Header graphic for print

Global Media and Communications Watch

The International Media and Telecoms Law Blog

Posted in Data Protection & Privacy

Hong Kong Privacy Commissioner takes lead on Privacy Regulation of Mobile Apps

Privacy regulators are increasingly turning their attention to the manner in which mobile apps collect, process and transmit personal data.

On 9 December, 21 privacy enforcement authorities around the world issued an open letter to seven of the world’s leading app marketplaces calling on them to make app privacy policies available to users prior to downloading.

The open letter was initiated jointly by the Office of the Privacy Commissioner for Personal Data, Hong Kong (the “PCPD”) and the Office of the Privacy Commissioner of Canada. Other signatories to the letter included the UK Information Commissioner, the Privacy Commissioners of Australia and New Zealand and the Vice President of the Korea Internet and Security Agency.

The open letter follows a May 2014 study of over 1,200 mobile apps from around the world which was conducted by the Global Privacy Enforcement Network (“GPEN”), an association of 26 privacy regulators, including the PCPD. The study concluded that a significant number of mobile apps do not make adequate disclosure to users. Specific findings include:

  • 85% of the apps surveyed failed to clearly explain how they were collecting, using and disclosing personal information;
  • More than half (59%) of the apps left users struggling to find basic privacy information;
  • 31% requested an excessive number of permissions to access additional personal information; and
  • 43% of the apps failed to tailor privacy communications to the small mobile device screen, either by providing information in a too small print, or by hiding the information in lengthy privacy policies      that required scrolling or clicking through multiple pages.

In addition to the open letter sent last week, the PCPD has also recently published its own guidance to mobile app developers in Hong Kong. The Best Practice Guide for Mobile App Development can be downloaded in full here: http://f.datasrvr.com/fr1/814/28028/Mobileapp_guide_e.pdf
While the PCPD’s guidance is directed at small and medium sized app developers, the principles set out in the document are important for businesses of all sizes seeking to promote or transact their businesses through mobile apps in Hong Kong or that are engaged in the development of mobile app technologies. In particular, the PCPD’s continued advocacy of “Privacy by Design” – the concept that technology should be developed from the outset with privacy concerns in mind – will be an important business consideration.

Overview of the Hong Kong guidance:

Parts A and B of the guidance provide background information on the application of Hong Kong’s Personal Data (Privacy) Ordinance (“PDPO”) to app development and the six data protection principles that underpin the PDPO.
Part C explains the “Privacy by Design” concept and encourages developers to consider privacy issues throughout the entire development life cycle of the app.
Part D is aimed at apps which access the personal data of their user and provides developers with a checklist for applying the Privacy by Design approach as the app is being developed. Through a series of questions the developer is encouraged to complete a checklist that examines each type of data being collected by the app and to consider, systematically, how the app can be built with the least intrusion to a user’s personal data privacy.
Part E provides some best practice recommendations where user data is accessed or collected by an app and is linked to the information compiled by the developer in the checklist in Part D. In particular, app developers are encouraged to only access the types of data necessary for the app and ensure that their privacy statements are tailored for their particular apps. Privacy policies should state clearly whether the apps would access data on the user’s smartphone, the types of data that would be accessed and why and how such access would be carried out. This information would then allow users to make an informed decision whether or not to download and use the app.
For apps that do not access or collect personal data, Part F of the guidance reminds developers that transparency is one of the cornerstones of the PDPO. Even if no personal data is being collected from users, developers are advised to make this clear to the user through a privacy statement before the app is installed.

Compliance is critical:

The results of the 2013 GPEN global survey were equally disappointing, particularly for Hong Kong, where 60 of the most popular local smartphone apps were reviewed, with many found to be defective. Following last year’s survey, improving privacy and data protection in the use of apps became a key area of focus for the PCPD, which stepped up its educational efforts by conducting seminars targeted at app developers and launching a dedicated website on online privacy at www.pcpd.org.hk/besmartonline.
Failure to comply with data privacy requirements in Hong Kong can have consequences that go far beyond simply monetary fines and other regulatory sanctions: very often reputational issues are also in play. In the latest published figures for 2013, the PCPD reported a 48% per cent increase in complaints and a doubling of enforcement notices. Moreover, the incident and investigations that followed showed a greater willingness by the Commissioner to “name and shame” businesses that he believes have fallen foul of the law, making the consequences of non-compliance far greater than in the past.
Details of the local results for the 2014 GPEN survey are awaited but the lack of publication of those results by the PCPD as the end of the year approaches suggests that little improvement has been made by developers in Hong Kong in the last 12 months. The Privacy Commissioner has already indicated that if standards do not improve enforcement action against offenders will not be ruled out. The timing of the open letter and this latest guidance note suggests that it may be the first in a series of follow up actions to be taken by the PCPD to try and ensure compliance by mobile app developers.

 

Posted in Copyright, Entertainment & Content, Internet, Policy & Regulation

Russian President Signs a Law that Expands the Current Scope of the Anti-piracy Law to all Types of Content

On 24 November 2014, the Russian President signed into law a bill introducing amendments to the so-called Anti-piracy Law[1] and expanding its scope to all types of copyright-protected content available on the Internet, except for photographs (the “Law“)[2]. The Law will take effect on 1 May 2015.

Under the Law the following procedure will become available for copyright and related rights holders wishing to restrict access to audio-visual works which have been placed on the Internet illegally:

-                    the right holder may seek before the Moscow City Court a preliminary injunction against illegal use of content on a particular Internet website;

-                    upon obtaining a preliminary injunction, the right holder may file an application with the Russian state authority in charge – Roskomnadzor[3] – seeking restriction of access to a website containing infringing content;

-                    further, within three business days Roskomnadzor must determine the hosting provider  and send an electronic notification requesting the removal of the infringing content;

-                    within one business day from the date of receipt of notification of the hosting provider must  inform the website owner of the necessity to immediately remove the infringing content from the website or restrict access to such content;

-                    within one business day from the date of receipt of notification of the website owner must  remove the infringing content;

-                    in case the website owner fails to do so, the hosting provider must restrict the access to website within three business days from the date of receipt of Roskomnadzor’s notification;

-                    in case the website owner and/or the hosting provider fail to restrict access to the website, Roskomnadzor sends the information on such website to telecom operators, which must restrict access to the website within twenty-four hours.

In addition to the above procedure, the Law allows the right holder to undertake an out-of-court measure by sending a complaint to the website owner. Within 24 hours from the complaint’s receipt the website owner must cease the infringement or present proof evidencing the lawful use of content on the website. To make this work the Law obliges the website owners to disclose his/her/its name, address and email on the website.

The Law further provides for a possibility of perpetual restriction of access to the website where infringing content was placed repeatedly and this has been confirmed by the court’s ruling. Upon such court’s ruling Roskomnadzor sends the information on such website to telecom operators which in turn must restrict access to the website within twenty-four hours upon receipt of the Roskomnadzor’s notification.

Parallel Initiatives: New Anti-Piracy Legislation vs. Anti-Piracy Fee for Internet Content

In parallel with the discussion on the amendments to the Law the Russian Union of Right Holders (the “RUR“) has proposed fighting piracy by introducing a fixed royalty fee to be paid by the telecom operators to right holders in exchange for unlimited use of almost all types of content on Internet. It is suggested the royalty will be collected by a collecting society accredited by the state. This initiative is now under consideration by the Russian Government.

These two parallel processes (one – introduction of a thorough anti-piracy legislation; and another – introduction of a fixed royalty fee for unlimited use of content on Internet) clearly do not look like a perfect match. We are closely watching both initiatives and will provide further updates.

 


[1]               Federal Law No. 187-FZ dated 2 July 2013 “On amending certain legislative acts of the Russian Federation on protection intellectual rights in information-telecommunication networks” (the “Anti-piracy Law“).

[2]               Federal Law No. 364-FZ dated 24 November 2014 “On introduction of amendments to Federal law “On information, information technologies and the protection of information” and to the Russian Civil Code” is available at (in Russian): http://www.rg.ru/2014/11/27/gpk-dok.html.

[3]               Federal Service for Supervision in the Sphere of Telecom, Information Technologies and Mass Communications.

Posted in Copyright, Policy & Regulation

France: A first! – Approval by the Council of State (“Conseil d’Etat”) of the scales relating to the remuneration for private copying established by the Commission Copie Privée.

Much awaited by rights holders and members of the industry alike, the Council of State (the French highest administrative court) rendered, on 19 November 2014, two decisions approving the remuneration scales established by decisions No. 14 of 9 February 2012 and No. 15 of 14 December 2012 of the French Committee provided for by Article L. 311-5 of the French Intellectual Property Code, known as the “Commission Copie Privée”.

To recall, decisions No. 11 and 13 of the Commission Copie Privée were respectively lifted on 17 June 2011 and 25 June 2014 by the Council of State because professional uses were included in the scope of application of the royalty fee.

The two new decisions approve the scale established for multimedia touch screen tablet computers (decision No. 14) and for all recording mediums subject to the royalty fee such as multimedia mobile devices, external hard drives, smartphones, touch screen tablet computers and decoder-recording devices (decision No. 15).

Pursuant to Article L. 311-4 of the French Intellectual Property Code, the amount of the royalty fee is determined by taking into account the type of medium at stake, its recording duration and capacity and its use.

The Council of State approves in particular the circumstances in which decision No. 15 was adopted on 14 December 2014, after the resignation of five of the its six members from the industry. Further, the Council gives green light on the calculation method used. In this regard, the ruling confirms the legality of decision No. 15 and considers that the sales price of the medium must not be taken into account when determining the amount of the remuneration.

The judicial saga that we have faced in recent years in France seems to come to an end, even if some more minor decisions are still expected. Stakeholders may now have to reconsider their positions in view of the findings of the Council.

Posted in Copyright, e-commerce, Entertainment & Content, Internet, Policy & Regulation

Paris Court of Appeal orders video-sharing website Dailymotion to pay substantial damages for failure to promptly remove infringing content

In a recent decision of the Paris Court of Appeal dated 2 December 2014, the French video-sharing website Dailymotion was held liable to pay more than 1,2 million Euros in damages to the French TV channel TF1 and other stakeholders on the grounds that Dailymotion did not promptly remove around 60 videos unlawfully made available online in breach of TF1′s rights.

In June and July 2007, the French TV channels TF1 and LCI noticed that some videos they produced were made available on Dailymotion in breach of their rights. They consequently sued Dailymotion for counterfeiting, unfair competition and parasitism. In total, around 5,500 notices were sent to Dailymotion.

In a decision handed down on 13 September 2012, the Paris Civil Court ruled that Dailymotion benefitted from the limited liability regime of providers of hosting services under the E-Commerce Directive[1] but failed to comply with its obligation to remove promptly the litigious videos after having received proper notice, as required by Article 6 of French law n° 2004-575 of 21 June 2004 on confidence in the digital economy, implementing the E-Commerce Directive. As a result, Dailymotion was notably held liable to pay 258,000 Euros in compensation to the claimants.

The Paris Court of Appeal, in a decision dated 2 December 2014, confirmed that Dailymotion could be considered as a provider of hosting services. In itself, this solution is not new as several case law decisions have decided in the past that Dailymotion could benefit from the limited liability regime granted to providers of hosting services[2]. One interesting point however is that the Paris Court of Appeal expressly stated that Dailymotion can claim the distinct status of both a provider of hosting services and editor, as long as the provided services are different. It therefore seems that the Paris Court of Appeal endorsed a distributive approach according to which the applicable liability regime would depend on which activity is at stake. Such an approach has already been implemented in the past, notably in the L’Oréal v eBay decision of the Paris Civil Court dated 13 May 2009. In the present case, the Court held that the activities at stake related to Dailymotion’s role as hosting provider.

The Paris Court of Appeal also agreed with the Court at First Instance that Dailymotion did not comply with its obligation to remove promptly the unlawful content upon proper notification. For instance, some videos were still available on Dailymotion 7 to 13 days after the notice. Other videos were still on line around 100 days after the notice.

However, the appellate Court substantially increased the amount of the compensation awarded to the claimants. The Court awarded a total amount of 1,208,000 Euros to the companies of the TF1 group (which had demanded 6,845,000 Euros). The Court nonetheless dismissed the claimants’ request for a preventive filtering measure to be implemented as Dailymotion is a provider of hosting services and as such, cannot be under a general monitoring obligation.

Dailymotion has indicated that it is not impossible it will refer this decision to the French Supreme Court. Such a referral would be of interest as it would give the opportunity to the French Supreme Court to clarify the relationship between the status of editor and provider of hosting services and whether one operator, like Dailymotion, can indeed fall under both categories, depending on which activity is at stake.


[2]               French Supreme Court, 17 February 2011, n° 09-67896

Posted in Copyright, Internet, Telecoms & Broadband

German Court asks CJEU: Are businesses that provide password-free WIFI liable for third party copyright infringements?

The German Regional Court of Munich (Decision No. 7 O 14719/12) has referred various questions to the CJEU seeking clarification on the liability of businesses that provide password-free WIFI access for copyright infringements carried out by their users.

In the case at hand a German shop owner that sold and let sound and light equipment for events provided a password-free WIFI access from his shop. The WIFI was named after the website of his shop in the hope that this would interest people in nearby cafes and shops to use the free WIFI to visit his website. At one point an unknown user shared a copyright protected song via that WIFI. The Court in Munich had to decide whether the owner of the WIFI was liable for the copyright infringement.

The German Federal Supreme Court already decided in 2010 that an individual that does not protect his WIFI adequately was liable for copyright infringements done via that WIFI access point.  The Court of Munich found that even if an individual was held liable a business owner should be held liable all the more. However the problem the Court saw was that the owner of the shop might be able to rely on the defences available under the E-Commerce Directive[1] which an individual would not.

Article 12 of the E-Commerce Directive states that a provider of an information society service (ISP) is not normally  liable for the information transmitted. Therefore, if the shop owner at the case at hand was deemed an ISP he might not be liable. This led the Court of Munich to ask the CJEU a variety of questions (9 in total) concerning the interpretation of Article 12 of the E-Commerce Directive.

The first part of the questions concerns whether the shop owner could be considered an ISP or not. One thing that lead the Court of Munich to doubt that the shop owner is an ISP was that he did not receive payment for providing the service. However Article 2 (a) of the E-Commerce Directive in combination with Article 1(2) of the Directive 98/34/EC[2] as amended by Directive 98/48/EC[3]  states that an ISP refers only to a service normally provided for remuneration. The Court further had doubts that the shop owner really “provided” a service in the meaning of Article 2 (b) of the E-Commerce Directive as he did not promote the service specifically but just left the WIFI open.

The second part of the questions deals with the scope of the limitation of liability set down in Article 12 of the E-Commerce Directive. The Court of Munich has asked whether this Article excludes all liability or whether it leaves room for liability for cease-and-desist orders after the ISP has been made aware of infringing acts conducted via his service. In the opinion of the Court of Munich it would be a huge disadvantage to copyright owners if WIFI owners could not be held liable at all. Copyright owners would be left with no option to take action against infringements if the owner of the WIFI does not track the users of his WIFI access point (which was the case here). The Court of Munich believes this might go against the values set forth in the InfoSoc Directive (2001/29/EC)[4] and Directive 2004/48/EC[5] on the enforcement of intellectual property rights.

The answers of the CJEU to the questions put forward by the Munich Court might have a big impact on the availability of free WIFI access. If the CJEU rules that providers of free WIFI access might be liable for copyright (and subsequently also other) infringements many businesses will have to review their practice of providing such services. However a clarification on the liability rules can only be welcomed in our opinion. It remains to be seen what the CJEU will decide.


Posted in Internet, Policy & Regulation, Telecoms & Broadband

Hogan Lovells Hong Kong partner interviewed on net neutrality

In a video interview, Hogan Lovells partner Mark Parsons presented the Asian debate on net neutrality. Citing greater retail competition in certain Asian markets, Parsons pointed out that the US debate cannot be transposed as-is to Asia. A “market by market” approach is required, says Parsons. Many Asian markets have “fantastic broadband speeds, so you don’t see so many throttling issues,” according to Parsons. Unbundling of the local loop and the retail ISP competition provide greater choice to many Asian customers than what exists in the US. As in the US, Parsons says large incumbents view net neutrality as a threat to investment in their networks.  Smaller Internet service providers also fear that the bigger Internet players will be able to build separate, super-fast, Internet links unless net neutrality rules are enforced.  Everyone wants innovation to continue, said Parsons, whether at the edge or within the networks.

Parson’s interview follows a similar interview of Hogan Lovells Paris partner Winston Maxwell, asked about the net neutrality debate in Europe.  Like Parsons, Maxwell cited retail competition as a key differentiator with the US. (Maxwell’s interview is in French.)

Posted in Policy & Regulation, Telecoms & Broadband

Poland: New consent for direct marketing required due to changes in the Telecommunications Law

On 25 December 2014 a new law on consumer protection will come into force in Poland that may complicate the rules for direct marketing in that country. One of the changes to be introduced under this new regulation is an amendment of the Telecommunications Law supplementing the current implementation of Directives 2002/65/EC, and 2002/58/EC with respect to direct marketing. The supplementation, however, seems to go further than the objective set out in the Directives.

Currently, automated calling systems can be used for the purposes of direct marketing only after obtaining the end user’s prior consent. In addition, sending unsolicited commercial information through electronic means (e.g. e-mail, SMS, MMS) is possible only after obtaining the prior consent of the consumer.

The amendment will broaden the prior consent requirement to also cover the use
of telecommunication terminal equipment (e.g. cell phones and fax machines) for  the purposes
of direct marketing and, at the same time, leaves the regulation of unsolicited commercial information intact.

The new regulation may cause doubts as to the number of separate consents one must obtain before direct marketing. It appears that the most reasonable interpretation would be that the amendment will result in an obligation to obtain an additional prior consent (apart from the consent for sending commercial information by electronic means) not only for direct marketing through automated calling systems (as currently), but for regular telemarketing as well.

The new regulation may also influence the manner in which each of the consent clauses should be formulated.

Posted in Internet, Policy & Regulation, Telecoms & Broadband

Net neutrality: French regulator publishes Internet QoS measurements

The French regulatory authority for electronic communications, ARCEP, published its first Internet quality of service (QoS) measurements for net neutrality purposes.  The quality of service measurements are intended to make poor ISP performance more visible to consumers, regulators and upstream content providers. France, like most other countries in Europe, allows Internet access providers flexibility to shape traffic and offer managed services as long as ISPs are transparent about their policies and the quality of service of basic Internet access does not suffer.  If the quality of service of Internet access drops, the ARCEP, like other regulatory authorities in Europe, has the ability to intervene and impose a minimum quality of service level.

The French competition authority and the Paris Court of Appeals also held that France Telecom is not required to grant free peering capacity if traffic loads are seriously imbalanced.  The result is that Internet access providers in France have a fair amount of flexibility in dealing with their transit and peering partners, as well as in how they offer managed services. 

The reason this flexibility exists is that in theory French consumers have a choice between three or four competing Internet access providers.  The retail market for Internet access is competitive, and according to the European regulatory philosophy, a competitive market is the best form of regulation.  In practice, of course, market failures can exist even in competitive markets.  The ARCEP’s quality of service measurements attempt to address one market failure, which is lack of consumer information.  If a video streaming service does not function well, the consumer does not always know why.  There are many reasons why a video may not stream properly. One reason may be that the ISP has constrained its upstream transit and peering capacity. The ARCEP measurements are intended to shed light on the performance of each French Internet access provider for different kinds of applications: upload, download, peer-to-peer, and video streaming.  The idea is that if consumers have reliable access to QoS measurements, they will switch provider if their own ISP offers poor service.  Thus the market will self-regulate.

In practice, there may exist switching costs that make a change in ISP difficult.  Switching costs may exist when the consumer also purchases television services from the Internet access provider, for example.  Another reason why the market may not function correctly is if all access providers provide the same (poor) level of service.  This kind of alignment among Internet access providers would not necessarily result from an illegal agreement.  It could simply result from parallel behavior among members of an oligopoly.  For this reason, the ARCEP and other regulatory authorities in Europe have backstop authority to impose minimum quality of service levels in justified cases.  However, before imposing such measures, the regulatory authority must demonstrate to the European Commission that the measure is needed to address an actual quality of service problem.  This is another reason why it’s essential for regulatory authorities to have reliable QoS measurement tools at their disposal.

Because QoS measurements can easily be challenged, the ARCEP was careful to create an institutional structure to oversee the development of objective QoS measurements. The institutional structure involves a committee that includes representatives of Internet access providers, consumers groups and independent technical experts.

A new legislative package proposed by European Commission would increase the level of net neutrality regulation in Europe.  The so-called “Connected Continent” package would impose, and among other things, an outright prohibition of discrimination by ISPs.  Currently only the Netherlands and Slovenia have a non-discrimination obligation in their national law.  The Connected Continent package would also place constraints on ISPs’ ability to provide managed services.  The Connected Continent legislative package is still in negotiation among the European Council, the Parliament and the Commission. It is likely to be adopted in 2015.

(ARCEP published on November 21, 2014 a video interview of Winston Maxwell in which he explains the difference between the net neutrality approaches in the US and in France.)

 

 

Posted in Policy & Regulation

Beijing releases catalogue banning or restricting ‘new addition’ projects affecting high-tech field

On July 21, 2014, the Beijing municipal government published the Beijing Municipality Catalogue of Prohibited and Restricted New Addition Industries (2014 Edition) (“Beijing Catalogue”).

The Beijing Catalogue marks a significant shift towards a more restrictive investment environment, being the first example of an ‘investment’ catalogue issued in China that does not encourage or specify areas open to investment but whose sole purpose appears to be to specify areas off-limits and restricted for further investment.

It would be easy to dismiss the Beijing Catalogue as being driven by air pollution concerns, but in reality it goes a lot further than just cracking down on polluting industries, with the sectors covered ranging from manufacturing to real estate development through educational institutions and TMT. The theme seems to be more about trimming over-capacity and over-concentration of certain types of facilities and resources. The obvious question it raises and does not answer is whether this is just a local initiative or more like ‘the thin edge of the wedge,’ and we will see this pattern replicated in other major cities such as Shanghai or elsewhere in China.

Continue Reading

Posted in Telecoms & Broadband

Three Trends that May Change the Way You Think About the “Internet of Things” – Lessons from the Winnik Forum

New charging technology and more sophisticated power use are among the major new trends remaking the face of the Internet of Things, according to Aryeh Fishman, Associate General Counsel of Edison Electric Institute.  Fishman’s remarks came as leading experts in telecommunications law and policy and industry executives gathered at the Hogan Lovells 2014 Winnik International Telecomms and Internet Forum in Washington, D.C.  During a panel moderated by Hogan Lovells partner Peter Watts (London) and counsel Praveen Goyal (Washington D.C.), business executives at the forefront of the “Internet of Things” highlighted the changing nature of customers and the impact of new technologies on their respective industries.

Continue Reading