Winston Maxwell

Posted on June 14th, 2019 By Winston Maxwell and Estelle-Marguerite Devisme Posted in Internet, Policy & Regulation

Internet of Things – A Fast Forward to the Future

On Monday, April 29th 2019, policy makers and industry representatives from different IoT ‘verticals’ (agriculture, automotive, health, energy, aerospace) gathered in Brussels at the initiative of Vodafone to launch a conversation about the future policies applicable to the Internet of Things (IoT) in Europe. Global Players Require Global Regulation The debate emphasized how global any approach to IoT regulation should be. All participants agreed that Europe should and must be competitive on the IoT market globally. One aspect of such competitiveness may reside in the interoperability of IoT within Europe,

Posted on April 18th, 2019 By Penny Thornton, Alastair Shaw, Morten Petersenn, Winston Maxwell, Benedikt Lüthge, Alberto Bellan and Anne Schmitt Posted in Copyright, Policy & Regulation

DSM Watch: EU Copyright Directive clears the finish line

On 15th April the Council of the European Union adopted the EU Copyright Directive (the “Directive”), ending a negotiation process which first started with the Commission’s proposal for a new Directive in early 2016. After publication in the Official Journal of the EU, Member States will have two years to implement the Directive. In Council the UK voted to adopt the Directive, but it’s by no means certain that the UK will implement it. If the UK leaves the EU without a deal it will not be bound to do so,

Posted on April 15th, 2019 By Penny Thornton, Alastair Shaw, Morten Petersenn, Winston Maxwell, Benedikt Lüthge, Alberto Bellan and Anne Schmitt Posted in Copyright, Digital Single Market (EU)

DSM Watch: EU Copyright Directive clears the finish line

Today the Council of the European Union adopted the EU Copyright Directive (the “Directive”), ending a negotiation process which first started with the Commission’s proposal for a new Directive in early 2016. After publication in the Official Journal of the EU, Member States will have two years to implement the Directive. In Council the UK voted to adopt the Directive, but it’s by no means certain that the UK will implement it. If the UK leaves the EU without a deal it will not be bound to do so, nor

Posted on April 1st, 2019 By Alastair Shaw, Penny Thornton, Winston Maxwell, Morten Petersenn, Alberto Bellan, Anne Schmitt and Benedikt Lüthge Posted in Copyright, Intellectual Property, Policy & Regulation

DSM Watch: Navigating Article 13 (now 17) of the Copyright Directive

On 26 March 2019 the EU Parliament voted to pass the draft Copyright Directive (“Directive”) into EU law. After adoption by the EU Council (representatives of Member State governments) and official publication, the EP’s adopted text will become EU law. Member States will then have until mid-2021 to implement it into their national laws. DSM Watch has already overviewed the whole Directive here, and looked at Article 11 on a new press publishers’ right (re-numbered Article 15 in the adopted text) here. Now we take a deeper dive into the heavily debated

Posted on March 27th, 2019 By Benedikt Lüthge, Alastair Shaw, Penny Thornton, Winston Maxwell, Morten Petersenn, Alberto Bellan and Anne Schmitt Posted in Copyright, Digital Single Market (EU), Intellectual Property, Policy & Regulation

DSM Watch: Copyright Directive press publishers’ rights: final edition of Article 11 is now Article 15

Yesterday (26 March 2019) the EU Parliament voted to pass the draft Copyright Directive into EU law. After adoption by the EU Council (representatives of Member State governments) and official publication, the EP’s adopted text will become EU law. Member States will then have until mid-2021 to implement it into their national laws. DSM Watch has already overviewed the whole Directive here, and looked at Article 13 on liability of user-uploaded content services (re-numbered Article 17 in the adopted text) here. Now we take a deeper dive into the heavily debated

Posted on March 26th, 2019 By Penny Thornton, Alastair Shaw, Winston Maxwell, Morten Petersenn, Anne Schmitt, Benedikt Lüthge and Alberto Bellan Posted in Copyright, Digital Single Market (EU)

DSM Watch: EU Copyright Directive passed by European Parliament

Today the EU Parliament voted to pass the draft Copyright Directive into EU law. After adoption by the EU Council (representatives of Member State governments) and official publication, it will become EU law. Member States will then have until mid-2021 to implement it into their national laws. Despite substantial opposition from blocks of MEPs and the large numbers of the general public, the final text does include the controversial press publishers’ right (Article 11) and content sharing service provider liability regime (Article 13). But that is not the whole story: the

Posted on March 20th, 2019 By Winston Maxwell, Mark Brennan and Arpan Sura Posted in Internet, Policy & Regulation, Telecoms & Broadband

Study shows complexity and uncertainty of IoT regulation in Europe

A Hogan Lovells study comparing of regulatory requirements in the European Union, United States, and China shows the complexity and uncertainty of the regulatory framework relevant to Internet of Things (IoT) in Europe. The number of telecoms regulatory constraints affecting IoT in the EU is almost twice as high as in the United States and China. Federal Communications Commission (FCC) Chairman Ajit Pai compares the global race to 5G with World Cup football: “When it comes to 5G, we need to keep the playbook fresh and forward leaning.”[1] Outdated regulations

Posted on February 26th, 2019 By Alastair Shaw, Penny Thornton, Winston Maxwell, Morten Petersenn, Alberto Bellan, Alya Bloum, Anne Schmitt and Benedikt Lüthge Posted in Copyright, Digital Single Market (EU), Policy & Regulation

DSM Watch: EU Copyright Directive, the big picture

Agreement on a compromise text for the new Copyright Directive was reached between Member State government representatives, EU Parliament representatives and the EU Commission last week (see our “Breakthrough” post). On 20 February 2019, EU Governments formally voted, by a majority, to approve that compromise text: Italy, Poland, Luxembourg, the Netherlands and Finland opposed it; Belgium and Slovenia abstained. However, it is not yet law despite some headlines which one may see in the popular press. But now that the draft text has stabilised, at least for the time being,

Posted on February 21st, 2019 By Winston Maxwell and Christine Gateau Posted in Data Protection & Privacy, Policy & Regulation

An Approach for Setting Administrative Fines Under the GDPR

Article 83 of the GDPR provides for two levels of administrative fines: a lower level – maximum of €10 million or 2% of the global turnover – for violations relating to record-keeping, data security, data protection impact assessments, data protection by design and default, and data processing agreements; and a higher level – maximum of €20 million or 4% of the global turnover – for violations relating to data protection principles, the legal basis for processing, information to data subjects, the prohibition of processing sensitive data, denial of data subjects’

Posted on February 7th, 2019 By Winston Maxwell Posted in Internet, Policy & Regulation

Using artificial intelligence to fight hate speech

Hogan Lovells partner Winston Maxwell spoke at the executive roundtable on artificial intelligence and online hate speech, organised on January 31, 2019 by CERRE, the Centre on Regulation in Europe. The goal of the roundtable was to discuss what measures should be adopted to fight hate speech online and to look at the pros and cons of using machine-learning in that context.

Posted on January 24th, 2019 By Winston Maxwell and John Salmon Posted in Data Protection & Privacy, Policy & Regulation, Technology

EU: Are blockchain and data protection incompatible?

Since publishing the original version of our guide to blockchain and data protection in September 2017, there has been considerable further commentary from academics, politicians and practitioners, some of which suggested that there is inherent incompatibility of blockchain systems with EU data protection law. This updated version of our guide puts forward our views on this question, offering a more optimistic view. In addition, we also address the key data protection issues that will arise in any blockchain project in the EU, including: Does the blockchain process personal data? Is a

Posted on January 16th, 2019 By Winston Maxwell, Mark Brennan and Arpan Sura Posted in Cybersecurity, Data Protection & Privacy, Licensing, Policy & Regulation, Technology

Hogan Lovells publishes Demystifying the U.S. CLOUD Act

Hogan Lovells has published Demystifying the U.S. CLOUD Act, a detailed analysis of the impact of the Clarifying Lawful Overseas Use of Data Act (CLOUD Act) on non-U.S. businesses and individuals who use cloud storage solutions. Demystifying the U.S. CLOUD Act was written by Hogan Lovells partners Winston Maxwell and Mark Brennan, and senior associate Arpan Sura. The report specifically focuses on language in the CLOUD Act that allows U.S. law enforcement agencies, under certain circumstances, to lawfully demand data stored in foreign countries from entities subject to U.S. jurisdiction.

Posted on August 14th, 2018 By Christine Gateau, Winston Maxwell, Christelle Coslin and Pauline Faron Posted in Data Protection & Privacy

French initiatives: “class action” or “collective action” for personal data protection?

Both the French Council of State in its annual report for 2014 as well as the National Digital Council (hereinafter, “CNNum”) in its “Digital Ambition” report voiced support for the creation of an action enabling consumers to collectively seek redress for violations of regulations protecting personal data. However, their recommendations are different regarding the goal of this action. After some hesitation and numerous debates, the collective action for data protection finally became a reality in November 2016 thanks to the adoption of the law on the modernisation of 21st century

Posted on June 11th, 2018 By Winston Maxwell, Harriet Pearson, John Salmon and Eduardo Ustaran Posted in Data Protection & Privacy, Policy & Regulation

Getting to data nirvana – understanding data value and ownership

“Getting to Data Nirvana” is our four-step approach to help you integrate your legal, regulatory and compliance work streams into your organisation’s overall data strategy. The job of the legal and compliance teams is to make sure that their company’s data projects do not breach applicable laws. Their task is not easy because the number of laws regulating the processing of data – particularly personal data – are increasing multiplying worldwide. However, a focus solely on data compliance can prevent broader thinking about data strategy, and how legal and regulatory

Posted on May 24th, 2018 By Winston Maxwell, Patrice Navarro, Mathilde Gérot and Anne-Laure Morise Posted in Data Protection & Privacy, Policy & Regulation

One day before the entry into force of the GDPR, the French bill is adopted… but referred to the French Constitutional Council (“Conseil Constitutionnel”)

The General Data Protection Regulation (GDPR) will enter into force on 25 May 2018. In light of the urgency to adapt Law no. 78-17 dated 6 January 1978 to the new European Union law, the French Government has initiated an accelerated procedure. This procedure led to the adoption in final reading by the French National Assembly of the bill on personal data protection on 14 May 2018. However, some French Senators lodged a constitutional complaint against the said law on 16 May 2018. The bill on personal data protection aims to adapt the “French Data Protection” Act

Posted on May 17th, 2018 By Timothy Tobin and Winston Maxwell Posted in Cybersecurity, Data Protection & Privacy

Straight Talks podcast: Data privacy and cybersecurity in the age of rolling smart devices

The U.S. Environmental Protection Agency was created in 1970 to safeguard the environment against pollutants. The tidal wave of environmental regulations that followed impacted every industry in the United States, especially the automotive market. Decades later, organizations have internalized these regulations into their culture. Today, the European Union’s General Data Protection Regulation (GDPR) is driving a regulatory wave of similar scope, but now the need is to safeguard data against cyber attacks and privacy breaches. And once again, the automobile industry will feel the regulatory impact. Autonomous and connected vehicles

Posted on March 7th, 2018 By Nils Rauer, Winston Maxwell, Salomé Cisnal De Ugarte and Oliver Wilson Posted in Digital Single Market (EU), Policy & Regulation

The Digital Single Market: Geoblocking regulation ready to be enacted!

The new provision on the banning of unjustified geoblocking in online sales is at the heart of the EU Commission’s aspiration and effort to create a real Digital Single Market within the European Union. The term “geoblocking” stands for any type of technical or contractual discrimination based on the nationality or residence of a customer. It is a common phenomenon on today’s Internet. Users are often rerouted and offered differing conditions and prices depending on their IP address. The core aim of the now finalised regulation is to prevent discrimination for

Posted on March 6th, 2018 By Winston Maxwell, Patrice Navarro and Charles-Henri Caron Posted in Data Protection & Privacy

Hosts of health data: certified compliant!

The Decree No 2018-137 of 26 February 2018 on the hosting of personal health data has been published on 28 February 2018 in the Official Journal. The Decree defines notably the arrangements for implementing the procedure for certifying hosts of health data. Context The Decree has been adopted pursuant to Order No 2017-27 of 12 January 2017 on the hosting of personal health data which substantially modified Article L1111-8 of the French Public Health Code (FPHC). As a reminder, this updated version of the Article, which will enter into force