Latest Event Updates

European Court tries to fix data retention bugs

Posted on Updated on

 

images

 

The Advocate General Saugmandsgaard Øe of the Court of Justice of the European Union has delivered an opinion whereby it suggests that national Member States may enact general obligation on ISPs to retain personal data, provided that that that obligation be circumscribed by strict safeguards and that the scope of the legislation is to fight serious crimes (not whatever). The opinion has been rendered in cases regarding the compatibility with EU law of data retention legislation in Sweden and UK (Joined Cases C-203/15 Tele2 Sverige AB v Post-och telestyrelsen and C-698/15 Secretary of State for Home Department v Tom Watson and Others).

The Advocate General’s intent seems to be a re-working of the famous decision of 2014 by which the European Court annulled the EU data retention Directive (directive 2006/24) on the grounds, inter alia, that it laid down a too general and far-reaching retention obligation contrary to human rights. Because of that decision, in Europe various national legislations on data retention have become potentially incompatibile with EU law, and in fact many of them have been revised or annulled.

With the present opinion the Advocate General seems to fix the issue that, even if the scope of a data retention legislation must be circumscribed to serious crimes, the obligation can be nevertheless drafted in a general way. Fact is, while storing and retaing personal data, ISPs cannot know – ex ante – whether such data refer to serious crimes or other less relevant criminal facts. Therefore, they can be obliged to retain all kind of data they process, however the access to them for criminal investigation shall be restriceted and subject to special guarantees.

If confirmed by the European Court, the reasoning of the present opinion can likely become the basis for a new directive on data retention.

Bye bye, zerorating

Posted on Updated on

elizabeth_bennet_m_2992955b

Berec, the European regulatory agency, has issued its draft guidelines on the implementation of net neutrality rules (namely the rules enacted by arts. 1-5 of Regulation 2015/2120). The move of Berec was well-expected because the new European net neutrality rules leave wide margins of appreciation and a clarification for a consistent enforcement by national regulators is needed. BECEC is accepting feedback from interested parties on the draft guidelines until 18 July 2016. The guidelines will be finalized and published in September 2016.

The most debated subject to be clarified by Berec was the one of zero-rating, i.e. the commercial practice whereby ISPs apply a price of zero to the data traffic associated with a particular application or category of applications (and the data does not count towards any data cap in place on the Internet subscription). Big telecom operators have defended this practice on the assumption that it could boost innovation (although the innovation would merely limited to a price scheme, not to new services). Consumers and civil rights associations are normally against, because zero-rating would, as a result, influence the user’s choice of Internet services on the mere ground of the cost of Internet connectivity. More recently, operators and associations gathered in the Netcompetition alliance have underlined the anticompetitive effects of zero-rating practices for alternative telcos and innovative Internet service providers, in addition to consumers.

It must ne noted that the European rules on net neutrality are quite ambiguous. While they never mention explicitly zero-rating, they guarantee (article 3.2. of the Regulation) a general commercial freedom for ISP and users to negotiate data caps agreements they want, provided, however, that the “free choice” by users is not substantially undermined (art. 3.1.).

Recital 7 of the Regulation is a bit more clear:

National regulatory and other competent authorities should be empowered to intervene against agreements or commercial practices which, by reason of their scale, lead to situations where end-users’ choice is materially reduced in practice. To this end, the assessment of agreements and commercial practices should, inter alia, take into account the respective market positions of those providers of internet access services, and of the providers of content, applications and services, that are involved. National regulatory and other competent authorities should be required, as part of their monitoring and enforcement function, to intervene when agreements or commercial practices would result in the undermining of the essence of the end-users’ rights”.

Taking into account of the above, Berec has not banned zero-rating practice but have left to national regulators the task to carry on a case by case assessment. However, the criteria suggested and the circumstances to verify suggest that national regulators may have string poker and wide discretion to ban zero-rating behaviors in practice.

In particular, Berec is suggesting that when a zero-rating practice is aimed at privileging a single service or applications, at the detriment of other competing services/apps, this behavior should be considered unlawful. More precisely, Berec stressed that (§39):

the zero price applied to the data traffic of the zero-rated music application (and the fact that the data traffic of the zero-rated music application does not count towards any data cap in place on the IAS) creates an economic incentive to use that music application instead of competing ones. The effects of such a practice applied to a specific application are more likely to “undermine the essence of the end-users’ rights” or lead to circumstances where “end-users’ choice is materially reduced in practice” (Recital 7) than when it is applied to an entire category of applications”.

Truly speaking, if national regulators will literally follow this rule (as I hope, by the way) the zero-rating business is dead. The sole incentive of zero-rating practices, for dominant ISPs and OTT, is discriminating competing services. There is no commercial rationale for an agnostic application, i.e., like Berec says in theory: “as long as the data volume and speed characteristics are applied in an application-agnostic way (applying equally to all applications), end-users’ rights are likely to be unaffected by these characteristics and conditions”.

Thus, bye bye zero-rating.

The end of domestic mobile consolidation in the EU

Posted on Updated on

cryingwoman

Rumors say that tomorrow 4 of May (or later during the month) the European Commission will render a negative  opinion (a prohibition, in other words) about the merge in UK between the mobile operators 02 (Telefonica) and Three (Hutchison Wampoa).

If confirmed, this move will not come unexpected because in many instances the Competition Directorate (DG Comp) of the European Commission has suggested that mobile consolidation in mobile domestic market is not welcomed. Instead, mobile operators should  rather look at cross-border consolidation, creating pan-european operators able to compete in a cross-borders scenario that will become more and more actual when (and if) the roaming surcharges will be phased out in June 2017. At that point, European operators may be able to provide mobile subscriptions to be used in a plurality of European countries and, as a result, consumers my theoretically choose a foreign mobile operator even for domestic needs (this situation, named permanent roaming, is however contested and sometimes considered even “abusive”. This is another story, for now).

The UK precedent will create a fundamental landmark case for the European telecom sector and, as a consequence of that, it is unlikely the similar mergers (see for instance the current one in Italy between Three and Wind) will ever be approved in the future.

Concerned mobile operators will probably complain that the “4 to 3” consolidation is necessary in UK, like in Italy or France, to boost network investments. However, it is crystal clear that the European Commission has heard and carefully considered this argument, without finding, however, concrete evidence. If the investment argument was credible, the merging entity should have accepted the Commission’s desired remedy, that is to say the creation of a new mobile operator through the transfer of spectrum, network resources and customer base by the merging entities. Such new mobile operator should not have damaged the investment plan of the merged mobile operator. By disregarding this option, Hutchison and O2 have reinforced in the Commissions the suspect that the reduction of mobile operators is merely focussed on limiting competition and increasing margins (to the detriment of consumers).

For future guidance, one would hope that the European Commission will provide a robust reasoning for its decision. Such reasoning missed in a precedent case, the aborted merger in Denmark between Telenor and TeliaSonera, because the parties abandoned the transaction before getting a formal rejection. By contrast, now it would important that the Commission clarifies that competition conditions are more important than “magic numbers”, such as 3 or 4 operators. What really matters, for competition, is a market structure encouraging the players to really compete and gain new customers. In mobile markets this surely happens when markets shares are unbalanced and there are small players, mobile operators but also MVNO, fighting to increase their position.

This is the reason why also the envisaged merger in Italy between Wind and Hutchison is close to fail (a dead walking man, to be clear. Fact is, following the potential merger the 3 Italian operators left, such as TIM, Vodafone and Three/Wind, would detain balanced markets shares – a scenario that, according to the European Commission, facilitate mutual collusion rather than competition.

Two items will probably remain opened after the (likely) rejection decision, tomorrow or in the next weeks:

1. did the European Commission sufficiently considered the MVNO remedies offered by the parties? It seems that DG COMP has never believed too much in MVNOs, disregarding the competitive pressures that such MVNOs may exercise over mobile operators. Indeed, DG COMP has the power to impose strong MVNO remedies, instead of imposing the creation of a new mobile operator, and the efficiency of such virtual operators rely on the mobile access conditions that the European Commission itself may decide.

2. In the future there will be a discrepancies between countries (Germany, Ireland and Austria) where mobile mergers have been approved thanks to the previous laissez-faire of DG COMP (when headed by Almunia) and countries where such mergers are going to be prohibited due to the stricter approach of the same DG COMP (now headed by Vestager). Should the European Commission start to think how to redress passed mistakes?

And what about #brexit? Many commentators  may argue that the Commission’s decision my be seen as an attempt to please UK. I would say that this is just a coincidence: OFCOM and DG COMP have similar view about mobile consolidation, although the reason for each may be complex: OFCOM wants to keep 4 mobile operators to protect consumers and to avoid the need to intervene with regulation into the mobile market; DG COMP wants to boost pan-european consolidation, and the best way to do it is to forbid the domestic one.

European court rushes in rescue of hyperlinks

Posted on Updated on

hyperlinks-hierarchy

 

An opinion rendered today by the Court of Justice of the European Communities appears very innovative with regard the legal status of hyperlinks and their relation with copyright law. If confirmed in a final judgment, the opinion is susceptible to provide additional and substantial certainty to the development of Internet and digital businesses.

According to Advocate General Wathelet who rendered an opinion in the Case C-160/15 (GS Media BV v Sanoma Media Netherlands BV and Playboy Enterprises International Inc. and Britt Geertruida Dekker) the posting of a hyperlink to a website which published photos without authorization does not in itself constitute a copyright infringement. In particular, the motivation of the person who placed the hyperlink and the fact that this person may know or not whether the initial posting was authorized, is irrelevant.

The Advocate General seems to see the legal status of hyperlinks quite differently from what the European court thought in the previous case Svensson (2014):

  • in the latter case, the European court confirmed that hyperlinks are act of communication under the Copyright Directive, and therefore they need the authorization by the right holders of the content which the hyperlink is referring to; then, however, the court elaborated a reasoning for an exception (if the content referred to is already in the public domain, then the authorization is not needed);
  • in the present case, the Advocate General states that “hyperlinks which are placed on a website and which link to protected works that are freely accessible on another site cannot be classified as an ‘act of communication’ within the meaning of the Directive”.

This opinion of the Advocate General, if confirmed in the final judgement by the European Court, would add clarity clarity and legal certainty to any Internet users, whether a business or even an individual, using hyperlinks to refer to other pages or content in the Internet. By contrast, a different rule would jeopardize any initiative in the Internet because making a preliminary check whether a given content or image has been initially communicated to the public in licit way, would be practically impossibile.

This principle may have a deep impact on the dynamics about fight against digital piracy: the content industry would then be more encouraged in targeting websites were unauthorized content has been intentionally published, asking for removal, rather than targeting thousand of websites which, by simply referring to the initial one with a simple hyperlink, may not know about the lawfulness of the situation.

The same principle may play in favor of innovative digital business models, including platforms and search engines, which base their business in connecting the content spread in the Net.

One should remember the European institutions are currently revising the Copyright Directive and, in case a reform is launched, the present judgment will be quite relevant with regard to the rules applicable to hyperlinks.  Content industry is sometimes asking to restrict then usage of hyperlinks by adding a special liability for that – a system which would seriously affect any business and individual initiative in the Internet.

***

As regard the legal case and the facts, one should remember that pursuant to the Copyright Directive 2001/29, each act of communication of a work to the public has to be authorized by the copyright holder. The question is whether a simple hyperlink may be considered an “act of communication”.

Sanoma, the editor of the monthly magazine Playboy, commissioned a photoshoot of popular Dutch character, Britt Dekker. A website named GeenStijl published advertisements and a hyperlink directing viewers to an Australian website where the photos in question were made available without the consent of Sanoma. Despite demands from Sanoma, GennStijl refused to remove the hyperlink in question. When the Australian website removed the photos upon Sanoma’s request, GeenStijl published a new advertisement which also contained a hyperlink to another website on which the photos in question could be seen. That site also complied with Sanoma’s request to remove the photos. Finally, internet users who frequent the GeenStijl forum posted new links to other websites where the photos could be viewed.

According to the solution suggested by the Advocate General, the behavior of Geenstijl was lawful, since the request for removal should have been addressed to the website initially posting the content.

NB: the Advocate General’s Opinion is not binding on the Court of Justice. It is the role of the Advocates General to propose to the Court, in complete independence, a legal solution to the cases for which they are responsible. The Judges of the Court are now beginning their deliberations in this case and a judgment will be given at a later date. Normally, in the 80% of the cases the judges confirm the legal solution suggested by the Advocate General.

Terror does not stop the Internet

Posted on Updated on

Schermata 2016-03-22 alle 13.30.54

The images of the departure hall of the international airport of Brussels are devastating, and these of the Maalbeek metro as well. Today’s terrorist attack in Brussels was a shot to our European heart, not just to Belgium. Airports and central metro stations were full of traveling expats who daily work within the European institutions, and we expect most of victims and casualties to be counted amongst the international presence in Brussels.

Notably, while traditional telephony lines, especially mobile, have encountered inconveniences following the attack (due to saturation), Internet connection have continued to work properly and people have been able to communicate via WIFI and mobile access: thus, mobile VOIP and social chats have been the fundamental, effective way to stay in touch and inform the people of the current situation.

This reminds to us that the Internet was created to resist to emergency situation and disruption of communication due to devastating events, and it is working properly still now; while all the discussions about regulated and top-down universal service are a waste of time (and money)

 

EU dataflow: the new Privacy Shield is (almost) born

Posted on Updated on

CaOXf3AWQAEatpF.jpg-large

 

On February 2, 2016 the European Commission announced in a press conference in Strasbourg to have found a political agreement with the US authorities to allow the transfer of personal data from UE to US. The agreement, named “US/UE Privacy Shields” (the hashtag is already a star in the web, and in Twitter in particular) will replace the Safe Harbor agreement invalidated by the Eu Court of Justice last October 2015.

The enthusiasm by European authorities and corporations (US in particular) following this announcement is well comprehensible. In fact, after the annulation of the Safe Harbor Agreement, the entire UE/US business fall into a serious uncertainty, with the national data protection authorities being empowered to chase whoever and whatever involved in transatlantic business. The problem is dramatic because a huge amount of businesses rely on the transfer of data from UE to US: to make an example, most of European retailers use US platform to bill their clients, therefore without a clear data transfer framework most if such businesses are impaired, even if they refer to trade within the UE.

Nevertheless, it is still too early to predict whether the announced agreement will solve the pending problems. The announcement concerns just principles, while the precise details of the new framework need to be further negotiated, and then incorporated into a final European decision (a so-called “adequacy decision”). In addition, most of the commendable obligations required upon the US authorities should be confirmed in writing.  Not surprisingly, the announcement of the Commission was followed by skeptical reactions by various top characters of the #SafeHarbor novel, such as  Mr. Scherms, the Austrian guy who started there entire matter with the recourse to the European court, MEP Albrecht, the rapporteur of the new European data protection regulation, and even Mrs Reding, the former EU Commissioner who started the reform of data protection in the EU.

One could say that the main scope of this announcement to gain some time, since the national data protection authorities granted to the Commission a 3-months period (expiring at the end of January 2016) before the national data protection authorities start to investigate (and eventually impose sanctions) into the EU-US data flow business. If it is, we could say that the escamotage worked, since the Article 29 Working Group (basically the bodies representing the data protection authorities) has welcomed the political agreement and encouraged the Commission to go ahead (although no evaluation on the merits has been given, since precise details are not fixed yet). However, the chief of the French data protection authority has been much more clear, by stating that “we can’t just accept words on privacy shield”.

Thus, it is still unclear whether this agreement will solve the crisis or will just open a new round trip to the European Court of justice. Some parts of the announcement seem to disclose important progress from the uS side, such as:

For the first time, the US has given the EU written assurances that the access of public authorities for law enforcement and national security will be subject to clear limitations, safeguards and oversight mechanisms“.

Mass surveillance and unlimited access to personal data are a crucial matter between UE and US: it is a delicate legal issue – being the main ground referred by the European court to invalidate the Safe Harbor agreement – but also a matter for political discussion, following the Snowden/NSA scandal.

The further steps will not be easy at all: Vice-President Ansip and Commissioner Jourová will prepare a draft “adequacy decision” in the coming weeks, which could then be adopted by the College of the European Commission after obtaining the advice of the Article 29 Working Party and after consulting a committee composed of representatives of the Member States. In the meantime, the U.S. department will make the necessary preparations to put in place the new framework with the obligations of their side.

***

As regard the main part of the agreement, here an extract from the PR of the Commission:

  • Strong obligations on companies handling Europeans’ personal data and robust enforcement: U.S. companies wishing to import personal data from Europe will need to commit to robust obligations on how personal data is processed and individual rights are guaranteed. The Department of Commerce will monitor that companies publish their commitments, which makes them enforceable under U.S. law by the US. Federal Trade Commission. In addition, any company handling human resources data from Europe has to commit to comply with decisions by European DPAs.
  • Clear safeguards and transparency obligations on U.S. government access: For the first time, the US has given the EU written assurances that the access of public authorities for law enforcement and national security will be subject to clear limitations, safeguards and oversight mechanisms. These exceptions must be used only to the extent necessary and proportionate. The U.S. has ruled out indiscriminate mass surveillance on the personal data transferred to the US under the new arrangement. To regularly monitor the functioning of the arrangement there will be an annual joint review, which will also include the issue of national security access. The European Commission and the U.S. Department of Commerce will conduct the review and invite national intelligence experts from the U.S. and European Data Protection Authorities to it.
  • Effective protection of EU citizens’ rights with several redress possibilities: Any citizen who considers that their data has been misused under the new arrangement will have several redress possibilities. Companies have deadlines to reply to complaints. European DPAs can refer complaints to the Department of Commerce and the Federal Trade Commission. In addition, Alternative Dispute resolution will be free of charge. For complaints on possible access by national intelligence authorities, a new Ombudsperson will be created.

 

How the European copyright rules help the US entertaining industry to make more money in the EU rather than in US

Posted on Updated on

12363236_913687508725571_8791187732396125000_o

Tomorrow December 9th the European Commission will publish a copyright package consisting of a communication on the copyright reform plus 2 legislative proposals (about content portability and contractual conditions respectively).

On the basis of leaks circulated in the last weeks, I would tend to say that the European Commission is slowing down with the copyright reform, and that the copyright package will be much less ambitious than expected, at least if we compare it with the declarations made when the Digital Single Market (“DSM”) strategy was announced and launched in May last. For instance, targeting geoblocking and improving of cross-borders availability of online content was one of the karmas marketed by Junker and Ansip to explain the need for a Digital Single Market. By contrast, if you look at what is going to be really proposed tomorrow, you will find out that:

– reference to geoblocking has mostly disappeared;

– in order to target cross-border issues, just a content portability proposal is made. This proposal is good and welcomed but, depending on the actual duration & conditions of the portability*, the benefits for the consumers may be very limited (in other words, citizens may encounter the same disappointment already with roaming, when it was announced that roaming surcharges will disappear in 2017 and then found legal details whereby roaming surcharges to continue to exist much beyond that time);

– with regard to important technical and legal subjects to be clarified or harmonized (private copy, exceptions, act of communication to the public ecc) the Commission’s position consists in considering possible actions in the future;

– in general, the Commission is proposing a “gradual approach” that, in political terms, means, I fear, “wait and see” with regard the most important problems.

Fact is, this disappointing scenario may be due to the fact that there internal disagreement within the European Commission as to how much to tackle the fragmentation of the European content market: VP Ansip, VP for the DSM, seems to be much more liberal than Oettinger, Commissioner for the digital sector. In addition, the Commission’s offices may fear that a too strong proposal would be later destroyed by Member States and EP, which are mostly under the pressure of the “content industry”: broadcasters, distributors, producers. In fact, the content industry is really strong in defending its prerogatives (i.e. the territorial segmentation of their business, in order to increase profits) on the excuse that this status quo is necessary to protect the production of European movies and the European culture in general. But then they do not explain why they are advocating geobklockinbg also for US movies, i.e. the big part of content watched by European users. In other words, the current fragmented system helps the US industry to make more money in Europe to the detriment of European consumers, while the same industry would not dare to impose to US citizens a fragmented movies offer through 50 american States.

Unfortunately, European Members States and European Parliament are caught by the content industry arguments, because the influence of such industry in each Member State is massive. Each government and each politician, with few exemptions, wants to protect the national industry, even when the final winner is the US content making more money in the EU than US. As a consequence of this status quo, European citizens willing to pay for legal content, but not finding what they want and buy, will be forced to go into piracy or use VPNs. Make the example of a Belgian citizens living in Italy and willing to buy Netflix Belgium, because of some features of that offer with respect to the offer of Netflix Italy. He/she would be blocked in Italy and, as an alternative, he/she should go to the pirate market to find the wanted content, or use the VPN tools. And we are talking about people willing to pay for legal content! 

As always, the potential way-outs may come just from external, unexpected actions: for instance the DG COMP directorate of the Commission, headed by Mrs. Vestager , which has independent powers and does not need Member States or EP to agree on what she does, could take a decision on a competition case (like the pending one on broadcasting) stating that territorial restriction (and related geoblocking measures) are anticompetitive; or, the legal case could be solved by the European Court of Justice. Do not forget that in the ‘70/’80 the European Court was decisive in liberalizing the European cross-border trade by declaring that distribution agreements of goods (cars, food, pharmaceutic ecc) could not prevent a consumers to buy something offered by a seller established in another member states (passive sale). A kind of intervention would be needed also for the digital single market, if politicians cannot afford it.

* The actual conditions whereby users may be accessing subscribed content on their device when traveling abroad are not clear yet. The proposal of the Commission is intentionally vague because this item will problem a battle field when discussing with Council and European Parliament. If no clear conditions are stated, the commercial practice amy be restrictive.