Archive | IT Law RSS for this section

National Competition Authorities take position on regulatory measures for online transport platforms

By Gabriele Accardo

In May 2015, the European Commission committed to assess the role of online transportation platforms, such as Uber, as it launched a public consultation to better understand the social and economic role of platforms, market trends, the dynamics of platform development and the various business models underpinning the platforms. According to the Commission, knowledge gained through this exercise will also contribute to various legislative initiatives—including online platforms regulation—which the Commission plans to launch to boost the Digital Single Market.

Currently there is a heated discussion as to whether online platforms should be subject to regulation at all.

While the European Commission may still take some time to elaborate on the contributions to the public consultation and eventually to state whether and to what extent some form of regulation may be warranted, recently, two national competition authorities, namely the UK Competition and Market Authority (CMA) and the Italian Competition Authority (ICA), made their view public.

The Position of the ICA

On September 29, 2015, the ICA issued an opinion on the legality of activities carried out by companies like Uber, which are carried out by either professional (e.g. Uber Black) or non-professional (e.g. Uber Pop) drivers through digital platforms accessible by tablets and smartphones.

The ICA first noted that it is not clear yet whether acting as an intermediary between the owner of a vehicle and a person who needs to make a trip by managing IT resources, is merely a transport service or, must be considered to be an electronic intermediary service or an information society service, as defined by Article 1(2) of Directive 98/34/EC.

The ICA noted that the Court of Justice of the European Union shall rule on this specific issue, and that until then it cannot be ruled out that the activity falls within the second category (i.e. an electronic intermediary service), which is not regulated, and therefore totally legitimate.

That said the ICA made the following findings, taking into account the characteristics of the activities carried out by Uber.

First, the ICA recognized that even traditional taxi services are more and more adopting technologies similar to those embraced by Uber. Yet, the ICA stressed that services such as Uber ensure a greater ease of use of the mobility service, a better response to a public need for which there is no current offering, and the ensuing reduction of the costs for users of such services. Last but not least, to the extent that it discourages the use of private means of transportation, Uber-like services also contribute to the decongestion of urban traffic.

Second, with regards to the activity of UberBlack or UberVan, i.e. transport services carried out by professional drivers, the ICA considers the current regulation (Italian Law No. 21 of 1992 concerning the non-linear public transport of people) as restrictive of competition insofar as its provisions restrict the geographic scope of the activity of vehicles to the municipality that has granted them a license, and further require that after each trip, each car must return to the base.

Third, with regards to the services such as those provided by UberPop, consisting of acting as an intermediary between the owner (non-professional driver) of a vehicle and a person who needs to make a journey within a city, the ICA observed that the Court of Milan ordered the blocking of UberPop throughout the national territory allegedly because this services would breach the rules regulating the taxi industry and may be characterized as an act of unfair competition. In that respect, the Court held that UberPop’s activity cannot be carried out to the detriment of people’s safety, in terms of cars used for the service, the suitability of drivers, as well as insurance coverage.

Yet, the ICA held that, even so, any form of regulation of such new services, if at all necessary, should be the least invasive as possible. In that respect, the ICA eventually singled out measures such as a registry for online platform providing such services and the provision of certain requirements for drivers.

The Position of the CMA

The position held by the UK Competition and Market Authority is even firmer than that of its Italian counterpart.

Preliminarily, while it recognized that “private hire vehicles” need the protection of appropriate regulation, the CMA considered that consumers also benefit from effective competition exerting downward pressure on prices and upward pressure on service quality and standards.

The CMA takes the view that innovative services (which include app-based booking systems) may drive efficiencies through which it is possible to offer benefits such as lower prices and greater responsiveness to demand. The introduction of new services also has an inherent benefit in the form of greater choice for consumers.

From a general stand point, the CMA thus considers that competition should only be compromised or restricted by regulatory rules to the extent that doing so is absolutely necessary for consumer protection. Above all, regulation should not favor certain groups or business models over others and any measures that restrict the choices available to consumers should be minimized.

The CMA focused on a number of regulatory proposals (made by the Authority Transport for London or “TfL”) that might have the greatest impact on competition.

5-minute wait requirement. TfL proposes that operators must provide booking confirmation details to the passenger at least 5 minutes prior to the journey commencing.

According to CMA, this proposal reduces the competitiveness of alternative services than black cabs by artificially hampering the level of service that new services can provide.

Approval for changes to operating models. TfL proposes that operators will be required to seek TfL approval before changing their operating model. The CMA considers that ex ante regulation of business models is liable to reduce incentives for innovation (a key competitive parameter) and by extension to restrict competition.

Mandatory pre-booking facilities. In the CMA’s view, mandating ancillary functions (such as a facility to pre-book up to seven days in advance) can place undue burdens on some providers, leading to increased costs for private hire vehicles and thus distorting competition, as those unable or unwilling to provide these functions will be excluded from the market. The CMA notes that in instances where consumers find ancillary facilities useful, they are likely to be provided by a competitive market where different offerings proliferate.

Fixed landline telephone requirement.  Similarly, the CMA believes that TfL’s proposal whereby operators must have a fixed landline telephone number which must be available for passenger use at all times, could raise barriers to entry (entrants would have to provide both a number and staff to handle calls) as well as restricting innovation (including platform-based business models) and could therefore lead to reduced competition between private vehicle operators. Moreover, it is not clear that it is necessary to make this functionality mandatory, as consumers may not value having a landline number to contact to choose private hire vehicle operators that provide one.

Requirement to specify the fare in advance. Another proposal that the CMA rejects is mandating operators to specify the fare for each journey prior to the commencement of that journey.  According to the CMA, the supply of a precise and fixed fare at the time of booking would effectively prohibit innovative pricing models that could be more efficient than pre-calculated fares (e.g. by varying according to supply and demand). This would remove another parameter of competition among private hire vehicle operators.

Drivers to only work for one operator at a time. TfL further proposed a requirement that licensed private hire vehicle drivers can only work for one operator at a time, claiming that this is necessary to reduce the risk of drivers working excessive hours for a number of different operators.

The CMA notes that this proposal may not be suitable or necessary to meet the stated objective. First, TfL’s proposal seems to address only excessive hours among drivers working for multiple operators, and not the risk of excessive hours among drivers working for a single operator, or the danger of black cab drivers working excessive hours.

More interestingly, the CMA believes that ‘multi-homing’ (i.e. the ability of drivers to work for multiple platforms) can allow drivers to switch their supply to where it is needed in the market. Mandatory single-homing can create a strong network effect, as it gives drivers the incentive to only work for the platform with the most customers. The consequence could be fewer private hire vehicle operator platforms, or even a single dominant platform, with the potential for all the consumer harm that platform dominance might bring.

The FTC is Going Full Speed Ahead in Retail Tracking Case

By Marie-Andrée Weiss

On April 23, 2015, the Federal Trade Commission (FTC) published its proposed consent order with Nomi Technologies, Inc. (Nomi), a retail tracking company, Nomi Technologies, Inc. – Consent Agreement; File No. 132 3251. The FTC draft complaint against Nomi alleged that it had violated Section 5 of the Federal Trade Commission Act by misleading consumers when failing to provide them an opt-out mechanism at its clients’ retail store locations, even though its privacy policy represented that such an option was available to them.

What is retail tracking?

This is the first FTC complaint against a retail tracking company. According to the complaint, Nomi “uses mobile device tracking technology to provide analytics services to brick and mortar retailers . . . [and] has been collecting information from consumer’s mobile devices . . . since January 2013.”

While online retailers may easily track their visitors’ digital trail, brick and mortar retailers used to have to resort to asking “are you looking for something in particular?” to find out about their client’s interests, only to be often rebuffed by “just looking…” They also could instruct their staff to report observations about clients’ expressed interests and peruse over sales reports to define and refine their marketing strategy. But tracking companies can now provide retailers precise data on consumer’s behavior.

The complaint explained how sensors placed by Nomi in its clients’ stores detect the media access control (MAC) addresses which mobile devices broadcast when searching for WiFi networks. Nomi also collects MACs from the stores’ WiFi access points. The information thus collected by Nomi is used to compile analytics reports about the percentage of customers passing by the store versus entering it, the average duration of their visit, the type of mobile devices they use, the percentage of repeat consumers within a particular period of time, and the number of customers that have also visited another of the retailer’s location. This information allows retailers to measure the impact of in-store promotions or displays and to adjust their layouts and offerings accordingly.

The FTC did not consider retail tracking per se to be a violation of the FTC Act. Rather, it alleged that Nomi had not kept its privacy promises. Nomi’s privacy policy stated, from at least November 2012 to October 22, 2013, that the company “pledges to… always allow consumers to opt out of Nomi’s service on its website as well as at any retailer using Nomi’s technology.” However, according to the complaint, the retail tracking company had not made available to consumers a list of the retailers using its service, nor did it require its clients to notify consumers about the tracking service and to provide an opt-out mechanism at their stores.

Nomi provided an opt-out option on its own site. However, consumers had to provide all of their mobile devices’ MAC addresses, a rather cumbersome process, especially since consumers did not know which retailers were using Nomi tracking services and could thus spend time opting out of a service which may never even track them.

According of the terms of the consent order, Nomi agreed not to misrepresent “the extent to which, consumers can exercise control over the collection, use, disclosure, or sharing of information collected from or about them or their computers or devices, or… the extent to which consumers will be provided notice about how data from or about a particular consumer, computer, or device is collected, used, disclosed, or shared.”

 

Do retail tracking systems identify consumers?

Each MAC is a 12-digit identifier, which the FTC considers to be a persistent unique identifier, even though Nomi cryptographically hashes it, because when a particular MAC is hashed, the resulted hashed MAC is always the same. When one hashes a document or information to encrypt it, an algorithm transforms a string of characters, the input, into another string of characters, the hash value. In our case, each unique 12-digit identifier input are encrypted into a unique hash value, which can be therefore used as identifier.

In his dissenting statement, Commissioner Wright argued that Nomi did not track individual consumers, but merely recorded whether they are unique or repeat visitors to a store, without knowing their “identity.” But Chairwoman Ramirez cited in her statement about the proposed consent order an article written last year by Jonathan Mayer, from Stanford University, which stated that “[h]ashing [MAC addresses] is… no defense against re-identification” and explained how he had built such a re-identification system in less than an hour. Ashkan Soltani, the FTC Chief Technologist, noted in a post that the use of a persistent identifier presents privacy issues since tracking pattern of movement in itself is often enough to uniquely identify an individual.”

Is having a privacy policy a smart business idea?

Commissioner Wright also argued in his dissenting statement that the FTC should not have issued a complaint against Nomi, as “aggressive prosecution of this sort will inevitably deter industry participants like Nomi from engaging in voluntary practices that promote consumer choices and transparency [ and…] sends a dangerous message to firms weighing the costs and benefits of voluntarily providing information and choice to consumers.” For Commissioner Wright, the market has already responded to consumers expressing their preference, and he alluded in a footnote to several instances where retailers pulled out their tracking programs after consumers voiced their concerns.

But these instances may also be interpreted as signs that consumers are very concerned about being tracked in stores, and thus must be provided with effective ways to opt out, after having been put on notice of such programs. Ashkan Soltani cited in his post a recent OpinionLab survey which found that 8 out of 10 shoppers do not want retailers to track them using their smart phones, adding that “[t]he privacy issues are further exacerbated by the fact that most consumers are not aware that their device information may be captured as they walk by a store or visit an airport.” As such, defining privacy policies may very well drive innovation by incentivizing the creation of products and services respecting consumers’ privacy.

The FTC offered the public the opportunity to file comments about the case, and provided an Analysis to Aid Public Comment. The Information Technology and Innovation Foundation (ITIF), a think tank, while stating it did not condone Nomi’s mistake, argued in its comment that “innovation, by its very nature, involves risks and mistakes . . . .Certainly, companies should not face punitive measures for actions that were taken in good faith and did not cause consumer harm. This would create perverse incentives for companies to slow down the pace of innovation” (ITIF comments, p. 3).

Whether or not the FTC was too quick to act, this case signals the need to provide start-ups and entrepreneurs with the privacy framework they need to create products and services respecting consumers’ privacy. Since most consumers wish to guard their privacy, privacy protection can be an effective marketing tool to attract consumers and generate sales.

Standard Setting in the EU’s Digital Agenda

On 19 May 2010, the European Commission made public its long awaited policy document on the Digital Agenda for Europe.  The overall aim of the Digital Agenda is to deliver sustainable economic and social benefits from a digital single market based on fast and ultra fast internet and interoperable applications.

In particular, one of the goals of the Digital Agenda is improving ICT standard-setting and interoperability, as effective interoperability between IT products and services is key to building a truly digital society.  To this end, the Digital Agenda will for example, propose legal measures to reform the rules on implementation of ICT standards to allow the use of certain ICT fora and consortia standards.

More importantly, guidance on transparent ex-ante disclosure rules for essential intellectual property rights and licensing terms and conditions in the context of standard setting is also deemed to contribute to lower royalty demands for the use of standards and thus to lower market entry costs.

In this respect, in a recent speech Neelie Kroes, Commissioner for Information Society and Media, made it clear that a legislative solution on standard setting may be a possibility, although she stressed that the aim is to make standard setting more efficient, and not more burdensome for companies.

Mrs. Kroes appears to flag that, if need be, she would be ready to go beyond the recently published Commission’s draft antitrust rules on horizontal agreements relating to standard-setting.  The draft rules, currently available for consultation (see above p. 7) rely on the well-established concepts of non-discrimination, transparency, and availability and specify minimum requirements that distinguish standard-setting from a cartel. On the important issue of licensing, Mrs. Kroes is of the view that because establishing FRAND (Fair, Reasonable and Non-Discriminatory) prices is a hard task, transparency of costs (and therefore of licensing terms) is in everyone’s interest, as it would facilitate implementation of the standard and reduce the risks of litigation.

Ultimately, according to Mrs. Kroes, the European Commission should not need to run lengthy investigations in every case where there is a lack of interoperability.  Yet, she made it also clear that companies should not be able to withhold essential interoperability information from the market when such behaviour would result in lock-in situations. [Gabriele Accardo]

European Commission confirms inspection of Slovak Telekom a.s.

The European Commission confirmed that from 13 to 15th January 2009 European Commission officials carried out an unannounced inspection at the premises of Slovak Telekom a.s., the incumbent telecom operator in Slovakia. The European Commission has reason to believe that the company concerned may have infringed EC Treaty rules on abuse of a dominant market position (Article 82). The suspected conduct may include refusal to supply, margin squeeze and tying, possibly as part of an overall strategy to exclude competitors from the market. [European Commission Memo]

Mergers: European Commission clears Avnet’s acquisition of Abacus in electronic components industry

The European Commission has approved under the EU Merger Regulation the proposed acquisition by Avnet of the US of Abacus of the UK. Both companies are electronic components distributors. The investigation has shown that the concentration would not significantly impede effective competition in the European Economic Area (EEA) or any substantial part of it. [European Commission Press Release]

.eu domain passes the 3 million mark

The third million .eu domain name was registered on 11 January by a German citizen. Two and a half years after its launch, this confirms the success of the .eu top-level internet domain. It is the fourth most popular internet domain among European country domains and the ninth worldwide. By promoting a distinctly European online identity .eu helps citizens and businesses to reap the full benefits of the single market. Multinational companies and SMEs, NGOs and think tanks as well as individual Europeans have all adopted .eu to mark their web presence. [European Commission Press Release]

.eu passes the 3 million mark

.eu passes the 3 million mark: Frequently Asked Questions [European Commission Press Release]