Earlier today Margarethe Vestager, the European Competition Commissioner, delivered a speech about Big Data and Competition law. The Commissioner made several key points that emphasize the growing economic and competitive significance of data and data aggregation. More importantly, the Commissioner announces that she will propose a new EU Directive to ensure the consistent application of competition law on big data issues throughout the EU. In particular companies dealing with large volumes of data should closely follow these developments.
The speech focuses on three main topics:
- Data as an asset: the Commissioner recognised that data has an inherent value and that the aggregation of data can create competition concerns. While there have been merger decisions wherein the Commission has analysed the competitive effects of data aggregation, Commissioner Vestager suggested that there may be a gap in merger control enforcement, that there may be transactions involving the acquisition of large amounts of user data that do not fall under the Commission’s jurisdiction simply because the owners of that data do not currently generate significant revenues. As a result, the Commission is “exploring” whether to implement a mechanism that would bring such transactions under its jurisdiction.
Cybersecurity risk continues to evolve at an astonishingly rapid rate, prompting companies to review and adjust their plans to deal with the fast-moving threats posed by an increasingly connected world. At the same time, cybersecurity law and regulation around the world are coming of age. In this complex and uncertain environment, it is not surprising that lawyers are increasingly being asked to guide on governance, counsel on compliance and risk allocation, and lead in the event of a cyber incident.
Drawing on our work with clients across the globe, Hogan Lovells’ cross-practice team of cybersecurity lawyers has launched Ready, Set, Respond, a new set of online cybersecurity resources. These resources can help you to:
- Prepare for the inevitable. Experts agree that almost every organization will need to manage through a cybersecurity incident at some point, and leaders across industries rank threats to digital data and systems as a top risk. Having an effective, considered, and current incident response plan (IRP) that unites an organization’s internal functions is vitally important to managing a breach or other cybersecurity occurrence with minimized damage. Nonetheless, nearly 70% of respondents to a major national survey were not confident that their plans would in fact be effective in the face of an incident. To help you determine how your IRP stacks up, we’ve developed a diagnostic tool that will help you assess how ready you really are.
- Understand the evolving landscape. With many organizations now global in scope, having current knowledge of cybersecurity-related regulation and legislation around the world that may affect your operations is invaluable. We have developed practical and readable summaries of cybersecurity policy, legal, and regulatory developments in key jurisdictions in the Americas, Europe, Africa, Asia and Australia.
Hogan Lovells understands the strategic importance of cybersecurity to business, and we aim to do our part to help look ahead, shape, and apply the legal and regulatory standards and frameworks that will be necessary to help the private and public sectors address this most challenging of issues.
Not many people will remember this but in 2008, Richard Thomas, the former UK Information Commissioner caused a fairly dramatic stir in the privacy world – at least among policy makers and fellow regulators – by unashamedly proclaiming that European data protection law was outdated and ineffective to address the technological and privacy challenges of the 21st century. At first, this was regarded by some as an embarrassing admission that could not possibly be right. But only two years later, the European Commission started a process of wholesale legislative reform that culminated with the adoption of the EU General Data Protection Regulation (GDPR) in April 2016. We all know by now that the GDPR is the result of many political and regulatory compromises caused by the precarious balance created by the various forces at play – the unstoppable development of technology, the increasing value of data, the urgent need to protect people’s digital lives, and the prosperity of Europe and the rest of the work.
No one would claim that the GDPR is perfect, not least because we don’t live in a flawless world. But at a recent public debate organised by the Financial Times about whether the GDPR placed unnecessary burdens on businesses, a sizeable majority of 77% of the attendees voted that it did not. German MEP Jan Albrecht and I joined forces to argue from slightly perspectives why, despite its imperfections, the GDPR’s burdens were not disproportionate but justified and manageable. Our opponents made very credible arguments in the opposite direction, so it was somewhat surprising to see such an overwhelming level of support for the GDPR coming from businesses. How can it be that such an intricate and prescriptive piece of legislation has already been accepted so widely?
Welcome to the Hogan Lovells Global Payments Newsletter. In this monthly publication we provide an overview of the most recent payments, regulatory and market developments from major jurisdictions around the world as well as sharing interesting reports and surveys on issues affecting the market.
Key developments of interest over the last month include:
- Real time gross settlement system: The Bank of England published its first self-assessment on its real-time gross settlement (RTGS) system against the Principles for Financial Market Infrastructures. The RTGS service was found to adhere to all the principles.
- Bitcoin ATM: Deloitte’s Toronto office is now operating a bitcoin transaction machine, which can accept up to 1,000 bills in multiple currencies.
- Proposed bitcoin regulations in Singapore: the Singapore Central Bank has proposed new rules for bitcoin startups, under which companies will have to obtain a licence from the Monetary Authority of Singapore.
To view a PDF of the full Newsletter please click here. You can also follow us on Twitter at @HLPayments for regular news and updates.
On Friday, 23 September 2016, we held a well-received webinar on the Commission’s latest package of legislative initiatives in the copyright environment. This included a concise review and summary of the six draft directives, draft regulations, communications and impact assessments the commission has bundled in its “Second Copyright Package” as published on 14 September 2016. Specifically, we touched upon:
- The general Communication “Promoting a fair, efficient and competitive European copyright-based economy in the Digital Single Market”
- The Commission’s accompanying Impact Assessment
- The draft for a Regulation laying down rules on the exercise of copyright and related rights applicable to certain online transmissions of broadcasting organisations and retransmissions of television and radio programmes
- The draft for a Directive on copyright in the Digital Single Market
- The draft for the Regulation and the Directive implementing the Marrakesh Treaty
On September 21, Hogan Lovells’ Unmanned Aircraft Systems lawyers Lisa Ellman, Patrick Rizzi, Matthew Clark, and Elizabeth Meer presented a webinar on Drones on Campus: Navigating the FAA’s New Small UAS Rule.
Colleges and universities across the country are finding new and innovative ways to use unmanned aircraft or “drones.” To name just a few, higher education institutions are using drones to support research and learning in areas like precision agriculture, wildlife habitat monitoring, and aerial surveying and mapping. They are using drones to film football practices, inspect their infrastructure, and shoot promo marketing videos.
Until earlier this week, the legal framework for flying drones for commercial purposes was complicated, cumbersome, and required a special exemption from the FAA. The FAA’s new small UAS rule (Part 107), which became effective on August 29, is a game changer. Colleges and universities are now broadly authorized to fly drones in the United States. Is your campus in compliance?
A recent opinion of the Attorney General Kokott in an ECJ case initiated by the Polish Constitutional Court sheds light on the contentious discrepancy in VAT rules between E-publications and printed ones. According to the Attorney General, the exclusion E –publications from lower-rate VAT does not distort the market, given the lower costs associated with e-publications. The view of the Attorney General is in contrast to the assessment by the European Commission which is currently reviewing the possibility to align the VAT rates applicable to the supply of electronically supplied and printed publications.
The VAT Directive has been a cause of controversy amongst Member States ever since its amendment in 2009. Much discontent arose on account of the Directive not encompassing e-newspapers and e-books in the list of publications that could benefit from lower-rate VAT despite doing so for digital books granted through “physical means of support” e.g. CD-ROMs. The latter was included to keep up with technical developments.
Nevertheless, the Directive remained unequivocal on the exclusion of electronically supplied services, which e-newspapers and e-books form part of. This led to many infringements by Member States that all revolved around the same issue; the granting of lower-rate VAT to e-publications on the premise that the Directive, in keeping in line with technical developments, permitted it. Still, this interpretation has been a constant source of debate and commentary. To that effect, a recent opinion pertaining to a request for preliminary ruling by the Polish Constitutional Court (“CCP”), Attorney General Kokott offered guidance as to why the exclusion from e-publications from lower-rate VAT is still justified in present times. The importance of this opinion lies in the fact that the Attorney General’s discourse went to the core of the Directive’s objectives and principles.
On September 12, New York Governor Andrew Cuomo broke new ground in proposing a state-level regulation that would require banks, insurance companies, and other financial services entities regulated by the New York Department of Financial Services (“NYDFS”) to establish formal cybersecurity programs.
Having a written cybersecurity policy and a designated chief information security officer responsible for overseeing a company’s cybersecurity program are only two of the requirements imposed by the proposed regulation. The proposed regulation specifies a number of minimum standards. For instance, a regulated entity’s written cybersecurity policy is expected to address, “at a minimum,” 14 different topic areas ranging from incident response to customer data privacy. It also requires that regulated entities notify NYDFS of any “material” breach 72 hours after identifying it and mandates that financial services institutions undergo an annual risk assessment and penetration testing.
On 14 September 2016 the Commission unveiled an ambitious overhaul of EU telecommunications law. The proposed reforms are the centrepiece of what the Commission is calling its “Connectivity Package”.
This is a bundle of legislative proposals and related initiatives released under the Commission’s Digital Single Market strategy whose common goal is to dramatically increase the speed and geographic coverage of high quality internet connectivity across the EU over the course of the next decade.
EDITOR’S NOTE: We are excited to present this entry in our TMT2020 series, which reflects the key technology, media, and telecoms legal issues that are expected to impact today’s organizations and tomorrow’s marketplace. It also provides an opportunity to highlight contributions by TMT colleagues across our global offices and practice areas.
Singapore has a strong track-record of courting technological innovation and the people and businesses who create it. Having recently celebrated its 51st year of independence, Singapore continues its march towards becoming the world’s first Smart Nation by fully harnessing the benefits of technology to create new opportunities for businesses and consumers, and enhancing Singapore’s reputation as a global financial hub and innovation centre.
Key to achieving this vision is the creation of a conducive regulatory environment for nurturing the growth of financial technology (“FinTech“) firms and a fast-evolving, sophisticated FinTech ecosystem in Singapore. The Monetary Authority of Singapore (“MAS“), Singapore’s financial regulator and Central Bank, released a consultation paper on the proposed guidelines for a “regulatory sandbox” that will enable financial and non-financial institutions to experiment and develop new FinTech solutions in a safe environment (the “Regulatory Sandbox“). Actual regulation will only commence when FinTech companies grow to a size that could pose risks to consumers and the wider financial system. This article provides more details on the Regulatory Sandbox, as well as other recent FinTech developments in Singapore.
Click here to read more