By Marie-Andrée Weiss
Last June, the New York legislature failed, once again, to amend the state’s right of publicity law. A similar bill, Assembly Bill A08155, had the same fate last year. New York Assembly Bill 8155-B had passed the assembly on June 18, 2018, but the Senate did not bring the bill to a vote before the legislature adjourned. This is fortunate, as the bill had several flaws.
The current New York right of publicity law
New York statutory right of privacy, Civil Rights Laws §§ 50 and 51, is a narrowly drafted law. The New York Court of Appeals recently described the legislative intent at passing this law as “slender” (Lohan v. Take-Two Interactive Software, Inc.). Indeed, the law does not provide an extensive right of publicity, but merely makes it a misdemeanor to use a living person’s likeness, that is, her name, portrait or picture, “for advertising or trade purposes” without prior written consent. New York does not recognize any other privacy rights, not even at common law.
Identity as personal property
The bill clearly differentiated the “right of privacy” from the “right of publicity.” During a person’s lifetime, a person would have had a right to privacy and a right to publicity. Both rights would have prevented the unauthorized use of likenesses and names, but only the right of publicity would have provided the right to sell one’s persona.
The “right of privacy” was defined as a “personal right, which protects against the unauthorized use of a living individual’s name, portrait or picture, voice, or signature for advertising purposes or purposes of trade without written consent.” This is essentially the right that is currently protected in New York. The bill would have also protected a person’s signature, which is not currently protected. Moreover, under the bill, this right of privacy would have expired upon death, just as it does now.
The bill would have also created a “right of publicity,” defined as “an independent property right, derived from and independent of the right of privacy, which protects the unauthorized use of a living or deceased individual’s name, portrait or picture, voice, or signature for advertising purposes or purposes of trade without written consent.”
The bill would have made an individual’s persona his or her personal property, “freely transferable or descendible, in whole or in part by contract or by means of any trust or testamentary instrument.” The bill would, therefore, have made it possible to transfer one’s persona, by selling it or licensing it, for a limited or unlimited time, and these contracts would have been able to survive death.
The dangers of making identity a transferable personal property
SAG-AFTRA, a performers’ union, supported the bill. Its New York President urged its New York members to let their representatives know that they were in favor of passing the bill. However, the bill, as written, could have placed actors in danger of losing the right to use and profit financially from their personality.
The Fantine character, created by Victor Hugo in Les Misérables, sold her hair so she could send money to her daughter Cosette. One can imagine an actress, who once played Fantine in a Les Mis production, but who has since fallen on hard times, selling her entire persona in order to make ends meet. Hair can grow again, but under the bill, a persona could have been sold off for a long time, even forever. One could even imagine a persona becoming a commodity under the new law, with producers buying personas straight out of a ‘central-casting’ database. Representative Morelle noted during the debate that “[i]f someone looks like another person, that’s not covered under this. You could go find someone who looks like Robert De Niro, or you could find someone that looks like another actor.”
The bill would have thankfully forbidden parents or guardians from assigning the right of publicity of a minor and would have rendered such assignments unenforceable. Under this bill. Fantine could have sold her own persona, but not Cosette’s.
A descendible right of publicity
Unlike other states, such as California, New York does not have a post-mortem right of publicity. The bill would have provided such a right for forty years after a person’s death, whether she was famous or not. At the expiration of the forty-year period, the image of an individual would have been freely usable.
This right would have been descendible, either by testament or by intestate succession. Either way, the right would have been enforced by a person or persons possessing at least a fifty-one percent interest of the individual’s right of publicity.
Persons claiming to be successors in the right of publicity of a deceased individual, or licensees of such rights, would have had to register their claim with the New York Secretary of State and pay a $100 fee. Thereafter, their claim would have been posted on a public web site specifically designed for that purpose. Parties interested in licensing or buying a particular right of publicity could have used this registry to find out who owns a particular right. Failure of a licensee or successor to register a persona would have been a defense for unauthorized use of the deceased’s persona. The sponsor of the bill, Representative Joseph Morelle, specified during the debate that the law would apply to anyone seeking damages in New York, provided that the interest had been registered in the New York registry.
The Electronic Frontier Foundation argued in a memorandum sent to the New York legislature that the law would pressure heirs to benefit commercially from the image of their deceased relatives, noting that in “a large estate, an inheritable and transferable right of publicity may add to the tax burden and thus lead heirs with no choice but to pursue advertising deals or some other commercial venture.” Indeed, deceased artists such as Glenn Gould or Franck Zappa are back on the road performing as holograms.
Fake News, Deepfakes and the right to publicity
The bill addressed the issue of “digital replica,” which it defined as a “computer-generated or electronic reproduction” of the likeness or voice of a person, whether alive or dead. Representative Morelle explained that the bill aimed at codifying the recent Lohan v. Take-Two Interactive Software decision, where the court found that New York right of privacy law, which protects unauthorized use of a “portrait,” encompasses the “graphical representation of a person in a video game or like media.”
Use of such digital replicas would have been forbidden, without prior authorization, in expressive works such as a live performance, a dramatic work, or a musical performance “in a manner that is intended to create, and that does create, the clear impression that the individual represented by the digital replica is performing, the activity for which he or she is known.” Athletes’ digital replicas could not have been used in audiovisual works either, if doing so created “the clear impression that the athlete represented by the digital replica is engaging in an athletic activity for which he or she is known.” This was probably aimed at protecting athletes against the unauthorized use of their likenesses in video games.
The dystopian movie The Congress featured actress Robyn Wright selling the right to her digital image to a studio, under an agreement which forbade her to ever act again. Even more sinister is the prospect of selling one’s digital image for making pornographic movies. Indeed, Artificial Intelligence (AI) technology allows creation of “deepfakes” video where a person is depicted as performing sexual acts. Such technology can be used to seek revenge (so-called revenge porn) or simply to create porn movies featuring celebrities. The bill specifically addressed the issue of unauthorized use of digital replicas in a pornographic work and would have forbidden the use of digital replicas in a manner intended to create, or which did create “the impression that the individual represented by the digital replica is performing [in such pornographic work]”.
Representative Morelle also mentioned during the debate that digital replicas can be used to create fake news, for instance, by making political figures look and sound as if they are saying something they did not actually say, which brings us to the First Amendment issues this bill raised.
First Amendment Issues
New York courts found that the use of a person’s likeness with respect to “newsworthy events or matters of public interest” is non-commercial and therefore not actionable under New York’s right of publicity law (Stephano v. News Group Publs.).
Use of digital replicas would have been authorized for parody, satire, commentary or criticism purposes, or “in a work of political, public interest, or newsworthy value,” or if the use was de minimis or incidental.
The bill would have explicitly provided a First Amendment defense to the use of a persona without prior consent, including use in a book, play or movie. This is in line with the recent California case, Olivia de Havilland v. Fox Networks, which had pitted the centenarian actress against the producer of Feud: Bette and Joan, an eight-part television show about the Joan Crawford/Bette Davis rivalry. Catherine Zeta-Jones portrayed Olivia de Havilland, and was shown in the movie giving an interview wherein she referred to her sister Joan Fontaine as a ‘bitch’, among a few more unsavory comments. Olivia de Havilland sued for infringement of her California right to publicity but lost because the use of her name and likeness in the movie was protected by the First Amendment. The case shows how public figures cannot always rely on their right of publicity to censor speech about themselves which they deem unsavory.
It has been reported that Olivia de Havilland plans to ask the Supreme Court to review the case, and the New York legislature is likely to introduce a new version of its right of publicity bill in the coming months. Right of publicity is developing, warts, holograms, and all.
As readers know, NAFTA has been turned into the United States – Mexico – Canada Agreement (USMCA). Along with changes to minimize barriers in the automobile and dairy sectors, intellectual property rights, data protection, and dispute settlement have undergone considerable alterations. These changes are addressed here.
IP Protection Extended
As for intellectual property rights, the negotiations have resulted in enhanced protections, an outcome mainly desired by the US (and with considerable similarities with the 2015 TPP text).
In regard to copyrights, Art.20.H.7 of the USMCA stipulates that, following the author’s death, his or her intellectual property rights shall be protected for 70 years onwards (thereby extending protection from the 50-year standard, by which Canada currently abides). In cases where no person’s life is used as a basis for the copyright term, the minimum is now set to 75 years from the date of the first authorized publication. In NAFTA, the minimum was 50 years.
Biologics are a field which NAFTA did not specifically regulate. Under the USMCA Art.20.F.14, however, patent protection for new pharmaceutical products that are (or contain) biologics will last 10 years from the date of first marketing approval of that product in the Party concerned. Note that biologics protection in Canada is currently only 8 years. It is also important to highlight that the USMCA provides for a patent-term restoration system, enacted after request, in cases where the applicant’s patent issuance has been ‘unreasonably’ delayed (Art.20.F.9).
Of utmost importance are the advanced enforcement provisions of IP rights protection. Under NAFTA, the competent authorities could act only after the filing of an application by the right holder (Art.1718). The USMCA provides for the ex officio authority of border officials to initiate border measures against suspected counterfeit trademark goods or pirated copyright goods which are imported, destined for export, in transit, or entering/exiting a free trade zone or a bonded warehouse; this is intended to combat the phenomenon of weak counterfeiting (Art.20.J.6). Further, the USMCA provides for the establishment of a new IP Committee, with the task of holding consultations on several cooperation issues (Art.20.B.3).
Digital Trade Chapter
When the original NAFTA came into force in 1994, digital trade was not considered in the agreement. USMCA, however, dedicates a whole chapter to it (Chapter 19). Two key points in Chapter 19 should be emphasized. First, the rules on data localization restrict policies that require companies to store personal information within the local jurisdiction, which seems to conflict with what is provided for in the relevant EU regulations. The cross-border transfer, storage and processing of data is facilitated under the USMCA through, inter alia, the prohibition of custom duties on the transfer of digital products and the requirement that Parties do not (unnecessarily) restrict the cross-border transfer of personal information. Second, Art.20.J.11 introduces a safe-harbor provision for Internet Service Providers by requiring that parties limit the Providers’ liability for monetary relief in instances of infringements where they merely maintain, transmit, or store unauthorized information, but do not control, initiate or direct the infringement.
Limitation of Investor-State Dispute Settlement
Reformation of the dispute settlement mechanism is another field of practical and legal interest. Chapter 11 of NAFTA provided for investor-state dispute settlement (ISDS) for protected investments. The foreign investor had recourse to an arbitral tribunal to challenge host State measures. Canada has now entirely withdrawn from the ISDS system. Thus, investor-state disputes are only permitted between the US and Mexico, and only under certain conditions. First, they are only available for alleged violations of the standards of national treatment and ‘most-favored nation’, as well as direct expropriation disputes. Furthermore, ISDS is only available after local remedies have been exhausted or after a time lapse of 30 months. As far as minimum standards of treatment (fair and equitable treatment) and indirect expropriation are concerned, the investors can only pursue a claim before domestic courts.
Notably, specific categories of US investors are permitted to initiate proceedings relating to oil, gas, transportation, infrastructure, and power generation concession contracts concluded between them and the Mexican government (USMCA Annex 14-E). Yet, the state-to-state dispute settlement mechanism of NAFTA’s Chapter 19 has not undergone modification and remains in place.
The parties have chosen to maintain many of the original NAFTA principles, such as that bilateral and trilateral elements can coexist. The USMCA agreement, therefore, represents a compromise, bringing changes in some areas while leaving others untouched.
By Jonathan Cardenas
On September 19, 2018, the UK House of Commons Treasury Committee (the “Committee”) published a Report on Crypto-assets (the “Report”), which provides regulatory policy recommendations for the UK Government, the UK Financial Conduct Authority (the “FCA”) and the Bank of England. The Report forms part of the Committee’s Digital Currencies Inquiry, which was launched in February 2018 to examine the potential impact of distributed ledger-based digital currencies on the UK financial system and to prepare a balanced regulatory response from the UK Government. This article briefly summarizes the Committee’s UK regulatory policy recommendations.
- Crypto Asset Risk
The Committee’s regulatory policy recommendations are structured around a variety of risks that crypto assets pose to crypto asset investors. These risks include: high price volatility; loss of investment due to fraud and/or third-party hacking of crypto asset exchanges; loss of access to crypto asset exchange accounts and/or digital wallets due to unrecoverable lost passwords; price manipulation due to poor market liquidity and relatively low trading volumes; potential facilitation of money laundering and terrorist financing; and, macro risk to UK financial stability. Mindful of these risks, the Committee notes that crypto assets presently fall outside the scope of FCA regulation merely because the “transferring, buying and selling of crypto assets, including the commercial operation of crypto asset exchanges” do not meet legal definitional criteria to be considered as either a “specified investment” under the Financial Services and Markets Act 2000 (Regulated Activities) Order (the “Regulated Activities Order”), or as “funds” or “electronic money” under applicable payment services and electronic money regulation, as referenced in expert witness reports provided to the Committee.
- Initial Coin Offerings
Consumer fraud in the context of initial coin offerings (“ICOs”) is a topic of special concern to the Committee. The Committee recognizes that there is currently “little the FCA can do to protect individuals” from fraudulent ICOs as a result of a regulatory loophole that permits ICOs to escape FCA jurisdiction. Since most ICOs do not directly promise financial returns, but rather, offer future access to a service or utility, they do not fall squarely within UK law definitions of “financial instrument,” as referenced in expert witness reports provided to the Committee, and therefore are not FCA regulated.
The Committee concurs with the view of U.S. Securities and Exchange Commission Chairman Jay Clayton that ICOs should not escape the ambit of securities regulation merely because they change the form, and not the actual substance, of a securities offering. The Committee also concurs with the view expressed in an FCA warning that consumers should be prepared to lose their entire investment in early stage ICO projects due to the FCA’s lack of jurisdiction and consequent inability to protect consumers. As a result, the Committee recommends that the Regulated Activities Order be updated, as a matter of urgency, in order to bring ICOs within the scope of FCA jurisdiction.
- Crypto Asset Exchanges
The facilitation of money laundering and terrorist financing through crypto asset exchanges is another area of major concern addressed by the Committee. Crypto asset exchanges are not currently required to comply with anti-money laundering (“AML”) rules under UK law because their activities are not specifically captured by the language of UK AML regulation, including, most notably, the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017. Although current UK AML regulation does not target crypto asset exchange activity, crypto asset exchanges do fall within the scope of the European Union’s 5th Anti-Money Laundering Directive (the “5th AML Directive”). As a consequence, the Committee recommends that the UK Government either (1) transpose the 5th AML Directive into UK law prior to the UK’s planned exit from the EU, or (2) replicate relevant provisions of the 5th AML Directive in UK law as quickly as possible.
- Regulatory Implementation
The Committee proposes two ways of introducing crypto asset regulation in the UK: (1) by amendment of existing financial services regulation or, (2) by adoption of new regulation tailored specifically to crypto assets.
Amending the existing financial services regulatory framework would involve classifying crypto asset activity as a regulated activity within the Regulated Activities Order. Doing so would enable the FCA to regulate crypto asset activities by, for example, mandating that licenses be obtained in order to carry out specified crypto activities in the UK. This approach has previously been used in the context of peer-to-peer lending, and is regarded as the fastest way of providing the FCA with the powers needed to regulate crypto asset activities and protect UK consumers.
Adopting a new regulatory framework separate from pre-existing financial services rules would allow for a more flexible and tailored approach to crypto asset regulation, but would also require substantially more time to formulate and finalize.
Given the rapid growth of crypto asset markets and the expanding set of risks faced by UK consumers, the Committee recommends that the UK Government regulate crypto asset activities by expanding the scope of the Regulated Activities Order, rather than by adopting a separate body of rules. The Committee also recommends that the UK Government examine the exact type of crypto asset “activity” that would be included in an amended Regulated Activities Order, as well as the ramifications of doing so.
The Committee notes that although the global regulatory response to crypto assets is in early stages, the UK is in a position to learn from the experience of other jurisdictions given the fact that the UK has not yet introduced any specific type of crypto asset regulation. As a result, the Committee encourages UK regulators to engage with their international counterparts in order to ensure that best practices are applied in the UK.
 Disclaimer: The views and opinions expressed in this article are those of the author alone. The material in this article has been prepared for informational purposes only and is not intended to serve as legal advice.
 UK House of Commons Treasury Committee, Crypto-assets, Twenty-Second Report of Session 2017-19, 19 September 2018. Available at: https://publications.parliament.uk/pa/cm201719/cmselect/cmtreasy/910/910.pdf.
 UK House of Commons Treasury Committee, Digital Currencies inquiry: Scope of the inquiry, 2017. Available at: https://www.parliament.uk/business/committees/committees-a-z/commons-select/treasury-committee/inquiries1/parliament-2017/digital-currencies-17-19/.
 UK House of Commons Treasury Committee, Evidence – Financial Conduct Authority (DGC0028): Financial Conduct Authority’s written submission on digital currencies, April 2018. Available at: http://data.parliament.uk/writtenevidence/committeeevidence.svc/evidencedocument/treasury-committee/digital-currencies/written/81677.pdf.
 UK House of Commons Treasury Committee, Evidence – Financial Conduct Authority (DGC0028): Financial Conduct Authority’s written submission on digital currencies, April 2018.
 UK House of Commons Treasury Committee, Crypto-assets, 19 September 2018, at para 87.
 UK House of Commons Treasury Committee, Oral evidence: Digital Currencies, Statement of David Geale, Q 193, HC 910, 4 July 2018. Available at: http://data.parliament.uk/writtenevidence/committeeevidence.svc/evidencedocument/treasury-committee/digital-currencies/oral/86572.html.
 U.S. Securities and Exchange Commission, Statement on Cryptocurrencies and Initial Coin Offerings, December 11, 2017. Available at: https://www.sec.gov/news/public-statement/statement-clayton-2017-12-11.
 Financial Conduct Authority, Consumer warning about the risks of Initial Coin Offerings (‘ICOs’), 9 December 2017. Available at: https://www.fca.org.uk/news/statements/initial-coin-offerings.
 The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (S.I. 2017/692), 26 June 2017. Available at: http://www.legislation.gov.uk/uksi/2017/692/made.
 Directive (EU) 2018/843 of the European Parliament and of the Council of 30 May 2018 amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, and amending Directives 2009/138/EC and 2013/36/EU, OJ L 156, 19.6.2018, p. 43–74. Available at: https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32018L0843.
 See Financial Conduct Authority, The FCA’s regulatory approach to crowdfunding (and similar activities), Consultation Paper 13/13, October 2013. Available at: https://www.fca.org.uk/publication/consultation/cp13-13.pdf.
By Gabriel M. Lentner and Filippo Faccin
On September 18, 2018, the EU Commission issued a concept paper on WTO reform. In this paper, the EU Commission recognizes that the rules-based multilateral trading system faces its deepest crisis since its inception. Against this background, the Commission seeks to move the debate toward a focus on the reform of the WTO.
The concept paper covers 3 issues:
- Rulemaking and development
- Regular work and transparency
- Dispute settlement
Rulemaking and Development
The first proposals in this area concern industrial subsidies and state-owned enterprises (SOEs).
Recognizing the low level of compliance with the Agreement on Subsidies and Countervailing Measures (SCM Agreement) the EU proposes, inter alia, the creation of a general rebuttable presumption according to which if a subsidy is not notified or is counter-notified, it would be presumed to be a subsidy or even a subsidy causing serious prejudice.
As regards SOEs, a clarification of what constitutes a public body is proposed that seeks to broaden the existing definition, which, according to the EU Commission does not capture many relevant SOEs. In addition, rules concerning enhanced transparency about the level and degree of state control in SOEs and other market-distorting support are proposed.
Other proposals in this context are concerned with the expansion of the list of prohibited subsidies or the creation of a rebuttable presumption of serious prejudice. Non-insolvent companies without a credible restructuring plan or companies that use dual pricing will no longer have access to grants.
Establishing new rules to address barriers to services and investment, such as in the field of forced technology transfer are another priority.
The Commission also proposes to strengthen the procedural aspects of the WTO’s rulemaking activities. It argues that the EU should maintain support for multilateral negotiations and full outcomes in areas where this is possible, and should also explore the feasibility of amending the WTO agreement so as to create a new Annex IV.b. This annex would contain a set of plurilateral agreements that are applied on an MFN-basis and which could be amended through a simplified process.
Furthermore, the EU seeks to strengthen the role of the WTO secretariat in support of the various negotiation processes as well as the implementation and monitoring functions.
Regular Work and Transparency
The EU has consistently criticized the slow processes and the burdensome bureaucracy of the WTO, which paralyzes its regular work.
The solution that has been proposed is the development of rules that oblige members to provide substantive answers within specific deadlines and the increase of cross-committee coordination on issues related to market access.
The EU Commission concept paper defends the strengthening of the organization’s monitoring powers to check whether countries are implementing multilateral agreements and transparent trade policies. In particular, the EU Commission wants the WTO to implement:
- More effective committee-level monitoring
- Incentives for improving notification compliance
- Sanctions for willful and repeated non-compliance
- A strengthening of the Trade Policy Review Mechanism (TPRM).
The Commission paper states that the dispute settlement system is “at grave danger, and swift action by members is needed to preserve it”.
A solution is necessary to end US blocking new appointments and to prevent the imminent stalemate of the appeal body.
The first stage of a general reform will be a comprehensive amendment of the provision of the Dispute Settlement Understanding (DSU) related to the functioning of the Appellate Body (AB). This amendment would:
- Narrow the 90-day limit to resolve a dispute
- Increase the number of members of the appeal body from 7 to 9 (This would help to increase the efficiency of the appeal body, while improving the geographical balance)
- Configure the membership of the appeal body to work full-time (currently, de jure, it is a part-time job)
Update on EU Copyright Reform – Audiovisual Media Services and Copyright in the Digital Single Market
By Martin Miernicki
Two important legislative projects in the field of European copyright law have recently undergone substantial developments. The revision of the Audiovisual Media Services Directive (AVMSD) is likely to be adopted later this year, whereas the proposed Directive on Copyright in the Digital Single Market (CDSMD) will be subject to an extended debate in the European Parliament.
In 2015, the Commission adopted its Digital Single Market Strategy for Europe, calling for a better harmonization of the copyright laws of the EU member states as well as for an enhanced access to online goods and services. Against this background, the proposal for a revision of the AVMSD as well as the proposal for the new CDSMD were made in 2016. The amendment to the AVMSD pursues a variety of policy goals, aiming at creating a clear level playing field for the provision of audiovisual content in the EU, especially addressing online services. The CDSMD contains provisions on the (collective) licensing of certain works and exceptions and limitation to rights of right holders provided for in other European directives on copyright, among these Directive 2001/29/EC. Title IV’s Art 11 and 13 of the proposed directive appear to be most controversial, providing for a right of publishers of press publications in the digital use of their press publications (so-called “link tax”) and an increased obligation of certain platform operators to monitor the content uploaded to their sites (so-called “upload filter”). Both reform projects have been intensely discussed and have yet to be adopted.
Current state of the reform projects
On 26 April 2018, the Commission announced a breakthrough in the negotiations with the Council and the European Parliament about the revision of the AVMSD, stating that a “preliminary political agreement” had been reached. This agreement was subsequently confirmed in June 2018. As regards the CDSMD, the Council’s permanent representatives committee agreed to its position on the draft directive on 25 May 2018 for the negotiations with the European Parliament. On 20 June 2018, the Parliament’s Legal Affairs Committee voted to start the negotiations, upholding controversial parts of the proposed CDSMD. However, the European Parliament rejected this decision in early July.
What can be expected?
Against the background of these developments, the revised AVMSD is likely to be adopted in autumn or winter, starting the period for the transposition of its rules into national law. It should be noted that Brexit also affects audiovisual media services, and it caused the Commission to publish a notice to stakeholders on this matter earlier this year. The future development of the CDSMD is less clear, as the proposal might be amended as a result of the upcoming debate. At this point, it is expected that the European Parliament will discuss the issue in September.
By Nikolaos Theodorakis
The European Data Protection Board (EDPB) started its operations the same date the General Data Protection Regulation (GDPR) entered into force, 25 May 2018. The GDPR creates a harmonized set of rules applicable to all personal data processing taking place in the EU. The GDPR established the EDPB so that it contributes to the consistent application of data protection rules throughout the European Union, and promote cooperation between the EU’s data protection authorities.
The EDPB is the transformation of the Article 29 Working Party, under the previous legal regime. The EDPB is composed of representatives of the national data protection authorities and the European Data Protection Supervisor (EDPS). The EDPB also comprises a secretariat provided by the EDPS and working under the instructions of the EDPB. The secretariat will have an important role in administering the One-Stop-Shop and the consistency mechanism, as explained below. The European Commission has the right to participate in the activities and meetings of the Board, without however having a voting right.
The EDPB aims to ensure the consistent application of the GDPR and of the European Law Enforcement Directive. In doing so, the EDPB is expected to adopt general guidance to clarify the terms of European data protection laws and provide a consistent interpretation regarding their options and obligations. It can also make binding decisions towards national supervisory authorities to ensure a consistent application of the GDPR.
In brief, the EDPB:
- Provides general guidance (e.g. guidelines and recommendations) to clarify the law;
- Advises the European Commission on personal data issues and proposed legislation;
- Adopts consistency findings for cross-border data protection issues; and
- Promotes cooperation and the effective exchange of information and best practice between national supervisory authorities.
The EDPB’s principles are independence and impartiality, good governance, collegiality, cooperation, transparency, efficiency, and proactivity.
Program and future actions
The EDPB acknowledged the continuity of its predecessor, the Article 29 Working Party, and endorsed a series of important guidelines on the first day of operations:
- the guidelines on consent;
- the guidelines on transparency;
- the automated individual decision-making and profiling Guidelines on Automated individual decision-making and Profiling for the purposes of the GDPR;
- the personal data breach notification guidelines on personal data breach notification under the GDPR;
- the right to data portability guidelines;
- the data protection impact assessment guidelines determining whether processing is “likely to result in a high risk”;
- the Data Protection Officers guidelines;
- the Lead Supervisory Authority guidelines;
- the paper on the derogations from the obligation to maintain records of processing activities;
- the working document for the approval of “Binding Corporate Rules” for controllers and processors;
- the recommendation on the standard application for approval of Controller and Processor Binding Corporate Rules, and the elements and principles to be found in said Rules; and
- the guidelines on the application and setting of administrative fines for the purposes of the GDPR.
Moving forward, it is expected that the EDPB will issue guidance for a number of important privacy related issues, like the data portability right, Data Protection Impact Assessments, certifications, the extraterritorial applicability of the GDPR and the role of Data Protection Officers. In doing so, the EDPB plans to regularly consult business representatives and civil society representatives regarding their views on how to implement the GDPR.
One-Stop-Shop and Consistency Mechanism
Apart from the guidelines and binding decisions, the EDPB will be instrumental in assisting with the One-Stop-Shop mechanism and the consistency mechanism. The One-Stop-Shop relates to designating a lead Data Protection Authority to resolve data protection issues involving more than one EU Member State. This innovative GDPR framework will allow for better cooperation for processing activities that span across different states.
The EDPB consistency mechanism is a reference to Article 63 of the GDPR, a mechanism through which DPAs cooperate to contribute to the consistent application of the GDPR. The GDPR makes several references to this mechanism and it is expected that it will be an important issue for the EDPB to regulate and interpret. In essence, the EDPB should ensure that where a national data protection authority decision affects a large number of individuals in several EU member states, there is prior collaboration and consistency in the interpretation and application of said decision. This is in line with the EU’s digital single market agenda that tries to bring consistent application of EU laws throughout the single market.
A true transformation?
It is too early to tell whether the EDPB will prove to be a transformed body, or whether it is a rebranded version of the Article 29 Working Party. Even though it seems that the WP29 subgroups will continue their work as usual, the action plan indicates that the EDPB will undergo significant changes and that it aspires to be in the epicenter of data protection developments in the European Union. The first indications demonstrate that the EDPB wants to become a prominent body through administrative restructuring and a more clear communication strategy. The GDPR enforcement brought data protection in the spotlight, and the EDPB will certainly have a chance, if it so desires, to prove that it is larger, more influential, and more important body than its predecessor.
By Jonathan Cardenas
On 8 March 2018, the European Commission (“Commission”) introduced its FinTech Action Plan, a policy proposal designed to augment the international competitiveness of the European Single Market in the financial services sector. Together with the FinTech Action Plan, the Commission introduced a proposal for a regulation on European crowdfunding services providers (“Proposed Regulation on Crowdfunding”). Both of these proposals form part of a broader package of measures designed to deepen and complete the European Capital Markets Union by 2019. This article briefly summarizes both the FinTech Action Plan and the Proposed Regulation on Crowdfunding.
- FinTech Action Plan
With the goal of turning the European Union (“EU”) into a “global hub for FinTech,” the FinTech Action Plan introduces measures that build upon several of the Commission’s prior initiatives, including the regulatory modernization objectives set forth by the Commission’s internal Task Force on Financial Technology, the capital market integration objectives identified in the Commission’s Capital Markets Union Action Plan, and the digital market integration objectives identified in the Commission’s Digital Single Market Strategy. Responding to calls from the European Parliament and European Council for a proportional, future-oriented regulatory framework that balances competition and innovation while preserving financial stability and investor protection, and also drawing upon the conclusions of the March–June 2017 Public Consultation on FinTech, the FinTech Action Plan consists of a “targeted,” three-pronged strategy, that sets out 19 steps to enable the EU economy to cautiously embrace the digital transformation of the financial services sector.
- “Enabling Innovative Business Models to Reach EU Scale”
The first prong of the FinTech Action Plan is focused on measures that will enable EU-based FinTech companies to access and scale across the entire Single Market.
Recognizing the need for regulatory harmonization, the Commission calls for uniformity in financial service provider licensing requirements across the EU to avoid conflicting national rules that hamper the development of a single European market in emerging financial services, such as crowdfunding (Step 1). With crowdfunding specifically in mind, the Commission has proposed a regulation on European crowdfunding service providers (“ECSPs”), which, as discussed in further detail below, would create a pan-European passport regime for ECSPs that want to operate and scale across EU Member State borders. In addition, the Commission invites the European Supervisory Authorities (“ESAs”) to outline differences in FinTech licensing requirements across the EU, particularly with regard to how Member State regulatory authorities apply EU proportionality and flexibility principles in the context of national financial services legislation (Step 2). The Commission encourages the ESAs to present Member State financial regulators with recommendations as to how national rules can converge. The Commission also encourages the ESAs to present the Commission with recommendations as to whether there is a need for EU-level financial services legislation in this context. Moreover, the Commission will continue to monitor developments in the cryptocurrency asset and initial coin offering (“ICO”) space in conjunction with the ESAs, the European Central Bank, the Financial Stability Board and other international standard setters in order to determine whether EU-level regulatory measures are needed (Step 3).
Recognizing the importance of common standards for the development of an EU-wide FinTech market, the Commission is focused on developing standards that will enhance interoperability between FinTech market player systems. The Commission plans to work with the European Committee for Standardization and the International Organization for Standardization to develop coordinated approaches on FinTech standards by Q4 2018, particularly in relation to blockchain technology (Step 4). In addition, the Commission will support industry-led efforts to develop global standards for application programming interfaces by mid-2019 that are compliant with the EU Payment Services Directive and EU General Data Protection Regulation (Step 5).
In order to facilitate the emergence of FinTech companies across the EU, the Commission encourages the development of innovation hubs (institutional arrangements in which market players engage with regulators to share information on market developments and regulatory requirements) and regulatory sandboxes (controlled spaces in which financial institutions and non-financial firms can test new FinTech concepts with the support of a government authority for a limited period of time), collectively referred to by the Commission as “FinTech facilitators.” The Commission specifically encourages the ESAs to identify best practices for innovation hubs and regulatory sandboxes by Q4 2018 (Step 6). The Commission invites the ESAs and Member States to take initiatives to facilitate innovation based on these best practices, and in particular, to promote the establishment of innovation hubs in all Member States (Step 7). Based upon the work of the ESAs, the Commission will present a report with best practices for regulatory sandboxes by Q1 2019 (Step 8).
- “Supporting the Uptake of Technological Innovation in the Financial Sector”
The second prong of the FinTech Action Plan is focused on measures that will facilitate the adoption of FinTech across the EU financial services industry.
The Commission begins the second prong by indicating that its policy approach to FinTech is guided by the principle of “technology neutrality,” an EU regulatory principle that requires national regulators to ensure that national regulation “neither imposes nor discriminates in favour of the use of a particular type of technology.” In this regard, the Commission plans to setup an expert group to assess, by Q2 2019, the extent to which the current EU regulatory framework for financial services is neutral toward artificial intelligence and distributed ledger technology, particularly in relation to jurisdictional questions surrounding blockchain-based applications, the validity and enforceability of smart contracts, and the legal status of ICOs (Step 9).
In addition to ensuring that EU financial regulation is fit for artificial intelligence and blockchain, the Commission also intends to remove obstacles that limit the use of cloud computing services across the EU financial services industry. In this regard, the Commission invites the ESAs to produce, by Q1 2019, formal guidelines that clarify the expectations of financial supervisory authorities with respect to the outsourcing of data by financial institutions to cloud service providers (Step 10). The Commission also invites cloud service providers, cloud services users and regulatory authorities to collaboratively develop self-regulatory codes of conduct that will eliminate data localization restrictions, and in turn, enable financial institutions to port their data and applications when switching between cloud services providers (Step 11). In addition, the Commission will facilitate the development of standard contractual clauses for cloud outsourcing by financial institutions, particularly with regard to audit and reporting requirements (Step 12).
Recognizing that blockchain and distributed ledger technology will “likely lead to a major breakthrough that will transform the way information or assets are exchanged,” the Commission plans to hold additional public consultations in Q2 2018 on the possible implementation of the European Financial Transparency Gateway, a pilot project that uses distributed ledger technology to record information about companies listed on EU securities markets (Step 13). In addition, the Commission plans to continue to develop a comprehensive, cross-sector strategy toward blockchain and distributed ledger technology that enables the introduction of FinTech and RegTech applications across the EU (Step 14). In conjunction with both the EU Blockchain Observatory and Forum, and the European Standardization Organizations, the Commission will continue to support interoperability and standardization efforts, and will continue to evaluate blockchain applications in the context of the Commission’s Next Generation Internet Initiative (Step 15).
Recognizing that regulatory uncertainty and fragmentation prevents the European financial services industry from taking up new technology, the Commission will also establish an EU FinTech Lab in Q2 2018 to enable EU and national regulators to engage in regulatory discussions and training sessions with select technology providers in a neutral, non-commercial space (Step 16).
- “Enhancing Security and Integrity of the Financial Sector”
The third prong of the FinTech Action Plan is focused on financial services industry cybersecurity.
Recognizing the cross-border nature of cybersecurity threats and the need to make the EU financial services industry cyberattack resilient, the Commission will organize a public-private workshop in Q2 2018 to examine regulatory obstacles that limit cyber threat information sharing between financial market participants, and to identify potential solutions to these obstacles (Step 17). The Commission also invites the ESAs to map, by Q1 2019, existing supervisory practices related to financial services sector cybersecurity, to consider issuing guidelines geared toward supervisory convergence in cybersecurity risk management, and if necessary, to provide the Commission with technical advice on the need for EU regulatory reform (Step 18). The Commission also invites the ESAs to evaluate, by Q4 2018, the costs and benefits of developing an EU-coordinated cyber resilience testing framework for the entire EU financial sector (Step 19).
- Proposed Regulation on Crowdfunding
In line with the Commission’s Capital Markets Union objective of broadening access to finance for start-up companies, the Proposed Regulation on Crowdfunding is aimed at facilitating crowdfunding activity across the Single Market. The proposed regulation plans to enable investment-based and lending-based ECSPs to scale across Member State borders by creating a pan-European crowdfunding passport regime under which qualifying ECSPs can provide crowdfunding services across the EU without the need to obtain individual authorization from each Member State. The proposed regulation also seeks to minimize investor risk exposure by setting forth organizational and operational requirements, which include, among others, prudent risk management and adequate information disclosure.
 COM (2018) 109/2 – FinTech Action plan: For a more competitive and innovative European financial sector. Available at: https://ec.europa.eu/info/sites/info/files/180308-action-plan-fintech_en.pdf.
 COM (2018) 113 – Proposal for a regulation on European Crowdfunding Service Providers (ECSP) for Business. Available at: https://ec.europa.eu/info/law/better-regulation/initiative/181605/attachment/090166e5b9160b13_en.
 COM (2018) 114 final – Completing the Capital Markets Union by 2019 – time to accelerate delivery. Available at: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:52018DC0114&from=EN.
 European Commission Press Release, “FinTech: Commission Takes Action For a More Competitive and Innovative Financial Market,” 8 March 2018. Available at: https://ec.europa.eu/info/sites/info/files/180308-action-plan-fintech_en.pdf.
 European Commission Banking and Finance Newsletter, Task Force on Financial Technology, 28 March 2017. Available at: http://ec.europa.eu/newsroom/fisma/item-detail.cfm?item_id=56443&utm_source=fisma_newsroom&utm_medium=Website&utm_campaign=fisma&utm_content=Task%20Force%20on%20Financial%20Technology&lang=en. See also European Commission Announcement, Vice President’s speech at the conference #FINTECHEU “Is EU regulation fit for new financial technologies?,” 23 March 2017. Available at: https://ec.europa.eu/commission/commissioners/2014-2019/dombrovskis/announcements/vice-presidents-speech-conference-fintecheu-eu-regulation-fit-new-financial-technologies_en. See also European Commission Blog Post, “European Commission sets up an internal Task Force on Financial Technology,” 14 November 2016. Available at: https://ec.europa.eu/digital-single-market/en/blog/european-commission-sets-internal-task-force-financial-technology.
 COM/2015/0468 final – Action Plan on Building a Capital Markets Union. Available at : http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:52015DC0468&from=EN.
 COM(2015) 192 final – A Digital Single Market Strategy for Europe, 6 May 2015. Available at: http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:52015DC0192&from=EN. See also COM (2017) 228 final – Mid-Term review on the implementation of the Digital Single Market Strategy: A Connected Digital Single Market for All, 10 May 2017. Available at: http://eur-lex.europa.eu/resource.html?uri=cellar:a4215207-362b-11e7-a08e-01aa75ed71a1.0001.02/DOC_1&format=PDF.
 European Parliament Committee on Economic and Monetary Affairs, Report on FinTech: the influence of technology on the future of the financial sector, Rapporteur: Cora van Nieuwenhuizen, 2016/2243(INI), 28 April 2017. Available at: http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//NONSGML+REPORT+A8-2017-0176+0+DOC+PDF+V0//EN.
 EUCO 14/17, CO EUR 17, CONCL 5, European Council Meeting Conclusions, 19 October 2017. Available at: http://www.consilium.europa.eu/media/21620/19-euco-final-conclusions-en.pdf.
 European Commission Directorate-General for Financial Stability, Financial Services and Capital Markets Union, “Summary of contributions to the ‘Public Consultation on FinTech: a more competitive and innovative European financial sector,’” 2017. Available at: https://ec.europa.eu/info/sites/info/files/2017-fintech-summary-of-responses_en.pdf.
 FinTech Action Plan.
 European Commission Press Release, “FinTech: Commission Takes Action For a More Competitive and Innovative Financial Market,” 8 March 2018. Available at: https://ec.europa.eu/info/sites/info/files/180308-action-plan-fintech_en.pdf.
 EBA/DP/2017/02 – Discussion Paper on the EBA’s approach to financial technology (FinTech), 4 August 2017. Available at: https://www.eba.europa.eu/documents/10180/1919160/EBA+Discussion+Paper+on+Fintech+%28EBA-DP-2017-02%29.pdf.
 FinTech Action Plan, p. 8.
 Directive 2002/21 on a common regulatory framework for electronic communications networks and services (Framework Directive)  OJ L108/33. Available at: https://eur-lex.europa.eu/legal-content/en/ALL/?uri=CELEX%3A32002L0021.
 FinTech Action Plan, p. 12.
 Capital Markets Union Action Plan.