Header graphic for print
Global Media and Communications Watch The International Legal Blog for the Tech, Media and Telecoms Industry

Winston Maxwell

Posts by Winston Maxwell
Posted in Internet, Policy & Regulation Photo of Winston Maxwell

Internet of Things – A Fast Forward to the Future

On Monday, April 29th 2019, policy makers and industry representatives from different IoT ‘verticals’ (agriculture, automotive, health, energy, aerospace) gathered in Brussels at the initiative of Vodafone to launch a conversation about the future policies applicable to the Internet of Things (IoT) in Europe. Global Players Require Global Regulation      The debate emphasized how global any approach to IoT regulation should be. All participants agreed that Europe should and must be competitive on the IoT market globally. One aspect of such competitiveness may reside in the interoperability of IoT within Europe,

Posted in Copyright, Policy & Regulation Photo of Penny ThorntonPhoto of Alastair ShawPhoto of Morten PetersennPhoto of Winston MaxwellPhoto of Benedikt LüthgePhoto of Alberto BellanPhoto of Anne Schmitt

DSM Watch: EU Copyright Directive clears the finish line

On 15th April the Council of the European Union adopted the EU Copyright Directive (the “Directive”), ending a negotiation process which first started with the Commission’s proposal for a new Directive in early 2016. After publication in the Official Journal of the EU, Member States will have two years to implement the Directive. In Council the UK voted to adopt the Directive, but it’s by no means certain that the UK will implement it. If the UK leaves the EU without a deal it will not be bound to do so,

Posted in Copyright, Digital Single Market (EU) Photo of Penny ThorntonPhoto of Alastair ShawPhoto of Morten PetersennPhoto of Winston MaxwellPhoto of Benedikt LüthgePhoto of Alberto BellanPhoto of Anne Schmitt

DSM Watch: EU Copyright Directive clears the finish line

Today the Council of the European Union adopted the EU Copyright Directive (the “Directive”), ending a negotiation process which first started with the Commission’s proposal for a new Directive in early 2016. After publication in the Official Journal of the EU, Member States will have two years to implement the Directive. In Council the UK voted to adopt the Directive, but it’s by no means certain that the UK will implement it.  If the UK leaves the EU without a deal it will not be bound to do so, nor

Posted in Copyright, Intellectual Property, Policy & Regulation Photo of Alastair ShawPhoto of Penny ThorntonPhoto of Winston MaxwellPhoto of Morten PetersennPhoto of Alberto BellanPhoto of Anne SchmittPhoto of Benedikt Lüthge

DSM Watch: Navigating Article 13 (now 17) of the Copyright Directive

On 26 March 2019 the EU Parliament voted to pass the draft Copyright Directive (“Directive”) into EU law.  After adoption by the EU Council (representatives of Member State governments) and official publication, the EP’s adopted text will become EU law. Member States will then have until mid-2021 to implement it into their national laws. DSM Watch has already overviewed the whole Directive here, and looked at Article 11 on a new press publishers’ right (re-numbered Article 15 in the adopted text) here. Now we take a deeper dive into the heavily debated

Posted in Copyright, Digital Single Market (EU), Intellectual Property, Policy & Regulation Photo of Benedikt LüthgePhoto of Alastair ShawPhoto of Penny ThorntonPhoto of Winston MaxwellPhoto of Morten PetersennPhoto of Alberto BellanPhoto of Anne Schmitt

DSM Watch: Copyright Directive press publishers’ rights: final edition of Article 11 is now Article 15

Yesterday (26 March 2019) the EU Parliament voted to pass the draft Copyright Directive into EU law.  After adoption by the EU Council (representatives of Member State governments) and official publication, the EP’s adopted text will become EU law. Member States will then have until mid-2021 to implement it into their national laws. DSM Watch has already overviewed the whole Directive here, and looked at Article 13 on liability of user-uploaded content services (re-numbered Article 17 in the adopted text) here. Now we take a deeper dive into the heavily debated

Posted in Copyright, Digital Single Market (EU) Photo of Penny ThorntonPhoto of Alastair ShawPhoto of Winston MaxwellPhoto of Morten PetersennPhoto of Anne SchmittPhoto of Benedikt LüthgePhoto of Alberto Bellan

DSM Watch: EU Copyright Directive passed by European Parliament

Today the EU Parliament voted to pass the draft Copyright Directive into EU law.  After adoption by the EU Council (representatives of Member State governments) and official publication, it will become EU law.   Member States will then have until mid-2021 to implement it into their national laws.   Despite substantial opposition from blocks of MEPs and the large numbers of the general public, the final text does include the controversial press publishers’ right (Article 11) and content sharing service provider liability regime (Article 13).  But that is not the whole story: the

Posted in Internet, Policy & Regulation, Telecoms & Broadband Photo of Winston MaxwellPhoto of Mark BrennanPhoto of Arpan Sura

Study shows complexity and uncertainty of IoT regulation in Europe

A Hogan Lovells study comparing of regulatory requirements in the European Union, United States, and China shows the complexity and uncertainty of the regulatory framework relevant to Internet of Things (IoT) in Europe. The number of telecoms regulatory constraints affecting IoT in the EU is almost twice as high as in the United States and China. Federal Communications Commission (FCC) Chairman Ajit Pai compares the global race to 5G with World Cup football: “When it comes to 5G, we need to keep the playbook fresh and forward leaning.”[1] Outdated regulations

Posted in Copyright, Digital Single Market (EU), Policy & Regulation Photo of Alastair ShawPhoto of Penny ThorntonPhoto of Winston MaxwellPhoto of Morten PetersennPhoto of Alberto BellanPhoto of Anne SchmittPhoto of Benedikt Lüthge

DSM Watch: EU Copyright Directive, the big picture

Agreement on a compromise text for the new Copyright Directive was reached between Member State government representatives, EU Parliament representatives and the EU Commission last week (see our “Breakthrough” post). On 20 February 2019, EU Governments formally voted, by a majority, to approve that compromise text: Italy, Poland, Luxembourg, the Netherlands and Finland opposed it; Belgium and Slovenia abstained.   However, it is not yet law despite some headlines which one may see in the popular press. But now that the draft text has stabilised, at least for the time being,

Posted in Data Protection & Privacy, Policy & Regulation Photo of Winston MaxwellPhoto of Christine Gateau

An Approach for Setting Administrative Fines Under the GDPR

Article 83 of the GDPR provides for two levels of administrative fines: a lower level – maximum of €10 million or 2% of the global turnover – for violations relating to record-keeping, data security, data protection impact assessments, data protection by design and default, and data processing agreements; and a higher level – maximum of €20 million or 4% of the global turnover – for violations relating to data protection principles, the legal basis for processing, information to data subjects, the prohibition of processing sensitive data, denial of data subjects’

Posted in Internet, Policy & Regulation Photo of Winston Maxwell

Using artificial intelligence to fight hate speech

Hogan Lovells partner Winston Maxwell spoke at the executive roundtable on artificial intelligence and online hate speech, organised on January 31, 2019 by CERRE, the Centre on Regulation in Europe. The goal of the roundtable was to discuss what measures should be adopted to fight hate speech online and to look at the pros and cons of using machine-learning in that context.

Posted in Data Protection & Privacy, Policy & Regulation, Technology Photo of Winston MaxwellPhoto of John Salmon

EU: Are blockchain and data protection incompatible?

Since publishing the original version of our guide to blockchain and data protection in September 2017, there has been considerable further commentary from academics, politicians and practitioners, some of which suggested that there is inherent incompatibility of blockchain systems with EU data protection law. This updated version of our guide puts forward our views on this question, offering a more optimistic view. In addition, we also address the key data protection issues that will arise in any blockchain project in the EU, including: Does the blockchain process personal data? Is a

Posted in Cybersecurity, Data Protection & Privacy, Licensing, Policy & Regulation, Technology Photo of Winston MaxwellPhoto of Mark BrennanPhoto of Arpan Sura

Hogan Lovells publishes Demystifying the U.S. CLOUD Act

Hogan Lovells has published Demystifying the U.S. CLOUD Act, a detailed analysis of the impact of the Clarifying Lawful Overseas Use of Data Act (CLOUD Act) on non-U.S. businesses and individuals who use cloud storage solutions. Demystifying the U.S. CLOUD Act was written by Hogan Lovells partners Winston Maxwell and Mark Brennan, and senior associate Arpan Sura. The report specifically focuses on language in the CLOUD Act that allows U.S. law enforcement agencies, under certain circumstances, to lawfully demand data stored in foreign countries from entities subject to U.S. jurisdiction.

Posted in Data Protection & Privacy Photo of Christine GateauPhoto of Winston MaxwellPhoto of Eduardo Ustaran

The General Data Protection Regulation timidly opens the doors to data class actions in Europe

More than 15 years after the adoption of the Data Protection Directive1, the European Commission noticed that the current legislative framework on data protection did not adequately deal with the risks associated with online activity2. Acknowledging this, the General Data Protection Regulation (GDPR)3 was finally adopted by the European Parliament on 14 April 2016, entering into force in May 2016 and becoming directly applicable in all Member States on 25 May 20184. The GDPR targets the data controller or its processor and provides a set of standardised rules relating to

Posted in Data Protection & Privacy Photo of Christine GateauPhoto of Winston MaxwellPhoto of Christelle CoslinPhoto of Pauline Faron

French initiatives: “class action” or “collective action” for personal data protection?

Both the French Council of State in its annual report for 2014 as well as the National Digital Council (hereinafter, “CNNum”) in its “Digital Ambition” report voiced support for the creation of an action enabling consumers to collectively seek redress for violations of regulations protecting personal data. However, their recommendations are different regarding the goal of this action. After some hesitation and numerous debates, the collective action for data protection finally became a reality in November 2016 thanks to the adoption of the law on the modernisation of 21st century

Posted in Data Protection & Privacy Photo of Christine GateauPhoto of Winston MaxwellPhoto of Eduardo Ustaran

Four key lessons when facing data class actions in Europe

Could the GDPR give rise to forum shopping and are there any pre-litigation strategies that should be considered? Here, we review four key elements that should be kept in mind in respect of data class actions in the EU. Damages In the US, many class actions are dismissed for lack of ‘standing’, i.e. because the litigants do not demonstrate that they suffered an ‘injury in fact’ that is concrete and actual or imminent. Does the US ‘injury in fact’ standard apply for data class actions in Europe? Under the GDPR,

Posted in Data Protection & Privacy Photo of Winston MaxwellPhoto of Harriet PearsonPhoto of John SalmonPhoto of Eduardo Ustaran

Getting to data nirvana – a user’s guide to data lakes and GDPR

A data lake is an infrastructure that permits different data sets from within a group to be combined and analysed together. To analyse a data lake under GDPR, it is helpful to think of a data lake in two phases, which we analyse in our user guide. The infrastructure phase Here, the guide covers: Identify the entity that is hosting the data lake. Implement an intragroup data processing agreement. Check data localisation rules. Data protection impact assessment. Data lake governance committee. The applications phase Specifically, we look at: Data lake service

Posted in Data Protection & Privacy Photo of Winston MaxwellPhoto of Sam Choi

The starting point for a big data project: the privacy impact assessment

The era of big data is here. Although we are yet to see its full potential, the use of big data analytics is already proving invaluable to businesses and its applications have been found in numerous and diverse sectors. However, the use of big data has also brought much controversy, particularly when it involves sensitive information, concerns children, minorities or other vulnerable people, or where the decision-making has a significant impact on individuals. As both public interest and regulatory scrutiny in artificial intelligence, machine learning and big data continues to build,

Posted in Data Protection & Privacy, Policy & Regulation Photo of Winston MaxwellPhoto of Harriet PearsonPhoto of John SalmonPhoto of Eduardo Ustaran

Getting to data nirvana – regulatory silo-busting to optimize risk management

“Getting to Data Nirvana” is our four-step approach to help you integrate your legal, regulatory and compliance work streams into your organisation’s overall data strategy. The job of the legal and compliance teams is to make sure that their company’s data projects do not breach applicable laws. Their task is not easy because the number of laws regulating the processing of data – particularly personal data – are increasing multiplying worldwide. However, a focus solely on data compliance can prevent broader thinking about data strategy, and how legal and regulatory

Posted in Data Protection & Privacy, Policy & Regulation Photo of Winston MaxwellPhoto of Harriet PearsonPhoto of John SalmonPhoto of Eduardo Ustaran

Getting to data nirvana – using the GDPR to create data value

“Getting to Data Nirvana” is our four-step approach to help you integrate your legal, regulatory and compliance work streams into your organisation’s overall data strategy. The job of the legal and compliance teams is to make sure that their company’s data projects do not breach applicable laws. Their task is not easy because the number of laws regulating the processing of data – particularly personal data – are increasing multiplying worldwide. However, a focus solely on data compliance can prevent broader thinking about data strategy, and how legal and regulatory

Posted in Data Protection & Privacy, Policy & Regulation Photo of Winston MaxwellPhoto of Harriet PearsonPhoto of John SalmonPhoto of Eduardo Ustaran

Getting to data nirvana – understanding data value and ownership

“Getting to Data Nirvana” is our four-step approach to help you integrate your legal, regulatory and compliance work streams into your organisation’s overall data strategy. The job of the legal and compliance teams is to make sure that their company’s data projects do not breach applicable laws. Their task is not easy because the number of laws regulating the processing of data – particularly personal data – are increasing multiplying worldwide. However, a focus solely on data compliance can prevent broader thinking about data strategy, and how legal and regulatory

Posted in Data Protection & Privacy, Policy & Regulation Photo of Winston MaxwellPhoto of Patrice Navarro

One day before the entry into force of the GDPR, the French bill is adopted… but referred to the French Constitutional Council (“Conseil Constitutionnel”)

The General Data Protection Regulation (GDPR) will enter into force on 25 May 2018. In light of the urgency to adapt Law no. 78-17 dated 6 January 1978 to the new European Union law, the French Government has initiated an accelerated procedure. This procedure led to the adoption in final reading by the French National Assembly of the bill on personal data protection on 14 May 2018. However, some French Senators lodged a constitutional complaint against the said law on 16 May 2018. The bill on personal data protection aims to adapt the “French Data Protection” Act

Posted in Cybersecurity, Data Protection & Privacy Photo of Timothy TobinPhoto of Winston Maxwell

Straight Talks podcast: Data privacy and cybersecurity in the age of rolling smart devices

The U.S. Environmental Protection Agency was created in 1970 to safeguard the environment against pollutants. The tidal wave of environmental regulations that followed impacted every industry in the United States, especially the automotive market. Decades later, organizations have internalized these regulations into their culture. Today, the European Union’s General Data Protection Regulation (GDPR) is driving a regulatory wave of similar scope, but now the need is to safeguard data against cyber attacks and privacy breaches. And once again, the automobile industry will feel the regulatory impact. Autonomous and connected vehicles

Posted in Digital Single Market (EU), Policy & Regulation Photo of Winston MaxwellPhoto of Oliver Wilson

The Digital Single Market: Geoblocking regulation ready to be enacted!

The new provision on the banning of unjustified geoblocking in online sales is at the heart of the EU Commission’s aspiration and effort to create a real Digital Single Market within the European Union. The term “geoblocking” stands for any type of technical or contractual discrimination based on the nationality or residence of a customer. It is a common phenomenon on today’s Internet. Users are often rerouted and offered differing conditions and prices depending on their IP address. The core aim of the now finalised regulation is to prevent discrimination for

Posted in Data Protection & Privacy Photo of Winston MaxwellPhoto of Patrice Navarro

Hosts of health data: certified compliant!

The Decree No 2018-137 of 26 February 2018 on the hosting of personal health data has been published on 28 February 2018 in the Official Journal.  The Decree defines notably the arrangements for implementing the procedure for certifying hosts of health data. Context The Decree has been adopted pursuant to Order No 2017-27 of 12 January 2017 on the hosting of personal health data which substantially modified Article L1111-8 of the French Public Health Code (FPHC).  As a reminder, this updated version of the Article, which will enter into force