Month: November 2018

30 Nov 2018

The General Data Protection Regulation, the right to be forgotten in connection with the Financial Services Sector

Europe’s landmark data privacy law, GDPR, came into effect last May. What counts as personal data under the GDPR?

 

The General Data Protection Regulation, better known as ‘GDPR’ has at its heart, the notion of ‘Personal Data’, defined in article 4 as any information which can lead to the identification of a natural person. Cyphered Information which can still lead to the identification of a person falls within the scope of this article.

Personal data can vary from the most indisputable forms of identification, such as; the name, surname, home address, date of birth, phone numbers, eye and hair colour, tax information, religious beliefs, character traits, email address (containing the name and/or surname), identification card number extending to the Internet Protocol Address, location data setting on one’s phone, as well as data held by medical experts. It is imperative to note that one cannot assume that a simple name and surname falls within the ambit of this article, considering that many people have the same name; however, if that name is combined with other information it narrows down the number of people, which could eventually lead to the identification of a particular person, giving rise to rights and obligations.

 

How tough are these new regulations in comparison to regulations we’ve seen in other countries in the past?

 

The predecessor of the GDPR was the Data Protection Directive enacted in 1995. The definition of personal data has now been greatly extended to be in line with today’s new technological advancements, such as email addresses, fingerprints, retina scans, CCTVs and IP addresses, by including any data which might make it possible to identify a particular person.

A comparative analysis between regulations of different countries and the GDPR, shows that the latter is much stricter. For instance, the California Consumer Privacy Act of 2018 (CCPA) is not intended to apply to companies which have annual gross revenues less than $25million. CCPA is narrower than the GDPR regarding the covered entities.

China’s ‘Personal Information Security Specification’ is also more lenient than the GDPR. Under this specific legislation, implied consent from the client suffices. In contrast, under the GDPR, consent must be explicit, affirmative, unambiguous, freely given and informed.

Another difference is that the GDPR aims to protect data subjects from “controllers” and “processors” while the CCPA aims to protect consumers from businesses which collect personal information or, transfer such information. Under the GDPR, consumers have a private cause of action. However, under the CCPA, private consumers should give the business an opportunity to cure any violations and inform the California Attorney General of a complaint against the company before filing a case.  The strictness of the GDPR is amply demonstrated in the amount of the fines which can be levied. In some cases, violators of the GDPR may be fined up to €20 million or up to 4% of the annual worldwide turnover whichever is higher, whilst under the CCPA; fines range between $100-$750 per consumer per incident or per actual damages.

Article 82 of the GDPR awards compensation to those who fall victim of breaches, causing the controller or processor to be liable. The severity of the administrative fines as enshrined in Article 83 depends on different elements such as nature, gravity, duration of breach, and intent.

 

With regards to recruitment, how does the GDPR affect the process and the work of recruiters compared to previous protection of personal data regulations? 

 

Article 88 of the GDPR provides Member States with more specific rules on the ”rights and freedoms with respect to the processing of employees’ personal data in the employment context”. During the recruitment process, the recruitment agency must inform the candidate of the purposes of personal data processing; the period during which it will be stored; and the recipients of data. The GDPR obliges recruitment agencies to provide a “paper trail” illustrating commencement process of on-boarding; what information was provided; the manner how the data was processed, stored, amended and/or erased. Therefore these agencies have to have everything organised in one systematic database.

The applicant also benefits from the right to be informed how personal data will be used; the right of access; the right to rectification of data if inaccurate or incomplete; the right to be forgotten under certain circumstances; the right to block or suppress processing of personal data; and the right to data portability. It is quite evident that the aim of the GDPR is to give the individuals total control over their own personal data, to be able to decide whether to provide such data, how it is to be provided, when it should be provided and when to be erased.

The GDPR left an impact on recruitment agencies as business processes became more time consuming notwithstanding compliance with the previous Data Protection Act. The changes were required to promote more transparency to the candidates about how they collected, stored and used such data. For instance, before the GDPR came into force, the recruiters used to obtain consent from applicants and then send CV’s to different employers or other databases. With GDPR consent needs to be separate and written every time. Moreover, under the new law, the recruiter has to provide the applicant with vacancy details prior to the receiving the CV’s.

 

How do you envisage that new laws catering for the right to be forgotten shall be interpreted in light of the enhanced use of blockchain technology?

 

“The GDPR has been described as in some respects incompatible with blockchain technology”[1] by Marcus O’Dair in his book ‘Distributed Creativity’. We somewhat agree that the ‘right to be forgotten’ and blockchain are a paradox. Article 17 of the GDPR gave birth to the right to be forgotten. Once a piece of data is written on blockchain it is impossible to obliterate it or customise it and if one were to do so, it would defeat the whole purpose of having a blockchain platform. Personal information is supposedly encrypted before placed on blockchain, and once the key is destroyed, the data is made pretty much unreadable. Despite this, personal data exists in another form. So can this be considered a loophole? The very nature of blockchain lies in having a public ledger providing transparency to all users. In fact, blockchain has thrived because it is a chain which cannot be altered, therefore providing security and reliability.

Blockchain is subdivided in two forms: public and private. It is easier for a private blockchain to follow GDPR rules as the participation in the network is limited. The GDPR has introduced the concept of ”pseudonymization”, which aims to eliminate the possibility of having data being identified with a specific person. Viable techniques of pseudonymization are data masking and cryptographic hash function. So far, the EU has supported the use of blockchain, therefore it is highly unlikely to jeopardise its development.

Another solution is to have an editable Blockchain system, where designated administrators can rewrite or amend data blocks upon request of any user. Blockchain is weighing on the right to be forgotten in a sense that blockchain networks are dispersed everywhere and therefore it is virtually impossible to spot the subject responsible for what is happening on the blockchain and on the processing of personal data. It also denies privacy as blockchain networks – whether private or public – are transparent to their users. Moreover, transactions are irreversible.

Nevertheless, if one looks at blockchain from a different perspective, one might even start to think that blockchain can promote the right to be forgotten. For instance, if blockchain networks are spread out, they are less likely to become a victim of cybercrime and having one’s information spread on the web permanently.

 

Do you feel your clients are aware of legislation regulating data privacy?  Do they appreciate what rights they enjoy, what protection they can seek, and what it applies to?

 

With the clock ticking and fines of up to 4% of total worldwide annual turnover for failing to comply with the requirements of GDPR, we had to enhance our existing data protection systems and security to be ready for the new regime. We carried out a revision of our current business and personal data processing, including an analysis of internal guidelines, working procedures and manuals, employee’s data processing and personal data, our contractual relationships with persons involved in processing, including other business partners to ensure the information, processes and procedures in place were in compliance. The installation of GDPR certified software tools and technology was the next step, as well as intensive training to staff and team members. In-depth understanding of the evolution of data laws, areas of risk and translating vague concepts into practical and workable actions to our clients was key. This new legislation, was not just a tweak, it took data privacy and the responsibility of organisations to a whole new level. The regulation requires new processes to be implemented to respond to individuals’ requests to see their data.

Once our organisation was covered, next was notifying our corporate clients about this change together with the law, their rights, obligations, the severity of fines and the main aspects and effects of GDPR in their business. As part of the process we further explained what personal data means, how we would collect, record, organise, and store data and why we would need such data. Clear guidelines were issued requesting written and affirmative actions with opt out options. We explained they would need to monitor and report data breaches within the seventy two hour timescale, requiring expertise as well as proper internal processes and training. Above all, the law requires the ability to demonstrate data privacy approach through record keeping, training and documentation. It is occurrences such as these that reconfirm our belief that in order to offer a comprehensive and holistic service as a law firm we must include ongoing training together with data audit and gap analysis services, both within the field of GDPR and beyond.

 

[1] Marcus O’Dair, Distributed Creativity: How Blockchain Technology Will Transform the Creative Economy(2008) at p.63

 

*The above article has been published in Malta Today on 25th November 2018.

29 Nov 2018

New Individual Investor Programme Agency set up in Malta

Legal Notice 384 of 2018, Individual Investor Programme of the Republic of Malta (Amendment) Regulations, 2018, and Legal Notice 385 of 2018, Malta Individual Investor Programme Agency (Establishment) (Amendment) Order, 2018 were published on the 16th November 2018 in the Government Gazette, with the aim of setting up a new and separate agency which will be responsible for the Malta citizenship by investment programme. These Regulations are to be read as one with the Individual Investor Programme of the Republic of Malta Regulations, S.L. 188.03 and they substitute all references to Identity Malta in the Principal Regulations with references to the Malta Individual Investor Programme Agency.

Legal Notice 385 of 2018, on the other hand shall be read as one with the Malta Individual Investor Programme Agency (Establishment) Order, S.L. 497.25 and adds provisions to the effect of having any application/ process undertaken or under the authority of Identity Malta which is in relation to the Individual Investor Programme assigned to the ‘new’ agency. The Legal Notice makes provisions for the continuance of such applications, rights or obligations, and legal proceedings with the Agency as a replacement of Identity Malta.

 

Should you wish further clarification get in touch with GMX

28 Nov 2018

Why Blockchain ?

If you keep tabs on the fintech, then you are already well familiar with the hype machine known as blockchain. But, there are still plenty of people who have either never heard of the blockchain or misunderstand the technology and it’s potential.

What’s the big deal, then?

Even if you’re not interested or involved with fintech, the blockchain has the potential to impact your life both personally and professionally. This isn’t just hyperbole. The blockchain is going to be the next thing.

And, that’s why it’s vital that you get caught up to speed on its past, present and future.

What is blockchain and where did it come from?

Blockchain is a simple digital platform for recording and verifying transactions so that other people can’t erase them later — and anyone can see them.

For the techies out there, the blockchain is an anonymous peer-to-peer payment system that relies on secure cryptographic protocols. It uses a public ledger and database to record all record transactions. However, it’s decentralized. This means that there is no governing body controlling the blockchain.

If that sounds like bitcoin to you, then you’d be correct. The blockchain was built using the bitcoin system that was released by Satoshi Nakamoto in 2009. Although, the idea of cryptocurrency can be traced back to the work of David Chaum and his invention known as DigiCash back in the 1980s.

What Is All The Fuss About Blockchain?

The blockchain ledger helps to provide transparency for transactions. Although many bitcoin transactions are in some ways anonymous, the blockchain ledger can link individuals and companies to bitcoin purchases and ownership by allowing individual parties, called miners, to process payments and verify transactions. Rather than a central company presiding over the use of bitcoin, these blockchain originators serve central roles in the management and administration of this alternative currency system.

In other words, the blockchain is actually composed of single transactions known as “blocks.” Each block links together and forms a complete bank history of transactions. Once a block is linked, it cannot be edited.

Unlike bitcoin, the blockchain is constantly evolving and can extend beyond cryptocurrency. Before we get much further, here are a couple key pointers to remember :

  • It can transfer value or information in a secure manner.
  • It can facilitate, as well as track, “Smart Contracts.”
  • Removes intermediaries and allows the end user to interact directly with the ledger.
  • Reduces the cost of transferring value and money anywhere in the world for next to nothing.
  • Provides almost instant, secure, and borderless transactions.
  • Can automate payment protocols that are permanent, irreversible and tamper-proof.

Why are people excited about blockchain?

This is a really good question. And, there isn’t just one answer. Almost everyone can agree that the blockchain is one of the most interesting and disruptive forces to come along in quite some time. And, that’s because the blockchain is able to:

  1. Prevents payment scams.

One of the most talked about advantages involving blockchain technology is how it can prevent future payment scams. For starters, it would protect both buyers and sellers by using “smart contracts.” This procedure would avoid those instances where you purchase an item and the seller doesn’t follow through.

Another way that scams are thwarted is that since all transactions are recorded, a coin can’t be used for double-spending or counterfeited. Once a coin, token or electronic currency is spent, it can’t be used again.

There’s also the possibility that companies and individuals can no longer “cook the books” or price gouge customers. Again, since every transaction is recorded, every cent is accounted for and would prevent an Enron type situation. Price gouging could be a thing of the past since it would protect intellectual property by being shared publicly on the blockchain.

The most discussed perk is how secure the blockchain is. Besides transactions being placed in the ledger, it is secure because transactions are directly between two parties that require a unique signature to authorize the transaction. Without third parties and the signature, coins and token can’t be altered.

  1. Cuts out the middleman.

The blockchain is a peer-to-peer system, meaning that transactions are between you and another party. This simple two party only, could be a real game changer. We use this to be able to facilitate cheap ecash transactions across the world. For example, you could send friends or family money anywhere in the world without having to pay for the transaction or currency fees that traditional banking or financial institutions have used.

  1. Settles transactions in minutes.

Imagine being able to send and receive money from across the globe in just a matter of minutes. How about receiving a signed contract or vehicle title in just a day? No matter the scenario, blockchain decentralized and the P2P system allows you to settle any digital wallet transaction quickly, as opposed to waiting days or weeks.

  1. Increases storage.

Cloud storage is an incredible development. But, you don’t have any control of the storage infrastructure. It’s in the hands of Google, Dropbox, Facebook or Apple. And, that could become a concern if you value your privacy. Since you’ll need an encryption key to access your data, you can rest assure that no one else can access it except you.

  1. Rewards users.

Who doesn’t love reward programs? The blockchain can improve loyalty programs by giving customers the ability to trade points among each other since the transactions would be placed in the public ledger. It would also open up the possibility of using points at different vendors. For example, you could use some of your airline points at your favorite coffee shop or eCommerce site.

Because of those capabilities, the blockchain will be able to disrupt the following;

  • Finance — Blockchain will remove the need for traditional banking and financial institutions by replacing back-office systems with a P2P system.
  • Contracts — ‘smart contracts’ will be used, which is “a financial security held in escrow by a network that is routed to recipients based on future events, and a computer code.” Besides, contracts, deeds, titles, and other important documentation will be shared on the public ledger.
  • Patents and Copyright — Whether it’s a new innovation, gaming app or piece of music, the blockchain can prove that you had ownership of the intellectual property first.
  • Voting — When people cast their ballots, it will be recorded during elections.
  • Collectibles — The blockchain could be used to track and validate scarce or limited items like coupons or a piece of artwork.
  • Bills of Lading — Cryptographic signatures can be used to eliminate distrust on everything from shipped products to changing shifts at work.

Because of this, blockchain technology actually has the potential to change the world. And, that’s why there’s so much buzz surrounding it.

Where is the blockchain headed?

Blockchain is just the beginning. In fact, expect the technology to continue to improve and evolve in the immediate future.

If you are interested in setting up  a DLT company, an ICO, a cryptocurrency exchange, we welcome you to get in touch with our lawyers.

*The above article has been posted on Mondaq on 19th November 2018.

22 Nov 2018

The Key Employee Initiative Launched – A Fast Tracked Single Permit Scheme

Identity Malta Agency launched the Key Employee Initiative (KEI) providing a fast-tracked service to highly-specialized Third-Country Nationals who are employed in Malta. The scheme will facilitate the issuing of work/residence permits to prospective key employees within five working days from the date of submission of the applications.

Who is eligible to apply?

 

The KEI is applicable to managerial or highly-technical posts which require the relevant qualifications or adequate experience related to the job being offered. Applicants have to provide information to the Expatriates Unit within Identity Malta to confirm the following eligibility conditions:

 

· Annual gross salary of at least €30,000 per annum;

 

· Certified copies of the relevant qualifications, warrants or the necessary work experience;

 

· Declaration by the employer stating that the applicant has the necessary credentials to perform the duties being assigned;

 

· Purchase or rent a property situated in Malta.

 

The KEI is also extended to innovators involved in start-up projects which are specifically endorsed by the Malta Enterprise.

 

What is the application procedure to be followed?

 

Applications for a single permit under the KEI may be submitted while the applicant is physically in Malta or still abroad.

Upon approval, successful applicants will be granted a residence permit valid for one (1) year, which may be subsequently renewed for a maximum period of three (3) years, subject to the following support criteria continue to be satisfied, namely:

 

· a valid definite or indefinite contract; and

 

· the original annual tax declaration form stamped by the Inland Revenue Department.

Find out how can GMX help?

12 Nov 2018

Blockchain with startups

How Blockchain Can Protect Your Startup Business?

Working in the cryptocurrency industry in 2018 is like being the most interesting person at a party: Everyone is curious about you, everyone wants to learn more about what you do and everyone has questions.

There is something enigmatic about crypto companies. The market overall is on track to exceed 1 trillion in value this year, despite recent losses, and that trend is expected to accelerate going forward. 30 percent of  LinkedIn’s List from the top 50 start-ups in 2018 are in the crypto space, and venture capital investment. Stereotypes or not, clearly something is happening here.

Here’s what the industry is really like:

It’s full of bright minds.

Start-ups attract risk takers and overachievers, people who want to do something impactful. Crypto start-ups, in particular, are attracting some of the top tech and finance talent in the world because the industry provides some of the best opportunities for innovation in their respective fields.

It wants legitimacy.

This isn’t the Wild West as it is often depicted; crypto is growing into its place in the mainstream and no one involved in this industry wants there to be questions about its legitimacy or its underlying technology.

It’s bringing opposites together.

Crypto attracts both technical engineers and financiers. It’s a challenge to overcome but also a great opportunity to find synergy in the convergence of advanced technology and financial services. Both sides are benefiting.

It cares about laws.

Crypto got a bad rap early but times have changed. Now, everyone who is truly interested in its sustainability is working tirelessly to advance the good that’s happening here. Bitcoin continues to make inroads as a viable currency, exchange activity is stabilizing around a few well-respected projects and the market is growing.

There’s a cult of personality.

Early adopters of crypto and blockchains are true believers. They’re motivated by higher purpose than just the financial gain that drives so many crypto speculators. The word “scam” is the dirtiest of four-letter words. There is a strong desire to establish an ubiquitous understanding of the possibilities of widespread crypto use and blockchain-based transactions. It’s an energy and enthusiasm that is unlike any I’ve ever experienced in my career.

Yes, this industry is young and male. The lack of diversity and examples of blatant and implicit biases in crypto are well documented. Although it’s difficult to measure, it’s estimated that men hold approximately 85 percent or more of cryptocurrency wealth. Most products and marketing in this industry are geared toward men. As a result, crypto has perpetuated the wealth gap between men and women.

Diversity has a place at the table.

But, women and people of colour are not unrepresented in this space and more are continuing to enter the diverse and talented industry. Crypto start-ups, given their progressive and innovative nature, have a unique opportunity to change the story line and deliver on its founding principle of democratized access to wealth.

The industry still has a long way to go, but change is happening and the energy is infectious.

So how will blockchain help businesses? Here are some tips :

  1. Get funded with blockchain-powered ICO.

Imagine you have a great business idea, but you do not have the funds needed to move your vision forward. It’s a common problem for beginning entrepreneurs. Traditional venture capital is notoriously tough to get.

Blockchain technology’s initial coin offerings (ICOs) spell glad tidings for aspiring entrepreneurs. Think of ICOs as a way to democratize start-up funding. They provide a platform to raise money from individual investors, assuring emerging entrepreneurs no one is in it alone.

You have nothing to fear, no time to waste and nothing to lose.

  • Refine your idea.
  • Set up the blockchain for your new token.
  • Receive seed capital to fund your new venture.

Do your homework — thoroughly. Ensure you have the technical expertise to consume all the goodies the ICO has to offer. Hire a developer to assist you in this endeavour to make sure your blockchain-powered ICO serves not only as a fundraiser but also as a tool to create steady growth.

  1. Use Blockchain to Create a New Future (for Digital Marketing)

How do you promote your business, in an era of attention-grabbing, pervasive online ad fraud? Marketing your business is just as challenging as building and running it.

Start-ups may at times bombard their customers with torrents of newsletters, how-to guides, coupons and countless numbers of ads. The pleas generally lack focus because business leaders don’t actually know what, exactly, their customers want. They’re simply hoping their messages will appeal to enough of their customers. Crypto can professionally target key customer groups with messages that resonate with them. Blockchain combines a superb level of tracking and transparency with the ability to collect accurate data. Altogether, this ensures optimal frequency of ad display for each customer.

  1. Protect your enterprise with cryptography.

Cryptography can defend your ecommerce site, protect your online data and secure your company files better than any other solution. Powered by digital signature as well as private and public keys, cryptography is impenetrable in today’s digital ecosystem. That’s because it transmits information in codes, keeping data unreadable to unauthorized users.

You can take cryptography beyond protecting your primary company data. It also can help authenticate customers, separating real buyers from cyber criminals. Transaction records are verified every single time they are passed on from one blockchain node to the next.

  1. Keep embracing new technologies.

No matter how difficult your traditional idea seems, technology can make it look simple and seamless. Whether you want to start a business or scale the one you already run, blockchain can help you in many ways:

  • It can help you with funding, with ICOs.
  • It can help you with marketing, thanks to its accurate tracking and transparency.
  • It can help you with security, with its cryptographic system.

Contact GMX for your legal matters related to blockchain, fintech, cryptocurrency, Initial Coin Offerings (ICOs), Exchanges and distributed ledger technology projects.

 

1 Nov 2018

Guidelines in Relation to Distributed Ledger Technology (DLT)

Guidelines concerning the taxation of DLT Assets under the Income Tax Act, the VAT Act and the Duty and Documents and Transfers Act were published by the Commissioner for Revenue.

 

Download the respective files through the links below;

Guidelines on Income Tax Treatment in Relation to Distributed Ledger Technology (DLT)

Guidelines for the purpose of the Duty on Documents & Transfers in Relation to DLT

Guidelines on VAT Treatment in Relation to Distributed Ledger Technology (DLT)