and services.

3. The 2015 VC Guidance focuses on the points where virtual currency activities intersect with and provide gateways to and from (i.e., the on and off ramps to) the traditional regulated financial system, in particular convertible virtual currency exchangers. In recent years, however, the virtual asset space has evolved to include a range of new products and services, business models, and activities and interactions, including virtual-to-virtual asset transactions.

4. In particular, the virtual asset ecosystem has seen the rise of anonymity-enhanced cryptocurrencies (AECs), mixers and tumblers, decentralized platforms and exchanges, and other types of products and services that enable or allow for reduced transparency and increased obfuscation of financial flows, as well as the emergence of other virtual asset business models or activities such as initial coin offerings (ICOs) that present ML/TF risks, including fraud and market manipulation risks. Further, new illicit financing typologies continue to emerge, including the increasing use of virtual-to-virtual layering schemes that attempt to further obfuscate transactions in a comparatively easy, cheap, and secure manner.

5. Given the development of additional products and services and the introduction of new types of providers in this space, the FATF recognized the need for further clarification on the application of the Standards to new technologies and providers. In particular, in October 2018, the FATF adopted two new Glossary definitions—“virtual asset” (VA) and “virtual asset service provider” (VASP)—and updated Recommendation 15 (see Annex A). The objectives of those changes were to further clarify the application of the FATF Standards to VA activities and VASPs in order to ensure a level regulatory playing field for VASPs globally and to assist jurisdictions in mitigating the ML/TF risks associated with VA activities and in protecting the integrity of the global financial system. The FATF also clarified that the Standards apply to both virtual-to-virtual and virtual-to-fiat transactions and interactions involving VAs.

6. In June 2019, the FATF adopted an Interpretive Note to Recommendation 15 (INR. 15) to further clarify how the FATF requirements should apply in relation to VAs and VASPs, in particular with regard to the application of the risk-based approach to VA activities or operations and VASPs; supervision or monitoring of VASPs for anti-money laundering and countering the financing of terrorism (AML/CFT) purposes; licensing or registration; preventive measures, such as customer due diligence, recordkeeping, and suspicious transaction reporting, among others; sanctions and other enforcement measures; and international co-operation (see Annex A).

7 Purpose of the Guidance

8. This updated Guidance expands on the 2015 VC Guidance and further explains the application of the risk-based approach to AML/CFT measures for VAs; identifies the entities that conduct activities or operations relating to VA—i.e., VASPs; and clarifies the application of the FATF Recommendations to VAs and VASPs. The Guidance is intended to help national authorities in understanding and developing regulatory responses to covered VA activities and VASPs, including by amending national laws, where applicable, in their respective jurisdictions in order to address the ML/TF risks associated with covered VA activities and VASPs.

9. The Guidance also is intended to help private sector entities seeking to engage in VA activities or operations as defined in the FATF Glossary to better understand their AML/CFT obligations and how they can effectively comply with the FATF requirements. It provides guidelines to countries, competent authorities, and industry for the design and implementation of a risk- based AML/CFT regulatory and supervisory framework for VA activities and VASPs, including the application of preventive measures such as customer due diligence, record-keeping, and suspicious transaction reporting, among other measures.

10. The Guidance incorporates the terms adopted by the FATF in October 2018 and readers are referred to the FATF Glossary definitions for “virtual asset” and “virtual asset service provider” (Annex A).

11. The Guidance seeks to explain how the FATF Recommendations should apply to VA activities and VASPs; provides examples, where relevant or potentially most useful; and identifies obstacles to applying mitigating measures alongside potential solutions. It is intended to serve as a complement to Recommendation 15 on New Technologies (R. 15) and its Interpretive Note, which describe the full range of obligations applicable to VASPs as well as to VAs under the FATF Recommendations, including the Recommendations relating to “property,” “proceeds,” “funds,” “funds or other assets,” and other “corresponding value.” In doing so, the Guidance supports the effective implementation of national AML/CFT measures for the regulation and supervision of VASPs (as well as other obliged entities) and the covered VA activities in which they engage and the development of a common understanding of what a risk-based approach to AML/CFT entails.

12. While the FATF notes that some governments are considering a range of regulatory responses to VAs and to the regulation of VASPs, many jurisdictions do not yet have in place effective AML/CFT frameworks for mitigating the ML/TF risks associated with VA activities in particular, even as VA activities develop globally and VASPs increasingly operate across jurisdictions. The rapid development, increasing functionality, growing adoption, and global, cross-border nature of VAs therefore makes the urgent action by countries to mitigate the ML/TF risks presented by VA activities and VASPs a key priority of the FATF. While this Guidance is intended to facilitate the implementation of the risk-based approach to covered VA activities and VASPs for AML/CFT purposes, the FATF recognizes that other types of policy considerations may come into play and shape the regulatory response to the VASP sector in individual jurisdictions.

Scope of the Guidance 

13. The FATF Recommendations require all jurisdictions to impose specified, activities-based AML/CFT requirements on financial institutions (FIs) and designated non-financial businesses and professions (DNFBPs) and ensure their compliance with those obligations. The FATF has agreed that all of the funds- or value-based terms in the FATF Recommendations (e.g., “property,” “proceeds,” “funds,” “funds or other assets,” and other “corresponding value”) include VAs and that countries should apply all of the relevant measures under the FATF Recommendations to VAs, VA activities, and VASPs. The primary focus of the Guidance is to describe how the Recommendations apply to VAs, VA activities, and VASPs in order to help countries better understand how they should implement the FATF Standards effectively.

14. Further, the Guidance focuses on VAs that are convertible for other funds or value, including both VAs that are convertible to another VA and VAs that are convertible to fiat or that intersect with the fiat financial system, having regard to the VA and VASP definitions. It does not address other regulatory matters that are potentially relevant to VAs and VASPs (e.g., consumer protection, prudential safety and soundness, tax, anti-fraud or anti-market manipulation issues, network IT security standards, or financial stability concerns).

15. The Guidance recognizes that an effective risk-based approach will reflect the nature, diversity, and maturity of a country’s VASP sector, the risk profile of the sector, the risk profile of individual VASPs operating in the sector and the legal and regulatory approach in the country, taking into account the cross-border, Internet-based nature and global reach of most VA activities. The Guidance sets out different elements that countries and VASPs should consider when designing and implementing a risk-based approach. When considering the general principles outlined in the Guidance, national authorities will have to take into consideration their national context, including the supervisory approach and legal framework as well as the risks present in their jurisdiction, again in light of the potentially global reach of VA activities.

16. The Guidance takes into account that just as illicit actors can abuse any institution that engages in financial activities, illicit actors can abuse VASPs engaging in VA activities, for ML, TF, sanctions evasion, fraud, and other nefarious purposes. The 2015 VC Guidance, the 2018 FATF Risk, Trends, and Methods Group papers relating to this topic, and FATF reports and statements relating to the ML/TF risks associated with VAs, VA activities, and/or VASPs, for example, highlight and provide further context regarding the ML/TF risks associated with VA activities. While VAs may provide another form of value for conducting ML and TF, and VA activities may serve as another mechanism for the illegal transfer of value or funds, countries should not necessarily categorize VASPs or VA activities as inherently high ML/TF risks. The cross-border nature of, potential enhanced-anonymity associated with, and non-face-to-face business relationships and transactions facilitated by VA activities should nevertheless inform a country’s assessment of risk. The extent and quality of a country’s regulatory and supervisory framework as well as the implementation of risk-based controls and mitigating measures by VASPs also influence the overall risks and threats associated with covered VA activities. The Guidance also recognizes that despite these measures, there may still be some residual risk, which competent authorities and VASPs should consider in devising appropriate solutions.

17. The Guidance recognizes that “new” or innovative technologies or mechanisms for engaging in or that facilitate financial activity may not automatically constitute “better” approaches and that jurisdictions should also assess the risks arising from and appropriately mitigate the risks such new methods of performing a traditional or already-regulated financial activity, such as the use of VAs in the context of payment services or securities activities, as well.

18. Other stakeholders, including FIs and other obliged entities that provide banking services to VASPs or to customers involved in VA activities or that engage in VASP activities themselves should also consider the aforementioned factors. FIs should apply a risk-based approach when considering establishing or continuing relationships with VASPs or customers involved in VA activities, evaluate the ML/TF risks of the business relationship, and assess whether those risks can be appropriately mitigated and managed (see Section IV). It is important that FIs apply the risk-based approach properly and do not resort to the wholesale termination or exclusion of customer relationships within the VASP sector without a proper risk assessment.

19. In considering the Guidance, countries, VASPs and other obliged entities that engage in or provide covered VA activities should recall the key principles underlying the design and application of the FATF Recommendations and that are relevant in the VA context:

a) Functional equivalence and objectives-based approach. The FATF requirements, including as they apply in the VA space, are compatible with a variety of different legal and administrative systems. They broadly explain what must be done but not in an overly-specific manner about how implementation should occur in order to allow for different options, where appropriate. Any clarifications to the requirements should not require jurisdictions that have already adopted adequate measures to achieve the objectives of the FATF Recommendations to change the form of their laws and regulations. The Guidance seeks to support ends-based or objectives-based implementation of the relevant FATF Recommendations rather than impose a rigid prescriptive one-size-fits-all regulatory regime across all jurisdictions. 

b) Technology-neutrality and future-proofing. The requirements applicable to VAs, as value or funds, to covered VA activities, and to VASPs apply irrespective of the technological platform involved. Equally, the requirements are not intended to give preference to specific products, services, or solutions offered by commercial providers, including technological implementation solutions that aim to assist providers in complying with their AML/CFT obligations. Rather, the requirements are intended to have sufficient flexibility that countries and relevant entities can apply them to existing technologies as well as to evolving and emerging technologies without requiring additional revisions. 

c) Level-playing field. Countries and their competent authorities should treat all VASPs on an equal footing from a regulatory and supervisory perspective in order to avoid jurisdictional arbitrage. As with FIs and DNFBPs, countries should therefore subject VASPs to AML/CFT requirements that are functionally equivalent to other entities when they offer similar products and services and based on the activities in which the entities engage.

20. This Guidance is non-binding and does not overrule the purview of national authorities, including on their assessment and categorization of VASPs, VAs, and VA activities, as per the country or regional circumstances, the prevailing ML/TF risks, and other contextual factors. It draws on the experiences of countries and of the private sector and is intended to assist competent authorities, VASPs, and relevant FIs (e.g., banks engaging in covered VA activities) in effectively implementing the FATF Recommendations using a risk-based approach.

Structure

21. This Guidance is organized as follows: Section II examines how VA activities and VASPs fall within the scope of the FATF Recommendations; Section III describes the application of the FATF Recommendations to countries and competent authorities; Section IV explains the application of the FATF Recommendations to VASPs and other obliged entities that engage in or provide VA covered activities, including FIs such as banks and securities broker-dealers, among others; and Section V provides examples of jurisdictional approaches to regulating, supervising, and enforcing covered VA activities and VASPs (and other obliged entities) for AML/CFT.

22. Annexes A, B, and C include relevant resources that augment this Guidance, including the June 2014 FATF Virtual Currencies: Key Definitions and Potential AML/CFT Risks paper, the June 2015 VC Guidance, the updated text of Recommendation 15 and its Interpretive Note, and the “virtual asset” and “virtual asset service provider” definitions within the FATF Glossary

The Annex to the Guidance deals with  Recommendation 15 and its Interpretive Note and FATF Definitions -

Recommendation 15 – New Technologies Countries and financial institutions should identify and assess the money laundering or terrorist financing risks that may arise in relation to (a) the development of new products and new business practices, including new delivery mechanisms, and (b) the use of new or developing technologies for both new and pre-existing products. In the case of financial institutions, such a risk assessment should take place prior to the launch of the new products, business practices or the use of new or developing technologies. They should take appropriate measures to manage and mitigate those risks. To manage and mitigate the risks emerging from virtual assets, countries should ensure that virtual asset service providers are regulated for AML/CFT purposes, and licensed or registered and subject to effective systems for monitoring and ensuring compliance with the relevant measures called for in the FATF Recommendations. 

The  Interpretative Note to Recommendation 15 states

1. For the purposes of applying the FATF Recommendations, countries should consider virtual assets as “property,” “proceeds,” “funds,” “funds or other assets,” or other “corresponding value.” Countries should apply the relevant measures under the FATF Recommendations to virtual assets and virtual asset service providers (VASPs). 

2. In accordance with Recommendation 1, countries should identify, assess, and understand the money laundering and terrorist financing risks emerging from virtual asset activities and the activities or operations of VASPs. Based on that assessment, countries should apply a risk- based approach to ensure that measures to prevent or mitigate money laundering and terrorist financing are commensurate with the risks identified. Countries should require VASPs to identify, assess, and take effective action to mitigate their money laundering and terrorist financing risks. 

3. VASPs should be required to be licensed or registered. At a minimum, VASPs should be required to be licensed or registered in the jurisdiction(s) where they are created. In cases where the VASP is a natural person, they should be required to be licensed or registered in the jurisdiction where their place of business is located. Jurisdictions may also require VASPs that offer products and/or services to customers in, or conduct operations from, their jurisdiction to be licensed or registered in this jurisdiction. Competent authorities should take the necessary legal or regulatory measures to prevent criminals or their associates from holding, or being the beneficial owner of, a significant or controlling interest, or holding a management function in, a VASP. Countries should take action to identify natural or legal persons that carry out VASP activities without the requisite license or registration, and apply appropriate sanctions. 

4. A country need not impose a separate licensing or registration system with respect to natural or legal persons already licensed or registered as financial institutions (as defined by the FATF Recommendations) within that country, which, under such license or registration, are permitted to perform VASP activities and which are already subject to the full range of applicable obligations under the FATF Recommendations. 

5. Countries should ensure that VASPs are subject to adequate regulation and supervision or monitoring for AML/CFT and are effectively implementing the relevant FATF Recommendations, to mitigate money laundering and terrorist financing risks emerging from virtual assets. VASPs should be subject to effective systems for monitoring and ensuring compliance with national AML/CFT requirements. VASPs should be supervised or monitored by a competent authority (not a SRB), which should conduct risk-based supervision or monitoring. Supervisors should have adequate powers to supervise or monitor and ensure compliance by VASPs with requirements to combat money laundering and terrorist financing including the authority to conduct inspections, compel the production of information, and impose sanctions. Supervisors should have powers to impose a range of disciplinary and financial sanctions, including the power to withdraw, restrict or suspend the VASP’s license or registration, where applicable. 

6. Countries should ensure that there is a range of effective, proportionate and dissuasive sanctions, whether criminal, civil or administrative, available to deal with VASPs that fail to comply with AML/CFT requirements, in line with Recommendation 35. Sanctions should be applicable not only to VASPs, but also to their directors and senior management. 

7. With respect to preventive measures, the requirements set out in Recommendations 10 to 21 apply to VASPs, subject to the following qualifications:

(a) R.10 – The occasional transactions designated threshold above which VASPs are required to conduct CDD is USD/EUR 1 000.

(b) R.16 – Countries should ensure that originating VASPs obtain and hold required and accurate originator information and required beneficiary information on virtual asset transfers, submit3 the above information to the beneficiary VASP or financial institution (if any) immediately and securely, and make it available on request to appropriate authorities. 

Countries should ensure that beneficiary VASPs obtain and hold required originator information and required and accurate beneficiary information on virtual asset transfers, and make it available on request to appropriate authorities. Other requirements of R.16 (including monitoring of the availability of information, and taking freezing action and prohibiting transactions with designated persons and entities) apply on the same basis as set out in R.16. The same obligations apply to financial institutions when sending or receiving virtual asset transfers on behalf of a customer. 

8. Countries should rapidly, constructively, and effectively provide the widest possible range of international co-operation in relation to money laundering, predicate offences, and terrorist financing relating to virtual assets, on the basis set out in Recommendations 37 to 40. In particular, supervisors of VASPs should exchange information promptly and constructively with their foreign counterparts, regardless of the supervisors’ nature or status and differences in the nomenclature or status of VASPs.

The UK Jurisdiction Taskforce has meanwhile released a discussion paper as part of its Consultation on the status of cryptoassets, distributed ledger technology and smart contracts under English private law.

The paper states

Background to this consultation 

The development of distributed ledger technology (“DLT”), cryptoassets, smart contracts and associated technologies has far-reaching implications for financial markets, both domestically and internationally. Nevertheless, the experience of market participants at present suggests that a lack of certainty regarding the legal status of cryptoassets, DLT and smart contracts could be hampering this development. This uncertainty does not solely arise in the context of English law and the jurisdiction of England and Wales. However, creating a measure of confidence in these issues would increase confidence in the use of cryptoassets, DLT and smart contracts and bolster the use of English law and the jurisdiction of England and Wales in transactions concerning cryptoassets, as well as in smart contracts more generally.

English law, as a well-developed flexible common law system, has the ability to provide the certainty and predictability that the commercial community demands, and is well able to adapt to deal with fast-changing technologies. Consequently, English law and the jurisdiction of England and Wales are well-positioned to provide the legal foundation for the development of these technologies. 

Scope of this consultation 

The LawTech Delivery Panel (“LTDP”) was established by the UK Government, the Judiciary and the Law Society of England and Wales and has as its overarching objective the promotion of the use of technology in the UK’s legal sector.  The UKJT is one of six taskforces established by the LTDP for the purposes of achieving this objective. 

The objective of the UKJT is to demonstrate that English law and the jurisdiction of England and Wales together provide a state-of-the-art foundation for the development and use of DLT, smart contracts and associated technologies. In pursuit of this objective, the UKJT is co-ordinating the preparation of an authoritative legal statement (“Legal Statement”) on the status of cryptoassets and smart contracts under English private law. The intention is that the Legal Statement will either demonstrate that English private law already provides sufficiently certain foundations in relation to the relevant issues, or will highlight particular areas of uncertainty that may be ripe for further clarificatory steps to be taken.

The purpose of this consultation is to seek input from stakeholders as to the principal issues of perceived legal uncertainty regarding the status of cryptoassets and smart contracts under English private law to inform what should be addressed in the Legal Statement.

In Annex 1 (Questions to be addressed in the Legal Statement), we have set out what the UKJT considers to be the principal issues. However, ultimately, for the Legal Statement to serve its purpose, it must address those issues that market participants themselves are most concerned with. This is why we hope that key industry stakeholders will find time to participate in this consultation.

In Annex 2 (Overview and key features of DLT), we outline the key features of DLT. This informs the UKJT’s understanding of the key legal issues arising in this context and, ultimately, those that will be addressed in the Legal Statement. In Annexes 3 (Cryptoassets) and 4 (Smart contracts), we provide further detail on the technical aspects of cryptoassets and smart contracts, again, each with the intention of informing an understanding of the issues to be addressed in the Legal Statement.

Overview of the key issues of legal uncertainty included in this consultation

As this consultation and the Legal Statement are focused on private law, the questions identified in Annex 1 (Questions to be addressed in the Legal Statement) are accordingly limited in scope.

Quite intentionally, they do not cover certain other areas of law insofar as they relate to cryptoassets or smart contracts, including (among others) their regulatory characterisation and treatment, matters of taxation, criminal law, partnership law, data protection, consumer protection, settlement finality,6 regulatory capital, anti-money laundering or counter-terrorist financing. We recognise that these are important areas, and ones in which market participants may feel there exists a degree of legal uncertainty in some instances. However, the UKJT feels that other bodies or organisations are better-placed to provide the necessary clarity on these issues, and so they do not form a part of this project. The questions also do not address certain areas of perceived legal uncertainty where too many potential factual scenarios would need to be considered in order for any helpful answers to be provided.

We set out below some background on the questions which we have included in Annex 1 (Questions to be addressed in the Legal Statement). Legal status of cryptoassets

Many aspects of the status of cryptoassets as a matter of English private law are considered by some to be unclear. In particular, notwithstanding that a significant amount of work has been undertaken in relation to a number of these issues by various academic, professional and public bodies, it is understood to be of general concern to the market that an authoritative response be given to the questions of whether, and, if so, the circumstances in which, a cryptoasset may be characterised under English law as property. The questions relevant to this are therefore set out in paragraphs 1.1 and 1.2 of Annex 1 (Questions to be addressed in the Legal Statement).

Property law matters both to users of a DLT system and to third parties dealing with those users. If a cryptoasset is not property, it cannot be owned. If it cannot be owned, it cannot be purchased, sold, otherwise transferred in law or rights to it asserted if it is stolen. Neither can a trust be declared, or security created, over it. The concept of a cryptoasset being recognised as property is therefore critical to the application of private law to transactions involving cryptoassets. If a cryptoasset is recognised as property, it is then necessary to understand the legal nature of that property. Traditionally, English law recognises physical things (choses in possession) and legal rights (choses in action) as property”.8 If a cryptoasset is recognised as property, does it fall into one of these categories or does it fall within some other category of property under English law? This is also critical to the application of private law to transactions involving cryptoassets because it is necessary to determine the location of property (its situs), under most legal systems, in order to determine the correct law governing transfers (alienation) of the property concerned. Consequently, the response to the threshold question of whether a cryptoasset may be recognised under English law as property either dictates to a large degree or is materially relevant to the outcome of a series of ancillary questions, including whether certain types of security may validly be granted over it and its treatment for certain purposes as a matter of English insolvency law. These questions are set out in paragraphs 1.2.1 to 1.2.6 of Annex 1 (Questions to be addressed in the Legal Statement).

Equally, if a cryptoasset is capable of being recognised as property under English law, there is a series of additional questions as to other characterisations under English private law which may also be relevant. These questions include whether a cryptoasset may be characterised as a “documentary intangible” or as being “negotiable” (i.e. in the sense that a transferee may, by the mere transfer of a cryptoasset, acquire better title to that cryptoasset than that of its transferor), and whether cryptoassets may be recognised as “goods” for certain statutory purposes. These questions are set out in paragraphs 1.2.7 to 1.2.11 of Annex 1 (Questions to be addressed in the Legal Statement).

The UKJT also understands that there is uncertainty among market participants as to whether DLT records of cryptoassets are capable of amounting to a “register” for the purposes of evidencing, constituting and transferring title to certain types of securities under English law.

This question is set out in paragraph 1.2.12 of Annex 1 (Questions to be addressed in the Legal Statement). In Annex 3 (Cryptoassets), we discuss the meaning of the term “cryptoasset”, building on the general overview of DLT provided in Annex 2 (Overview and key features of DLT). In doing so, we explain certain key features of cryptoassets within some commonly used DLT models, with the aim of providing the authors of the Legal Statement with a description of certain key common features, given the multiplicity of potential models which exist.

Enforceability of smart contracts

As noted by the Law Commission of England and Wales, to ensure that the English courts and English law remain competitive choices for business, there is a compelling case for reviewing the current English legal framework to ensure that it facilitates the use of smart contracts.

It is understood that market participants attempting to replicate contractual arrangements written in prose using smart contracts, are principally concerned that the circumstances in which smart contracts are capable of giving rise to binding legal obligations be clarified. This question is set out in paragraph 2.1 of Annex 1 (Questions to be addressed in the Legal Statement).

The UKJT is aware that some market participants may question the merits of this exercise, given that some among them may view one of the benefits of smart contracts as being that they are sometimes considered to remove the need for parties to rely on a legal framework to enforce their rights against each other. However, if smart contracts are capable of giving rise to binding legal obligations, it will be important for parties to be aware of the circumstances in which this will be the case (notably if the parties’ intention is not to create legal relations). It will also be important for parties to know if and how their rights might be enforced in the event that technology does not work as expected.

Again, depending on the answer to that principal question, a series of ancillary questions arises. Notably, how the general principles of contractual interpretation would be applied by an English court in the context of a smart legal contract and the circumstances in which a statutory signature or “in writing” requirement may be met in the context of smart legal contracts. These questions are set out in paragraph 2.2 of Annex 1 (Questions to be addressed in the Legal Statement).

In Annex 4 (Smart contracts), we discuss how the market currently understands the term “smart contract”, again building on the general overview of DLT provided in Annex 2 (Overview and key features of DLT). In doing so, we explain at a high level certain of the key features of smart contracts, and how they differ as between different implementations. As with Annex 3 (Cryptoassets), the aim of this section is to inform and help circumscribe the answers that will be provided in the Legal Statement.

Application of English law

Readers may note that, with the exception of the question posed in paragraph 1.2.3 of Annex 1 (Questions to be addressed in the Legal Statement), the question of the extent to which English law would be the applicable law in relation to dealings or other arrangements involving cryptoassets or smart contracts is not dealt with directly. The UKJT recognises that this is an area of much uncertainty for market participants. It is also of the view, however, that this is an issue which is highly fact-dependent, which limits the effectiveness of any attempt to provide a broad Legal Statement on the topic.

That said, the UKJT does consider that there would be value in setting out guidance within the Legal Statement as to the steps that may be taken by developers and participants to reduce uncertainty by ensuring, where desired, that English law will govern the relevant dealings or other arrangements, such as transactions within a DLT system or smart contracts to be deployed within such system.

AgGag and the Criminal Code Amendment (Agricultural Protection) Bill

The Criminal Code Amendment (Agricultural Protection) Bill 2019 (Cth) will presumably warm hearts among rural communities but feature provisions that when read in context with existing telecommunications/criminal law are redundant.

The Bill would amend the Criminal Code Act 1995 (Cth) (the Criminal Code) to introduce two new offences relating to the incitement of trespass or property offences on agricultural land. The Bill relies on the Commonwealth’s telecommunications power under the Australian Constitution, with the requirement in the offence that the relevant criminal conduct be engaged in using a carriage service.

.The first offence would apply where a person uses a carriage service to transmit, make available, publish or otherwise distribute material with the intent to incite another person to trespass on agricultural land. This offence would require that the person is reckless as to whether the other person’s trespass or related conduct could cause detriment to a primary production business being carried on on the land. A person found guilty of this offence could face up to 12 months’ imprisonment. 

The second offence would apply where a person uses a carriage service to transmit, make available, publish or otherwise distribute material with the intent to incite another person to unlawfully damage or destroy property, or commit theft, on agricultural land. A person found guilty of this offence could face up to five years’ imprisonment, to reflect the more serious nature of the incited conduct.

 ‘Agricultural land’ is a defined term in the Bill - land used for a primary production business. Primary production business is defined as including farming businesses, such as chicken farms and piggeries, as well as businesses operating an abattoir or an animal saleyard.

The Bill contains exemptions for journalists and those who are making lawful disclosures of information, including whistleblowers. Under the exemption for journalists, the offences would not apply to material relating to a news report or current affairs report which is in the public interest and is made by a person working in a professional capacity as a journalist.  Under the exemption for whistleblowers, the offences would not apply to conduct engaged in by a person if, as a result of the operation of a law of the Commonwealth, a State or a Territory, the person is not subject to civil or criminal liability for the conduct. For example, the offence would not apply to a person who makes a public interest disclosure in accordance with the Public Interest Disclosure Act 2013 (Cth), whistleblower protections under the Corporations Act 2001 (Cth), or in accordance with other Commonwealth, state or territory whistleblower or lawful disclosure regimes.

We should note that use of “a carriage service to menace, harass, or cause offence” is already punishable under section 474.17 of the Criminal Code. It is unlikely that the amendment will effectively address concerns evident in submissions by civil society and other advocates regarding state legislation such as that highlighted here.

The Explanatory Memorandum comments in relation to the ICCPR that

The Bill’s objective is to reduce the malicious use of carriage services to encourage trespass, property damage or theft on private property. The use of a carriage service by perpetrators to communicate or share material with the intention that criminal activity occur, has the potential to contaminate food safety, breach biosecurity protocols and cause distress to members of the community. The extent to which the Bill would restrain the rights provided by [ICCPR] article 17 is a necessary consequence of, and proportionate to, the pursuit of this legitimate objective. 

. The ready sharing of material intended to incite a crime is not the type of correspondence article 17 aims to protect. In its preamble, the ICCPR states that “the individual [has] duties to other individuals and to the community to which he belongs” and that “freedom from fear and want can only be achieved if conditions are created whereby everyone may enjoy his civil and political rights”. The unchecked transmission of materials intended to incite trespass, property damage and theft is incompatible with the goals of the ICCPR and all other international human rights instruments. ... . 

Criminalising the use of a carriage service to incite crimes against another’s property promotes the objectives of “freedom from fear” and fosters conditions “whereby everyone may enjoy his civil and political rights”.

Further

New sections 474.46 and 474.47, proposed in Schedule 1 to the Bill, would limit an individual’s right to freedom of expression. These sections would criminalise the use of a carriage service to transmit material with the intention of inciting trespass or property damage, destruction or theft, on agricultural land. 

. The offences in the Bill are intended to protect the rights of Australian farmers and prevent harm to public order and public health from property offences incited by the use of a carriage service. 

Incitement of property offences on agricultural land has the potential to affect the rights of Australian farmers to feel safe on their properties. It also risks harm to public health through the contamination of food, and the breach of biosecurity protocols. Criminalising the use of a carriage service to transmit materials, with the intention to incite trespass, damage property or commit theft on agricultural land is a reasonable and proportionate measure to uphold rights, and protect public health. 

In light of the above, the Bill is consistent with the right to freedom of expression. To the extent that the Bill impacts this right, that limitation is reasonable, necessary and proportionate to the objective of protecting public health and the rights of Australian farmers.

Pharmacies

'Pharmacist Compliance With Therapeutic Guidelines on Diagnosis and Treatment Provision' by Harriet Smith, Stephen Whyte, Ho Fai Chan, Gregory Kyle, Esther T. L. Lau, Lisa M. Nissen, Benno Torgler and Uwe Dulleck in (2019) 2(7) JAMA Network Open considers effective mechanisms for ensuring compliance in the provision of over-the-counter pharmaceuticals for symptom-based requests and product-based requests in Australian pharmacies.

The authors' findings are

 In this quality improvement study using standardized patients in scenarios of requests for emergency hormonal contraception and medication for conjunctivitis, 57.6% of pharmacies followed dispensing behavior compliant with the protocol, while 31.3% involved some form of overtreatment or overselling of medication. There was also evidence of an interaction between sex of the standardized patient and pharmacist. Given the unintended adverse effects of overtreatment, this study suggests the advisability of regulatory intervention (and further behavioral research) to ensure compliance with professional protocols.

They report 

Misuse and overselling of over-the-counter pharmaceuticals poses a major burden on both private and public health expenditures. 

Objective 

To seek evidence on whether over-the-counter medication dispensing behavior complies or conflicts with the protocols indicated in practice standards and guidelines of a national professional pharmacy organization. 

Design, Setting, and Participants 

This quality improvement study was undertaken in 205 pharmacies in the wider Brisbane, Australia, area. Two standardized patient (SP) scenarios were developed to evaluate noncompliant behavior. Data collection for scenario 1 was conducted between November 23 and December 9, 2016. Data collection for scenario 2 was conducted between September 1 and 28, 2017. A 2-sample test of proportions and a probit regression model were used to evaluate the likelihood of noncompliant treatments and overtreatments in each case scenario. Statistical analysis was performed from January 30 to June 21, 2018, and revised in May 2019. 

Main Outcomes and Measures 

Outcomes were the observed likelihood of noncompliant treatments and overtreatments. Noncompliance is defined as treatments not complying with practice standards and guidelines set by the professional pharmacy society. Noncompliant treatments include undertreatment (patient did not receive necessary treatment) and overtreatments (patient was supplied with more than sufficient treatments) in both scenarios. 

Results 

In scenario 1, 9 trained female SPs visited 89 pharmacies to request emergency hormonal contraception from pharmacy staff. In 45 cases, SPs reported having unprotected intercourse within the last 24 hours (case 1A), and in 44 cases, SPs reported having unprotected intercourse more than 72 hours ago (case 1B), which is past the efficacy threshold of over-the-counter emergency hormonal contraception. In scenario 2, 11 SPs (5 male and 6 female) visited 150 pharmacies (154 visits in total) to request treatment for family members or a partner with symptoms indicating bacterial conjunctivitis (case 2A; n = 73) or viral conjunctivitis (case 2B; n = 81). In scenario 1—dispensing emergency hormonal contraception when physician referral is recommended—21 of 44 pharmacists (47.7%) in case 1B violated the recommendation by selling the over-the-counter medication. With the inclusion of both no physician referral and emergency hormonal contraception sold, this rate increased to 79.5% (35 of 44 pharmacists). In scenario 2—1 case each of bacterial and viral conjunctivitis—overtreatment occurred in 55 of 154 cases (35.7%). In both scenarios, 140 of 243 pharmacies (57.6%) followed dispensing behavior compliant with the protocol, while 76 of 243 pharmacies (31.3%) involved some form of overtreatment or overselling of medication. Some evidence of an association between sex of SP and pharmacist was also found. 

Conclusions and Relevance 

Although the market for dispensing over-the-counter medication in Australia is regulated, relatively high rates of overtreatment and some cases of undertreatment were observed in this study. Given the unintended adverse effects, including overuse of antibiotics and corticosteroids, these observations suggest the advisability of regulatory intervention ensuring compliance with professional protocols.