General Data Protection Regulation – The Global Standard
What is it?
The General Data Protection Regulation (“GDPR”) is a regulation that came into force on May 25, 2018 on consumer data protection and privacy for all individuals within the European Union (“EU”). However, though the Regulation was introduced by the EU, it can apply to any individual or corporation who processes “personal data” regardless of their location.
The GDPR Regulation should be taken seriously as it is designed to help consumers gain a greater level of control over their data, while offering more transparency throughout the process.
 
Factors to think about to be GDPR Compliant
The GDPR Regulation is a lengthy and complex document that took over 4 years of negotiation to establish. Therefore, using a general perspective, the basic factors that an individual or corporation should be thinking about to be GDPR compliant are listed below:

1. Consent: When collecting any “personal data,” the terms of consent must be clear, easily provided and freely withdrawn at any time by the consumer. Therefore, do not confuse the consumer with complex language, hidden consent forms or lengthy terms and conditions.
   
2. Timely Notifications and up to date Information
   A- You must report a security breach to the customer and/or data controllers within 72 hours or potentially face issues.
   B- Be proactive and ensure that all data is up-to date.
   
3. Right to Access: To offer transparency, the corporation or individual must provide a detailed and free electronic copy of all the data collected when a consumer requests it. Furthermore, the GDPR states that the report must include any information regarding how the data will be used.
   
4. Right to Deletion
   A- A consumer must have the right to request that the corporation or individual erase their personal data.
   B- Also, it is recommended to hold personal data as long as it is required and delete the rest.
   
5. Portability: A consumer is given the right to their own data and transfer that same data in different situations outside of the one individual or corporation.
   
6. Design with Privacy in Mind: GDPR is requiring companies or individuals to design their systems with privacy and security in mind from the start. Data collection is important and failing to protect that will lead to potential problems.
   
7. Data Protection Officer: Depending on the size of the company and how much data is being collected, a Data Protection Officer should be hired to ensure the appropriate handling of consumer data.
   
8. Purpose is Important: Personal data should only be used for the specific purposes that you have declared to the consumer. Therefore, do not use the information that they have provided to send material that is clearly unrelated.
   
9. Data Minimization: When designing with privacy in mind, one must ensure that they collect the minimal amount of personal data that is required to perform the relevant task.
   
10. Secure the Data
    Take reasonable steps to ensure that the data collected is secure. Some examples are:
    • Not store consumer data on a portable device;
      
    • Don’t share login credentials; and
    • Encrypt and password protect the relevant files.

 
Consequences for Non-Compliance
There are two tiers of fines that can be used as penalties for non-compliance:

1. Up to 10 million euros or 2% of annual global turnover (whichever higher); or
2. Up to 20 million euros or 4% of annual global turnover (whichever higher).
   

These fines are discretionary rather than mandatory, based on specific breaches, and are imposed on a case-by-case basis.
The GDPR is an important piece of regulation that affects global corporations and individuals. When you intend to obtain “personal data” keep in mind the factors above and ensure that your corporation is GDPR compliant to limit any further consequences.

Vikas Chadha is a member of the BLG Business Venture Clinic, and is a 2nd year student at the Faculty of Law, University of Calgary

Start-Ups and E-Commerce
While online shopping has become prevalent due to its ease and convenience, many are still unaware of how they are impacted by laws governing e-Commerce. These laws have implications on both the online buyer and the online seller and are of particular importance to a start-up company that engages in e-commerce and operates largely online.
Seller Information
When a purchase is made online, the seller and the buyer are entering into a contract. In order to enter into the agreement, the seller must provide the buyer with certain information regarding the business to allow the buyer to make a fully informed decision when purchasing a product or service. The necessary information is as follows:

• The seller’s business name, address, and phone number;
• The seller must describe what they are selling;
• A breakdown of the costs associated with the purchase must be provided separately before being combined into a cumulative cost;
  • Ex. the costs of shipping, the costs of the product or service, taxes, duties, etc.
• The currency that is being used;
• The method of payment required/accepted;
• The sellers’ policy regarding returns, exchanges, or cancellation of orders;
• Details regarding how and/or when the product is to be delivered or the service is to be commenced; and
• Any other conditions of sale the seller has.[1]

The above information should be presented on the sellers’ website in a way where it is easily discernible by the buyer. Furthermore, the buyer should have the ability to print the information for later reference and their own records.[2] Based on this information, the buyer may choose whether they wish to enter into an internet sales contract with the seller.
Finalizing the Internet Sales Contract
Before finalizing any agreement, the sellers’ website must be designed to allow the buyer to correct any errors that may arise in the course of making their purchase.[3] An example of such an error is the buyer choosing to purchase two units of a product when it was their intention to purchase one. Before completing the transaction, the buyer should be provided with a summary of the transaction allowing them to recognize their error and make the necessary corrections before completing their order. If a buyer was not provided with the opportunity to review their order for errors prior to the transaction being finalized, this may provide them with cause for the cancellation of the order upon receipt, so long as this is done within a reasonable amount of time.
Once the internet sales contract has been finalized and entered into by the buyer, the seller must provide a receipt of the transaction. It is acceptable for this receipt to be provided by e-mail to an e-mail address provided by the buyer. The receipt should contain the buyers name, the date the order was placed and should be provided within 15 days of when the order was placed.[4]
Right of Cancellation
In addition to the right to cancel where an opportunity to review the order prior to completion was not provided, there are other situations where a buyer may cancel an internet sales contract. A buyer may cancel an internet sales contract any time prior to the commencement of the services or delivery of the goods if:

• Goods have not been delivered within 30 days of the delivery date provided;
• Travel, transportation, or accommodation services have not commenced on the date provided; and
• For all other services if the services have not commenced within 30 days of the date provided.[5]

Where a specific delivery date or commencement date for services  has not been provided, cancellation may occur where the delivery or the service has not been provided within 30 days of the date the contract was entered into.[6]
If the buyer wishes to cancel for any legitimate cause, they must do so by providing notice to the seller.[7] If the buyer fails to communicate cancellation to the seller despite having legitimate cause such as the examples discussed above, the contract will not be cancelled. Methods by which a buyer may cancel an agreement with a seller include mail, e-mail, phone or fax.[8] Keep in mind that the buyer must be able to prove what day they requested the cancellation. The date will be relevant in determining whether the cancellation was justified.

Richie Aujla is a member of the BLG Business Venture Clinic, and is a 2nd year student at the Faculty of Law, University of Calgary

References
[1] Alta Reg 81/2001, s 4(1).
[2] Ibid, s 4(2).
[3] Ibid.
[4] Ibid, s 5.
[5] Ibid, s 6(2).
[6] Ibid, s 6(3).
[7] Ibid, s 8(1).
[8] Ibid, s 8(3).

Blockchain: Decentralized Ledgers & Smart Contracts
Blockchain explained
A blockchain is a ledger, similar to a Microsoft Excel spreadsheet. A blockchain is maintained in a decentralized manner.  Blockchain ledgers keep track of “transactions”.  Transactions occur without external third parties, no escrow needed. These transactions are grouped together in a data structure called a block, where the term block refers to a group of transactions that have been processed at the same time.  The transactions are related temporally and are recorded serially.  Each block includes a hash (a cryptographicaly generated code) that refers to the last block so any attempt to change a prior block has a cascading effect on each subsequent block.  This relationship between blocks gives rise to the term blockchain.  Every user on a blockchain sees and maintains the same copy of the ledger through a concept called “reaching consensus”.  A reliable consensus procedure is required to ensure the accuracy of the ledger and maintain the security of the system.  A blockchain can be public, where anyone can participate, or the blockchain can be permissioned, where only authorized participants can access and add transactions to the ledger.
A blockchain is a peer-to-peer system with no central authority managing the data flow.  To maintain data integrity a large distributed network of independent users is encouraged.  The computers making up the network are in more than one location.  The term “node” typically refers to a computer in the network.
Blockchains are built to create trust between unknown parties.  Blockchains are meant to be honest systems that self correct without the need of a third party to enforce the rules.  A consensus algorithm enforces the rules.  Consensus develops agreement among a group of commonly mistrusting shareholders.  Each blockchain relies on its own algorithm for creating agreement within its network.
 The main focus areas for decentralized ledger technology are:

1. security;
2. performance/speed;
3. stability;
4. regulatory compliance; and
5. governance.

Due to the distributed nature of a decentralized ledger, it is important that the parties agree to a governing jurisdiction.  Fundamental questions, such as whether “code is law” have not been answered or explored in depth by the judiciary and legislative bodies of government.
Hashgraph as an example of a decentralized ledger
Hashgraph is a virtual-voting decentralized ledger technology.  Everyone is a node on the network and each can submit data in parallel at the same time on the graph. 
Hashgraph is not blockchain but boasts that it can provide a comparable or possibly better security level while simultaneously performing transactions faster.  Hashgraph patented its algorithm to ensure stability.  Hashgraph has a governance system where 39 international, independent blue chip organizations control two thirds of the network’s cryptocurrency. The governance system is based on Dee Hock’s formative book, One From Many: VISA and the Rise of Chaordic Organization, that chronicles the creation of the VISA network among other things where banks associated to benefit all customers.

Smart Contracts
Smart contracts are contracts formed with blockchain technology. They are not subject to linguistic interpretations and are marketed as a way to prevent ambiguity, ensuring both parties understand exactly what has been agreed to.  A smart contract uses computer code to determine the relations and obligations between parties.  The resulting interpretation is designed to be more predictable.  Smart contracts can remove third-party or escrow agents since performance can automatically be determined by monitoring compliance with a set of conditions. The contract is administered as the conditions are met.  This may lead to an “inexorability” problem if a vulnerability within the code is exploited.
Szabo predicted that smart contracts would overcome legal barriers that prevent local businesses from entering global markets. 
“Smart contract” has evolved to encompass more than one meaning.  When referring to blockchain application development, smart contract does not refer to a legal contract but rather a snippet of programming code that gets executed on the blockchain, typically in an automated fashion (although some parts may require human input and control).  To simplify things, the snippet of programming could be referred to as “smart contract code” and the entire legal contract expressed and implemented in software could be referred to as a “smart legal contract”. 
Ricardian contracts as an example of smart contracts
A Ricardian contract records the “intentions” and “actions” of a particular contract, no matter if it has been executed or not.  The same Ricardian contract has to be both readable by people and parsable by computer programs.  Each Ricardian contract has its own unique hash that refers uniquely to that document (a cryptographic message digest).  That hash ensures the Ricardian contract is immutable (not susceptible to change).  While it is possible to implement a Ricardian contract as a smart contract, not every Ricardian contract is a smart contract.  The creator, Ian Grigg (a specialist in financial cryptography working at Systemics Inc), defines a Ricardian Contract as a single document that is:

1. a contract offered by an issuer to holders,
2. for a valuable right held by holders, and managed by the issuer,
3. easily readable by people (like a contract on paper),
4. readable by programs (parsable like a database),
5. digitally signed,
6. carries the keys and server information, and
7. allied with a unique and secure identifier (a canonical message digest).

Nick Szabo defined a smart contract as an abstract concept relating to the automated performance of an already agreed contract.  “A set of promises specified in digital form, including protocols which the parties perform on those promises.” By improving the execution of observability, verifiability, privity, and enforceability the contract will be self-enforcing and eliminate the time spent policing the contract.
While a Ricardian contract is a design pattern that captures the intent of the agreement of the parties before performance, it can implement the concept of the smart contract by using a hash as a reference that links to external documents of code.
Ricardian contracts have not been presented in Canadian court, however, contract law will apply if the agreement has the basic components of a contract, regardless of the form.  To prove a meeting of the minds all the essential terms of contract must exist: 1. an offer, 2. an acceptance, 3. certainty of the agreed terms, 4. consideration, and 5. the intention to create legal relations.

Shannon Peddlesden is a member of the BLG Business Venture Clinic and a 2nd year student at the Faculty of Law, University of Calgary.

References:
Shawn S Amuial, Josias N Dewey, Jeffrey R Seul, The Blockchain: A Guide for Legal and Business Professionals, (Danvers, MA: Thomson Reuters®, 2016).
Digital Economy Update, “Smart contracts – can code ever be law?” (1 March 2018), online: < www.ashurst.com/en/news-and-insights/legal-updates/smart-contracts---can-code-ever-be-law/>.
Hackernoon, “Merkle Trees” (15 December 2017), online: < https://hackernoon.com/merkle-trees-181cb4bc30b4>.  Hashing refers to transforming data of any size into short, fixed-length values, this incorporates a technology called Merkle trees.  Merkle trees allow for efficient and secure verification of large amounts of data.
EliNext, “Smart vs. Ricardian contracts: what’s the difference?” (28 February 2018), online: <https://www.elinext.com/industries/financial/trends/smart-vs-ricardian-contracts/>.

Choosing a Business Name
One of the most important steps when starting a new business is choosing the right name.  There are, of course, a number of common concerns about the quality of a business name.  It must appeal to your target market.  It ought to suit your business and industry and work well in marketing.  It should be catchy and memorable, helping your business stand out from the competition.  It should be able to be used online easily and not already have an existing social media presence.  However, there are also a number of legal concerns when it comes to choosing and potentially registering a business name. 
 
The first question you should ask yourself is whether or not your business is a corporation. If you are not incorporated then your business name will not constitute its own separate legal entity but will simply be the name you conduct business under, or a “trade name”.  You will also not be allowed to use the words incorporated, limited or corporation (or their abbreviations) in your trade name.[1]  In Alberta when you run a business as the sole owner under a name other than your personal name you must register this trade name.[2] You may also register your trade name in a partnership, limited partnership, limited liability partnership, or sole proprietorship that uses only the owner’s legal name with no additions - but you aren’t required to do so under the Partnership Act.  You are also not required to provide a NUANS (Newly Upgraded Automated Name Search) business name report when registering a business name, but it is generally recommended.  While a business name does not have to be unique, you can still be taken to court by an existing business with a similar trade name.  
 
If you are incorporated there are additional requirements as you will often carry out business under the name of your corporation.  An Alberta corporation name must consist of 3 elements: distinctive, descriptive, and legal.[3]  For example, ‘XYZ Consulting Ltd.’.  A distinctive element must be the unique word(s) of the business name. The made up title or potentially even the location of the business, in this example ‘XYZ’ is the distinctive element.  The descriptive element describes what a business is or does, in this case ‘consulting’.  Finally, a corporation name must have a legal element at the end of their name to indicate to the world their status as a corporation and put clients on notice that it is a limited liability business.  These legal elements are listed in the Business Corporations Act as Limited, Incorporated, Corporation, Ltd., Inc., or Corp..[4]  In this example the legal element is ‘Ltd.’. Corporate names must also be unique.[5]  So if you don’t wish to use the assigned ‘number name’ from the Corporate Registry you must get an Alberta NUANS report on your proposed name.[6]  This is required for federal incorporation as well.[7]  You may also choose to register a business name for your corporation, as a corporation may carry on business under a name other than its corporate name.[8]  However, this business name cannot use the legal elements listed above, must still be unique and must still comply with the trade name rules under the Partnership Act.
 
Overall, naming your business remains a crucial decision in any start-up but keeping in mind these simple requirements can help the decision a bit simpler.

Kiara Brown is a member of the BLG Business Venture Clinic, and is a 3rd year student at the Faculty of Law, University of Calgary.
References:
[1] Business Corporations Act, RSA 2000, c B-9, s. 10(3).
[2] Partnership Act, RSA 2000, c P-3, s. 110(1).
[3] Alberta Government, Incorporate an Alberta corporation, https://www.alberta.ca/incorporate-alberta-corporation.aspx
[4] Supra note 1 at s. 10(1)
[5] Ibid at s. 12(1)
[6] NUANS Corporate name search, https://www.nuans.com/eic/site/075.nsf/eng/home
[7] Government of Canada, Steps to incorporating, https://www.ic.gc.ca/eic/site/cd-dgc.nsf/eng/cs06642.html#toc-02
[8] Supra note 1 at s. 10(9)