On June 22, 2017, in Reyes v. Lincoln Automotive Financial Services, the U.S. Court of Appeals for the Second Circuit agreed with Hogan Lovells attorneys representing the defendant and held that the Telephone Consumer Protection Act (“TCPA”) does not permit a consumer to revoke her consent to be called when that consent forms part of a bilateral contract. The Second Circuit’s precedent-setting decision, if adopted by other courts, may have far-reaching implications for how companies draft their contracts and service agreements and structure their TCPA compliance approaches.
The plaintiff in Reyes expressly agreed to receive autodialed calls and prerecorded messages as a term of his automobile lease agreement. After the parties executed the agreement and the plaintiff began using the vehicle under the lease, the plaintiff stopped making the required lease payments. When the lender placed calls to inquiry about and potentially help cure the delinquency, the plaintiff claimed he could revoke his consent to be called. The plaintiff then filed suit under the TCPA.
The Second Circuit held that plaintiff’s consent was irrevocable because that consent was a term of the existing contractual agreement. In reaching this conclusion, the court relied on a fundamental principle of contract law: mutual assent is required to revoke a term to a bilateral agreement. A party may not unilaterally modify a contract, as the plaintiff tried to do here. The court found “no indication in the [TCPA’s] text that Congress intended to deviate from this common–law principle in its use of the word ‘consent.’” Accordingly, the court found that plaintiff’s attempt to unilaterally rewrite the terms of the lease agreement was a legal nullity.
On Monday, June 12, South Korea became the latest country approved to officially join the Asia-Pacific Economic Cooperation’s (APEC) Cross-Border Privacy Rules (CBPR) system. It is the fifth APEC economy to participate in the system, joining the United States, Canada, Japan, and Mexico. To date, twenty companies—including Apple, Cisco, HP, IBM, Rackspace, and Workday—have been certified under CBPR.
As businesses expand their services and operations globally, concerns have increased about the protection of personal information as it moves across borders and into countries with varying data protection regimes. Developed by the twenty-one APEC member economies, the voluntary CBPR system is intended to strengthen the general level of privacy protections while facilitating flows of data to fuel trade and economic growth across the APEC region. In a nutshell, the CBPR system centers around a voluntary privacy code of conduct for participating member economy businesses that are operating in the APEC region based on the nine APEC Privacy Principles developed in the APEC Privacy Framework: preventing harm, notice, collection limitation, use, choice, integrity, security safeguards, access and correction, and accountability.
DSM Watch has been tracking this, the first legislative proposal published by the Commission under the Digital Single Market strategy banner, since back in December 2015. The Commission’s aim was to allow consumers who pay for online content services in their home country to access them when visiting another country within the EU.
To regulate or not to regulate: This question becomes relevant for the sharing economy after last week’s European Parliament resolution calling for clear EU guidelines on the collaborative economy. The resolution is a response to the European Commission’s Communication on “A European agenda for the collaborative economy” from June 2016 which took a light or even non-regulation approach regarding this particular business model. The European Parliament is concerned that the Commission’s Communication did not provide sufficient clarity or harmonization on how EU law applies to the various types of platform business models in order to fill regulatory gaps in the area of employment and social security.
However, the text of the resolution makes clear that the Parliament generally views the sharing economy as a positive development: “the collaborative economy generates new and interesting entrepreneurial opportunities, jobs and growth, and frequently plays an important role in making the economic system not only more efficient, but also socially and environmentally sustainable, allowing for a better allocation of resources and assets that are otherwise under-used, and thus contributing to the transition towards a circular economy“.
Companies active in the sharing economy should take particular notice of the following recommendations of the European Parliament addressing the need for legal clarity and the “risk of fragmentation of the single market”. These points lay out what could be a work plan for the European Commission to think about future regulation of the sharing economy:
What is Blockchain? What are the practical uses and legal implications resulting from it?
Hogan Lovells invites you to participate in its sixth TMT seminar dedicated to blockchain on:
Thursday 22nd of June, from 5:30PM – Hogan Lovells Paris Office
Join us for a discussion on the following topic: “Blockchain: views of an IT specialist and a lawyer on a disruptive technology“.
Using concrete examples, the speakers will lead a two hour discussion on how Blockchain is becoming part of the legal environment.
Speakers: Christine Gateau, Partner, Winston Maxwell, Partner, Mikael Salmela, Partner, Patrice Navarro, Counsel, Vincent Denoyelle, Senior Associate, Alya Bloom, Associate
Contact: Eberlyn Joseph Events Coordinator firstname.lastname@example.org
Exactly one year before the EU General Data Protection Regulation (GDPR) becomes applicable, global law firm Hogan Lovells has launched GDPRnow, a mobile application that provides companies with assistance to identify practical steps to comply with the new framework.
Conceived entirely in-house by the firm’s Privacy and Cybersecurity team, GDPRnow is the first app ever aimed at generating a GDPR compliance action plan specific to an individual business’s activities.
Businesses and organisations seeking to ensure compliance before the deadline for GDPR implementation in twelve months’ time will be able to download a bespoke report with practical actions and priorities automatically generated on the basis of answers to a series of questions about their data activities. The app, free to download to iOS and Android devices, also contains a wealth of information and practical guidance on the GDPR.
The Digital Single Market is starting to take shape. A central part of this project is the reform of the European Copyright framework. But while it is apparent that the Directive 2004/48 on the enforcement of intellectual property rights is outdated and in dire need of an update there has not been much progress regarding the enforcement of IP rights. Even though a revision had been announced by the EU Commission in 2015 in its strategy paper on the Digital Single Market, the discussions on this have come to a halt.
Recently a letter of the Director General of the Commission Lowri Evans to Thomas Husak and the cabinet of Commissioner Elżbieta Bieńkowska (Internal Market, Industry, Entrepreneurship and SMEs) Head of Cabinet dated 22 March 2017 has leaked. It offers a glimpse into the progress of the reform and the discrepancies between the different camps about the further strategy.
Effective enforcement as key element
In the action plan “Towards a modern, more European copyright framework” published by the EU Commission already on 9 December 2015, the EU Commission highlighted the need for an effective enforcement of IP rights. It is not only necessary to modernize IP rights itself – right holders also need effective measure for the enforcement of their rights. In December 2015 the Commission published a public consultation on the modernization of the enforcement of IP rights. Since then, however, nothing has happened. The leaked internal letter now gives some insights to the background of the halt.
A revealing Leak
In the letter Lowri Evans first discusses the current state of the debate on the Enforcement Directive and highlights the need for reform. Her personal provisional conclusion is that the review has reached a “deadlock”. A reason for this might be that certain members of the commission thought of the review of the Enforcement Directive as a “trade-off”. In order to get certain restrictions on copyright protection to pass they wanted to strengthen the enforcement of IP rights in return. In the light of the latest drafts for regulations and directives – which did not lead to as many restrictions – the parties apparently do not believe such a “trade-off” is necessary anymore.
However, the deficiencies of the current Enforcement Directive are apparent to Lowri Evans. To her they were especially caused by the vastly different interpretations of the Directive by the Member States. It would therefore be necessary to at least work towards clarifying the existing framework. Evans proposes two possible options for further proceeding: (1) A new legislative proposal for a fundamental reform of the Directive or (2) the formulation of an evaluation report with clear recommendations on the interpretation and implementation of the existing Directive.
According to Evans a legislative draft would only be successful if everyone in the Commission would genuinely be supportive of a reform. Otherwise, resources would be wasted. If this were not possible it might be better to concentrate on a detailed evaluation resulting in corresponding guidelines and recommendations by the Commission. However, Evans also mentions that certain aspects – such as the role of intermediaries and cross-border enforcement – cannot be tackled by the Enforcement Directive. Those issues should be integrated into other existing initiatives. An especially careful approach should be taken regarding the liability of intermediaries, like online platforms. This would be especially true in the context of the latest communication “Online Platforms and the Digital Single Market Opportunities and Challenges for Europe” published on 25 May 2016.
When looking at the leaked document, it has to be kept in mind that it was drafted in March. In it the month of May is named as a possible date for a decision of the cabinet. However, nothing has been announced yet. Hopefully there will be a decision on this matter in the coming weeks as there is definitely a need for reform in this area.
On 19 May 2017, the Cyberspace Administration of China (the “CAC“) released a revised draft of its Security Assessment for Personal Information and Important Data Transmitted Outside of the People’s Republic of China Measures (the “Second Draft Export Review Measures“).
The draft emerged just over a week after public comments closed on the first draft of the measures, which we discussed in our earlier briefing here (the “First Draft Export Review Measures“). There was a significant volume of industry commentary, and the Second Draft Export Review Measures do, to an extent, relax some of the more stringent requirements stated in the First Draft Export Review Measures and originally due to become law on 1 June, 2017 when China’s Cyber Security Law takes effect. However, the revised draft measures as set out in the Second Draft Export Review Measures still leave a significant compliance challenge for multi-national businesses operating in China (“MNCs“). On a less optimistic note, the test for when a data localization requirement will kick in has not really changed under the Second Draft Export Review Measures, except to remove the words “must be stored within China” and replace them with “must undergo a security review pursuant to these Measures” which does not change the fundamental position that without security review approval and clearance, by definition data cannot be exported so has to be (logically) stored in China.
Headline changes are:
Join us on 19 June, 10:00 a.m. – 1:30 p.m. EST, for a lively discussion with experts regarding the current regulatory developments in Europe and the United States. Andrea Glorioso, Counselor for the Digital Economy at the Delegation of the European Union to the United States, will provide an overview of what U.S. markets might expect from the EU. He will then be joined by Kelsey Guyselman, Counsel, U.S. House of Representatives and Adam Sedgewick, Technology Advisor at the National Institute of Standards and Technology to talk about the opportunities – and risks – that the EU’s new digital regulatory environment may create. They will also discuss the effects of the EU’s DSM plans on U.S. competitiveness, data privacy and data security, trade, and more, exploring what U.S. experiences might inform the EU’s plans and how the changes the EU is contemplating might affect U.S. domestic policies.
Digital trade between the U.S. and the European Union generates more than $8 trillion annually. Some portray the EU’s new “Digital Single Market” (DSM) initiative as a boon for U.S. transatlantic trade. Others view the EU’s DSM as an isolationist ploy that will handcuff U.S. businesses in the EU market.
Please contact Kiki Mohie if you would like to reserve a place. Please note that places are limited and are first come first serve.
Date: 19 June 2017
Venue: Hogan Lovells, Columbia Square 555 Thirteenth Street, NW Washington, DC 20004-1109
Time: 10:00 a.m. – 10:30 a.m. Registration and Coffee
10:30 a.m. – 12:30 p.m. Presentation, Panel Discussion, and Q&A
12:30 p.m. – 1:30 p.m. Luncheon
Wikipedia founder Jimmy Wales completes crowd-funding this week for his latest venture: Wikitribune, a news platform that, while not affiliated with Wikipedia, applies Wikipedia’s collaborative model to journalism. Wales intends to hire ten full-time journalists to work alongside the wiki community to author, fact-check and verify articles. This, he hopes, will provide a more reliable form of media and an antidote to what he describes as “broken news”. Wales’ proposed approach to news reporting highlights a convergence of media – and other platforms, publishers and journalists – and users. Yet granting to the masses the power to edit (and not just comment on) news articles could conceivably give rise to defamation issues under English law.
As traditional print media has largely moved towards online content, meaning that defamatory statements can be transmitted instantaneously from one corner of the earth to another, courts have been forced to grapple with a number of complex legal issues. We explore below certain issues that typically arise under English law in the context of defamation on the internet, with Wales’ proposed user-collaborative news platform in mind.
Jurisdiction in a global world
A key issue when it comes to defamation on the internet is to establish jurisdiction for defamation proceedings. UK courts are typically viewed as more claimant-friendly for defamation actions than e.g. US courts, including for reasons that a defamatory statement is presumed to be false unless the defendant proves otherwise. However, if the defendant is domiciled outside the UK and the EU, a claimant alleging defamation will have to convince the UK courts to hear the case, which may not be entirely straight-forward given the attempted crack-down on libel tourism in the Defamation Act 2013 (“DA 2013”).