Header graphic for print

Global Media and Communications Watch

The International Legal Blog for the Tech, Media and Telecoms Industry

Posted in Data Protection & Privacy Harriet Pearson

New York State Proposes Cybersecurity Regulation for Financial Services Institutions

shutterstock_71527090-300x194On September 12, New York Governor Andrew Cuomo broke new ground in proposing a state-level regulation that would require banks, insurance companies, and other financial services entities regulated by the New York Department of Financial Services (“NYDFS”) to establish formal cybersecurity programs.

Having a written cybersecurity policy and a designated chief information security officer responsible for overseeing a company’s cybersecurity program are only two of the requirements imposed by the proposed regulation. The proposed regulation specifies a number of minimum standards. For instance, a regulated entity’s written cybersecurity policy is expected to address, “at a minimum,” 14 different topic areas ranging from incident response to customer data privacy. It also requires that regulated entities notify NYDFS of any “material” breach 72 hours after identifying it and mandates that financial services institutions undergo an annual risk assessment and penetration testing.

Continue Reading

Posted in Digital Single Market (EU), Policy & Regulation, Spectrum, Telecoms & Broadband Charlie Hawes

DSM Watch – EU Commission’s “Connectivity Package” proposes major reforms of telecommunications law

On 14 September 2016 the Commission unveiled an ambitious overhaul of EU telecommunications law. The proposed reforms are the centrepiece of what the Commission is calling its “Connectivity Package”.

This is a bundle of legislative proposals and related initiatives released under the Commission’s Digital Single Market strategy whose common goal is to dramatically increase the speed and geographic coverage of high quality internet connectivity across the EU over the course of the next decade.

Continue Reading

Posted in Policy & Regulation, Technology, TMT2020

TMT2020: Drawing a Line in the Sandbox – Boundaries for FinTech Regulation in Singapore

EDITOR’S NOTE:  We are excited to present this entry in our TMT2020 series, which reflects the key technology, media, and telecoms legal issues that are expected to impact today’s organizations and tomorrow’s marketplace.  It also provides an opportunity to highlight contributions by TMT colleagues across our global offices and practice areas.

Singapore has a strong track-record of courting technological innovation and the people and businesses who create it. Having recently celebrated its 51st year of independence, Singapore continues its march towards becoming the world’s first Smart Nation by fully harnessing the benefits of technology to create new opportunities for businesses and consumers, and enhancing Singapore’s reputation as a global financial hub and innovation centre.

Key to achieving this vision is the creation of a conducive regulatory environment for nurturing the growth of financial technology (“FinTech“) firms and a fast-evolving, sophisticated FinTech ecosystem in Singapore. The Monetary Authority of Singapore (“MAS“), Singapore’s financial regulator and Central Bank, released a consultation paper on the proposed guidelines for a “regulatory sandbox” that will enable financial and non-financial institutions to experiment and develop new FinTech solutions in a safe environment (the “Regulatory Sandbox“). Actual regulation will only commence when FinTech companies grow to a size that could pose risks to consumers and the wider financial system. This article provides more details on the Regulatory Sandbox, as well as other recent FinTech developments in Singapore.

Click here to read more

Posted in Copyright, Digital Single Market (EU) Nils RauerEva Vonau

DSM Watch: A closer look at the draft EU Regulation on online transmissions of broadcasting organisations and closed networks

Last week, the European Commission officially released a communication on its endeavours to modernize the EU copyright rules. The paper was accompanied by several – long awaited – legislative proposals aiming for modelling future European copyright law (see blog post).

Following-up on our introductory blog post last week, we now take a closer look at the proposed Regulation on the exercise of copyright and related rights in the field of online transmission of broadcasting and retransmission of television and radio programmes.

Background

On 6 May 2015, the European Commission announced its comprehensive Strategy for a Digital Single Market. In December 2015, a first action plan for modernizing European copyright followed (see blog post). This plan already contained several – although still vague – proposals for the anticipated reform. In August 2015, the Commission launched a public consultation regarding the review of the Satellite and Cable Directive aiming at determining how content right holders and collecting societies would react to an extension of the “country of origin” principle to services transmitted via the Internet. In February 2016, the preliminary trends of the consultation were released (see blog post). The now published regulation builds on that consultation.

The objective of the proposal

The proposal focuses on two regulatory areas: (1) the extension of the “country of origin” principle to broadcasters own online services, and (2) the technologically neutral extension of the retransmission right to certain closed networks.

The Commission clearly aims at facilitating the provision of online services ancillary to broadcasts for broadcasting organizations and to (slightly) expand the existing law of cable retransmissions in a technologically neutral way. In accordance with the Strategy for a Digital Single Market, the proposal also wishes to simplify the clearing of rights of online services provided by broadcasting organizations. Particularly, the cross-border provision of radio and TV programs shall be promoted. This is to be achieved by establishing the principle of country of origin, which already applies to satellite transmissions, for services rendered via the Internet involving copyright as well as neighbouring rights.

What should be noted is the fact that the proposal has only a very limited scope, and that notably, video on demand platforms are not included.

Glossary: “Ancillary online services” and “retransmission

The proposal introduces two new definitions in Article 1 of the proposal: “ancillary online services” and “retransmission“.

Ancillary online service” covers the online services of broadcasting organisations in which they provide their own programmes simultaneously with the traditional broadcast or for a defined period of time. This shall obviously only include the current media libraries of broadcasting companies and not permanent video-on-demand services of a broadcasting organisation, nor an online service of a third party.

While the Satellite and Cable Directive (93/83/EEC) included the term “cable retransmission” the proposal for the new regulation now defines just “retransmission“. This shall mean any simultaneous, unaltered and unabridged cross-border retransmission of television or radio programmes. Explicitly exempt are “online” transmissions, cable retransmissions as defined in the Satellite and Cable Directive (93/83/EEC), and finally transmissions which are provided over an internet access service as defined in the Regulation 2015/2120. The recitals indicate that this shall include all the retransmissions in closed networks comparable to cable retransmissions but exclude broadcasts via the “open Internet“.

Extension of the country of origin principle

Article 2 of the proposal contains the extension of the “country of origin” principle to “ancillary online services“. According to this provision, the exercising of copyright and related rights relevant for providing the online service shall be deemed to occur solely in the Member State in which the broadcasting organisation has its principal establishment. In consequence, the content available in media libraries of broadcasting organisations would be deemed to be streamed solely from the country in which the broadcasting organisation has its seat. It would therefore be sufficient if the broadcasting organisation had a license to stream the content for one country to be able to open the media libraries for audiences in the whole Union.

Paragraph 2 of the Article states that, when fixing the amount of the payment to be made for the rights, the parties shall take into account all aspects of the “ancillary online services” such as its features, the intended audience and the language version. With this the proposal seems to try to live up to the legal requirements determined in the Murphy-Decision by the CJEU (CJEU, 04.10.2011 – C-403/08)

Retransmission Rights

Articles 3 and 4 of the proposal deal with the new retransmission right. As with the “cable retransmission right” the retransmission rights can only be exercised through a collective management organisation. This facilitates the licensing procedure for the retransmitting organisation tremendously because there is only one licensor to contact, who is obliged to grant a license for everyone.

Article 4 clarifies that the retransmission right is not affected if broadcasters are transmitting their own programmes. Without such clarification the broadcasting organisations possibly would have been obliged to license their own programmes via a collective management organisation.

Outlook

After reviewing the previously published documents it was to be expected that the Commission, in accordance with their Digital Single Market Strategy, would extend the “country of origin” principle on areas beyond satellite transmissions. That ‘retransmission’ is no longer restricted to cable technology is no surprise either. The proposal however regulates either case only for strictly defined, exceptional, cases. Neither Video-on-Demand Services are covered, nor are online services which provide simultaneous broadcasts of television or radio programmes that are not operated by the broadcasting organisation itself. It remains to be seen whether the guaranteed follow-up discussions will eventually lead to an extension or to an even further limitation of the scope of the regulation.

Posted in Copyright, Digital Single Market (EU)

Webinar invitation: Digital Single Market – The New European Copyright

There have been busy days in Brussels regarding the shaping of tomorrow’s copyright law in Europe. It took the Commission ten months to follow-up on its first package of copyright legislation released last December, with a second set of draft regulations and directives published on 14 September 2016.

The second legislative package truly touches upon almost everything that is hot in today’s copyright regime. Broader access to digital content, data mining, publishers’ rights in the context of a fair share of value, licensing hubs, online transmissions and retransmissions of television and radio programs, or mandatory exemptions to copyright are only a few examples reflecting the breadth and depth of the anticipated reform which the Commission is expediting under its bold leitmotif “Towards a modern, more European copyright framework”. It is fair to say that we are facing the most comprehensive revision of the European copyright environment in twenty years.

Join us on Friday 23 September, at 2:00 pm (BST) for a webinar where we will give you an overview of the anticipated reform, highlighting the most significant changes proposed by the Commission and who this affects. Our findings will be put into the broader context of the Digital Single Market strategy. We also look at the industry impact the new legislation will have in today’s digital world.

Continue Reading

Posted in Copyright Nils RauerEva Vonau

CJEU renders next landmark decision – this time on free Wi-Fi

holding-cell-phoneSo far, September has been a busy month in Luxembourg. On 8 September 2016, the Court of Justice of the European Union (CJEU) handed down a ground-breaking judgment on hyperlinking (Case Ref.: C-160/15 – GS Media, see our earlier post). On 15 September 2016, this equally important verdict followed (Case Ref.: C-484/14McFadden). The judges had to decide upon the liability of an access provider who offered his customers a free Wi-Fi connection in his shop. A customer had used the connection to illegally upload and share copyright-protected content. The shop owner referred to and defended himself with the liability privilege available for access providers under European law. It was now for the CJEU to rule whether such defense was actually available.

Background

The case was originally referred to the CJEU by the Regional Court of Munich. The German judges are required to decide on a lawsuit brought against a shop owner called Tobias McFadden by the plaintiff, Sony Music Entertainment Germany. Mr. McFadden, whilst running a business for sale and renting out lighting and sound systems, offered his customers a free Wi-Fi connection at his premises. In September 2010, one of his customers unlawfully uploaded a copyright work via Mr. McFadden´s Wi-Fi. Shortly after this, Sony being the rightful owner of the content sued the shop owner seeking  injunctive relief and damages. Mr. McFadden argued that the liability privilege for access providers set out in Sec. 8 of the German Tele Media Act freed him from any responsibility regarding his customers’ actions. This privilege derives from Article 12(1) of the E-Commerce Directive 2001/31. However, the Munich court did not seem prepared to follow this argument and considered an indirect liability on the basis of a breach of duty of care – the so-called “Störerhaftung“. In order to clarify several questions involving the interpretation and application of Article 12(1) of the E-Commerce Directive, the court submitted in total nine questions to the CJEU.

Continue Reading

Posted in Technology

Hogan Lovells’ 5th Annual Winnik Forum – The Internet of Things: The Legal Challenges and Opportunities

What are the legal implications of the Internet of Things (IoT) in the U.S. and around the world?
How do we mitigate the risks to consumer privacy and data security?
How do we meet IoT’s demands on infrastructure?

 

Join us for Hogan Lovells’ 5th Annual Winnik International Telecoms and Internet Forum on 1 November, in Washington, D.C., for a global gathering of policy makers, industry executives, and legal experts from around the world.  This year, we will discuss what and how to address the legal issues and opportunities that the IoT raises with subject matter experts from the U.S., France, Mexico, Hong Kong, and other jurisdictions.

Forum themes:

Protecting Your Privacy in the IoT
IoT in Our Daily Lives
Spectrum: Powering the IoT 
The Security Challenges of the IoT
IoT International Regulatory Compliance Risks

 

The program will begin with breakfast and time to network with your peers, followed by panel discussions and demos of smart products. The day will conclude with a cocktail reception, giving attendees a chance to continue the conversation.

For more information, please contact Jessica Garcia.

Posted in Technology

Blockchain in Africa

What is Blockchain?

You may have heard this term and wondered what it is (as have most of us). A blockchain is in essence a distributed digital database which maintains a list of records.

Members (with access to the database) validate the data in a specific block by means of a consensus of members using algorithmic calculations which utilize cryptography (methods vary depending on the technology and database involved) – I know, sounds very techie, because it is! Validated blocks are then linked in sequence to the preceding blocks by using timestamps and other unique information, creating a chain of blocks of information (hence the term blockchain).

Sequentially added blocks are almost impossible to change once validated and stored on the relevant blockchain. Blockchains can either be public (or permissionless) or private (or permissioned), depending on their purpose. A public blockchain means that anyone running the relevant blockchain protocol can read or write information to the blockchain; a private blockchain means that only designated users can read or write to the blockchain. Blockchain technology is revolutionary in the sense that it allows parties to transact directly with each other without the need for third party intermediaries as central trusted counterparties, as this comfort is provided by way of the mutual consensus of members.

What is Blockchain’s potential in Africa?

Smart Contracts

For a continent which has a reputation for corruption and patronage, smart contacts written on a blockchain platform could prove an effective mechanism  for making business dealings more transparent and less vulnerable to untoward influence and outcomes. Here’s how.

Smart contracts are programs that facilitate, verify, or enforce the negotiation or performance of a conventional contract.  The computer code for a smart contract may itself be stored on a blockchain ledger, and this code will be intended to validate and execute whatever terms have been agreed by the parties to the smart contract.  Likewise, for smart contracts residing on a blockchain ledger, the outputs of the code (that is, the actions required by the contract, such as making a payment or exercising an option) will also be stored in the ledger where network participants validate both the contract and the outputs produced by the code.

They also have the potential to make agreements and their management more efficient by removing the need for third parties to implement and execute the subject matter of an agreement between parties. This independent consensus is achieved by limiting the smart contract ascertainable data points, which are always objectively verifiable. This independent assessment and implementation of agreed terms would provide international investors, intent on complying with ABC laws and policies, additional comfort and certainty.

Could this be the solution international investors have been waiting for in Africa?

Financial Services

Traditional financial institutions and entrepreneurs in Africa have dedicated more and more  resources to developing and implementing applications for blockchain and related technologies throughout 2016. Much of the focus has been on developing applications to make traditional financial service offerings, such as settlement, clearing of trade and remittances of funds, more accessible and efficient.  In Africa this technology is particularly appealing as it will make financial services available to a greater number of Africans (approximately 80% of which are currently unbanked according to the World Bank: the Global Findex Database 2014: Measuring Financial Inclusion around the World.) and allows for the reduction of counterparty risk.

In South Africa in particular traditional banks have been investing and collaborating to develop and implement new blockchain technology and uses. In July 2016, Absa Bank Limited, a subsidiary of Barclays Bank, joined R3, the international blockchain consortium, as its first African member. The R3 consortium members intend collaborating on the development of commercial applications for distributed and shared ledger technology which is very exciting news both for the industry and the end-user.

Various African fintech startups pitched new products at SWIFT African Regional Conference in Mauritius on May 18 2016. At the conference a range of potential use cases were highlighted, including products:

– which focus on remittances of money, as despite Africa receiving remittances from friends and family around the world estimated at USD 60 billion, Africans still pay the highest transaction fees in the world.

– which allow individuals and business to make payments to and from certain African nations with developed ICT infrastructure,  accept Bitcoins around the world and exchange Bitcoins for local currency

– which aimed to turn digital currency into funding for renewable energy programs  which could provide international revenue to investors and generate returns of approximately 10% per annum. The product would achieve this by crowd funding renewable projects for potential investors to choose and allowing the investor to participate via a traditional bank account or Bitcoin.

The evolution of such companies makes it is clear that Africa has embraced the disruption that fintech and blockchain is creating in the way banking and financial services are traditionally rendered.

Most recently the governor of the South African Reserve Bank (“the SARB”) attended a cybersecurity conference in Johannesburg and remarked that the SARB was “…open to innovations despite the different opinions of regulators on matters such as cryptocurrencies. We are willing to consider the merits and risks of blockchain technology and other distributed ledgers“, which suggests that the SARB, and potentially other African regulators, may well be more receptive and response to the adoption of virtual currencies in the years to come.

What could inhibit the use of blockchain in Africa?

Internet Access

For blockchain based applications to run, users need access to the internet and with many African homes struggling to have consistent running water or a reliable source of electricity, internet access is low down on their list of priorities. It will take a number of years before internet access becomes more widely available across the continent (up from 10% in 2010 to 20% in 2014 in according to Ernst and Young – Africa 2030: Realizing the possibilities, which once achieved will increase the rate at which new technologies, such as blockchain based cryptocurrencies are adopted and accepted.

Regulation

African regulators can be unpredictable at the best of times regarding their application of the law, in particular in relation to disruptive technologies. Think of Uber, which develops too fast for the legislation and regulation needed to regulate it to keep up. As a result any companies operating in the fintech space on a pan-African basis must comply with complex regulations which are different between both countries and regions, not to mention a government’s appetite to embrace it (or not!).

Security and Confidentiality

Transaction confidentiality is of huge importance for a number of multi-nationals, states and parastatals. The validation by mutual consent of the blockchain, one of blockchain’s biggest benefits, may also be its Achilles heel, as it would potentially allow competitors to view certain details of each other’s transactions if the records are not appropriately anonymised or databases permissioned. This is why there is a concerted effort to keep certain information confidential while still allowing for distributed ledger consensus.

The various hacking scandals surrounding Bitcoin and other cryptocurrencies, most recently the US$60 million lost by Bitfinex and the hack on the DAO, also leads to hesitancy in adopting what appears to be a currency vulnerable to hackers and thieves.

Digital currency exchanges will have to think long and hard about how they intend to optimally secure their respective exchanges, comply with securities regulation (at home and abroad) and maintain the ability of users to validate assets and transactions by mutual consensus, without leading to system vulnerability.

Notwithstanding these challenges, the prospects for blockchain look bright for companies and states willing to take explore new technologies. In financial services in particular, blockchain promises a future where some of the complexity associated with traditional market infrastructure can be replaced with much more streamlined and processes and systems.

New use cases are being rapidly researched, developed and engineered including Smart Assets (think digitisation of the components in a supply chain and the almost instantaneous recordal on a shared ledger), Clearing and Settlement solutions which minimise associated costs such as CSDs and collateral management facilities and blockchain voting, which would entail voters’ individual ballots being recorded and uploaded onto unpermissioned databases (without disclosing their identities) and released for public inspection and validation, as opposed to the current system of vendor confirmation (of the electronic voting software utilised) or manual ballot counting commonly used in Africa.

So the future looks bright, the future is blockchain.

Posted in Digital Single Market (EU), e-commerce Falk SchoeningPeter Citron

European Commission’s e-commerce sector inquiry – increasing antitrust heat

ACEROnline sales are not only attracting the attention of consumers and tech businesses, but also increased review by antitrust regulators. The European Commission yesterday published a detailed 290 page preliminary report on its e-commerce sector inquiry.

While commenting on the release of the report, EU Competition Commissioner Margrethe Vestager stated that the report should be “a trigger for companies to review their current distribution contracts and bring them in line with EU competition rules if they are not“. She states that the information from the sector inquiry will help the European Commission spot cases where there may be a competition law infringement, and, if necessary, take action in those cases. The European Commission is therefore preparing not only for new regulatory proposals, but for infringement actions against individual companies, in particular as regards geo-blocking. Geo-blocking refers to practices used by online sellers that result in the denial of access to websites based in other EU Member States.

Businesses should be aware that this is not only relevant for EU-based entities, but for all companies selling online or distributing content in the EU, including many US-based companies.

Continue Reading

Posted in Data Protection & Privacy Mark Parsons

Philippines Finalizes Data Privacy Act Implementing Rules

shutterstock_230063500-300x300The Philippines Data Privacy Regime

The Philippines’ first comprehensive data protection law, the Data Privacy Act of 2012 (the “Act“), took effect on 8 September 2012. The Act mandated the creation of a National Privacy Commission (“NPC“) to implement, enforce and monitor compliance with the Act, with one of its duties to promulgate rules and regulations to effectively implement the provisions of the Act. It was not until March 2016 that the NPC was officially formed, and soon after issued draft implementing rules and regulations of the Act (“IRRs“). Following a period of public consultation, the IRRs were finalised and formally promulgated on 24 August 2016 and will come into effect today, 9 September 2016.

The IRRs and their Impact

The IRRs will have a significant impact on business in the Philippines generally and on the Philippines’ IT and business process outsourcing (“IT/BPO“) industry – an industry reportedly worth over USD 20 billion in the Philippines and the largest contributor to the country’s GDP.

Indeed, one of the main drivers behind the Act was to bring the Philippines in line with international data protection standards to encourage investment and maintain the country’s position as a leading IT/BPO outsourcing destination. Importantly, the IRRs apply to both “personal information controllers” – those who control the processing of personal data, and “personal information processors” – those engaged by personal information controllers to process personal data on their behalf. This means that both customers that use data processing facilities in the Philippines and IT/BPO vendors themselves will need to comply. Personal information does not need to relate to Philippine residents in order to warrant protection.

Continue Reading