smart contracts

Smart Contract and Blockchain: what they are, how they work and their compliance with GDPR.

smart.contract.jpg

According to the definition of art. 1321 of the Civil Code, a contract is "the agreement between two or more parties to establish, modify or terminate a legal asset relationship". A smart contract is instead a "piece of code" - a software - that executes an agreement between its parties if certain conditions are met.

On the basis of these simple definitions it is easy to note that while contracts in the legal sense of the term require the parties to play an active role - i.e. the performance of specific actions for the fulfilment of obligations - smart contracts are "self-executing" because, once the conditions are met, the outcome of the desired transaction is automatically obtained on the basis of the terms incorporated in the code. It is therefore possible to see that in a smart contract - unlike what might happen in a legal contract - a delay or failure to fulfil obligations is technically impossible.

On the basis of these considerations it can be argued that in a smart contract it is not necessary that there is a prior trust between the parties and that there is a third party who is entrusted with the power to coercively impose performance in the event of a breach. All this is possible because the trust component - at the heart of the legal contract - is replaced by the implicit transparency of the Blockchain infrastructure on which the smart contracts are placed and operate.

Blockchain: transparency and lack of authority

The Blockchain can be defined as a set of blocks linked together in an immutable way and that record information using a cryptographic system. This infrastructure allows parties with no previous contractual (and therefore trusted) relationships to carry out transactions securely and without the supervision or control of a centralized authority.

The development of blockchain technology has contributed to the spread of smart contracts by enhancing some of their fundamental characteristics.

Being stored in the public system and distributed, transactions that take place in Blockchain can be verified and validated by all participants in the network. From this it follows that the security of the system is greatly increased, since any change, alteration, deletion of a transaction should be replicated in each distributed registry. Therefore, the smart contacts implemented on Blockchain are virtually unchangeable and are not subject to any external interference.

These mechanisms also allow unknown parties to carry out transactions without the need for a trusted third party on which network participants should otherwise rely to perform and enforce mutual obligations. The lack of a centralized third party also leads to a reduction in transaction costs, as no fees are retained by any intermediary (e.g. financial institutions).

Using smart contracts implemented on blockchain is now a reality in many sectors, including financial and insurance markets, real estate, commercial agreements and copyright management.

Leases could also benefit from blockchain technology: the lessor could provide the lessee with a digital key to be delivered in exchange for an electronic payment. The operation would be considered extraordinarily secure because only if both the electronic key and the payment are actually made available (as verified by hundreds of participants in the blockchain system) the transaction will be carried out.

Oracle: bridge between virtual and real

In most cases, the execution of smart contracts is activated through the reception of information collected from institutional sources located in the real world and which is entered into the Blockchain system through a "bridge" - called oracle.

Oracle is a structure that connects what is in the chain of blocks from what is outside it, acting as a bridge between off-chain and on-chain events. The external data used by an oracle can derive both from events in the "real" world (for example, tracking a shipment) and from the digital environment (stock market data and other public indexes).

To understand how Oracle works, it is interesting to analyze the use of smart contracts in the insurance market. A policy designed to ensure coverage of losses resulting from earthquakes could benefit from a smart contract component. In this situation, the oracle would have the function of retrieving relevant information in the real world - for example, the seismic magnitude value directly from official government sources - and feeding it into Blockchain. In this way, the amount of compensation to be paid to the insured could be determined automatically without the need for any documentation to be produced by the insured. This mechanism is also suitable for reproduction in other contexts such as delayed or cancelled flights insurance.

Blockchain, Smart Contract and GDPR

All data entered into Blockchain are pseudonymized (suitable for revealing the identity of users through a reidentification process) and therefore fall within the scope of recital 26 of the GDPR, which requires the application of the European Regulation to all information relating to identifiable persons.

Despite the provisions of the regulation, it is easy to see that the effective application of the GDPR provisions to the Blockhchain infrastructure raises a number of issues.

One of the main aspects of the Blockchain is the lack of a centralized authority: each participant has the ability to create, verify and have access to the public register of transactions and all relevant data. In a decentralised context such as that of the Blockchain, it is therefore impossible to define the roles of data controller and data controller (key figures in European legislation).

It should also be noted that the data entered in Blockchain are by nature immutable, while the GDPR assumes that any data can be modified or deleted at the request of the data subject, when he wants to exercise the right to rectification of information or the right to be forgotten, under Articles 16 and 17.

Not even the principle of data minimization can be easily applied to the blockchain system: the records in fact include data from all previous transactions that are constantly expanding and are stored in the devices of all participants in the network. This is in open contrast to the provisions of the GDPR that provide that personal data are processed only when necessary for specific purposes previously identified.