Header graphic for print

Global Media and Communications Watch

The International Legal Blog for the Tech, Media and Telecoms Industry

Posted in Digital Single Market (EU), e-commerce Dr. Nils Rauer

Cross-border parcel delivery – European Parliament approves the regulation proposal

Some time ago now, the European Commission launched an initiative to improve transparency and regulate the cross-border parcel delivery sector as part of its aspiration to create a real Digital Single Market. Clearly, no pan-European online market can exist without a functioning delivery system covering the entirety of the Union. A draft regulation on this subject was first published on 25 May 2016 (COM (2016) 285). Since then, the proposal has been debated both on a national as well as a European level and now, the European Parliament has agreed on an amended text of the regulation.

Legislative Process

The initiative goes back to a communication issued by the Commission in 2012. It emphasized the need to launch a public consultation to identify potential hurdles related to the delivery of goods purchased online, be it by consumers or companies (SMEs in particular). The Commission summarized the responses, and in 2013 issued a roadmap by way of yet another communication. In particular, the fragmented state of the cross-border parcel delivery market was highlighted as an obstacle to EU endeavours to create one single market within the Union.

The proposal for a regulation on cross-border parcel delivery services was then published on 25 May 2016. The Commission’s main objectives were to

  • Improve the market’s efficiency through effective regulatory oversight and increased competition, and
  • Improve the price transparency to reduce unjustified tariff differences as well as the prices overall.

The proposal gave rise to quite some discussion. Eventually, in mid-December 2017 the European institutions reached a then still informal understanding on the regulation’s final wording. This Tuesday, 13 March 2018, the Parliament took a formal vote on the agreed text. A large majority of 604 parliamentarians voted in favour of the regulation (report).

The coming regulation features a series of mandatory information that every parcel delivery service provider will have to submit to the national regulatory authority of its country of establishment. The regulation also establishes a mechanism by which the national regulatory authority will be able to assess the affordability of cross-border tariffs yearly. Moreover, the law will include measures to ensure a transparent and non-discriminatory cross-border access to such services.

What needs to be noted also is the fact that the regulation will leave some room for manoeuver for the Member States as regards transposition. For example, each Member State may decide which type of “effective, proportionate and dissuasive” penalties shall be enacted.

Next steps

This piece of legislation will inevitably have a significant impact on e-commerce. Although, in essence it is regulating the environment in the “real” world, European e-commerce rests on functioning cross-border delivery facilities. Therefore, it is fair to say that this regulation marks another milestone in the Commission’s ambitious Digital Single Market strategy.

The regulation still requires formal approval by the Council, which however can almost be taken for granted, considering the compromise already reached in December 2017. The approval is a matter of weeks away rather than months. The regulation will then be officially published in the Official Journal of the European Union.

Posted in Digital Single Market (EU), Policy & Regulation Dr. Nils RauerWinston MaxwellOliver Wilson

The Digital Single Market: Geoblocking regulation ready to be enacted!

The new provision on the banning of unjustified geoblocking in online sales is at the heart of the EU Commission’s aspiration and effort to create a real Digital Single Market within the European Union.

The term “geoblocking” stands for any type of technical or contractual discrimination based on the nationality or residence of a customer. It is a common phenomenon on today’s Internet. Users are often rerouted and offered differing conditions and prices depending on their IP address.

The core aim of the now finalised regulation is to prevent discrimination for consumers and companies in the context of access to websites, prices, sales or payment conditions when buying products and services in another Member State. However, there are meaningful exceptions to the new anti-geoblocking regime – in particular copyright works and sales with no cross-border element.

Legislative Process

We have followed the progress of the Commission’s initial proposal for an anti-geoblocking regulation (COM (2016) 289) very closely. For further detail, please visit our blog Global Media & Communication Watch. In particular, the difference between justified and unjustified geoblocking occupied the initial debate. For example, geoblocking may be legitimate in order to safeguard a movie or other content being watched online only within the territory the service provider has actually obtained a license for. Continue Reading

Posted in Data Protection & Privacy Winston MaxwellPatrice Navarro

Hosts of health data: certified compliant!

The Decree No 2018-137 of 26 February 2018 on the hosting of personal health data has been published on 28 February 2018 in the Official Journal.  The Decree defines notably the arrangements for implementing the procedure for certifying hosts of health data.


The Decree has been adopted pursuant to Order No 2017-27 of 12 January 2017 on the hosting of personal health data which substantially modified Article L1111-8 of the French Public Health Code (FPHC).  As a reminder, this updated version of the Article, which will enter into force on 1st April 2018, sets out a transition from an approval procedure – currently governed by the Decree No 2006-6 of 4 January 2006 – to a certification procedure by accredited bodies for certifying hosts of personal health data in digital format.

It should be noted that an approval procedure will remain applicable for hosting health data in paper form and for hosting in digital format as part of an electronic archiving service.

The new mechanism of certification is defined notably by the Shared Healthcare Information Systems Agency (“Agence des Systèmes d’Information Partagés de Santé (ASIP)”) – previously in charge of issuing the approvals – which drew up the certification reference systems of which the draft versions can be consulted on the website esante.gouv.fr and will be approved by order of the Minister for Health.  Those reference systems are composed of the Certification reference system for hosts and the Accreditation reference system for bodies wishing to issue a certification.

Continue Reading

Posted in Data Protection & Privacy Eduardo Ustaran

Is Artificial Intelligence the Ultimate Test for Privacy?

Nothing challenges the effectiveness of data protection law like technological innovation. You think you have cracked a technology neutral framework and then along comes the next evolutionary step in the chain to rock the boat. It happened with the cloud. It happened with social media, with mobile, with online behavioural targeting and with the Internet of Things. And from the combination of all of that, artificial intelligence is emerging as the new testing ground. 21st century artificial intelligence relies on machine learning, and machine learning relies on…? You guessed it: Data. Artificial intelligence is essentially about problem solving and for that we need data, as much data as possible. Against this background, data privacy and cybersecurity legal frameworks around the world are attempting to shape the use of that data in a way that achieves the best of all worlds: progress and protection for individuals. Is that realistically achievable?

At a practical level, sourcing the data required for machine learning to happen is the first battleground. The volume of data available is not a problem in itself given the exponential growth of our digital interactions. But in many cases, the ability to magically crunch the necessary data will rest with those that provide services to the owners of the data. Using European data protection jargon, those developing artificial intelligence are often processors rather than controllers. The limited decision-making power of processors when it comes to the use of data can be a serious handicap. To what extent can a vendor of technology services to a hospital use the patient data to develop more effective services? Should a cloud provider be entitled to access data it does not own to enhance its offering? The potential benefits of these activities can be substantial but they may not be directly enjoyed by the controller. However, with the right level of openness, cooperation and creativity it should be possible to enable those vendors to use their insights from the provision of the services and still retain their role as processors.

Continue Reading

Posted in Copyright, Digital Single Market (EU) Dr. Nils RauerAlastair ShawPenny Thornton

Digital Single Market – New Copyright Directive advances

On 16 January 2018, the Bulgarian Presidency of the EU Council sought guidance from the Permanent Representatives Committee (Coreper) regarding the long-debated Draft Copyright Directive. The queries focused on two issues that are still controversial: the introduction of an ancillary copyright for press publishers (Article 11 of the draft) and the establishment of new monitoring obligations for certain online service providers (the ‘value gap provisions’) (Article 13 of the draft).

Since then, Coreper has shared its view with the EU Council. Based on Coreper’s comments, the Council Presidency has drawn up a discussion paper, published on 6 February 2018, expressing its current position. The Council’s view may be summarized as follows:

Article 11: Ancillary copyright for press publishers

The paper opens with the statement that both alternatives previously discussed in the context of Article 11 of the draft directive are feasible and still on the table: the creation of a “genuine” ancillary right for press publishers and/or the statutory presumption that press publishers may enforce certain rights.

Coreper’s comments further prompt the Presidency to propose three specific revisions concerning a possible ancillary copyright: (1) so-called “snippets” shall not be exempted from the scope of such ancillary right, (2) the latter shall be limited in such a way that it may only be enforced against ISPs and not against individual users, and (3) the duration of the right (so far 20 years) shall be subject to review at a later date. The Presidency’s paper contains specific drafting suggestions on how the criteria could be phrased in the eventual directive.

Article 13: Value gap and new monitoring obligations

Regarding Article 13 of the draft directive, the Presidency’s discussion paper includes two key suggestions: defining the services affected by the new obligations in order to target precisely the services covered and, secondly, clarifying the conditions for when such a service provider is ‘communicating to the public’. The Presidency suggests that a service would be ‘communicating to the public’ “when it plays an indispensable role and intervenes in full knowledge of the consequences of its action to give the public access to copyright protected works or other protected subject matter uploaded by their users.” In these circumstances, the ISP would not be able to rely on the liability privileges set out in Article 14 of the E-Commerce Directive 2000/31. However, the paper indicates that the Presidency still sees the need for further discussion of the details, in particular whether there should be some limitation of liability, under certain conditions.


Bottom line, we have to admit that the Presidency’s current paper offers little reason to expect things to move rapidly to a final compromise now. It is apparent that all the proposals previously discussed are still on the table. Even though the drafting suggestions made for Article 11 of the draft do make sense, the main question is whether to go for an ancillary right or a statutory presumption. From an economic point of view, it seems to be fair to say that the second option could very well work for press publishers. Legal certainty could be achieved and the publisher’s position would still be strengthened.

With regard to Article 13 of the draft, it is doubtful whether the proposed definition of affected ISPs could in practice lead to clear means of distinguishing services and thus to more legal certainty. Further, the concept of ISPs being primarily liable for ‘communicating to the public’ in relation to user-uploaded content remains under discussion. If the Council’s current proposals are agreed this would have a significant impact on platforms. It is essential that this and the relationship between the exploitation of copyright and the benefit of e-commerce privileges are clarified. A new definition of what is a ‘communication to the public’ is, however, not to be recommended. At least, not if it adds further ambiguity to an already complex area.

It is again up to the internal copyright working group to come up with a (hopefully) final compromise. At the meeting on 12 February 2018, the group reportedly did not make much progress in this regard.

Posted in Data Protection & Privacy Natalia GulyaevaMaria SedykhKatherine Gasztonyi

Russia: Main Takeaways from Roskomnadzor’s Open Doors Day

Recently, the Russian Data Privacy Authority (Roskomnadzor) organized an Open Doors Day in honor of the International Data Privacy Day. During the occasion, Roskomnadzor officers presented on the authority’s 2017 enforcement activities. They followed this presentation with an open question and answer period, during which they responded to numerous questions raised by attendees. We summarize the key takeaways below.

2017 Roskomnadzor Enforcement Highlights

Data operators continue to register with the Roskomnadzor, with approximately 33,000 new data operators registering with the Roskomnadzor in 2017, bringing the total to just over 400,000 data operators registered with the authority.

Of the industries represented by the data operators, the majority of data subject complaints emanated from or related to consumers’ relationships with banks, housing services providers, and debt collection agencies. This will come as little surprise to those operating in the data protection industry, where the personal data processed in connection with these activities is generally subject to additional protections. Also of note is the volume of complaints that related to general website operators, including social media providers. The Roskomnadzor looked into the data subjects’ complaints and found violations of applicable data protection laws in 5.4% of cases.

Continue Reading

Posted in e-commerce, Policy & Regulation, Technology

Hogan Lovells Global Payments Newsletter l February 2018

Welcome to the Hogan Lovells Global Payments Newsletter. In this monthly publication we provide an overview of the most recent payments, regulatory and market developments from major jurisdictions around the world as well as sharing interesting reports and surveys on issues affecting the market.

Key developments of interest over the last month include:

Bank of Italy publishes consultation papers: On February 2018, the Bank of Italy published three consultation papers on PSD2, interchange fees for card-based payment transactions, and the EBA guidelines on product oversight and governance arrangements for retail banking products.

EBA publishes letter to European Commission: The letter, dated 26 January 2018, discusses the status of the regulatory technical standards on strong customer authentication and common and secure communication under PSD2.

ECB finalises user requirements for future RTGS services: On February 2018, the ECB published the user requirements documents relating to the Eurosystem’s future real-time gross settlement services, following approval of the TARGET2-T2S consolidation project in December 2017.

To view a PDF of the full Newsletter please click here. You can also follow us on Twitter at @HLPayments for regular news and updates.

Posted in Policy & Regulation

EU regulators warn consumers of virtual currencies bubble

Three European regulators have warned investors about the risks associated with dealing with virtual currencies, saying they are unsuitable “for most purposes, including investment and retirement planning”.

What does this mean?

The European Securities and Markets Authority, the European Banking Authority and the European Insurance and Occupational Pensions Authority have joined together to express their concern over the fact that an increasing number of consumers are buying virtual currencies without being aware of the “high risk” of losing their money.

“The [virtual currencies] currently available are a digital representation of value that is neither issued nor guaranteed by a central bank or public authority and does not have the legal status of currency or money,” the regulators cautioned in a statement.

“They are highly risky, generally not backed by any tangible assets and unregulated under EU law, and do not, therefore, offer any legal protection to consumers.”

The regulators outlined multiple risks associated with virtual currencies, such as the absence of protection or the lack of exit options and transparency.

They even went as far as saying there was a “bubble risk” as most virtual currencies are subject to high price volatility, warning consumers that they could therefore lose all their investment.

Continue Reading

Posted in Data Protection & Privacy Winston Maxwell

European Commission and Article 29 Working Party Urge Respect for International Law in Data Cases

Territoriality will continue to be one of the most vexing problems for data regulation in 2018.  One aspect of this debate relates to whether a U.S. judge can compel the disclosure of personal data located in Europe without using international treaty mechanisms.  This issue is currently being considered by the United States Supreme Court in the case United States v. Microsoft.  The case involves the question of whether a U.S. statute relating to search warrants can be interpreted as extending to a search for data located outside the United States; in this case, the data is located in Ireland.  The U.S. Court of Appeals found that, in the absence of express wording in the statute relating to extraterritorial application, the statute should be interpreted as being limited to searches conducted within the territory of the United States.  The Supreme Court is currently reviewing the case.  In December, 2017, the European Commission filed an amicus brief urging the Supreme Court to give due consideration to the principles of international comity and territoriality when interpreting the U.S. statute.

According to the European Commission:

“any domestic law that creates cross-border obligations – whether enacted by the United States, the European Union, or another state – should be applied and interpreted in a manner that is mindful of the restrictions of international law and considerations of international comity.  The European Union’s foundational treaties and case law enshrine the principles of ‘mutual regard to the spheres of jurisdiction’ of sovereign states and the need to interpret and apply EU legislation in a manner that is consistent with international law.”

Continue Reading

Posted in Policy & Regulation Mark Parsons

HKMA reboots virtual banking

On 6 February, 2018, the Hong Kong Monetary Authority (the “HKMA”) published draft revisions to its “Guideline on Authorization of Virtual Banks” (the “Draft Guideline”).

The framework will support the authorization in Hong Kong of ‘virtual banks’, defined as banks which deliver retail banking services primarily, if not entirely, through the internet or other electronic channels rather than through physical branches.

Consultation on the Draft Guideline is open to the public through 15 March, 2018.

The existing framework and the vision going forward

Once finalized, the Draft Guideline will replace the HKMA’s existing Guideline on Authorization of Virtual Banks issued on 5 May, 2000.  The original guidelines, which were largely unused, were introduced to support Hong Kong market entry by offshore licensed financial institutions through Hong Kong-based internet banking operations, which were growing in popularity at the time.

HKMA Chief Executive Officer Norman Chan signaled his intention to overhaul the virtual banking framework in his September, 2017 speech calling for a “New Era of Smart Banking” in Hong Kong. A new virtual banking framework was put forward together with a number of other proposals, including the recently launched “Open API” consultation (please see our separate briefing here).