CJEU: EU-Directive 2001/29/EC Does Not Permit National Legislation to Provide a Special Defense to Copyright Infringement for Retransmission of Television Broadcasts via the Internet
By Katharina Erler
The Fourth Camber of the Court of Justice of the European Union (CJEU) ruled on 1 of March 2017 that Article 9 of EU InfoSoc Directive (2001/29/EC) does not cover national legislation, which provides a special defense to copyright infringement by retransmission of works broadcast on television channels by cable or via the internet. In particular, Article 9 must be interpreted as not permitting national legislation which allows the immediate retransmission of free-to-air broadcasts by cable and via the internet, if it is done within the area of the initial broadcast. The case is ITV Broadcasting Limited v. TVCatchup Limited, C-275/15.
The appellants in the main proceedings, commercial television broadcasters ITV, Channel 4 and Channel 5, own copyrights under national law in their televisions broadcasts and included films. TVCatchup (TVC) offered an internet television broadcasting service, permitting its users to receive streams of TV shows, including those transmitted by ITV, Channel 4, and 5.
It is important to note that the CJEU has dealt with this case before: In its judgement of 7 March 2013, ITV Broadcasting and Others (C-607/11), the CJEU held that the retransmission of protected works and broadcasts by means of an internet stream, such as the service of TVCatchup, constitutes a communication to the public under Article 3 of Directive 2001/29/EC (InfoSoc Directive) and therefore must be authorized by the authors concerned.
The High Court of Justice (England & Wales) followed this judgement and found that TVC had infringed the copyright of television broadcasters. It, however, found that TVCatchup could rely on a defense under Section 73 (2) (b) and (3) of the United Kingdom’s Copyright, Designs and Patent Act (CDPA).
The broadcasters filed an appeal against this High Court decision. The Court of Appeal (England & Wales) took the view that the national defense provisions in Section 73 (2) (b) and (3) must be interpreted in light of Article 9 of Directive 2001/29 and consequently referred a number of questions concerning the interpretation of Article 9 to the CJEU for a preliminary ruling.
Article 9 (“Continued application of other legal provisions”) of Directive 2001/29/EC of the European Parliament and of the Council on the harmonization of certain aspects of copyright and related rights in the information society (InfoSoc Directive) states that the Directive shall be without prejudice to provisions concerning in particular […] access to cable of broadcasting services […].
Article 1 of the InfoSoc Directive (2001/29/EC) with regard to the scope of the Directive stipulates that this Directive shall leave intact and shall in no way affect existing Community provisions relating to […] (c) copyright and related rights applicable to broadcasting of programs by satellite and cable retransmission.
Section 73 (2) (b) and (3) of the United Kingdom’s Copyright, Designs and Patent Act (CDPA), which implemented Directive 2001/29/EC, that copyright is not infringed “if and to the extent that the broadcast is made for reception in the area in which it is re-transmitted by cable and forms part of a qualifying service”.
Consideration of the questions referred to the CJEU
Of five questions referred to the CJEU by the Court of Appeal, the CJEU explicitly only responded to one, which referred to the phrase “access to cable of broadcasting services” under Article 9 of Directive 2001/29/EC, and asked whether it applies to (1) national provisions which require cable networks to retransmit certain broadcasts or (2) national provisions which permit the retransmission by cable of broadcasts (a) where the retransmissions are simultaneous and limited to areas in which the broadcasts were made for reception and/or (b) where the retransmissions are of broadcasts on channels which are subject to certain public service obligations.
In essence, the CJEU answered the question whether Article 9 of Directive 2001/29/EC might be interpreted as permitting national legislation to provide a separate general defense to retransmission of broadcasting services via cable— including the internet—without the authors consent.
By emphasizing that the concept of “access to cable broadcasting services” must be given an autonomous and uniform interpretation throughout the European Union, the CJEU—in line with the opinion of the Advocate General from 8 September 2016—found that the term “access to cable” is different from that of “retransmission of cable” under Article 1 (c), because only the latter notion designates the transmission of audio-visual content. Therefore, taking into account the wording, Article concerns not the transmission of content and the public access to this content, but rather the access to a network.
Setting Article 9 in the context of the whole Directive, the CJEU clearly states that the exclusion of EU provisions on “cable retransmission” from the scope of Directive 2001/29/EC, in this instance, refers to EU Directive 93/83 concerning copyrights applicable to satellite broadcasting and cable retransmission. Since, however, the case at hand concerns the retransmission within one Member State, the provisions of Directive 93/83, which solely apply to cross-border retransmissions, are irrelevant.
Highlighting that the principal objective of the InfoSoc Directive (2001/29/EC) is to establish a high level of protection for authors, the CJEU referred to its earlier ruling from the previous referral by the UK High Court in the same case (ITV Broadcasting and Others, C-607/11). As ruled in that decision, the retransmission by means of an internet stream, such as the one at issue, constitutes a “communication to the public” under Article 3 (1) of Directive 2001/29/EC and, therefore, results in copyright infringement unless it falls within the scope of Article 5, which sets out an exhaustive list of exceptions and limitations to the right of communication to the public. In the view of the CJEU, it is common ground that the retransmission at issue does not fall within the scope of any of the exceptions and limitations set out in Article 5 of Directive 2001/29/EC.
Most importantly, the CJEU ruled – referring to the opinion of the Advocate General from 8 September 2016 – that Article 9 of Directive 2001/29/EC may not be interpreted to mean that it independently permits exceptions to the right of communication to the public in Article 3. The objective pursued by Article 9 is, indeed, to maintain the effect of provisions in areas other than the area harmonized in Directive 2001/29/EC. Keeping the general objective of the Directive, especially the high level protection of authors and the exhaustive nature of Article 5 in mind, the CJEU found that Article 9 may not be interpreted as covering retransmissions.
The Court noted furthermore, that the InfoSoc Directive contains no legal basis that would justify affording less protection to television channels subject to public service obligations.
As a result of the CJEU’s decision, the national exception to copyright under Section 73 of UK’s CDPA with regard to retransmissions shall be considered as not compatible with the EU legal framework. This decision seems to be consistent with the objective of the InfoSoc Directive, which is to set harmonized rules on copyrights and especially to ensure a high level of protection for the authors.
It is worth mentioning that the question of whether national rules can regulate retransmission and introduce exceptions of copyright was again raised in a case, decided by the CJEU shortly thereafter. On 16 March 2017, in AKM v. Zürsnet (C-138/16), the CJEU, in contrast to the earlier case ITV Broadcasting v. Others (C-607/11), found that the transmission of television and radio broadcasts by a cable network installation does not constitutes a communication to a new public under Article 3 of the InfoSoc Directive. In that Case, the CJEU held that due to the fact that the persons who receive the transmission of the protected works have been taken into account by the rightsholders when they granted the original authorization for the national broadcaster, the transmission does not infringe copyright under the InfoSoc Directive. The CJEU did not take into account its broad interpretation of “communication to the public” as referred to in its earlier decision ITV Broadcasting and Others (C-607/11). This decision, however, might cause confusion as to the requirements of “communication to the public” in Article 3 of the InfoSoc Directive and the question of whether national legislation may introduce exceptions of copyright for retransmissions of broadcasts.
By Maria E. Sturm
On 11 May 2017, the Advocate General Szpunar, issued his opinion on the case “Asociación Profesional Elite Taxi vs Uber Systems Spain SL” (C – 434/15) which gives some interesting insights in UBER’s business activity in Spain and the EU.
The role of the Advocate General
According to Art. 252 TFEU, eight Advocate-Generals assist the Court of Justice. They are impartial and independent. In cases which require their involvement according to the statute of the Court of Justice, they issue a reasoned submission. Their arguments prepare the Court’s decision. And while the Court is not bound, it still often follows them.
UBER and its completely new business model raise a lot of legal questions. Case C – 434/15 offers the ECJ the possibility, to answer a least a few of them for the European Union. As the case is a preliminary ruling according to Art. 267 TFEU, the ECJ can only answer the questions posed by the Commercial Court No 3 of Barcelona, Spain. Therefore, the advocate-general does not reason e.g. on antitrust or labor law issues.
The questions were (summarized):
- What kind of service does UBER offer: a transport service, an electronic intermediary service or an information society service as defined in Art. 1(2) of Directive 98/34?
- If it is an information society service, does it profit from the freedom of services according to Art. 56 TFEU and Directives 2006/123 and 2000/31?
- Does the Spanish Law on Unfair competition infringe the freedom of establishment?
- Are the requirements of authorization or license valid measures to regulate the freedom to provide electronic intermediary services?
First, the Advocate-General explains which kind of service UBER offers. This is important as the type of service affects the Member State’s competences to regulate it. Szpunar starts with the definition of the term “information society service” which requires three criteria: it must be provided for remuneration, upon individual request and by electronic means. While the first two do not pose any problems, the third one needs further clarification in this case. Of course, UBER as a smartphone application works electronically. However, the actual ride the customer receives, is not electronic. The service does not have to be completely electronic to fulfill the criterion of Art. 1(2) of Directive 98/34 but if it is a composite service, one needs to examine where the emphasis lies. Szpunar bases his argument on the unity of the electronic and the non-electronic part. If both can be offered independently, an information society service can be confirmed for the electronic part. As example, he mentions online platforms for booking hotels: the consumer can use the platform to compare prices and book the hotel. However, she could also book the hotel directly without using the platform. Thus, the electronic service of the platform and the analog product of the hotel room are independent and the service the platform offers is an information society service. With UBER, in contrary, no independent service exists. UBER only acts as intermediary for a service which itself creates. It is not a platform that just combines driving services offered by different companies, but the platform makes the service. Furthermore, according to Szpunar, UBER exercises decisive influence over the conditions under which the service is provided. It decides who can be a driver, how drivers must behave, and conducts quality control via its rating function. This means, it offers not mainly an electronic, but a transport service.
The result of Szpunar’s argument is:
- UBER is no information society service. Therefore, Art. 56 TFEU and Directives 2006/123 and 2000/31 are not applicable.
- Questions three and four of the Commercial Court No 3 of Barcelona do not need to be answered as they only refer to the freedoms of service and establishment which do not protect UBER.
- UBER offers a transport service according to Art. 90-100 TFEU. This means, it can be submitted to authorization or license requirements by the Member States as any other transport service, too.
Now we have to wait, if the ECJ follows Szpunar’s arguments which seems quite probable. However, the next question is: does the current legal framework – on the local, state and European level – fit to the sharing economy? The European Commission already addressed the problem in its 2015 communication “A Digital Single Market Strategy for Europe” where it announced a comprehensive assessment of the role of platforms, including the sharing economy. In 2016, the EU Commission issued a communication on the European agenda for the collaborative economy. This communication provides legal guidance to public authorities, market operators and citizens on how to apply existing EU law on legal problems emerging form the sharing economy. However, these guidelines are not binding and the Commission announces further investigation and legal action in this field.
Big Data: Italian Authorities Launch Inquiries on Competition, Consumer Protection and Data Privacy Issues
By Gabriele Accardo
On 30 May 2017, the Italian Competition Authority, the Italian Data Protection Authority and the Communications Authority opened a joint inquiry on “Big Data”.
The joint sector inquiry by the Italian Competition Authority, the Italian Data Protection Authority and the Communications Authority will focus, respectively, on potential competition and consumer protection concerns, data privacy, as well as on information pluralism within the digital ecosystem.
First, based on the assumption that the collection of information and its use through complex algorithms have a strategic role for firms, especially for those offering online platforms, which use the collected data to create new forms of value, the inquiry will thus assess whether, and under which circumstances, access to “Big Data” might constitute a barrier to entry, or in any case facilitate anticompetitive practices that could possibly hinder development and technological progress.
Secondly, the use of such large amounts of information may create specific risks for users’ privacy given that new technologies and new forms of data analysis in many cases allow companies to “re-identify” an individual through apparently anonymous data, and may even allow them to carry out new forms of discrimination, and, more generally, to possibly restrict freedom.
A further risk for the digital ecosystem is linked to how online news is now commonly accessed. In fact, digital intermediaries employ users’ information forms of profiling and the definition of algorithms, which in turn, are able to affect both the preservation of the net neutrality principle, and the plurality of the representations of facts and opinions.
It may be expected that while the inquiry will focus on certain specific businesses (typically platforms-related), the authorities may send requests for information to all businesses that collect and make significant use of customer/user data.
Relatedly, on 10 May 2016, French and German Competition Authorities published their joint report on competition law and Big Data. Separately, the French Competition Authority announced the launch of a full-blown sector inquiry into data-related markets and strategies.
In recent months, data-related issues have been at the core of specific investigations by the Italian Competition Authority (against Enel, A2A and ACEA for an alleged abuse of dominance, and against Samsung and WhatsApp for unfair commercial practices), and the Italian Data Protection Authority (against WhatsApp), showing that Italian authorities are getting ready for the challenges that the data-driven economy brings.
Enel, A2A, and ACEA, ongoing investigations on alleged abuse of dominance
On 11 May 2017, following a complaint by the association of energy wholesalers, the Italian competition Authority (“ICA”) raided the business premises of Enel, A2A and ACEA in order to ascertain whether the energy operators may have abused their dominant positions in the electricity market in order to induce their respective customers (private individuals and small businesses) to switch to their market-based electricity contracts.
In particular, according to the ICA, each energy operator may have used “privileged” commercial information (e.g., contact details and invoicing data) about customers eligible for regulated electricity tariffs (so-called Servizio di maggior tutela), which was held in the capacity as incumbent operator(s) (at national level for Enel, and in the Milan and Rome areas for A2A and ACEA, respectively), as well as its dedicated business infrastructure to sell its market-price electricity supply contracts to private individuals and small business customers.
Enel may have also misled consumers by stating that it would be able to guarantee a more secure energy supply than Green Network in order to win-back “former” customers, and thus induce them to choose its contracts.
The investigation is similar to the one recently concluded by the French Competition Authority against energy operator Engie, which resulted in a fine of Euro 100 Million.
Interestingly, both investigations in Italy and France raise issues similar to those addressed in September 2015 by the Belgian Competition Authority against the Belgian National Lottery. The Belgian Authority held that the Belgian National Lottery used personal data acquired as a public monopoly to the market its new product Scooore! on the adjacent sports betting market. The Belgian Competition Authority found that such conduct constituted an abuse of dominance insofar as the information used by the infringer could not be replicated by its competitors in a timely and cost-effective manner.
Samsung – unfair commercial practices
On 25 January 2017, the Italian Competition Authority (“ICA”) levied a 3.1 Million Euro fine on Samsung in relation to two unfair commercial practices related to the marketing of its products, one of which concerned the forced transfer of personal information for marketing purposes.
In essence, Samsung promoted the sale of its electronic products by promising prizes and bonuses (e.g. discounts, bonus on the electricity bill, and free subscription to a TV content provider) to consumers. However, contrary to what the advertising promised, consumers could not get the prize or bonus when buying the product, but could only receive it at a later stage, following a complex procedure that was not advertised, but was only made available in the Terms and Conditions and to consumers who registered on Samsung People online. Besides, consumers were repeatedly requested to provide documents over and over again.
The ICA also found the practice of making discounts conditional upon registering with the company’s digital platform and giving consent to the processing of their data unfair and aggressive, insofar as consumers could not get the promised prize or bonus without giving their consent to the commercial use of their personal data, which were used by Samsung for purposes unrelated with the promotional offer of the product itself. The ICA thus found that the data requested by Samsung were irrelevant and unrelated to the specific promotion in question.
WhatsApp – unfair commercial practices and privacy issues
This is yet another case concerning the forced transfer of personal information for marketing purposes, which followed the same lines of the Samsung case.
Preliminarily, the ICA held that data is a form of information asset, and that an economic value can be attached to it (e.g., Facebook would in fact be able to improve its advertising activity with more data). The ICA further found that a commercial relationship exists in all instances where a business offers a “free” service to consumers in order to acquire their data.
- users were not provided with adequate information on the possibility of denying consent to share with Facebook their personal data on WhatsApp account;
- the option to share the data was pre-selected (opt-in) so that, while users could in fact have chosen not to give their assent to the data sharing and still continue to use the service, such a possibility was not readily clear and in any event users should have removed the pre-selected choice;
During the investigation, WhatsApp offered a set of remedies, but this offer was rejected by the ICA, based on the fact that, as a result of the methods used by WhatsApp to obtain customers’ consent to transfer their data to Facebook, the practice could be characterized as overtly unfair and aggressive, and as such deserved a fine (in any case WhatsApp halted the practice of sharing data with Facebook in light of ongoing discussions with national data protection agencies in Europe).
Interestingly, while the ICA decision is based on consumer protection grounds, last year the German Federal Cartel (FCO) Bundeskartellamt launched an investigation into similar conducts by Facebook, WhatsApp’s mother company, based on competition law grounds. Specifcally, the investigation was based on suspicions that with its specific terms of service on the use of user data, Facebook may have abused its alleged dominant position in the market for social networks. In particular, the presence of excessive trading conditions is the underlying theory of harm for the investigation launched by the FCO. In particular, the FCO is assessing whether Facebook’s position allows it to impose contractual terms that would otherwise not be accepted by its users.
Yet, consumer, competition law, and privacy considerations appear entangled in such cases, as shown by the investigation that Italian Data Protection Authority launched against WhatsApp in parallel with the ICA.
It is understood that while the investigation is still ongoing, the Italian Data Protection Authority requested WhatsApp and Facebook to provide information in order to assess the case thoroughly. In particular, the two companies were asked detailed information on:
- data categories that WhatsApp would like to make available to Facebook;
- arrangements that are in place to obtain users’ consent to disclose their data;
- measures that have been taken to enable exercise of users’ rights under Italy’s privacy legislation, since the notice given to users on their devices would appear to only allow withdrawing consent and objecting to data disclosure for a limited period.
In addition, the Italian Data Protection Authority is seeking to clarify whether the data of WhatsApp users that do not use Facebook will be also disclosed to that company, insofar as no reference to marketing purposes was in the information notice provided initially to WhatsApp users.
Businesses are moving fast to figure out how to best harness the wealth of consumer’s data and make good commercial use of it. Authorities around the globe are putting together their toolkits to address emerging issues in the data-driven economy.
In this cops and robbers game, it appears clear that businesses are struggling to understand which set of rules may apply to their business models, either because there are multiple laws that could potentially apply or because the rules are indeed not readily foreseeable or clear. Obviously, if the same conduct can be caught from many angles, then there is something wrong that need to be addressed, if that can stifle innovation.
That said, the message for businesses sent by these mushrooming initiatives in Europe and around the world is clear: consumers’ freedom to choose whether or not to allow their data to be transferred to parties intending to use this information in order to generate a profit from it should be and will be protected. Enforcers will tackle conduct that unduly influences consumers’ ability to take informed and free decisions.
Consumers on Fyre: Influencer Marketing and Recent Reactions of the United States Federal Trade Commission
By Catalina Goanta
Social media disruptions
Silicon Valley continues to change our world. Technology-driven innovations that are disseminated with the help of the Internet have met with great success. This success translates into heaps of followers, as one can see in the case of platforms such as Facebook and Instagram. However, it is the followers themselves who continually affect the purposes of these platforms. A good example in this sense is Youtube; what started out as an alternative channel for the sharing of low-resolution home videos soon became a place where users could actually create their own content professionally. If well-received, this content leads to real Internet phenomena, and eventually become monetized, via direct or indirect advertising. Individuals around the world now have access to their own TV-stations where they can attract funders and actually make a good living out of running their channels.
Online content creation raises issues that are similar to those in the sharing economy (e.g. Uber, Airbnb, etc.). On the one hand, online platforms connect individual content providers with viewers, in the same peer-to-peer fashion that AirBnB connects an apartment owner and a tourist. Given the service-orientation of both activities, provided they are monetized, a clear issue emerges: when does an individual stop being a peer? In other words, what does it mean to be a consumer in this environment? Relatedly, what legal standards apply to the process of creating such content?
The Fyre Fiasco
The Fyre Festival was supposed to be a luxury music festival scheduled for April and May 2017 in the Bahamas, organized by rapper Ja Rule and young entrepreneur Billy McFarland. The latter has made other business models catering to the rich, such as Magnises, a members-only benefits card programme aimed at wealthy millennials. However, instead of promised luxury and exclusivity, the Fyre Festival organizers could not provide its guests even with the most basic of amenities, ranging from accommodation to food and transport. This led to a massive social media fury, with tens of thousands of reposts on Facebook, Instagram and Twitter, showcasing the disastrous conditions that were far removed from the luxury advertisements and the matching price tags (participants paid up to $ 100,000 to attend the festival). Apart from criminal allegations of mail, wire and securities fraud, Fyre Media – Ja Rule and McFarland’s company – is already faing a $ 100,000,000 class action. In its Introduction, the complaint emphasizes that “[t]he festival’s lack of adequate food, water, shelter, and medical care created a dangerous and panicked situation among attendees—suddenly finding themselves stranded on a remote island without basic provisions—that was closer to ‘The Hunger Games’ or ‘Lord of the Flies’ than Coachella.” Because of the trust-building social media campaign Fyre Media had launched promote the event, festival-goers had no suspicion of fraud before they arrived at the event. Influencers such as Kendall Jenner, Bella Hadid, and Emily Ratajkowski were involved in making Instagram posts about the festival (without any proof of concept), and thereby endorsing the event and communicating to their millions of followers their trust in the Fyre Festival.
The Federal Trade Commission takes action
Influencer marketing is a grey area of consumer advertising. It entails companies reaching out to celebrities who benefit from a faithful following of individuals who they can easily sway to buy certain products. Monetizing a Youtube channel is a process requiring sustained effort, as channel owners will have to strike a balance between keeping their followers entertained and generating enough revenue for their activity. Popularity is correlated with the amount of earnings celebrities can make out of sponsored content.
What makes this into a great marketing technique is also what may hurt consumers the most. The trust-based relation between a celebrity and its fan-base appeals to marketers; it creates a more genuine story for their products or services. But trust is a fine line, and if a celebrity only endorses material things for money, it means they are not being honest with their audience, who might go and buy those products under mistaken assumptions.
The Federal Trade Commission labels these actions as endorsements, and is very clear that since such advertising tools can persuade consumers to engage in commercial transactions, endorsements must be truthful and not misleading. For this reason, the FTA created the Guides Concerning the Use of Endorsements and Testimonials in Advertising, soft rules designed to address the application of Section 5 of the Federal Trade Commission Act on unfair or deceptive acts or practices.
In the light of its guides and the Fyre fiasco, on 19 April the FTC notified more than 90 online influencers about the need for them to disclose their relations to the brands endorsed on social media. According to the Guides, if there is a “material connection” between an influencer and an advertiser which can influence the credibility of the messages posted on social media, the endorser must make this connection clear. In practice, that means adding different hashtags such as the hashtag #ad, by which the public understands that the celebrity in question has been paid to sing the praises of specific products. Still, not many celebrities seem to be bothered by this existing guideline, as only one post relating to Fyre Festival was actually tagged in a clear and conspicuous way to reveal the commercial interest behind the post itself.
Prior to the Fyre Festival debacle, in 2016 the FTC had filed a complaint against retailer Lord & Taylor, who paid more than 50 fashion influencers up to $4,000 to post photos of themselves in Instagram styling a specific dress and using the hashtag #DesignLab, without the disclosure of the material connection. The consumer deceit charges were eventually settled.
Are the guides enough to tackle the issue of endorsement? Perhaps there might be a deterrent effect with respect to aligning celebrities with legal standards, but the problem is wider if we consider the fact that it is not only celebrities advertising products on social media.
Just like Instagram, Youtube is a huge market for reviews on products or services relating to technology, games, clothing or make-up, just to name a few. Ordinary people become channel owners and post regular videos focusing on a particular theme. With time, some of these people reach quasi-stardom and become known names on the Internet. To take an example, NikkieTutorials, a successful make-up vlogger based in the Netherlands, has gained a total of 6,998,037 followers since joining Youtube in 2008, and her videos have been viewed 537,159,106 times so far. And while that might look like a lot, these numbers really fade into oblivion when compared to one of the most famous Youtubers of all time, the Swedish game vlogger PewDiePie. With a total following of around 55,538,695 individuals, his videos have collected an overwhelming total of 15,449,755,042 views ever since he joined Youtube in 2010 and earned approximately $7,400,000 in 2014 on the basis of this following. But these are only examples of very well established Youtubers; thousands if not hundreds of thousands of people are currently turning to Youtube to make a living, and in doing so, they seek to earn money from potential collaborators.
Youtube monetization often entails two main streams of revenue: AdSense and sponsorships. AdSense is a Youtube feature that allows channel owners to play ads in various formats before their own content, and their remuneration depends on the number of views their videos will score. Sponsorships are separate from the Youtube channel, in that external companies can contact a popular Youtuber and offer to pay that Youtuber for a sponsorship agreement. These agreements are likely to entail that the Youtuber endorses specific companies or products. As one of the most important features of Youtubers is that of being relatable, namely the feeling that Youtubers are normal people, just like their followers, channel owners will likely not want to openly disclose sponsorships. This creates a conflict of interests where the channel owner’s main activity is that of generating consumer opinions and reviews, while at the same time being secretive about the products that he or she is being paid to advertise.
On the basis of Section 5 of the FTC Act, such practices could be deemed to be unfair if they “cause or [are] likely to cause substantial injury to consumers which is not reasonably avoidable by consumers themselves and not outweighed by countervailing benefits to consumers or to competition.” However, this seems to be a test that is not applicable to the mundane low-value objects normally advertised online, which begs the question – should the FTC do something more to align social media advertisers with the public interests it upholds? If that is the case, it most certainly cannot do so alone and will need the willingness of the platforms enabling these new practices to properly address this growing problem.
By Nikolaos Theodorakis
China’s new cybersecurity law (“Cybersecurity Law”), which came into force on 1 June 2017, is a milestone. Unlike the EU that has adopted the General Data Protection Regulation, China does not have an omnibus data protection law. It instead regulates issues of privacy and cybersecurity over a number of industry-specific laws, like health and education sectors. The cybersecurity law is somewhat different since it has a wide scope and contains provisions relevant both to data privacy and cybersecurity.
What is the new law about?
The Cybersecurity Law focuses on the protection of personal information and privacy. It regulates the collection and use of personal information. Companies based in or doing business with China will now be required to introduce data protection measures and certain data must be stored locally on domestic servers. Depending their activity, companies may need to undergo a security clearance prior to moving data out of China.
The Cybersecurity Law defines personal information as any information that, on its own or in combination with other information, can determine the identity of a natural person (e.g. name, DOB, address, telephone number, etc.). It mainly regulates two types of organizations, network operators and Critical Information Infrastructure (CII) providers.
Network operators must:
- Acquire the user’s consent when collecting their personal information (it is yet unclear whether consent must be express or not);
- State the purpose, method and scope of data collection;
- Keep the information secure and private (e.g. use back up and encryption methods);
- In the event of a data breach or likely data breach, take remedial actions, inform users and report to competent authorities;
- Erase personal information in case of an illegal or unauthorized collection, and correct inaccurate information;
- Keep log-files of cybersecurity incidents and implement cybersecurity incident plans.
CII providers are required to observe the same cybersecurity practices as network operators, along with additional requirements such as conducting annual cybersecurity reviews. Furthermore, they are required to store personal information and “important data” within China, as discussed below.
What does this mean for businesses?
If your company is doing business in China, or has a physical presence in China, you will need to conduct a gap assessment to determine whether you must undertake changes to be fully compliant with the cybersecurity law.
Failure to comply with the new law comes with significant consequences: a monetary fine up to 1 million yuan (about $150,000) and potential criminal charges. Individuals (e.g. company directors/ managers) may be subject to personal, albeit lesser, fines as well. In determining the applicable sanction, elements taken into account include the degree of harm and the amount of illegal gains. Fines could go up to ten times the amount of ill-gotten gains, potentially skyrocketing the amount. The law also gives the Chinese government the ability to issue warnings, confiscate companies’ illegal income, suspend a violator’s business operations, or shut down a violator’s website.
Not every aspect of the Cybersecurity Law applies to all companies, however. Many of the law’s provisions only apply to the two types of companies mentioned above, network operators and critical information infrastructure providers. However, these categories are defined quite broadly. Even companies that would not ordinarily consider themselves as network operators or CII providers could see the law applying to them.
In fact, network operators include network owners, administrators and service providers. Networks are “systems consisting of computers or other data terminal equipment and relevant devices that collect, store, transmit, exchange, and process information according to certain rules and procedures” (Article 76 of the new Cybersecurity Law). The Cybersecurity Law does not differentiate between internal and external networks; the Law is broad enough to include any company that owns an internal network. The Cybersecurity Law therefore suggests that any company that maintains a computer network, even within its own office, could qualify as a network operator. Companies that are based outside of China that use networks to do business within China could also fall under this definition (e.g. an EU based company that uses networks in China to process data for its operations.
Critical Information Infrastructure providers are defined more narrowly: those that if lost or destroyed would damage Chinese national security or the public interest. This includes information services, transportation, water resources and public services. The law also includes more generally-applicable requirements that relate to cybersecurity and contains provisions that apply to other types of entities, like suppliers of network products and services.
Current and upcoming data localization requirements
The new cybersecurity law also requires critical information infrastructure providers to store personal information and important data within China and conduct annual security risk assessments. Important data is not defined in the Cybersecurity Law, yet it likely refers to non-personal information that is critical.
Apart from CIIs, it is anticipated that several foreign companies doing business in China will be required to make significant changes on how they handle data. The draft version of the “Measures for Security Assessment”, published by the Cyberspace Administration of China, suggests expanding the data localization requirements to all network operators. If adopted, this measure will mean that practically all personal information that network operators collect within China must not leave the country other than for a genuine business need and after a security assessment. In anticipation of this development, there is a trend for foreign companies to set up data centers in China to be able to store data locally.
The Draft Implementation Rules also suggest that individuals and entities seeking to export data from China- even if they are not network operators and based outside China- must conduct security assessments of their data exports. This development, if applied, will significantly increase the cybersecurity law’s data localization requirements.
Over the coming months, the Chinese government will continue to issue implementing legislation and official guidance clarifying the scope of the law.
By Bart Kolodziejczyk
This year’s Group of Twenty (G20) is hosted by Germany. The 2017 annual G20 Summit of the heads of state and government will be the twelfth meeting of the G20, and it will be held on 7–8 July 2017 in the city of Hamburg. However, the hosts prepared a myriad of events, workshops and policy forums throughout the year.
The G20 host focused their G20 presidency on healthcare issues. In addition to issues related to global economic growth and financial market regulation, health is also an important focus of the G20 Summit. For the first time, the science and research community is included in this dialogue as “Science20 Dialogue Forum”. Under the leadership of the German National Academy of Sciences Leopoldina, the science academies of the G20 countries have elaborated science-based recommendations on improving health globally.
At the Science20 Dialogue Forum on Improving Global Health held on 22 March 2017 in Halle (Saale), national and international experts discussed strategies and tools to combat communicable and non-communicable diseases. Moreover, the Science20 Statement was officially handed over to German Federal Chancellor Dr. Angela Merkel. The document provides a basis for the upcoming G20 Summit consultations.
Global health, specifically the management of infectious and non-infectious diseases, causes ongoing and unaddressed issues worldwide for individuals, health systems, and entire economies. The experts gathered at the Science20 Dialogue Forum called for strong short- and long-term data-based strategies to address these health issues. In a nutshell, the Science 20 Statement calls for (a) ensuring strong healthcare and public health systems, (b) apply existing knowledge to prevent diseases, (c) addressing the social, environmental, and economic determinants of health, (d) ensuring access to healthcare and related resources globally, and (e) improving and enhancing the extending strategies for surveillance and data sharing in health.
In addition to Science20, Think20 held another summit called “Global Solutions.” The Think20 or T20 is a network of think tanks and research institutes based in the G20 countries. The role of T20 is to provide evidence-based policy advice to the G20, facilitate interaction among its members and the policy community, and to communicate with the broader public about issues of global importance. This year, the Think20 Engagement Group has come up with a new initiative: the G20 Insights Platform. The policy briefs produced by Task Forces from the Think20 Group, as well as other sources, are clustered in several different policy areas and describe either recommendations or visions.
The number of high-quality contributions in the areas of 2030 Agenda for Sustainable Development and Climate Policy and Finance are of specific importance given the U.S. withdrawal from the Paris Agreement. It is very likely that the climate change and the U.S. position on it will be discussed at the Summit in July. The largest number of briefs contributions have been made in the area of Digitalization, which covers areas such as the opportunities and challenges of the Fourth Industrial Revolution, future of jobs, and blockchain technologies, among others.
Two of the briefs co-authored by the author; Consolidated G20 synthetic biology policies and their role in the 2030 Agenda for Sustainable Development and Nanowaste: Need for Disposal and Recycling Standards have been presented at the Think20 Summit – Global Solutions in Berlin on 29-30 May 2017. While opportunities of both nanotechnology and synthetic biology are widely heralded, issues such as nanowaste and biohacking are often underestimatedss. The two above briefs urge G20 members to develop consolidated policy frameworks to regulate both fields.
All of the above events are only an introduction to the forthcoming G20 Summit where heads of state or heads of government of 20 major economies will work together and based on the outcomes of the above mentioned forums will develop new consolidated policy approaches and regulations to some of the most urging global issues.
The next G20 Summit and Science20 Dialogue Forum will be held under the G20 Presidency of Argentina in Buenos Aires in 2018.