Header graphic for print

Global Media and Communications Watch

The International Legal Blog for the Tech, Media and Telecoms Industry

Posted in Data Protection & Privacy, Internet Conor Ward

The G-7 Fundamental Elements of Cybersecurity for The Financial Sector

Cyber risk has been high on the agenda of financial services regulators for some time now. In the UK, the FCA specifically addressed its concerns in its 2015/2016 Business Plan and it has an on-going programme of work which includes working with the PRA and Bank of England on visibility of IT resilience and risks at board level, and with Treasury and regulatory partners on addressing cyber risk. Therefore it comes as no surprise that the finance ministers and central bank governors of the G-7 countries have considered Cyber risk at an international level and on the 11th October 2016, The G-7 Fundamental Elements of Cybersecurity for The Financial Sector was published.

Continue Reading

Posted in Digital Single Market (EU), Internet, Policy & Regulation Christian RitzFalk SchoeningPeter Watts

Fragmentation instead of level-playing field? How the German Government’s announced White Paper on digital platforms adds to regulatory uncertainty on topical issues of the digital economy after Brexit

Many digital platforms attract consumers and businesses on a global basis. It is a challenge for national regulators to enforce competition law and other regulatory provisions against such international players. Germany´s Federal Minister of Justice, Heiko Maas, argued in a similar way in an interview with the German newspaper Handelsblatt on 5 October 2016. He took a stand on the significant market shares of certain digital platforms questioning whether current competition law rules enable enforcers to sufficiently tackle current issues in the digital economy. Interestingly, despite calling for an EU-wide approach towards dominant players in the internet sector, the German minister announced a White Paper on Digital Platforms for early 2017. Continue Reading

Posted in Data Protection & Privacy, Internet

Online Trust Alliance Releases Privacy and Security Checklist for IoT Consumers

shutterstock_371253775-300x200Some of the largest cyber attacks in recent memory have employed an army of connected home devices to achieve their goals. This co-opting of connected home devices owned by consumers around the world occurs without those consumers’ knowledge or consent. For example, in mid-September, several thousand devices—home routers, Internet-connected video cameras, and digital video recorders—were used to create a “botnet” that collectively pounded the security researcher Brian Krebs’ website with 620 gigabits of data per second. At the time, the attack was thought to be the largest in history.  An even larger army was assembled a few days later for an attack on the French hosting provider OVH that peaked at over one terabit of traffic per second. These distributed denial-of-service (DDoS) attacks were successful because they exploited basic security vulnerabilities in connected home devices, such as default passwords used to access administrator settings.

Continue Reading

Posted in Policy & Regulation Andy Huang

Chinese antitrust enforcer sanctions TV provider

On 7 June 2016, the Administration for Industry and Commerce (AIC) in Inner Mongolia held the Xilin Gol branch of the Inner Mongolia Radio and Television Network Group (Xilin Gol Radio and Television) to have violated the Anti-Monopoly Law (AML).

Xilin Gol Radio and Television was ordered to stop its illegal conduct, had illegal gains in the amount of RMB 91,600 (around USD 13,700) confiscated, and was fined around RMB 100,000 (approximately USD 15,000).

The case dates back to October 2015, when the Inner Mongolia AIC’s local bureau in Xilin Gol found indications during its market inspection activities that Xilin Gol Radio and Television had engaged in anticompetitive tying. The Inner Mongolia AIC formally initiated an antitrust investigation after receiving authorisation from the State Administration for Industry and Commerce (SAIC) in Beijing.

Continue Reading

Posted in Data Protection & Privacy

Global Sweep Finds Shortfalls in Privacy Protections of IoT Devices

shutterstock_445200349-300x169The fourth annual Global Privacy Enforcement Network (GPEN) sweep, which focused on Internet of Things (IoT) devices, found that privacy communications in relation to such devices were generally poor and companies demonstrating good practice were in the minority. Here, we summarize and explore the key findings of the fourth annual GPEN sweep .

The fourth annual GPEN sweep study was conducted by 25 data protection authorities around the world who examined the privacy communications of more than 300 devices. The main findings were as follows:

  • 59 per cent of devices failed to adequately explain how personal information is collected, used and disclosed;
  • 68 per cent of devices failed to inform users about how personal information collected by the device is stored and safeguarded;
  • 69 per cent of devices failed to provide device-specific guidance; and
  • 72 per cent of devices failed to explain how a user can delete their information.

Continue Reading

Posted in Technology, TMT2020 Tony Lin

TMT2020: CSSMA Holds First Working Meeting

EDITOR’S NOTE:  We are excited to present this entry in our TMT2020 series, which reflects the key technology, media, and telecoms legal issues that are expected to impact today’s organizations and tomorrow’s marketplace.  It also provides an opportunity to highlight contributions by TMT colleagues across our global offices and practice areas.

Stephen Duall, FCC, (not pictured) leads a discussion regarding frequency allocation.

On September 16th, the Commercial Smallsat Spectrum Association (CSSMA) held its first working meeting at the Washington D.C. office of Hogan Lovells with the goal of facilitating spectrum pre-coordination between federal agencies and commercial smallsat operators, as we previously announced here.

Throughout the day, participants engaged in substantive discussions regarding techniques and processes for spectrum sharing and coordination.  Jose Albuquerque and Stephen Duall of the Federal Communications Commission (FCC), Fred Mistichelli of the National Oceanic and Atmospheric Administration (NOAA), and Scott Galbraith of the National Aeronautics and Space Administration (NASA) were some of the representatives on behalf of the federal agencies.

Scott Galbraith (NASA), Evan Kurtz (Ursa Space), Charles Schira (Space Sciences), Trey Hanbury (Hogan Lovells) and Tom Peters (Hogan Lovells) enjoy lunch.

Scott Galbraith (NASA), Evan Kurtz (Ursa Space), Charles Schira (Space Sciences), Trey Hanbury (Hogan Lovells) and Tom Peters (Hogan Lovells) enjoy lunch.

Following are links to the meeting agenda, and the presentations by Stephen Duall (FCC)Fred Mistichelli (NOAA), and Beau Backus (Aerospace).

Looking Ahead

CSSMA has tentatively scheduled its next meeting at the Silicon Valley office of Hogan Lovells on February 9th, 2017. Interested parties may also want to attend the Smallsat symposium that will be held in the area from February 6th – 8th.  See you then.

Beau Backus (Aerospace) and Mike Safyan (Planet) relax after the meeting.

Beau Backus (Aerospace) and Mike Safyan (Planet) relax after the meeting.

Posted in Internet David Taylor

Bye Bye Internet – a brief look at the historic transition that just happened this weekend

DTSAMidnight 1 October 2016 was a historic moment in the history of the Internet with ICANN, a non-profit organization, finally taking control of the global domain name system (DNS). The U.S. government’s contract to perform the Internet Assigned Numbers Authority (IANA) functions (the IANA contract) has expired. Whilst the U.S. certainly invented the underlying technology (with British computer scientist Tim Berners-Lee having created the World Wide Web allowing the sharing of information on the Internet), this transition is an important step in establishing that the Internet is a decentralised network belonging to no one.

What is the background?

Ever since the creation of ICANN in 1998, the role of the U.S. government in managing Internet functions was questionable. Indeed, in 2006 ICANN clearly stated that it would seek control of the IANA contract. This was resisted by the U.S. government for many years – but understandable to some, given the development of the Internet and its interest in ensuring that the transition of the IANA contract and the domain name system was done in an orderly fashion.

In 2012, it looked like the United Nations ITU (International Telecommunications Union) might move towards having greater control over the Internet. However, many in the global internet community had serious reservations about that possibility. Whilst  ICANN was also considered and received some criticism, it was nevertheless a known entity that functioned.  The choice was important because the Internet is a critical infrastructure today.

Continue Reading

Posted in Data Protection & Privacy

Privacy and Cybersecurity October 2016 Events

Please join us for our October 2016 Privacy and Cybersecurity Events.

October 5
Brexit Impacts on International Companies
Christian Tinnefeld will discuss Brexit issues, including international data transfers, Standard Contractual Clauses and Binding Corporate Rules, the GDPR, and Privacy Shield.
Location: Hogan Lovells’ office in Hamburg


October 6
Internet of Things
Julie Brill will participate in a Fireside Chat at the 4th Annual Internet of Things Global Summit.
Location: Washington, D.C.


October 6
Data Protection and Business
Harriet Pearson will speak on “Lessons Learned from Data Breaches and Cyber Attacks – Crisis Management in Action” and “Advising Senior Management – How to Keep Your BoD Informed, Focused, and Reassured” at the Product Liability Advisory Council’s Fall 2016 Conference.
Location: Colorado Springs, Colorado


October 7
Disruptive Innovation
Julie Brill will participate on the “Leadership Through Disruption Panel” at Hogan Lovells’ Global Women’s Executive Summit.
Location: New York, New York


October 13
Cybersecurity Administration
Allison Bender will moderate a panel on Administration Actions at the Information Technology Industry Council’s 2016 Cybersecurity Forum. Among others, the panel will include: Michael Daniel, Special Assistant to the President & Cybersecurity Coordinator, The White House; Donna Dodson, Cyber head of NIST; and Dr. Phyllis Schneck, Deputy Under Secretary for Cybersecurity & Communications, National Protection & Programs Directorate, Department of Homeland Security.
Location: Hogan Lovells’ office in Washington, D.C.


October 13
International Data Transfers
Eduardo Ustaran will be speaking at Select 2016 on “International Data Transfers – How to ensure they are lawful.”
Location: Hogan Lovells’ office in London


October 13
International Data Transfers
Eduardo Ustaran will be speaking on “Sorting Out the International Data Transfer Mess” at the PDP 15th Annual Data Protection and Compliance Conference.
Location: London


October 14
Privacy and Data Security
Tim Tobin will be speaking at the University of Miami Privacy and Data Security Summit.
Location: Miami, Florida


October 18
The Future of Data Protection
Julie Brill will participate in a future-looking policy discussion involving current and past data protection authorities as part of the International Conference of Data Protection and Privacy Commissioner’s Annual Meeting which is hosted by the Future of Privacy Forum and the Information Accountability Foundation.
Location: Marrakesh, Morocco


October 18
Data Privacy under GDPR
Bret Cohen will speak on data privacy and EU GDPR preparation on a NYSE Governance Services’ webinar “Looking Ahead: A Regulatory and Compliance Update from NYSE.”
Location: To register, click here.


October 18-19
Allison Bender will speak on cybersecurity at the Masters Conference.
Location: Washington, D.C.


October 19
Privacy and Security
Mark Brennan will give a presentation on TCPA and ESIGN Issues at the PA Energy Association Consumer Services Conference.
Location: Harrisburg, Pennsylvania


October 20
International Data Privacy
Eduardo Ustaran will be speaking at a Microsoft workshop as part of the International Conference of Data Protection and Privacy Commissioner’s Annual Meeting.
Location: Marrakesh, Morocco


October 21
Healthcare Legislation
Mark Brennan will speak at the Maryland Chapter of the American Association of Healthcare Administration Management’s Legislative Meeting.
Location: Hanover, Maryland


October 24
FTC and Privacy
Tim Tobin will be leading a workshop on “Understanding the FTC on Privacy and Data Security” at the Privacy + Security Forum.
Location: Washington, D.C.


October 25
Incident Response Landscape
Harriet Pearson and Allison Bender will be speaking on “Incident Response and Data Breach Notifications: The Global Landscape” at the Privacy + Security Forum.
Location: Washington, D.C.


October 25
IoT and Security
Julie Brill will speak on “Securing IoT: Think Outside the Wall” at the Privacy + Security Forum.
Location: Washington, D.C.


October 26
Privacy, Cybersecurity, and Employees
Bret Cohen will present on “Privacy and Security in the Employment Relationship” at the Privacy + Security Forum.
Location: Washington, D.C.


October 27
Allison Bender will speak on cybersecurity at the American National Institute’s Legal Issues Forum.
Location: Washington, D.C.


Posted in Technology Falk SchoeningKay Jebelli

European Commission eyes new European rules for Big Data and Competition law

EU mainEarlier today Margarethe Vestager, the European Competition Commissioner, delivered a speech about Big Data and Competition law. The Commissioner made several key points that emphasize the growing economic and competitive significance of data and data aggregation. More importantly, the Commissioner announces that she will propose a new EU Directive to ensure the consistent application of competition law on big data issues throughout the EU. In particular companies dealing with large volumes of data should closely follow these developments.

The speech focuses on three main topics:

  • Data as an asset: the Commissioner recognised that data has an inherent value and that the aggregation of data can create competition concerns. While there have been merger decisions wherein the Commission has analysed the competitive effects of data aggregation, Commissioner Vestager suggested that there may be a gap in merger control enforcement, that there may be transactions involving the acquisition of large amounts of user data that do not fall under the Commission’s jurisdiction simply because the owners of that data do not currently generate significant revenues. As a result, the Commission is “exploring” whether to implement a mechanism that would bring such transactions under its jurisdiction.

Continue Reading

Posted in Data Protection & Privacy Harriet Pearson

Ready, Set, Respond – Hogan Lovells Launches Global Cybersecurity Resource Portal

offset_202677-Retouched-300x254-300x254Cybersecurity risk continues to evolve at an astonishingly rapid rate, prompting companies to review and adjust their plans to deal with the fast-moving threats posed by an increasingly connected world. At the same time, cybersecurity law and regulation around the world are coming of age. In this complex and uncertain environment, it is not surprising that lawyers are increasingly being asked to guide on governance, counsel on compliance and risk allocation, and lead in the event of a cyber incident.

Drawing on our work with clients across the globe, Hogan Lovells’ cross-practice team of cybersecurity lawyers has launched Ready, Set, Respond, a new set of online cybersecurity resources.  These resources can help you to:

  • Prepare for the inevitable. Experts agree that almost every organization will need to manage through a cybersecurity incident at some point, and leaders across industries rank threats to digital data and systems as a top risk.  Having an effective, considered, and current incident response plan (IRP) that unites an organization’s internal functions is vitally important to managing a breach or other cybersecurity occurrence with minimized damage. Nonetheless, nearly 70% of respondents to a major national survey were not confident that their plans would in fact be effective in the face of an incident. To help you determine how your IRP stacks up, we’ve developed a diagnostic tool that will help you assess how ready you really are.
  • Understand the evolving landscape. With many organizations now global in scope, having current knowledge of cybersecurity-related regulation and legislation around the world that may affect your operations is invaluable. We have developed practical and readable summaries of cybersecurity policy, legal, and regulatory developments in key jurisdictions in the Americas, Europe, Africa, Asia and Australia.

Hogan Lovells understands the strategic importance of cybersecurity to business, and we aim to do our part to help look ahead, shape, and apply the legal and regulatory standards and frameworks that will be necessary to help the private and public sectors address this most challenging of issues.