ePrivacy Directive – European Commission Publishes Results of Consultation
On 11 April 2016, the European Commission consulted on Directive 2002/58/EC on privacy and electronic communications (the “ePrivacy Directive”), seeking input from a wide range of businesses, organizations and individuals on the effectiveness of the ePrivacy Directive and their views for its revision. The European Commission’s review is a key element of its Digital Single Market Strategy, which aims to reinforce trust and security in digital services in the EU.
The European Commission released the results of this consultation on 19 December 2016. The consultation received 421 replies from stakeholders in all Member States and outside the EU, which included 162 replies from citizens; 186 contributions from industry actors; 40 public authorities, including competent authorities which enforce the ePrivacy Directive at national level; 33 contributions from civil society associations. The largest number of respondents came from Germany (25.9%), UK (14.3%), Belgium (10%) and France (7.1%).
European Commission adopts its Work Programme for 2017; includes focus on Digital Single Market Strategy and General Data Protection Regulation
On October 25, 2016 the European Commission (the “Commission“) adopted its 2017 Work Programme (the “Work Programme”) which sets out what the Commission intends to do over the next 12 months. The Work Programme is the third to be presented under Jean-Claude Junker’s presidency of the Commission and will also be the first Work Programme to be adopted following consultation with the European Parliament (the “Parliament“) and the European Council (the “Council“).
Why Design Matters: It Can Determine Whether an Online Agreement is Enforceable
*Updated on September 8, 2016
The Southern District of New York recently issued a ruling that raises new issues with customer consent and arbitration contracts in a simple click-through agreement, adding to the increasing judicial skepticism over the enforceability of browse-wrap agreements, despite the Supreme Court’s seeming endorsement of consumer arbitration clauses in AT&T Mobility v. Concepcion, 563 U.S. 333 (2011), based on preemption by the Federal Arbitration Act. Soon after this decision, however, the Ninth Circuit issued a ruling that went the other way and found that the arbitration terms in Uber’s terms and conditions were enforceable. Central to these cases has been findings relating to the degree to which terms of use can be considered binding.
NIST requests comments on cybersecurity in the digital economy to inform CENC recommendations
On August 10, 2016, the National Institute of Standards and Technology (“NIST”) issued a notice requesting public comment on the current and future state of cybersecurity in the digital economy. The Request for Information (“RFI”) will serve to facilitate the work of the Commission on Enhancing National Cybersecurity (“CENC”) in delivering detailed cybersecurity recommendations for the public and private sectors pursuant to Executive Order 13718. The February 2016 Executive Order created CENC to develop a plan of action for the next decade to strengthen cybersecurity in the public and private sectors and reinforce partnerships between federal, state and local governments and the private sector. The Executive Order directs the Commission and the Secretary of Commerce to work with NIST to carry out its mission.
Post-Brexit EU May Be Stranded By Its Own Data Rules
*This article first appeared in Forbes on July 1, 2016.
So now the European Union’s “sceptered isle” has voted to sever its bonds with its continental partners – with the wish that (as described in a Shakespeare passage memorized by every English schoolchild for generations) it can be set off by the sea “against the envy of less happier lands.” The outcome demonstrates the depth of dissatisfaction with a world that has become interconnected.
In the meantime, the EU is facing its own tensions with global interconnectedness that threaten to turn it into a virtual island as it heads further down the path of cutting off the flow of data to “third countries” outside the EU.
Council Adopts EU-wide Cybersecurity Directive
On May 17, 2016, the European Council formally adopted the Network and Information Security Directive (the “NIS Directive“) at first reading. According to the Council press release, the NIS Directive is meant to increase cooperation among EU Member States on the vital issues of cybersecurity.
The NIS Directive was first proposed by the European Commission in 2013 as part of the EU’s Cyber Security Strategy. The formal adoption of the NIS Directive by the Council follows on from the political agreement reached in December 2015. It must now be approved by the Parliament at second reading. The NIS Directive is expected to enter into force in August 2016, after which Member States will have 21 months to implement it into their national laws.
District Court Rules for the FTC in “Unfairness” Action Against Amazon Regarding In-app Purchasing Controls
On April 26, the US District Court in Seattle granted the FTC’s motion for summary judgment against Amazon for providing allegedly inadequate parental controls to limit their children’s in-app purchases. Case No. C14-1038-JCC. The FTC alleged that the company’s failure to require more robust password re-entry meant that many in-app purchases by children resulted in unauthorized charges to the parents.
CFTC Asserts Jurisdiction Over Bitcoin Derivatives
This Article originally appeared in the Thomson Reuters FinTech Law Report, Volume 18, Issue 6 (2016).
On September 17, 2015, the Commodity Futures Trading Commission (“CFTC”) issued an order (“Coinflip Order”) settling charges brought against Coinflip, Inc., the operator of an online trading platform that facilitated the trading of derivatives on Bitcoin and other digital currencies, also referred to by the CFTC and other regulators as “virtual currencies” (“Bitcoin Derivatives”), including U.S. dollar cash-settled options. The CFTC found that Coinflip, Inc. had violated the Commodity Exchange Act (“CEA”) and CFTC rules by failing to register as a swap execution facility (“SEF”) or designated contract market (“DCM”). The direct impact of the Coinflip Order is minimal, as the platform itself had already shut down due to lack of volume. However, the Coinflip Order represents a watershed in the development of virtual currencies, as it is the first time that the CFTC has affirmatively asserted that Bitcoin and other virtual currencies are “properly defined as commodities” and that the CFTC has jurisdiction over Bitcoin Derivatives.
The Opportunities and the Challenges of Big Data for Business and Public Policy*
*Based on Remarks at the Big Data East Big Data Innovation Conference, September 9, 2015
I believe in the enormous potential of big data. Erik Brynolfsson and Andrew McAfee, authors of The New Machine Age and leading scholars of the digital economy, have compared the power and granularity of computational science to the transformation in understanding of nature that occurred when Anton Van Leuwenhook first peered at samples through his newly-invented microscope. We are seeing new advances in medicine, in social science, new ways of teasing out causation from correlation.
Trans-Pacific Partnership Agreement Touches Global Electronic Commerce
Last week, the New Zealand Ministry of Foreign Affairs & Trade has made public the text of the Trans-Pacific Partnership (TPP) Agreement. While the text of the TPP has been negotiated over the past seven years, several provisions relating to electronic commerce are remarkably timely and address key considerations for companies doing business abroad. Highlighted below are key initial takeaways from Article 14 of the TPP, on “Electronic Commerce:”