You will be redirected to the website of our parent company, Schönherr Rechtsanwälte GmbH: www.schoenherr.eu
Welcome to the April edition of Schoenherr's to the point: technology & digitalisation newsletter!
We are excited to present a selection of legal developments in the area of technology & digitalisation in the wider CEE region.
It has been more than three months since the European Commission adopted its proposals for the Digital Markets Act ("DMA"). As we have reported ("Gatekeepers and the Digital Markets Act – CEE focused in-depth review" & "(Re)Shaping the digital EU: The European Commission's legislative proposal to manage digitalisation is finally here"), the purpose of the DMA is to allow the Commission to address competition concerns in digital markets more effectively than under existing antitrust rules. To achieve this, the DMA would impose far-reaching obligations on so-called "gatekeeper" platforms. Failure to comply could lead to fines as high as 10 % of the infringing company's annual revenue. The DMA also proposes structural measures as a last resort to remedy concerns.
Unsurprisingly, the DMA has sparked heated debate. Major US tech firms would all fall under this classification and have expressed concerns. The DMA is currently awaiting formal presentation to the European Parliament, which will debate the proposal this year. Some members of the European Parliament have already warned against watering down the proposals. But these measures will run up against divergent interests among EU Member States and could still undergo significant changes. While France and the Netherlands support Brussels' ambitions, Ireland and other Member States with more vibrant tech sectors may be more sceptical of the current proposals. Observers expect the process to take at least 12 to 18 months.
Meanwhile, the EU Commission, besides presenting and defending its proposal at several instances, including before the European Parliament's Internal Market Committee (see here) and Industry, Research and Energy Committee, has published a report from a panel of economic experts that backs the EC's approach to defining a gatekeeper and the imposition of behavioural obligations. The panel
suggests, however, some fine tuning, which echoes concerns that the DMA might disproportionally limit freedom to conduct business through "black letter law" without proper rights of defence.
Consequently, the report proposes tweaks to the EU Commission's approach to regulation, recommending that there should be a blacklist of forbidden behaviours, with exceptions only in very significant circumstances, and a grey list of practices that are in principle considered problematic but for which justification is possible, with the tech company bearing the burden of proof. For example, the report proposes that self-preferencing should be on the blacklist, while tying and bundling should be on the grey list.
Besides the alleged disproportionate limitation of fundamental rights, the DMA was criticised for the limited role it affords national competition authorities in the enforcement of obligations on gatekeepers, as well as the limitations on interoperability requirements, which need to be balanced against possible negative effects on innovation.
It is fair to say that the heated debate over how, if at all, to regulate big tech will continue in the months to come, inside and outside the European Parliament.
On 10 March 2021, the European Data Protection Board ("EDPB") and the European Data Protection Supervisor ("EDPS") issued a joint opinion on the proposal for the Data Governance Act ("Opinion"). The Data Governance Act aims at clarifying the Open Data Directive and introduces new requirements for intermediaries transferring personal data. But the Opinion has also sparked some controversy, as it indicates that the Data Governance Act may contain "significant inconsistencies with the GDPR" as well as other acts related to data protection. According to the Opinion, the provisions in question do not sufficiently protect personal data and do not comply with the GDPR in the following areas: (i) subject matter and scope; (ii) definitions and terminology used; (iii) legal basis for the processing of personal data; (iv) blurring of the distinction between (the processing of) personal and non-personal data; (v) organisation and powers of the entities specifically designated un-der the Data Governance Act, in particular in the context of and in comparison to the already existing bodies. Both the EDPB and EDPS urge the co-legislators to ensure that the forthcoming Data Governance Act fully complies with EU data protection legislation, enhancing trust in the digital economy and maintaining the level of protection provided by EU law under the supervision of Member States' authorities. The full text of the joint opinion can be read here.
On 1 February 2021 the Federal Council enacted a bill concerning the adoption of the federal law relating to developments in distributed ledger technology (DLT bill). This allows Swiss stock corporations now to issue shares in the form of cryptographic tokens represented on a blockchain.
Since the recent Christie's auction of the purely digital artwork "Everydays: The First 5000 Days" by artist Beeple for USD 69 million, everyone is talking about non-fungible tokens (NFT), but what are these? NFTs are no more than a unit of data on the blockchain, where each NFT has the ability to represent a unique digital item such as art, audio, videos, items in video games and any other form of creative work. Unlike traditional cryptocurrencies like Bitcoin, NFTs are not fungible which makes each NFT completely unique and not changeable, removable or destroyable, because like any cryptocurrency or token, the data of an NFT is stored on the blockchain. It is in particular the idea of scarcity and the possibility of verification of authenticity that drives prices up.
Currently, the most important or at least widespread use cases of NFT are crypto-art and digital collectibles in the entertainment industry. With NFTs artists are given the opportunity to sell their art in a verifiable digital form directly to end customers globally, without being dependent on an auction house or gallery. This in turn allows artists to keep a larger portion of the profits generated from a sale. In addition, NFTs have the ability to be programmed in such a way that the initial creator of the art work receives a predetermined royalty each time his NFT is sold to a new owner.
However, with all the benefits, potential legal issues arise such as issues concerning intellectual property law, tax law and regulatory law. Stay tuned for our legal updates in this regard.
Bitpanda, the leading European neobroker, has reached Unicorn status after a EUR 143 million investment by Valar Ventures, DST Global and others. For those who don’t know: a Unicorn is a private company with a valuation over USD 1 billion (see here). We are very proud to have supported Bitpanda in achieving this milestone. The sky's the limit. Congratulations!
Advocate General Szpunar recently issued his Opinion in CJEU case C-762/19 (SIA ‘CV-Online Latvia’/SIA ‘Melons’) – two Latvian job ad portal operators. CV-Online sued Melons for infringement of its sui generis database rights because Melons took over content (meta data) from CV-Online's platform to make content from CV-Online available on its own platform, thereby acting as a "content aggregator" or "specialist search engine" for users searching for job postings across platforms. In light of a prior CJEU Judgment from 2013 (C 202/12, Wegener/Innoweb), such use may be regarded as a violation of CV-Online's database rights, as it comes close to the use by a typical "meta search engine". However, in his opinion (which is not binding for the CJEU, which will decide on the case soon), the Advocate General also raises the question under antitrust law (potential abuse of dominant market position), which may back the legitimacy of the use of the database content by a competitor. Meta search engine operators, specialist search engine operators or content aggregators should keep an eye on the upcoming decision of the CJEU. Find the AG Opinion here.
Big tech companies continue to be in the crosshairs of competition regulators. On 4 March, it was reported that a statement of objections could come as soon as the summer in the European Commission's (EC) case triggered by a complaint from Spotify against Apple. In addition, Apple faces the threat of the EC's ongoing antitrust investigations into its iCloud services, eBooks and Apple Pay as well as a sector inquiry into IoT-enabled smart devices. Earlier that day, the UK's Competition and Markets Authority (CMA) announced that it had launched an abuse of dominance investigation into the iPhone maker after the Competition Appeal Tribunal (CAT) had dismissed an action by Epic Games against the company. In addition to the CMA announcement, and despite the CAT decision, Epic Games filed a complaint with the CMA against Apple for anticompetitive behaviour, the company announced on 30 March. According to the announcement, Apple's behaviour and restrictive rules governing the distribution of apps and payment processing violates the UK Competition Act. Besides these cases, Apple is also facing scrutiny in the Netherlands, France, Russia, and Italy. Google, on the other hand, faces an extension by the Italian AGCM to close an abuse of dominance investigation which started in May 2019 over concerns the US company may have refused to integrate an Enel service that provides electronic vehicle charging data with Android Auto. Lastly, the Düsseldorf Higher Regional Court decided to request a preliminary ruling from the European Court of Justice (ECJ) on Facebook's appeal against a competition agency decision that found that the collection of user data on third-party websites in violation of the GDPR constitutes an abuse of dominance. According to the court, the question of whether such behaviour is even covered by abuse of dominance rules cannot be decided without clarification from the ECJ.
As announced by the Austrian telecom regulator and the Austrian competition authority back in January, the first roundtable on "Mobile telecommunications and competition" in Austria took place on 24 March 2021. The regulators invited the leading market participants to discuss the importance of the EU's merger conditions imposed mobile virtual network operators (MVNOs) in 2012, and their impact on competition and future developments in the mobile telecommunications market. A second roundtable is set to be held in mid or late May. The aim of these talks is to ensure effective competition, following complaints over parallel price increases by the leading operators (German presentation).
As a reminder to comparison websites, Most Favoured Nation (MFN) clauses continue to be a hotly debated topic. In the UK, a challenge by CompareTheMarket against a fine decision by the Competition and Markets Authority (CMA) for its alleged use of MFN clauses in the selling of insurance products will be heard by the court in a three-week trial starting in November this year. The CMA launched a probe into MFN clauses used by the price comparison website in September 2017, based on evidence found during a market study into digital comparison tools. The agency announced the penalty in November 2020, having found that the MFN clauses made it harder for CompareTheMarket's rivals to expand and challenge the company's already strong market position.
Third-party content can be shared easily online by embedding links or frames on one's own website. Such tools "web the (World Wide) Web" (GA Szpunar). But what's the legal framework for the use of such techniques? Click here to learn more on the ECJ's recent VG Bild-Kunst case.
The Bavarian Data Protection Authority ("BayLDA") recently held that the transfer of e-mail addresses to Mailchimp is unlawful. Mailchimp is a US-based newsletter provider acting as a processor. The transfer of personal data is unlawful if the controller does not assess beforehand whether there are additional measures to the processor's standard data protection clauses in place under Art 46 GDPR. Mailchimp arguably qualifies as an "electronic communication service provider" under US law and may therefore be obliged to disclose personal data to US intelligence agencies.
As a result, companies using Mailchimp or other US-based processors for e-mail marketing must assess how those processors actually protect personal data apart from the standard contractual clauses. See here for further details and for what such an assessment could look like. Depending on the result of the assessment, controllers can decide whether they want to continue using Mailchimp/US-based processors. In any case, by doing so they have fulfilled the requirements laid down by the BayLDA.