Header graphic for print

Global Media and Communications Watch

The International Legal Blog for the Tech, Media and Telecoms Industry

Posted in Data Protection & Privacy Eduardo Ustaran

Misunderstandings, Panic and Priorities in the Year of the GDPR

It is finally here. This is the year of the GDPR. A journey that started with an ambitious policy paper about modernising data protection almost a decade ago – a decade! – is about to reach flying altitude. No more ‘in May next year this, in May next year that’. Our time has come. Given the amount of attention that the GDPR has received in recent times, data protection professionals are in high demand but we are ready. We knew this was coming and we have had years to prepare. However, even the most seasoned practitioners are at risk of being engulfed by the frantic fire-fighting mood out there. The hamster wheel of GDPR compliance is spinning faster and faster, but it is precisely now when we must look up, see the bigger picture and focus on getting the important things right.

First on the list is controlling the panic. There is a sense of panic about the perceived lack of compliance with the forthcoming framework which is stressful and paralysing at the same time. Many organisations are just starting to realise that this is going to affect them. Surprise! Those which have been preparing for it – many for the best part of two years – are also realising that the task is far from accomplished while the clock is ticking. But something that is crucial to appreciate is that data protection compliance is not a race. And if it was a race, it would be a marathon or, better yet, an ultra-marathon. The 25th May compliance deadline is in fact not a deadline. It is a milestone in a long process which will probably take years if not decades. So rather than assuming that perfect compliance is a matter of throwing bodies and budget at it for a few hectic months, it is our responsibility to show those who are panicking that the right way forward requires pragmatism and patience.

Continue Reading

Posted in Copyright, Digital Single Market (EU) Dr. Nils Rauer

Geoblocking – EU Parliament approves new regulation

The regulation on measures against unjustified geo-blocking is close to become binding law. After the European institutions had reached a compromise on some last open issues in last November, the European Parliament approved the revised draft regulation in its plenary session on Tuesday. The billed sailed through with 557 to 89 votes and 33 abstentions (press release). This marks a milestone in the endeavour to bring to an end willful obstacles within the Digital Single Market.

The legislative initiative goes back to a draft the European Commission, officially presented on 25 May 2016 (COM (2016) 289). It centres on the reasoned perception that the Single Market aimed at by the European Union for so long, and which is set out as one of the Union’s core goals in Article 26 TFEU, actually does not exist on the Internet (which as such stands for a borderless and global concept). This enables “geoblocking“, i.e. the differentiation by way of origin of the Internet user, to be commonplace. As a result, users are arbitrarily denied access to certain websites because of their IP address, or simply confronted with different terms and conditions than EU citizens from other Member States. For example, a car hire in Heathrow can be more expensive when booking the vehicle out of France or Germany than when accessing the site with an Italian, Spanish or English IP address. We will put this type of scenario behind us soon when the new regulation is enacted.

Banning “unjustified” geo-blocking

Specifically, the new law is intended to counteract online discrimination based on nationality, place of residence or temporary residence. In future, customers from all parts of the EU must be given equal access to digital services and marketplaces. Ordering a product or booking a service shall be possible on the same terms throughout the entire Digital Single Market. Restricting or blocking access to websites based on the criteria mentioned above will be prohibited. The same will be true for arbitrary offering of payment methods. Any type of customer redirection to a domestic website will only be permissible with the customer’s explicit consent.

Continue Reading

Posted in Data Protection & Privacy, Internet, Policy & Regulation Christine GateauChristelle CoslinPauline Faron

First views from the CJEU on how to build a consumer collective action in the Schrems v Facebook Ireland case: The concept of “consumer” and lack of jurisdiction of the consumer’s home court over assigned claims

The famous case brought by Maximilian Schrems against Facebook Ireland in Austria, aimed to become an international and large data protection class action, led on 25 January 2018 to a ruling from the CJEU on two main points:

  • A consumer’s right to have a claim heard in his or her home court under European law does not extend so as to confer jurisdiction on that same court where claims have been assigned by other consumers domiciled in other countries.
  • One should be regarded as a “consumer” in the context of his/her private Facebook account regardless of his/her professional activities as a privacy campaigner.

JUDGMENT OF THE COURT (Third Chamber) – 25 January 2018 – C-498/16

Background: Austrian proceedings 

Mr Schrems (domiciled in Austria) has been a Facebook user since 2008. He initially only used it for personal purposes. In 2011, he opened a Facebook page to inform internet users about (among other things) his legal proceedings against Facebook Ireland, his lectures, participation in panel debates, and his media appearances and to collect money to fund such actions.

Mr Schrems claims that Facebook Ireland has committed various infringements of European and Austrian data protection provisions. More than 25,000 people worldwide have assigned their claims to him.
The claimant brought the claim in the Regional Civil Court in Vienna on the basis that it would have jurisdiction under Article 16(1) of Regulation No. 44/2001, which states that a “consumer” may bring proceedings against the other party to a contract either in the courts of the member state in which that party is domiciled or “where the consumer is domiciled”.

Continue Reading

Posted in Data Protection & Privacy

Aetna $17.2 Million Breach Settlement Brings Lessons for Handling Health Data

Aetna will pay almost $17.2 million to settle a federal class action lawsuit stemming from a 2017 mailing that disclosed the HIV status of health plan members. Aetna also agreed last week to pay a $1.15 million fine to the state of New York after the Attorney General Eric Schneiderman’s (NY AG) investigation into Aetna’s alleged violations of federal and state privacy laws. Both settlements require compliance monitoring and record keeping obligations.

Ironically, the mailings at issue were a required part of a settlement agreement from other lawsuits against Aetna first brought in 2014 and 2015. As part of those settlements, Aetna was required to mail notice to certain customers of the various options for obtaining HIV medications. Thousands of patients received the mailing from Aetna—names and addresses, and also HIV status, were visible through the clear window of the envelopes. Family, friends, roommates, landlords, neighbors, co-workers, mail carriers, or even complete strangers could see the individuals HIV status through the address window. In addition to the class action lawsuit, the NY AG launched an investigation.

Adding a HIPAA twist, the lawsuit and NY AG alleged that although Aetna sent protected health information to its outside counsel handling the matter under a HIPAA business associate agreement, neither Aetna nor its outside counsel executed a business associate agreement with the third party settlement administrator engaged to mail the notices. The settlements highlight the importance of maintaining and implementing comprehensive policies and procedures, and related trainings and audits, to prevent unauthorized disclosures of protected health information (PHI).

Class Action Settlement

The proposed agreement requires Aetna to pay almost $17.2 million into a settlement fund. In addition, Aetna agrees to develop and implement a “best practices” policy for the use of PHI in litigation. For five years, Aetna would also be required to provide annual training on this policy to in-house counsel whose primary responsibilities include managing litigation involving Aetna and to provide any updates to the policy to opposing counsel. Aetna also agrees to conduct an audit of all outside counsel handling its litigation matters to ensure the proper business associate agreements are in place.

Continue Reading

Posted in Data Protection & Privacy Eduardo Ustaran

Thinking Strategically About Brexit and Data Protection

To date, the main legacy of the Brexit referendum of 2016 appears to be a country split in half: some badly wish the UK would continue to be a member of the EU and some are equally keen on making a move. Yet, there seems to be at least one thing on which Remainers and Leavers will agree: nobody knows exactly what is going to happen. The same is true of the effect of Brexit on UK data protection. However, as Brexit day approaches, it is becoming imperative for those with responsibility for data protection compliance to make some crucial strategic decisions. To help with that process, here are some pointers about what we know and what we don’t know.

The UK Government’s Aim

Even before the referendum, it was patently obvious that as far as data protection was concerned, it was in the UK’s best interests to align itself with the ongoing legislative reform in the EU affecting this area. For that reason, the UK government did not hesitate to make it clear at the outset that while Brexit meant Brexit, UK data protection meant the GDPR. With this in mind, in September 2017, the government introduced in Parliament the Data Protection Bill, which is intended to replace the current Data Protection Act and primarily aimed at implementing the GDPR into UK domestic law.

The reason for this stance is and has always been eminently practical: by implementing the GDPR into the new UK data protection framework, the government believes that the UK will be able to maintain its ability to share data with other EU Member States and internationally after Brexit. This optimism is not entirely ill-founded: if today the UK is regarded as a safe jurisdiction for personal data, by retaining the EU’s legal framework irrespective of Brexit, the outcome should not change. However, this logic has already been challenged by the European Commission which in a Notice to Stakeholders of 9 January 2018, indicated that in view of the considerable uncertainties surrounding Brexit, companies were advised to consider how to prepare for the transfer of personal data to a “third country”. In other words, it should not be assumed that the UK will be granted an ‘adequacy decision’ allowing the free flow of personal data from the EU by default.

Continue Reading

Posted in Digital Single Market (EU) Dr. Nils RauerFalk SchoeningWinston MaxwellPeter WattsMarco Berliri

Tomorrow’s landscape for digital business – The Digital Single Market becomes real!

DSM – What is it about?

In 2018, we will see new EU legislation being widely implemented as part of the EU Commission’s Digital Single Market (DSM) Strategy. The amendments to the current legal framework are far reaching and will potentially be game changing. Some of the key areas to be affected will be:


Unjustified geo-blocking
Copyright law
Audio-visual media services (AVMS)
Internet broadcasting
Free flow of data / Cloud Services
VAT regulation for online trade
Platform liability
Electronic Communications Code
5G infrastructure


Value Gap – Amortization of digital copyright

The draft Copyright Directive is one of the centrepieces of the DSM. Its progress has been slow and looks set to remain that way. Almost a year since its first draft of a Report on the Commission’s proposal, the lead committee for this draft legislation (Legal Affairs/JURI) has yet to finalize its position and the amendments it will put forward to a plenary session of the European Parliament (EP). Until that session has been held it’s unlikely we will see any real progress towards resolution of a number of controversial measures within it, despite the feverish activity in late 2017 of the Estonian presidency of the Council (made up of Member State government representatives) to move things forward through a series of proposed compromise drafts. As things stand, it looks likely that no final vote in the EP will take place much before the summer of 2018.

One of the most controversial measures being considered is Article 13, which seeks to define a more proactive role for content hosting providers to deal with misuse of copyright material. Some have labeled this the “value gap” provision, others more tendentiously, call it the “censorship machine” proposal.

Continue Reading

Posted in Data Protection & Privacy, Technology Timothy TobinW. James Denvil

Navigating the Road Ahead: Auto Industry Stakeholders and Regulators Convene to Discuss Connected Vehicle Privacy

In the same week that the automotive industry gathers in Washington, D.C. for the 2018 Washington Auto Show, a cross-section of automotive stakeholders, government officials, and consumer and privacy advocates came together at Hogan Lovells’ Washington office to discuss privacy issues facing connected vehicles. The half-day conference, co-hosted by Hogan Lovells and the Future of Privacy Forum, convened on January 23, with the theme of “Privacy and the Connected Vehicle: Navigating the Road Ahead.”

Panels focused on the privacy landscape surrounding automobiles and connectivity generally, regulatory developments and areas of government interest, and the effect of emerging technologies on business models and privacy practices in the automotive space.  With lively discussion throughout and a wide array of perspectives, several key themes emerged.

What Sets Vehicles Apart

While connected vehicles share functionality with many other connected devices, several of the day’s panelists considered whether vehicles pose different issues. One distinction highlighted by several speakers is the importance of vehicle safety, including driver distraction.  Another distinction raised was the somewhat unique and personal relationship individuals have traditionally had with their vehicles, which are often viewed as an extension of the home or a pathway to freedom.  And yet, in spite of the differences, some panelists believed that vehicles pose many of the same challenges as other technologies, like smartphones.  There was an acknowledgment, including by some of the government panelists, that the traditional notice and choice framework presents challenges in the vehicle context.  These challenges arise due to limitations of vehicle interfaces, driver distraction issues, and circumstances that may render the sharing of data impractical or unsafe, such as geolocation sharing in the context of a connected vehicle fleet.

Continue Reading

Posted in Policy & Regulation, Technology

Two steps forward and a look back – Global IP Outlook 2018

2017 was a year of widespread political, technological and legal changes; leading to lack of certainty and creating both challenges and opportunities for businesses in 2018 and beyond.

We’re here to help: we have published our second annual Global IP Outlook. The Outlook reflects on some of the major developments in intellectual property law and emerging and growing industries. Regardless of your industry or specialism the Outlook will provide you with valuable insight into the changes and their impact on your products, services and business.

Please do let us know if you have any feedback or questions. We would also welcome any requests for new topics to cover in next year’s edition.

Topics covered include:

  • Patents
  • Post Grant Proceedings
  • Trade Secrets
  • Trademarks
  • Copyright
  • Domain Names
  • ITC
  • Transactions

We also examine emerging trends in technology and politics, and what they mean for your business, including:

  • 3D Printing
  • Artificial Intelligence
  • Blockchain and Smart Contracts
  • Brexit
  • Connected Cars
  • Cybersecurity
  • Digital Health
  • Digital Single Market
  • Smart Energy Systems
  • UPC
  • Wearable Technology

Click here to read our Global IP Outlook

In 2018 we will be launching our LimeGreen Live series of Webinars – going into more detail on each of the topics covered in the Outlook – starting with the ITC. Register your interest in each topic using the form here

Posted in Technology

Why Africa needs blockchain

Bitcoin may make headlines when its value crashes or climbs, but the blockchain technology behind the controversial cryptocurrency could help Africa overcome some of its biggest developmental challenges.

Blockchain could present new ways to help overcome challenges, which continue to stymy the continent’s growth. Corruption and fraud are classic problems yet people are still looking at them through the lens of how we have always tried to solve them in the past. We need to fully embrace the way technology can offer new solutions to these age-old problems.


Blockchain offers a new approach to combatting corruption because of its ability to create and store encrypted records that can be verified, but not altered or deleted.

The best way to explain how blockchain works is to think of the Lego blocks you may have played with as a child. Blockchain uses an algorithm to layer data sets on top of each other just like you use different layers of Lego blocks to build a wall.

The higher you build a wall of Lego, the more difficult it becomes to remove any of the Lego blocks inside it – especially the ones lower down. In the same way each layer of new data encrypted in a blockchain increases the integrity of the layers below it, so no single data set can be deleted or manipulated in any way.


However, it is not just this layering process, which ensures that data stored on a blockchain is so secure. Blockchain is also decentralised – which means it simultaneously stores data on a large number of computers instead of just one. Blockchain makes use of a distributed ledger. A traditional ledger – that is a book or piece of software used to record transactions – only stores transactions in one place. Blockchain stores each transaction on a network of millions of computers around the world, which makes it virtually unhackable.

Improve transparency

These attributes make blockchain technology ideal for keeping records, which need to be protected from fraud and corruption.

Property deeds, identity documents, hospital records and vehicle registration documents can all be securely stored using blockchain technology. Imagine we could place public finances on a blockchain accounting system where each transaction is recorded and can be traced. This can greatly improve transparency through ensuring there is an inalienable record of every governmental transaction, which can be used to verify that funds are spent appropriately.

The possible applications for blockchain technology in Africa go far beyond the administrative sphere. For example, a combination of blockchain and the Internet of Things could be used to continuously monitor the temperature of vaccines in a cold chain. Certain vaccines need to be kept below a certain temperature until it is administered to a patient. A connected smart device can monitor the temperature of the vaccine and create a tamper proof record if the cold chain is broken at any time. This removes any uncertainty around whether the vaccine can be administered safely.

Data enabled smart device

Another possible African application for blockchain is to assist in combatting the sale of counterfeit cigarettes.

This problem is very prevalent in Africa and to curb it manufacturers are now exploring the idea of storing the serials numbers of batches of cigarettes on a blockchain so they cannot be altered in any way. A store owner would then be able to scan the serial number on each batch of cigarettes he receives to confirm it against the blockchain and verify if it is a legal delivery from the manufacturer.


The decentralised nature of blockchain also means that this technology can implemented without the need for large infrastructure upgrades in Africa.

Blockchain can be utilised in Africa even if the infrastructure needed to support it is not situated on the continent. All you need is a data enabled mobile phone. A system can be built and housed anywhere in the world and still be accessed from Africa. Infrastructure does not need to provide the bridge that gives Africa access to these technologies anymore, your smart device can now become that bridge.

*This article first appeared in the Business Brief on 21 November 2017

Continue Reading

Posted in Deal Trends, Policy & Regulation, Spectrum, Technology, Telecoms & Broadband Michele FarquharTrey Hanbury

FCC Avoids Shutdown For Now, But Continued Threat Looms Over TMT Sector

The federal government is open.  But less than three weeks remain under the current reprieve and another shutdown seems possible.  Although the Federal Communications Commission tapped on-hand fees to support uninterrupted operations earlier this week, the FCC will start to run out of time – and money – if the stalemate over the budget continues and another shutdown occurs.

How would a protracted shutdown affect the technology, media and telecom industries and the billions of dollars of investment that depend on regulatory action by the FCC?  How soon before Samsung and Apple face launch delays for products that need FCC approval to enter the market?  When will GoPro, Nintendo, Tile, Roku and other consumer electronics makers start to see product delays?  Will wireless emergency alerts continue to be available?  And will a shutdown affect the nation’s bid in the global race for leadership in the deployment of advanced, fifth-generation wireless networks?  These are just some of the questions as the technology, media and telecom sectors confront the possibility of an extended period of time without a functioning regulator.

Continue Reading