Latest Event Updates

Why the telcos industry is so annoyed with Berec’s Guidelines on net neutrality

Posted on Updated on

net-neutrality-comic

Kudos to Berec, the European agency of national regulators. Despite strong opposition and public campaign brought against by a large part of big European and US telcos, the agency resisted to pressures and substantially confirmed the well-expected Guidelines on net neutrality, a first draft of which had been already disclosed last June and was subject to very extensive public consultation. The Guidelines adopted on August 30, 2016 specify important practical details as well as the correct interpretation of the principles laid down by Regulation 2120/2015 in the matter of net neutrality. One should not forget that such regulation had been approved after long debates and fierce fight in Brussels and Strasbourg.

The most important part of the Guidelines concerns the ability of ISPs to carry out so-called zero-rating and network management practices. Remarkably, Berec has not prohibited such commercial behaviors but, instead, decided to lay down a detailed list of conditions and circumstances that national regulators should now assess in order to adopt whatever decision in this matter (whether prohibition or authorization). The most remarkable condition indicated by Berec is that both zero-rating and network management practices should not be driven by commercial considerations, in other words they should not discriminate services so as to favor the ISP’s own Internet services (or these of a commercial partner) to the detriment of competitors. Instead, such practices should be “agnostic” and applicable to a generic categories of services, not to a specific service. To make a practical example: an ISP could use such practices to favor in general music-streaming, or VOIP, or all messaging platforms, while it could not discriminate in favor of just a specific Internet provider, e.g. the sole Spotify for music streaming; the sole Skype for VOIP; the sole WhatsApp for messaging; and so on.

One would wonder why the big telco industry is so annoyed (“big” comprises mobile and fixed dominant operators, with the exclusion then of MVNOs and alternative fixed operators). In fact, Berec i) did not prohibit anything, it is just saying that national regulators will have to assess and take a decision, on the basis of the criteria indicated in the Guidelines; ii) expressed favor vis-à-vis zero-rating and network management practices, while preferring them when provided in an “agnostic” way. So, what?

To understand the irritation of the big telco industry, one should think about the following.

First, the big telcos industry has been enormously lobbying in the past in order to have free hands in the matter of net neutrality and, to tell the truth, at beginning they were succesfull because the first draft of Regulation 2120/2015 (the one proposed by Commissioner Kroes in September 2013) provided such freedom in substantial terms. Thus, big telcos hoped to use that regulation to have large discretion in discriminating Internet services and traffic so as to supersede any national legislation contravening such power (such as the net neutrality laws in the Netherlands and in Slovenia for instance). However, after fierce fight in the Parliament and Council such discretional power was strongly limited, the provisions relating to zero-rating and network management practices were drafted in a more vague form and a clear reference to non-discrimination was made.

Despite of the above, the telco industry still hoped that Berec would issue Guidelines interpreting the Regulation in a way that zero-rating and network management practices would be simply allowed, also discriminating amongst commercial services, without further assessment by anyone. To the contrary, Berec laid down just criteria and referred the competence to decide on specific cases to the national regulators, which in the future will exercise a formidable power in this matter. This scenario is indigestible to big telcos which would prefer to avoid to discuss their commercial practices with national regulators (because in that case they also have to discuss with consumers associations).

Secondly, criteria and conditions laid down by Berec will have an important impact upon the heart of big telcos’ commercial strategy. Berec indicates that “non-agnostic” zero-rating and network management practices will likely to be forbidden by national regulators. This is a disastrous news for big telcos because discriminating Internet services (in order to favor own or partnered services) is what this telco industry has in mind since all the net neutrality battle and debate started (in 2005 in the EU).

Fact is,  since margins of connectivity have been declining in the years because of technology and competition developments (especially with regard to the mobile sector), big telcos have been thinking to recover money by bundling connectivity with services by way of discriminatory practices, so as to receive additional fees at least from content and services providers (accused to use their networks for free: but this is another story). This claim has been normally presented as “innovation”, however it is difficult to understand how zero-rating or network management practices favoring a specific Internet service, to the detriment of others, could be seen as “innovative”. In other words, there is nothing of innovative in giving access to Spotify, WhatsApp or Facebook for free (i.e., discounting their traffic from data caps) or in clean uncongested way (which should be normal, by the way). Innovation means providing new services, rather than providing the same services in a more complex, expensive and byzantine way.

Luckily, Berec has rightly understood the issue. Kudos.

European Court tries to fix data retention bugs

Posted on Updated on

 

images

 

The Advocate General Saugmandsgaard Øe of the Court of Justice of the European Union has delivered an opinion whereby it suggests that national Member States may enact general obligation on ISPs to retain personal data, provided that that that obligation be circumscribed by strict safeguards and that the scope of the legislation is to fight serious crimes (not whatever). The opinion has been rendered in cases regarding the compatibility with EU law of data retention legislation in Sweden and UK (Joined Cases C-203/15 Tele2 Sverige AB v Post-och telestyrelsen and C-698/15 Secretary of State for Home Department v Tom Watson and Others).

The Advocate General’s intent seems to be a re-working of the famous decision of 2014 by which the European Court annulled the EU data retention Directive (directive 2006/24) on the grounds, inter alia, that it laid down a too general and far-reaching retention obligation contrary to human rights. Because of that decision, in Europe various national legislations on data retention have become potentially incompatibile with EU law, and in fact many of them have been revised or annulled.

With the present opinion the Advocate General seems to fix the issue that, even if the scope of a data retention legislation must be circumscribed to serious crimes, the obligation can be nevertheless drafted in a general way. Fact is, while storing and retaing personal data, ISPs cannot know – ex ante – whether such data refer to serious crimes or other less relevant criminal facts. Therefore, they can be obliged to retain all kind of data they process, however the access to them for criminal investigation shall be restriceted and subject to special guarantees.

If confirmed by the European Court, the reasoning of the present opinion can likely become the basis for a new directive on data retention.

Bye bye, zerorating

Posted on Updated on

elizabeth_bennet_m_2992955b

Berec, the European regulatory agency, has issued its draft guidelines on the implementation of net neutrality rules (namely the rules enacted by arts. 1-5 of Regulation 2015/2120). The move of Berec was well-expected because the new European net neutrality rules leave wide margins of appreciation and a clarification for a consistent enforcement by national regulators is needed. BECEC is accepting feedback from interested parties on the draft guidelines until 18 July 2016. The guidelines will be finalized and published in September 2016.

The most debated subject to be clarified by Berec was the one of zero-rating, i.e. the commercial practice whereby ISPs apply a price of zero to the data traffic associated with a particular application or category of applications (and the data does not count towards any data cap in place on the Internet subscription). Big telecom operators have defended this practice on the assumption that it could boost innovation (although the innovation would merely limited to a price scheme, not to new services). Consumers and civil rights associations are normally against, because zero-rating would, as a result, influence the user’s choice of Internet services on the mere ground of the cost of Internet connectivity. More recently, operators and associations gathered in the Netcompetition alliance have underlined the anticompetitive effects of zero-rating practices for alternative telcos and innovative Internet service providers, in addition to consumers.

It must ne noted that the European rules on net neutrality are quite ambiguous. While they never mention explicitly zero-rating, they guarantee (article 3.2. of the Regulation) a general commercial freedom for ISP and users to negotiate data caps agreements they want, provided, however, that the “free choice” by users is not substantially undermined (art. 3.1.).

Recital 7 of the Regulation is a bit more clear:

National regulatory and other competent authorities should be empowered to intervene against agreements or commercial practices which, by reason of their scale, lead to situations where end-users’ choice is materially reduced in practice. To this end, the assessment of agreements and commercial practices should, inter alia, take into account the respective market positions of those providers of internet access services, and of the providers of content, applications and services, that are involved. National regulatory and other competent authorities should be required, as part of their monitoring and enforcement function, to intervene when agreements or commercial practices would result in the undermining of the essence of the end-users’ rights”.

Taking into account of the above, Berec has not banned zero-rating practice but have left to national regulators the task to carry on a case by case assessment. However, the criteria suggested and the circumstances to verify suggest that national regulators may have string poker and wide discretion to ban zero-rating behaviors in practice.

In particular, Berec is suggesting that when a zero-rating practice is aimed at privileging a single service or applications, at the detriment of other competing services/apps, this behavior should be considered unlawful. More precisely, Berec stressed that (§39):

the zero price applied to the data traffic of the zero-rated music application (and the fact that the data traffic of the zero-rated music application does not count towards any data cap in place on the IAS) creates an economic incentive to use that music application instead of competing ones. The effects of such a practice applied to a specific application are more likely to “undermine the essence of the end-users’ rights” or lead to circumstances where “end-users’ choice is materially reduced in practice” (Recital 7) than when it is applied to an entire category of applications”.

Truly speaking, if national regulators will literally follow this rule (as I hope, by the way) the zero-rating business is dead. The sole incentive of zero-rating practices, for dominant ISPs and OTT, is discriminating competing services. There is no commercial rationale for an agnostic application, i.e., like Berec says in theory: “as long as the data volume and speed characteristics are applied in an application-agnostic way (applying equally to all applications), end-users’ rights are likely to be unaffected by these characteristics and conditions”.

Thus, bye bye zero-rating.

The end of domestic mobile consolidation in the EU

Posted on Updated on

cryingwoman

Rumors say that tomorrow 4 of May (or later during the month) the European Commission will render a negative  opinion (a prohibition, in other words) about the merge in UK between the mobile operators 02 (Telefonica) and Three (Hutchison Wampoa).

If confirmed, this move will not come unexpected because in many instances the Competition Directorate (DG Comp) of the European Commission has suggested that mobile consolidation in mobile domestic market is not welcomed. Instead, mobile operators should  rather look at cross-border consolidation, creating pan-european operators able to compete in a cross-borders scenario that will become more and more actual when (and if) the roaming surcharges will be phased out in June 2017. At that point, European operators may be able to provide mobile subscriptions to be used in a plurality of European countries and, as a result, consumers my theoretically choose a foreign mobile operator even for domestic needs (this situation, named permanent roaming, is however contested and sometimes considered even “abusive”. This is another story, for now).

The UK precedent will create a fundamental landmark case for the European telecom sector and, as a consequence of that, it is unlikely the similar mergers (see for instance the current one in Italy between Three and Wind) will ever be approved in the future.

Concerned mobile operators will probably complain that the “4 to 3” consolidation is necessary in UK, like in Italy or France, to boost network investments. However, it is crystal clear that the European Commission has heard and carefully considered this argument, without finding, however, concrete evidence. If the investment argument was credible, the merging entity should have accepted the Commission’s desired remedy, that is to say the creation of a new mobile operator through the transfer of spectrum, network resources and customer base by the merging entities. Such new mobile operator should not have damaged the investment plan of the merged mobile operator. By disregarding this option, Hutchison and O2 have reinforced in the Commissions the suspect that the reduction of mobile operators is merely focussed on limiting competition and increasing margins (to the detriment of consumers).

For future guidance, one would hope that the European Commission will provide a robust reasoning for its decision. Such reasoning missed in a precedent case, the aborted merger in Denmark between Telenor and TeliaSonera, because the parties abandoned the transaction before getting a formal rejection. By contrast, now it would important that the Commission clarifies that competition conditions are more important than “magic numbers”, such as 3 or 4 operators. What really matters, for competition, is a market structure encouraging the players to really compete and gain new customers. In mobile markets this surely happens when markets shares are unbalanced and there are small players, mobile operators but also MVNO, fighting to increase their position.

This is the reason why also the envisaged merger in Italy between Wind and Hutchison is close to fail (a dead walking man, to be clear. Fact is, following the potential merger the 3 Italian operators left, such as TIM, Vodafone and Three/Wind, would detain balanced markets shares – a scenario that, according to the European Commission, facilitate mutual collusion rather than competition.

Two items will probably remain opened after the (likely) rejection decision, tomorrow or in the next weeks:

1. did the European Commission sufficiently considered the MVNO remedies offered by the parties? It seems that DG COMP has never believed too much in MVNOs, disregarding the competitive pressures that such MVNOs may exercise over mobile operators. Indeed, DG COMP has the power to impose strong MVNO remedies, instead of imposing the creation of a new mobile operator, and the efficiency of such virtual operators rely on the mobile access conditions that the European Commission itself may decide.

2. In the future there will be a discrepancies between countries (Germany, Ireland and Austria) where mobile mergers have been approved thanks to the previous laissez-faire of DG COMP (when headed by Almunia) and countries where such mergers are going to be prohibited due to the stricter approach of the same DG COMP (now headed by Vestager). Should the European Commission start to think how to redress passed mistakes?

And what about #brexit? Many commentators  may argue that the Commission’s decision my be seen as an attempt to please UK. I would say that this is just a coincidence: OFCOM and DG COMP have similar view about mobile consolidation, although the reason for each may be complex: OFCOM wants to keep 4 mobile operators to protect consumers and to avoid the need to intervene with regulation into the mobile market; DG COMP wants to boost pan-european consolidation, and the best way to do it is to forbid the domestic one.

European court rushes in rescue of hyperlinks

Posted on Updated on

hyperlinks-hierarchy

 

An opinion rendered today by the Court of Justice of the European Communities appears very innovative with regard the legal status of hyperlinks and their relation with copyright law. If confirmed in a final judgment, the opinion is susceptible to provide additional and substantial certainty to the development of Internet and digital businesses.

According to Advocate General Wathelet who rendered an opinion in the Case C-160/15 (GS Media BV v Sanoma Media Netherlands BV and Playboy Enterprises International Inc. and Britt Geertruida Dekker) the posting of a hyperlink to a website which published photos without authorization does not in itself constitute a copyright infringement. In particular, the motivation of the person who placed the hyperlink and the fact that this person may know or not whether the initial posting was authorized, is irrelevant.

The Advocate General seems to see the legal status of hyperlinks quite differently from what the European court thought in the previous case Svensson (2014):

  • in the latter case, the European court confirmed that hyperlinks are act of communication under the Copyright Directive, and therefore they need the authorization by the right holders of the content which the hyperlink is referring to; then, however, the court elaborated a reasoning for an exception (if the content referred to is already in the public domain, then the authorization is not needed);
  • in the present case, the Advocate General states that “hyperlinks which are placed on a website and which link to protected works that are freely accessible on another site cannot be classified as an ‘act of communication’ within the meaning of the Directive”.

This opinion of the Advocate General, if confirmed in the final judgement by the European Court, would add clarity clarity and legal certainty to any Internet users, whether a business or even an individual, using hyperlinks to refer to other pages or content in the Internet. By contrast, a different rule would jeopardize any initiative in the Internet because making a preliminary check whether a given content or image has been initially communicated to the public in licit way, would be practically impossibile.

This principle may have a deep impact on the dynamics about fight against digital piracy: the content industry would then be more encouraged in targeting websites were unauthorized content has been intentionally published, asking for removal, rather than targeting thousand of websites which, by simply referring to the initial one with a simple hyperlink, may not know about the lawfulness of the situation.

The same principle may play in favor of innovative digital business models, including platforms and search engines, which base their business in connecting the content spread in the Net.

One should remember the European institutions are currently revising the Copyright Directive and, in case a reform is launched, the present judgment will be quite relevant with regard to the rules applicable to hyperlinks.  Content industry is sometimes asking to restrict then usage of hyperlinks by adding a special liability for that – a system which would seriously affect any business and individual initiative in the Internet.

***

As regard the legal case and the facts, one should remember that pursuant to the Copyright Directive 2001/29, each act of communication of a work to the public has to be authorized by the copyright holder. The question is whether a simple hyperlink may be considered an “act of communication”.

Sanoma, the editor of the monthly magazine Playboy, commissioned a photoshoot of popular Dutch character, Britt Dekker. A website named GeenStijl published advertisements and a hyperlink directing viewers to an Australian website where the photos in question were made available without the consent of Sanoma. Despite demands from Sanoma, GennStijl refused to remove the hyperlink in question. When the Australian website removed the photos upon Sanoma’s request, GeenStijl published a new advertisement which also contained a hyperlink to another website on which the photos in question could be seen. That site also complied with Sanoma’s request to remove the photos. Finally, internet users who frequent the GeenStijl forum posted new links to other websites where the photos could be viewed.

According to the solution suggested by the Advocate General, the behavior of Geenstijl was lawful, since the request for removal should have been addressed to the website initially posting the content.

NB: the Advocate General’s Opinion is not binding on the Court of Justice. It is the role of the Advocates General to propose to the Court, in complete independence, a legal solution to the cases for which they are responsible. The Judges of the Court are now beginning their deliberations in this case and a judgment will be given at a later date. Normally, in the 80% of the cases the judges confirm the legal solution suggested by the Advocate General.

Terror does not stop the Internet

Posted on Updated on

Schermata 2016-03-22 alle 13.30.54

The images of the departure hall of the international airport of Brussels are devastating, and these of the Maalbeek metro as well. Today’s terrorist attack in Brussels was a shot to our European heart, not just to Belgium. Airports and central metro stations were full of traveling expats who daily work within the European institutions, and we expect most of victims and casualties to be counted amongst the international presence in Brussels.

Notably, while traditional telephony lines, especially mobile, have encountered inconveniences following the attack (due to saturation), Internet connection have continued to work properly and people have been able to communicate via WIFI and mobile access: thus, mobile VOIP and social chats have been the fundamental, effective way to stay in touch and inform the people of the current situation.

This reminds to us that the Internet was created to resist to emergency situation and disruption of communication due to devastating events, and it is working properly still now; while all the discussions about regulated and top-down universal service are a waste of time (and money)

 

EU dataflow: the new Privacy Shield is (almost) born

Posted on Updated on

CaOXf3AWQAEatpF.jpg-large

 

On February 2, 2016 the European Commission announced in a press conference in Strasbourg to have found a political agreement with the US authorities to allow the transfer of personal data from UE to US. The agreement, named “US/UE Privacy Shields” (the hashtag is already a star in the web, and in Twitter in particular) will replace the Safe Harbor agreement invalidated by the Eu Court of Justice last October 2015.

The enthusiasm by European authorities and corporations (US in particular) following this announcement is well comprehensible. In fact, after the annulation of the Safe Harbor Agreement, the entire UE/US business fall into a serious uncertainty, with the national data protection authorities being empowered to chase whoever and whatever involved in transatlantic business. The problem is dramatic because a huge amount of businesses rely on the transfer of data from UE to US: to make an example, most of European retailers use US platform to bill their clients, therefore without a clear data transfer framework most if such businesses are impaired, even if they refer to trade within the UE.

Nevertheless, it is still too early to predict whether the announced agreement will solve the pending problems. The announcement concerns just principles, while the precise details of the new framework need to be further negotiated, and then incorporated into a final European decision (a so-called “adequacy decision”). In addition, most of the commendable obligations required upon the US authorities should be confirmed in writing.  Not surprisingly, the announcement of the Commission was followed by skeptical reactions by various top characters of the #SafeHarbor novel, such as  Mr. Scherms, the Austrian guy who started there entire matter with the recourse to the European court, MEP Albrecht, the rapporteur of the new European data protection regulation, and even Mrs Reding, the former EU Commissioner who started the reform of data protection in the EU.

One could say that the main scope of this announcement to gain some time, since the national data protection authorities granted to the Commission a 3-months period (expiring at the end of January 2016) before the national data protection authorities start to investigate (and eventually impose sanctions) into the EU-US data flow business. If it is, we could say that the escamotage worked, since the Article 29 Working Group (basically the bodies representing the data protection authorities) has welcomed the political agreement and encouraged the Commission to go ahead (although no evaluation on the merits has been given, since precise details are not fixed yet). However, the chief of the French data protection authority has been much more clear, by stating that “we can’t just accept words on privacy shield”.

Thus, it is still unclear whether this agreement will solve the crisis or will just open a new round trip to the European Court of justice. Some parts of the announcement seem to disclose important progress from the uS side, such as:

For the first time, the US has given the EU written assurances that the access of public authorities for law enforcement and national security will be subject to clear limitations, safeguards and oversight mechanisms“.

Mass surveillance and unlimited access to personal data are a crucial matter between UE and US: it is a delicate legal issue – being the main ground referred by the European court to invalidate the Safe Harbor agreement – but also a matter for political discussion, following the Snowden/NSA scandal.

The further steps will not be easy at all: Vice-President Ansip and Commissioner Jourová will prepare a draft “adequacy decision” in the coming weeks, which could then be adopted by the College of the European Commission after obtaining the advice of the Article 29 Working Party and after consulting a committee composed of representatives of the Member States. In the meantime, the U.S. department will make the necessary preparations to put in place the new framework with the obligations of their side.

***

As regard the main part of the agreement, here an extract from the PR of the Commission:

  • Strong obligations on companies handling Europeans’ personal data and robust enforcement: U.S. companies wishing to import personal data from Europe will need to commit to robust obligations on how personal data is processed and individual rights are guaranteed. The Department of Commerce will monitor that companies publish their commitments, which makes them enforceable under U.S. law by the US. Federal Trade Commission. In addition, any company handling human resources data from Europe has to commit to comply with decisions by European DPAs.
  • Clear safeguards and transparency obligations on U.S. government access: For the first time, the US has given the EU written assurances that the access of public authorities for law enforcement and national security will be subject to clear limitations, safeguards and oversight mechanisms. These exceptions must be used only to the extent necessary and proportionate. The U.S. has ruled out indiscriminate mass surveillance on the personal data transferred to the US under the new arrangement. To regularly monitor the functioning of the arrangement there will be an annual joint review, which will also include the issue of national security access. The European Commission and the U.S. Department of Commerce will conduct the review and invite national intelligence experts from the U.S. and European Data Protection Authorities to it.
  • Effective protection of EU citizens’ rights with several redress possibilities: Any citizen who considers that their data has been misused under the new arrangement will have several redress possibilities. Companies have deadlines to reply to complaints. European DPAs can refer complaints to the Department of Commerce and the Federal Trade Commission. In addition, Alternative Dispute resolution will be free of charge. For complaints on possible access by national intelligence authorities, a new Ombudsperson will be created.