The European data protection authorities intervene about corona-virus

Schermata 2020-03-16 alle 19.09.41

Among the nonsense that we hear these days in the fight against Covid19, there is the one whereby current European rules on privacy and protection of personal data would weaken governments’ fight against epidemics. Someone proposes to get rid of these useless frills and embrace foreign experiences, for example the Chinese one, where the government is able to pervasively control the behavior of citizens thanks to the power to track their physical movements and online activities. But we also talk about applications successfully used in other Asian countries, in particular South Korea and Singapore. The Israeli model is also under observation. However, these are all very different cases, where the compression of privacy took place in different ways and which would require an ad hoc analysis to assess their potential illiberality.

However, as regards Europe is concerned, there might be a suspicion that the complaint against privacy actually hides different types of flaws, that is, the difficulty of rapidly adopting the necessary measures to deal with the seriousness of the pandemic.

In the truth, current European privacy and data protection rules (namely the E-privacy directive* and the GDPR regulation**) already allow for exceptions regarding national security, including public health.

As regards the GDPR, its recital no. 16 excludes from its ambit of application “activities concerning national security“, where national security can be well referred to exceptional public health emergencies like a pandemics. Furthermore, arts. 6 and 9 of the GDPR specify the legal grounds for exceptional national measures.

Art. 6(1) GDPR lays down the grounds for lawful processing, specifying that it can happen when: “(d) processing is necessary in order to protect the vital interests of the data subject or of another natural person; (e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller“. 

Art. 9 GDPR allows processing of sensitive data (including sanitary data) when given circumstances occur: ” (g) processing is necessary for reasons of substantial public interest, on the basis of Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject; (h) processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3; (i) processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of Union or Member State law which provides for suitable and specific measures to safeguard the rights and freedoms of the data subject, in particular professional secrecy“.

A useful role is played also by art. 15(1) of the e-privacy Directive, which appears particularly relevant when authorities need to process individual location data, when the aggregated ones are not sufficient or suitable for tracing individuals potentially contagious: “1. Member States may adopt legislative measures to restrict the scope of the rights and obligations provided for in Article5, Article 6, Article 8(1), (2), (3) and (4), and Article 9 of this Directive when such restriction constitutes a necessary, appropriate and proportionate measure within a democratic societyto safeguard national security (i.e. State security), defence, public security….“.

Thus, According to these above rules, European governments are therefore authorized, on the basis of objective and non-arbitrary conditions, to take exceptional measures allowing national authorities, in particular health authorities, to have access to sensitive data, such as health data, as well as other useful data to protect public health. These European principles should have been normally implemented in national legislative framework. Therefore there is no need to break a privacy rule to protect public health, since the possibility of adopting exceptional measures, limiting or sacrificing the privacy of citizens (in the terms specified below), already exists.

This may mean that we already had a “Chinese” system at home and we hadn’t even noticed it? Not exactly. I don’t know enough about the Chinese model to judge it, but as far as Europe is concerned, it must be said that European framework allows Member States to take exceptional initiatives to protect public health provided that some guarantees are granted too counter-balance the limitation/sacrifice imposed upon citizens’ rights. Such exceptional measures must therefore be necessary, appropriate and proportionate to the context of a democratic society, which means – in practical terms and having in mind a pandemics scenario – that they must be limited to the scope pursued, and they must be transitory. Judicial review must be possible.

It follows from the above that any collected data, for example those on location, cannot be used for purposes other than that of protecting public health and, once the exceptional situation is exhausted, they must be destroyed. There should therefore be no fear that a government, once acquired the data about “where I have been that day” for public health reasons, may then use the same data for different purposes (unless it already has a different and appropriate legal basis to do it). If this happens, the citizen would have good legal instruments to defend himself in court. In any case, such obligation has to fulfil the general requirements of necessity and proportionality whereas especially the latter requires a certain degree of limitation to the amount of data that may be disclosed, e.g. by limiting it to traffic/location data of the past 2-3 weeks and only of people that have been in contact with an infected COVID-19 patient.

The European Data Protection Board (EDPB)***, the European forum that brings together all the European privacy authorities, just intervened on this point. The EDPB wanted to stigmatize the fact that “Data protection rules (such as GDPR) do not hinder measures taken in the fight against the coronavirus pandemic” by stressing that the GDPR already provides for the legal criteria that allow employers and to competent health authorities to process personal data in the context of epidemics, without the need to obtain the (famous) consent of the interested party.

In other words, an effective fight against epidemics does not require any definitive limitation or sacrifice in terms of protection of privacy and personal data. This limitation/sacrifice can take place, but it must be limited in time and cannot be abused by the State. Herein lies the difference between the European Union, whose citizens are guaranteed by rules confirm the foundations of the rule of law even in exceptional situations, from other countries where the difference between routine and emergency could instead be very slight.

* Directive 2009/136/EC which came into force in May 2011, concerns the processing of personal data and the protection of privacy in the electronic communications sector. It is usually referred to as the “E-privacy Directive” and is an amendment of Directive 2002/58/EC.

** General Data Protection Regulation (GDPR): Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC

*** The European Data Protection Board (EDPB) is an independent European body, which contributes to the consistent application of data protection rules throughout the European Economic Area (EEA), and promotes cooperation between the EEA’s data protection authorities.

European Commission sends signals in favor of encryption

Schermata 2020-02-27 alle 09.10.14

The European bubble in Brussels is currently rumbling about a story concerning Instant Messaging. The European Commission is reported to have sent guidelines to its employees regarding the use of Instant Messaging (the various Whatsapp, Messengers, Skype, Telegram etc.) for service purposes. In summary, the European Commission recommended to its employees the use of open source applications – such as “Signal” for instance – for these communications which are not requiring a stricter level of security (in the latter case Eurocrats are instead obliged to use dedicated corporate communicated systems, included an adapted version of Skype for Business). So, the important news here is not so much the favor expressed to Signal as a default communication tool for all Eurocrats, but rather the disfavor directed towards the most popular alternatives consisting of Whatsapp and Messengers, both owned by Facebook.

The attack to Facebook has caused quite a stir. The Commission’s guidelines praise Signal’s characteristics in terms of security, confidentiality and privacy, due to its effective open source encryption system. Signal uses an encryption system that protects end-to-end communications, ensuring inviolability by third parties (hackers, criminals or onlookers of any kind) as well as by the operator itself. In other words, neither Signal nor third parties can access the content exchanged between users. However, one should consider that Signal encryption system was also adopted by Facebook for its Instant Messaging systems since 2016, therefore one would question why the European Commission does not take account of it in its guidelines. Where is the difference between Signal on one side, and Whatsapp/Messenger on the other side, provided that both platforms use the same encryption technology?

It looks like that the technical offices of the European Commission would not trust Facebook too much, even if the latter uses the best technology to protect its users’ communications. The guidelines are reported to allude to Facebook’s non-neutral position as a “monetizer” of data, to the various privacy incidents that have affected its reputation, and to its supposed inability to systematically solve these problems. Furthermore, there is the subject of the US jurisdiction (the Patriot Act) and therefore the power for the Trump administration to have easy access to data held by Facebook when US security requires it. There is enough to ask Eurocrats to move their communications, even if not necessarily confidential, to somewhere else.

So this is not a good story for Facebook and it is to be expected that the US company is already engaged to recover the damage. In this respect, it is worth-noting that the position of the European Commission is purely technical, not public and therefore unlikely to affect the immense Facebook market (73% of estimated global IM market share). The individuals involved by the guidelines are just the professionals of the Eurocracy – a small number of users but which nevertheless weighs in terms of reputation and credibility. Looking further, one wonders what the Commission’s next “technical” position may be given that the issue of security has become so important in Brussels. An important matter could be about ordinary e-mail. European officials only use their internal mail system, however they exchange tons of communications with external users in a market which is dominated by US platforms, from gmail (Google) to hotmail / outlook (Microsoft), for which privacy and US jurisdiction remain open issues.

Beyond the reputational incident for Facebook, this story is also surprising for another aspect: although the guidelines are a technical and non-public position, they however reflect the Commission’s endorsement towards an effective encryption system (i.e. the main characteristic of Signal). The issue of encryption is starting to be highly debated in Brussels: on the one hand encryption allows protection and safety for users, on the other it limits the possibility for law enforcement and police authorities to carry out their investigative activities. Traditional communication systems (phone calls and text messages) cannot be encrypted since law enforcement authorities have the legal power to have access over them, while Instant Messaging systems are not regulated. Some European governments would therefore like to ban encryption for Instant Messaging services, however a clear approach to the problem has not yet been formalized. This subject was also included in the European debate on the e-privacy regulation (the online side of the GDPR) but, as well all know, the entire procedure derailed so far. The European Commission will sooner or later have to take a position in this regard, taking into account, on the one hand the users’ interests (confidentiality, trust and security of communications), on the other hand the position of the Member States (and especially of their law enforcement agencies). However, after the endorsement granted to Signal with the recent guidelines, the “technical” position of the European Commission appears to be in favor of encryption, the “political” one ….. still has to be seen.

Despite Brexit, Britain leaves a formidable mark on the European telecom and digital market

Schermata 2020-01-31 alle 16.40.30

While abandoning the European Union, the United Kingdom leaves behind an important legacy with regards to telecom, digital markets and their regulation. Fact is, UK has been the European member State that has pushed the most for both liberalization of telecommunications and creation of a digital single market in Europe. This occurred in the early 1990s when UK began exporting to Europe these industrial policy processes that had already been implemented during the Thatcherian period: privatizations and liberalizations. At that time UK hosted (in London, normally) the European branches of almost all US and international telephone carriers, which saw in the European market a formidable ground for expansion. But even large international corporations, from banks to financial operators, many of which were established in the UK, were pushing for liberalization of European markets, as they wished to lower phone call prices in and between European countries, and find new connectivity services available.

These modernization processes, however, were slowed down in continental Europe by historical incumbents (in Italy SIP, in France France Telecom; in Germany Deutsche Telekom etc.) normally owned by the national governments themselves. UK was different from them and therefore started to push for the first telecommunications liberalization directives (the ONP directives of the 90s) which led to the end of telephone monopolies in Europe and established the freedom to provide telephone and data services, and even to choose telephone set. Without UK, Europe would probably have been slow in liberalizing telecommunications, perpetuating gray telephones and high phone bills, as well as delaying the advent of the Internet.

The United Kingdom has also been one of the countries most attentive to telecom competition, enforcing the famous ULL (the “Unbundling of the Local Loop”, that is the rule that allows alternative operators to pass through the last mile of the incumbent operator, and thus provide final services to users) and even going so far as to impose the separation of the incumbent’s network (upon British Telecom). And in fact, United Kingdom is still now the most competitive European market at a retail level, with an incumbent market share well below 30% (in the rest of Europe it is on average around 40%). The British remedy for the separation of the telecom network was also proposed to the European partners and was actually included in the European regulatory framework of 2009, but with little practical application outside the UK, however.

UK was also in favour of light Internet regulation – in fact, in the early 2000s Internet was left largely deregulated except for a few basic rules of liability for ISPs and hosting providers (see Directive 2000/312/EC). This deregulation facilitated the boom in Internet services and the spread of digital technologies throughout Europe.

Finally, UK has been a great sponsor of the end of roaming surcharges in Europe.

All these reforms will remain and continue and produce their positive effects for European citizens and businesses, despite Brexit. However, new challenges are advancing: the emergence of online platforms and in particular global OTTs (the so-called GAFA: Google, Amazon, Facebook); cyber security issues; the race towards artificial intelligence; the need for technological sovereignty of the European Union towards the USA and China. The United Kingdom’s departure from the European Union weakens both players as the time for important choices approaches.

 

Why the European Court saved AirBnB and not Uber

logos-uber-airbnb-696x465

Despite a European political climate suggesting a restrictive interventions over online platforms, the European Court of Justice has issued an important decision on AirBnB, the popular online platform for short-term rentals, which goes instead to another direction, giving more confidence to the digital economy.

In a proceeding concerning a complaint by French hoteliers, claiming AirBnB’s duty to get a real estate agent license, the European judges ruled that this kind of platform does not operate a real estate service, but a simple Internet service. It may seem a trivial recognition, but had the second interpretation (that of the real estate service) prevailed, for AirBnB it would have been a blow, forcing the platform to comply with national (hoteling) legislations and related limitations: in practice, this is what happened a few years ago to Uber which, once it was declared to be a transport service by the European Court, had to profoundly adapt its business model, by closing UberPop (ie the intermediation of transport between private individuals) and concentrating on regularly authorized taxis. If the European Court had chosen this same approach for AirBnB, in practice by imposing the obligation for a license (for real estate agency), then the impact for the platform and competitors would have been considerable.

Why was AirBnB treated differently from Uber? Legally speaking, the court noted that Airbnb’s business model is not merely ancillary to an overall accommodation service and that such a service is not indispensable to the provision of accommodation services, as customers can use a number of alternative channels in that respect. Therefore, the Court defined the company as an “information society service”. More practically, the difference seems to lie in the lower pervasiveness of the AirBnB functions (compared to Uber): in particular, AirBnB does not set the contractual conditions of accommodation and the rates. Instead, those who use an Uber’s taxi service are subject to rules and prices set by Uber itself, not by the taxi driver.

But, beyond legal dissertations, is this a good sentence? The digital revolution has taught us that technological transformations disrupt established systems with winners and losers: with the advent of Uber, innovative entrepreneurship has won together with citizens dissatisfied with the traditional urban transport service, while the organizations of traditional taxi drivers have lost. The traditional licensing taxi system was not distroyed, however the emergence of new technologies and apps encouraged the modernization of the sector. This process has worked well, given that Uber, despite having failed in its European judgment, continues to operate and is not alone either, having to confront various competing platforms, some of which are even run by “converted” taxi drivers. The role of the European court was to set some limits to protect a series of interests, both for workers and users. In fact Uber, like its competitors, must move in the bridles of the various national legislations, with results that are not always consistent. This is why a new European intervention appears ineluctable, but this time a legislative one, rather than judicial.

Will the same happen also to AirBnB or will the current system of short-term online rentals, given the positive outcome of the sentence, be further consolidated? It is difficult to say because the European Court has focused on the specific object of the French judgment, avoiding instead to express itself on other general issues that the AirBnB model raises, such as: lessors using AirBnB should adapt to hotel regulations, and up to at what point? The municipalities could impose “quantitative” rules to contain the number of B&Bs hosted in city centers, in order not to perturb the social print of the  place? In the absence of ad hoc regulations from Brussels, probably these new cases will arrive, sooner or later, to analysis of the European judges.

A step ahead toward filtering over large social platforms?

 

Schermata 2019-10-03 alle 11.17.49

Facebook may be ordered, de facto, to monitor the activity of its users in order to prevent them to repeat posting identical or equivalent unlawful content. This is what the European court ruled today in a judgment referred by an Austrian court (Judgment in Case C-18/18 Eva Glawischnig-Piesczek v Facebook Ireland Limited) and concerning the request of a politician to remove various  comments and allegations published by a Facebook user which were harmful to her reputation. Since such comments and allegations were identical or had an equivalent content, the question was whether Facebook, after removing a first time, should keep an eye on future similar illicit behaviors.

The European court ruled in the positive way. It could sounds like a common sense decision in the normal world, but in the case of a social network such an obligation would imply an automated system able to intercept such illicit content and evaluate whether they are identical and/or equivalent. Basically, an AI filter or something very sophisticated would be needed. This is not a little thing in the matter of social networks because a kind of censorship activity would be delegated to a machine.

Today’s European decision may create an important shift from consolidated interpretation of the liability regime of hosting providers under the current European framework, that is to say the European Electronic Commerce Directive (Directive 2000/31). The current system provides per the so-called “notice and take down” mechanism (article 14), whereby an host provider such as Facebook is not liable for stored information if it has no knowledge of its illegal nature or if it acts expeditiously to remove or to disable access to that information as soon as it becomes aware of it. With the news decision, the mechanism may turn into a kind of “notice and stay down”, whereby Facebook would be liable for illicit content not notified to him, provided that they are identical or equivalent to previous notified ones. Facebook should be de facto aware of such future posts, something which sounds a bit peculiar, unless you ask Facebook to constantly check what users are doing on the platform.

This is a huge development in terms of liability regime by hosting providers, because it may imply a de facto monitoring obligation, in contradiction with art. 15 of the same directive which instead affirms that no monitoring obligation may be imposed on hosting providers. Fact is the court reminds that “the directive prohibits any requirement for the host provider to monitor generally information which it stores or to seek actively facts or circumstances indicating illegal activity”. However, the current judgment seems to undermine in practice such an obligation, by stating that Facebook should:

– remove illicit content posted on its social network, the content of which is identical to the content of information which was previously declared to be unlawful, or to block access to that information, irrespective of who requested the storage of that information;

–  do the same when the new/future content is just “equivalent” to content previously declared unlawful.  The “equivalence” assessment could be done via automated search tools and technologies, since a human intervention does not seems feasible.

This is a paramount decision which may influence the activity of the incoming European Commission, which was already considering to revise the liability regime of online intermediary and platforms via the announced Digital Service Act. Others may even invoke this case in relation to the potential filters which could be imposed when transposing art. 17 of the recent Copyright Directive in the matter of video-sharing.

In fact, one would have expected more cautions by the European court in rendering a decision which may impact on the freedom of speech of Internet users, whose content could now be intercepted and blocked by machines. However, today’s decision seem to refer to a necessary previous assessment by a national court, which should lay down all the needed guarantee and limits to protect the freedom of citizens to share information and opinion on social network. Of course, a bit more guidance by the EU Court for the national judges would have been appreciated, and this lack may be a reason for a new preliminary rulings sooner or later.

This is why today’s decision should not be regarded as  leading case allowing filtering on platforms on generic way. The European court recognized that a fair balancing of interests is required, this is why the (filters) obligation can be imposed only by a judge which should consider, inter alia, the proportionality of the measure taking into account the offensive effect of the illicit content, the rights of users to express their opinion, the capability of the concerned platform to install a monitoring software ecc.

Interestingly, the European court does not preclude that an “a stay down” order could be applicable on worldwide basis, that is to say on all national versions of Facebook.

 

The new European Commission, a nightmare for dominant online platforms?

Schermata 2019-09-10 alle 12.40.16

The next European Commission may cause headache to dominant OTTs in Europe. In fact, the allocation of the portfolios announced today by the appointed President Von der Leyen reveals the intention to supervise and intervene in the competitiveness of digital sector even more effectively than in the past.

Firstly, Margaret Vestager, who in the last 5 years lead landmark cases against dominant online operators (Google, Apple, Amazon, Qualcomm ecc) got confirmed in the portfolio for competition. In addition, she was granted a Vice-president role for the entire digital sector, so as to be empowered and supervise all other commissioners operating in the digital area. This means that she will have even more effective powers in case she intends to take measures against dominant OTT. However, it should not be about higher fines (the current powers are already sufficient), while about the possibility to enact general rules targeting anticompetitive behaviors at origin, so that to make antitrust intervention superfluous. It could be about interoperability, transparency, conflict of interests ecc. .

Secondly, the digital agenda portfolio has been moved under the control of Sylvie Goulard,  who will also lead the Internal Market directorate. This means that a French representative will play a fundamental role in the likely revision of the e-commerce directive and in setting the future digital framework via the announced Digital Service Act. It is not a secret the France intends to find a way to address the predominance of US online operators in the European market. The appointment of a French personality for the Digital Agenda portfolio reminds the appointment of the German commissioner Oettinger in 2014 for the same position. That choice reflected the fear and the obsessions of the German government vis-à-vis Google. The most significant result was, at the end, the copyright directive, a very controversial legislation whose effects may however impact the Internet in general rather than dominant operators.  It will be interesting to see how the new digital commissioner will be able to distinguish the fight against dominant operators from the general rules of the Internet.

To sum up: dominant OTT will have to face a double threat: on one side VP Vestager will continue to exercise her ex post competition powers, on the other Commissioner Goulard may apply ex ante regulation. A scary scenario for US OTT, which may feel to be caught between two fires. 

One should consider whether this is a bad news just for dominant OTT, or for the Internet in general. Fact is, a French commissioner may be induced to propose restrictive rules for the internet, mirroring similar recent initiatives by the French government in the area of copyright, platform responsibility ecc . However, it is too early to foresee it, since commissioners are in principle independent and are normally expected to skip the desiderata of their government.

In addition  the supervising role of Margaret Vestager seems to be reassuring. The Danish politician has been as hard vis-à-vis dominant OTT as protective vis-à-vis small companies and individual rights. She will surely oppose regulations that, instead of targeting dominant operators, may affect the Internet in its whole. Her mission letter confirms that she will have to take care of  the digital eco-system in its entirety, in consideration also of SMEs.

 

The separation of telecom networks in Europe: from regulatory remedy to new business models for telecoms

structural-separation

The subject of how to curb the power of dominant companies in the communications sector has recently returned in vogue thanks to the intervention of US democrat Elizabeth Warren, who advocated a plan to downsize big online platforms (such as Google, Facebook, Amazon etc.) in order to contain their economic power. Should such a project were ever implemented, it would not be the first time in America, since a similar plan was pursued in the 80s with the dismantling of AT&T and the creation of the c.d. Baby Bells. At that time it was a gigantic operation, which brought down the value of At&T by 70% and completely reshaped the US telecommunications market (AT&T was not only the dominant telecom provider, but also a main manufacturer of equipments). While waiting to know how this debate will continue in the United States, let us examine how the issue of containing dominant operators in the communications sector has instead developed in the European perspective.

The European Union and the separation of telecom networks

In Europe this issue is essentially about telecoms (since big European OTT never existed so-far), and it is normally placed differently than in the United States: rather than downsizing economic dominance, the EU preferred to act against the vertical integration of telecom incumbents to reduce the effects of potential abuses and discrimination against competitors, namely new comers who were asking for access in order to compete in the retail market. Thus, the European telecom legislation of 2009 provided for a standard remedy on “functional” separation, aimed at separating wholesale functions and departments from the incumbent’s retail business, without however imposing a drastic structural separation of the network. Despite the high debate this remedy, inspired by the pre-existing model of separation of BT and OpenReach in the United Kingdom, never found significant application in the EU – with the exception of Italy, were incumbent TIM committed in 2008 a similar network organization. Fact is, the European Commission, represented at the time by the pugnacious Viviane Reding (the lady of both roaming and GDPR reforms) had to give up the main option, that is to say the real separation (structural) of the incumbent’s network via the creation of a distinct entity. This type of regulatory remedy found too much hostility by the larger European countries, particularly France and Germany. At the end, this type of regulated separation was included in the European frame work just as “voluntary”, that is to say as a unilateral act of the incumbent (normally in exchange for some deregulation of the sector). Even in latter case, however, there were no significant practical applications, apart from Sweden, where Telia separated the network in 2008 by creating the newco Skanova (a project which was however reconsidered a few years later). An operation of this kind is now underway in the United Kingdom, where OFCOM, thanks to its super-powers (far superior to those of other European regulators) has convinced BT to consent to the separation of Open Reach. The process is at an advanced stage but, remarkably, the separation only concerns the Open Reach staff and non-network assets, while the incumbent’s network remains the property of BT.

The new European Electronic Communications Code

The new European Code (adopted last December 2018 and which will be implemented by European member States by the end of 2020) did not provide for a regulatory remedy on structural separation of the dominant telecom networks, while the old rules on both functional and voluntary separation were confirmed. Compared to 2009, this time there was no battle either, since the subject of network separation by way of regulation had lost interest among European governments and regulators. The reason for this diminished interest lies in the fact that structural separation is a very difficult option to implement against hostile (and mostly listed) companies; it is in fact a question about separating business functions, rather then companies, therefore the boundaries between wholesale and retail are difficult to trace in the absence of friendly cooperation by the management.

A new model for the separation of telecom networks: the utility model

Meanwhile, the issue of the separation of telecom networks has is make its way in Europe in other forms. Having abandoned the idea of ​​a regulatory remedy, as in the case of structural separation, or negotiated deregulation, as in the case of voluntary separation, in some countries the separation of the network instead emerged as a business opportunity. In the Czech Republic and Denmark the local incumbents proceeded to spin off the network on the basis of financial considerations. By doing so, the separated telecom network is treated as a distinct asset within the entire telecom business of the incumbent, with the aim of making it more linear and interesting for investors: in fact a pure telecommunications network, without involvement with retail, appears similar to an utility business (such as energy, gas, transport, water) characterized by reasonable and certain returns of investments, defined in the long term. It is no coincidence that the two operators involved, respectively CETIN in the Czech Republic and TDC in Denmark, are both controlled by investment funds, that is, by investors who have a long experience and a favorable approach to the financing of utilities.

Separation of the telecom and wholesale-only network

This new course of the separation of the telecom networks would seem to find a backing in the new European Code of electronic communications, whose article 80 foresees a light regulatory regime for the “wholesale-only” operators, namely telcos exclusively installing and operating telecom networks for the benefit of other operators, and with no involvement in the retail business. The grant of such a light regulatory regime is based on the assumption that this type of operator is spontaneously encouraged to provide access services without discriminating or abusing against access seekers, which is in fact are seen just as clients and not as competitors (unlike the case of the vertical-integrated telecom network); furthermore, the Commission believes that this type of operator constitutes a natural vehicle for investment by infrastructure funds. Remarkably, art. 80 of the new European Code requires the separated network to be truly independent from the retail business, in other words the light regulatory regime can be invoked only when the incumbent has lost contro lover the network (which is not the case, yet, of CETIN and TDC).

The separation of telecom networks as the entry point of a new business model: retail services as a bundle of connectivity, services and content

Should the network separation model actually develop and expand (eventually with the wholesale-only variant) also thanks to growing interest by infrastructure investors, the telecom sector may begin to change dramatically. On one side, network operators may find convenient to consolidate massively, with the result of the return to the quasi-monopoly in some areas; on the other side, the retail market may become more dynamic, also with the entry of new players such as content producers or value-added service providers, which could result in offers of connectivity bundled with streaming or OTT services. Finally, telcos and content/service providers would face these mergers that have often been resolved in disasters in the past. If this scenario were actually realized, there would be plenty of new antitrust and regulatory implications, thus respective supervisory authorities should start even now to keep an eye on developments.

Network separation and 5G

The business of separating telecom networks could also be relevant in the 5G debate. Despite mobile operators being conservative in defending their vertically-integrated model, it is clear that the very high investment costs required for the 5G roll-out could make convenient the option of a single, not vertically integrated network. Such an idea was suggested some time ago with an internal memorandum of the Trump administration, which considered the single network option a possible remedy to stand up to the Chinese in the run for the 5G. The document was denied after protests by US operators, but nevertheless reflected real strategic discussions within the US administration. Of course, it is unlikely that a single and open 5G network could ever be imposed by way of legislation, but some government could still try to encourage it. Even if mobile operators tended to oppose it, they could never deny the evidence that the installation of a plurality of 5G networks is an unrealistic hypothesis. Remarkably, some of them are already thinking about network-sharing precisely to reduce costs (there are reports in Italy about TIM and Vodafone).