Cryptoassets and smart contracts

The UK Jurisdiction Taskforce (a taskforce of the Law Society’s LawTech Delivery Panel) has published a statement on the legal status of cryptoassets and smart contracts, following a public consultation. Its two key findings are set out below, but these have not yet been tested in the English courts and stakeholders are likely to want to see appropriate legislation and regulation brought into force to address these issues.

  • Cryptoassets have all the legal characteristics of property and are, as a matter of English legal principle, to be treated as property. This conclusion is likely to have important consequences in areas relating to succession on death, the vesting of property in personal bankruptcy and the rights of liquidators in corporate insolvency.
  • Smart contracts are capable of satisfying the requirements of English law contract formation principles and can therefore be interpreted and enforced using ordinary and well-established legal principles. Further, a statutory signature requirement is highly likely to be capable of being met by means of a private key encryption.

Review of cyber security for 2020

On 4 November 2019, the Department for Digital, Culture, Media and Sport put out a call for evidence as part of its review of cyber security incentives and regulation for 2020. The review aims to:

  • identify the barriers which prevent organisations from improving cyber security;
  • understand the effectiveness of existing regulations;
  • develop a range of policy proposals to address identified gaps.

The closing date for submissions is Friday 20 December 2019, and the questions can be completed online here:


Database right infringement

The High Court has found 77m (a geospatial address dataset creator) liable for database right infringement.

77m had created a dataset of the geospatial co-ordinates of all residential and non-residential addresses in Great Britain, for which it wished to sell access by combining large amounts of data from various datasets, including data derived from Ordnance Survey (OS). 77m did not get the data from OS directly but got it from other sources and there were complicated licences in place between the parties and the various sources.

The court said that it was irrelevant that 77m had extracted some of the data from a third party dataset rather than the OS database and that it was also irrelevant that it had transferred data only temporarily to a computer and then discarded it. 

Facebook failed to protect user data – fined £500k

On 30 October 2019, the Information Commissioner’s Office (ICO) issued a statement saying that Facebook and the ICO have settled their dispute over Facebook’s failure to protect app users’ personal data, some of which Cambridge Analytica (CA) used for micro-targeting of political adverts during the EU Referendum.

As part of the agreement, Facebook agreed to pay a £500,000 fine levied under the Data Protection Act 1998 but did not admit liability and was allowed to retain documents disclosed by the ICO during the appeal, for the purposes of its own internal investigations.

“Right to be forgotten” – Google’s obligations

The European Court of Justice (ECJ) has held that Google does not have to apply the right to erasure (or “right to be forgotten”) throughout the world.

The ECJ said that the right to erasure “cannot create rights beyond the boundaries of the EU”, so no obligation of global delisting could be imposed on Google.

This means that, although information may be required to be erased on it may still be available on