Tech Policy Unit Horizon Scanner
01 June 2020
Welcome to our Tech Policy Unit Horizon Scanner. It is our monthly dive into the key tech policy and legislative developments around the world.
The coronavirus pandemic is a time of big data and even bigger numbers. The division between meaningful and almost impossible to grasp statistics is hard to pin down, but must lie somewhere between 140,000 (the population of the Isle of Wight, chosen to test the UK government's coronavirus tracking app) and $2,999,000,000,000 (the amount that the US Treasury will look to borrow this quarter).
Against this backdrop, finding genuinely arresting figures in the tech space can be difficult – but not impossible. Here are four.
- 70 – the estimated number of 5G masts to have been vandalised because of rumours that 5G technology is responsible for the coronavirus pandemic. Hot take: 5G is not responsible for the coronavirus epidemic. You didn't hear it here first.
- 230 – the section of the US "Communications Decency Act" that we're all about to hear an awful lot about.
- 30,000 – the number of e-bikes to be heading to recycling centres following Lime's acquisition of Uber's Jump bike and scooter division.
- 44.2 terabits per second – the 'fastest internet speed ever', achieved on 22 May. We'll settle for whatever lets us watch Ted Danson and Kristen Bell in The Good Place in 4K.
This June edition of the Tech Policy Horizon Scanner is otherwise refreshingly numbers-free.
In the USA, President Trump signed an Executive Order shortly after Twitter attached a fact-checking label to some of his posts. From a US public policy perspective, the message is that Section 230 – and the bedrock principle it enshrines, that online platforms are not liable for user-generated content – is doomed. More on why that is, and what it means below.
We also take a ride with boda boda drivers in Uganda, explore a swathe of new tech regulations in Saudi Arabia and the UAE, and revisit debates on digital services taxes in France and the EU.
Following the WTO's dismal projections for world trade in 2020, we also consider the impacts of coronavirus on the WTO "e-commerce moratorium" and the potential for tech to transform the largely paper-based world of trade finance (thanks there to Fraser Eccles and Jeremy Stewart).
The government of Uganda plans to regulate the use of commercial motorcycles (known as 'boda-boda') in Kampala once the coronavirus lockdown is lifted. Boda-boda are the most popular method of transportation in Uganda – however, they have been criticised by officials who question their safety. A new framework released in May to govern the use of boda-boda states that all boda-boda motorcycles must operate under digital companies (for instance through mobile platforms such as Safe Boda, Uber and Bolt). The framework will be implemented from the first week after the end of lockdown in Kenya.
The measures taken by the Ugandan government are in stark contrast to those taken by the government of Nigeria, which banned the use of motorbike ride-hailing platforms in central Lagos entirely (as reported in the March edition of the Tech Policy Horizon scanner).
In Algeria, the Council of Ministers has approved a bill amending Algeria's penal code to criminalise the spreading of 'fake news' that "seeks to undermine the order and public security". A second bill penalising the transmission of discriminatory language and hate speech was approved in the same sitting. The Algerian government stated that the bills are designed to fight hate speech that has proliferated on social media networks in recent months.
The media watchdog Report Without Borders, ("RSF") for North Africa has denounced the bill, arguing that it could be used as a future tool for the "censorship and intimidation of the press". This comes after the Nigerian Senate introduced the Protection from Internet Falsehood and Manipulations Bill, which criminalised transmission of false facts online (reported in the March edition of the Tech Policy Horizon Scanner).
In April, the government of released the Kenya eir first draft of the Kenya Intellectual Property Bill 2020. Currently, intellectual property in Kenya is governed by a variety of laws, and several institutions oversee and administer different IP rights. The Bill attempts to harmonise these separate branches under a single centralized Act. This new development is intended to strengthen intellectual property protections and foster new innovations and a competitive technological industry.
The Big News from the Americas this month comes from the USA and President Trump (as is so often the case)
From a strictly legal perspective, President Trump's Executive Order aimed at social media following a high-profile spat where twitter attached a fact-checking label to one of the President's tweets doesn't appear to have a particularly high probability of succeeding.
He doesn't control the FCC, and in any case the FCC wasn't granted the power by Congress to enforce the Communications Decency Act, so – since it's not an Article III court – the FCC can't review and interpret an act of Congress on its own initiative. But from the perspective of US public policy, the bigger story is that both the right and the left are now in agreement that Section 230 of that Act needs to be rolled back in some way.
The right and the left differ on the precise shape the rollback should take. The right favors the approach in Trump's Executive Order – maintain Section 230 immunity for online platforms from liability for user-generated content as long as they remain politically neutral and nondiscriminatory. The left, however, is unlikely to be satisfied with that approach – they want wider-ranging liability for online platform providers for user-generated content (such as hate speech or disinformation), backed up by stronger enforcement mechanisms. This has been a longstanding goal on the left. What precise shape the eventual settlement will take cannot be predicted. But they now seem to both agree in principle that Section 230 needs to be changed.
The GAFA companies are back in the headlines
In May, Facebook and Instagram rolled out more e-commerce options. With Shops, users can now make purchases directly from business profiles. Both platforms already allowed e-commerce, with Facebook's Marketplaces and the ability to purchase items featured in ads or posts on Instagram. Facebook has announced the scale-up of Facebook's Marketplace feature and Instagram's existing e-commerce to ostensibly support small businesses struggling with sales in the face of the pandemic. Users can create a store for free, although a small fee will be charged by Facebook or Instagram for each purchase.
On May 15, 2020, Facebook closed on the acquisition of Giphy, a company that offers a GIF search engine and a library of GIFs and stickers that are available for users on many social media and messaging platforms. The transaction attracted attention, including from regulators, with some US regulators and politicians calling for the transaction to be investigated for potential anticompetitive issues.
The FTC continues to investigate Facebook for alleged monopolization and anticompetitive practices, and FTC officials have spoken publicly about how a series of acquisitions could be seen to constitute an antitrust law violation, signaling its continued serious look into the various acquisitions made by Google, Apple, Facebook, and Amazon.
It looks like the DOJ and a group of state attorneys general are closer to bringing lawsuits against Google for monopolization and anticompetitive practices, according to news reports. The DOJ is seeking outside trial counsel, which signals the DOJ’s seriousness in potentially filing a lawsuit against Google. It’s unclear at this point if the DOJ is investigating Google for other, non-antitrust law violations. The DOJ has previously hired outside counsel on complex litigation. The DOJ investigations of Apple and possibly Facebook for antitrust, and potentially other legal violations, are reportedly ongoing.
Indonesia will charge value-added tax (VAT) on digital products sold by non-resident internet companies from July 1, with services provided by streaming providers Spotify and Netflix potentially affected. The move was announced as part of emergency measures unveiled in March to help Indonesia to support the states' revenues and reflect shifting consumption patterns during 'lockdown'.
Apple is reported to have shifted production of around 30% of its classic AirPods to Vietnam. The move follows decisions by other US companies to diversify their supply chains outside of China as a consequence of the coronavirus pandemic. Many US companies had already been considering such moves in light of China and the United States' long-running tariff dispute, despite the parties reaching a tentative 'Phase 1' trade deal in January. The Trump Administration has used the decision of Taiwan-based TSMC, a chipmaker, to open a new factory in Arizona as demonstrating that its goal of reshoring US supply chains is working.
In India, Facebook has announced a $5.7 billion minority investment in Jio Platforms, India's largest mobile network operator. While Facebook has been a consistent opponent of Indian moves to implement data localisation policies (that can require data centres to be located in-country, for example, thus driving up costs), The Diplomat highlights that the chairman of Jio Platforms' parent has taken the opposite stance, criticising overseas tech companies' 'data colonialism'. Despite this apparent ideological division, however, this seems a shrewd move for both companies. Facebook gains greater access to 388 million Indian consumers and a greater voice in Indian policy debates, while the investment gives Jio Platforms' parent an opportunity to become debt free within the next 18 months.
China introduces new cybersecurity procedures for critical information infrastructure operators
On 27 April 2020, the Cyberspace Administration of China, together with other eleven governmental agencies, jointly released the Measures on Cybersecurity Review (2020), which will take effect on 1 June 2020. The Measures implement the PRC Cybersecurity Law (2017) and clarify the cybersecurity review requirements that critical information infrastructure operators (CIIOs) will be required to follow if they procure products or services that potentially place China's national security at risk. Cybersecurity reviews will be conducted by an interagency review body (the Cybersecurity Review Office) formed by the eleven agencies. The move mirrors greater scrutiny of the perceived cybersecurity risks posed by procurement exercises occurring a range of jurisdictions – including in the UK and Germany (below).
Coronavirus: Tech and the global response
In Focus // Amid the pandemic, it is unclear whether a two-year political moratorium on import duties on electronic transmissions will now be extended
The WTO "E-commerce Moratorium" has been in place since 1998, as a result of a delicate ongoing compromise arrangement. Since then the Moratorium has been renewed every two years (except for 2003-05) with some Members demanding to make it permanent.
Discussions on whether or not to extend the Moratorium have intensified with growing digital trade, with some WTO members questioning its implications for government revenue. In particular, developing countries have expressed concern that the Moratorium - agreed at a time when electronic transmissions were of much less significance in global trade - has led to much higher tariff revenue loss for developing countries as trade becomes less goods-intensive and more digital. Trade in digitizable products is dominated by a few developed countries; developing countries are net importers of digitizable products, and developing economies tend to be more reliant on customs duties as a source of government revenues.
In December, when it was due to expire, WTO members agreed to extend the e-commerce moratorium until MC12 hosted by Kazakhstan. With MC12 likely now unlikely to take place as planned, there is growing concern among digital-orientated businesses about the implications of a potential lapse.
Read further Clifford Chance publications on Global Trade and Investment
In Focus // Amid the pandemic, it is unclear whether a two-year political moratorium on import duties on electronic transmissions will now be extended
In the majority of jurisdictions the law expressly requires documents crucial for the conduct of cross-border trade to be dealt with in paper form, or is silent on the validity of their electronic equivalents. An example is the "bill of lading" – a key legal document issued by a carrier to a shipper, which serves as both receipt, document of title, and contract. With many staff now required to work from home, and postal and airfreight services disrupted, it has become harder to review trade finance documentation and ensure that it is in the right place at the right time.
While the technology now exists to allow electronic documentation to be accepted – for example, through use of distributed ledger technology – acceptance by government authorities and financial institutions is less widespread. In light of the coronavirus pandemic, the International Chamber of Commerce (ICC) has called on governments to enable an “immediate transition” to paperless trading on a temporary basis.
In the United Kingdom (English law is frequently chosen by parties as the governing law of trade finance documentation), that would require amendments to the Bills of Exchange Act 1882 and the Carriage of Goods by Sea Act 1992, which each require physical signatures.
Looking to the longer term, the ICC has called upon governments to adopt the 2017 UNCITRAL Model Law on Electronic Transferrable Records. The Model Law sets out a principle of "technological neutrality", requiring that electronic transferable records that are "functionally equivalent" to their tangible paper counterparts must be treated as having legal equivalence as well. The Digital Container Shipping Association estimates that the industry could save up to $4 billion per year if half of all bills of lading were dealt with digitally. Adoption of the Model Law has however been gradual, with only Bahrain having introduced implementing legislation to date.
Further information is provided in our briefing Coronavirus: Electronic signatures: when can these be used? A global perspective
As Europe turns its attention to restarting the economy after months of lockdown, updating the EU's digital services rules emerges as a top priority for EU policymakers
The European Commission has started preparatory work to identify regulatory gaps in relation to "gatekeeper" online platforms. New legislation would seek to fill the gap that competition law and the new Platform-to-Business Regulation have not been able to plug in particular in relation to companies that handle large amounts of data. Search engines, social media platforms, app stores and online marketplaces would likely be caught by the new rules.
A European Parliament Committee has published a draft report on the Digital Services Act and fundamental rights issues. Drafted by Kris Peeters, a Belgian centre-right MEP, the report is non-binding on the European Commission but nevertheless sets out the Parliament's position on these issues. The draft report notes that "a small number of mostly non-European service providers have significant market power" and a "pure self-regulatory approach of platforms does not provide adequate transparency". BEUC, the European consumer organisation, has issued a position paper saying that future online platform regulation should go beyond self-regulation, apply to European and third country companies, and focus on consumer protection and online safety. By way of reminder, the Commission hopes to publish a proposal for the Digital Services Act (which will replace the e-Commerce Directive) before the end of 2020 or early in 2021.
Executive Vice President of the European Commission, Margrethe Vestager, told a European Parliament Committee in early May that a new competition tool may be proposed to "prevent the tipping of markets". Indeed, the revised European Commission work programme published on 27 May 2020, announced that a new "ex-ante competition tool" would be put forward in the last quarter of 2020, along with an impact assessment. The Commission is reported to want powers to force companies – in the tech sector but also more widely - to make changes where the regulator identifies a lack of competition. To enter into force, any legislative proposal would need to first be agreed by the European Parliament and Council of the EU.
Addressing the American Bar Association's (ABA) annual antitrust spring meeting, Thomas Kramler, who leads the European Commission's e-commerce and data economy unit in DG Competition is reported to have said that the European Commission's investigations into big platforms are not "on the back burner". He said the investigations already underway will resume once things get a little more back to normal and the Commission will take a close look at the platform markets. He admitted things may take a little longer than usual. Open investigations include probes into Amazon, Apple, Google and Facebook.
The European Commission announced on 27 May 2020 that the EU's post pandemic recovery plan could include a digital services tax: "A digital tax applied on companies with a turnover above EUR 750 million could generate up to EUR 1.3 billion per year for the EU budget." The announcement followed calls from, among others, French Economy Minister Bruno Le Maire for the EU to take up the issue again, as he confirmed that France would introduce its own tax in 2020 if there is no international agreement. Meanwhile, the Head of Tax Policy at the Organisation for Economic Cooperation and Development (OECD) has said that global discussions on a digital tax may be delayed until the start of 2021. The original plan was to present proposals to governments in Berlin in July this year.
In May, a revised draft of the German IT Security Law 2.0 was published. In the draft, presented by the Ministry of the Interior, the competencies of the Federal Office for Information Security are significantly expanded. The new text deals, among other things, with the requirements for components for critical infrastructure and their suppliers. It introduces a voluntary label for products that fulfil certain security requirements. It also establishes new requirements to implement security concepts and new disclosure requirements for certain companies. Finally, it includes significant increases to fines for violations of key provisions, bringing them in line with GDPR sanctions.
On 5 May 2020, the European Central Bank published a study, "A regulatory and financial stability perspective on global stablecoin". The study noted that stablecoins have a potential to address unmet consumer demand for payment services that are fast, cheap and easy to use and can operate across borders, but warned that stablecoin arrangements must not operate in a regulatory vacuum. The report concludes: "If a stablecoin arrangement reaches a global scale, its malfunctioning could pose risks to the financial system."
Brexit has re-entered the headlines in the UK, with the UK's publication of a draft text of the 'Comprehensive Free Trade Agreement' it hopes to negotiate with the EU
The UK hopes that a UK-EU FTA – to be concluded ahead of the end of the post-Brexit 'transition period' on 31 December 2020 – could go beyond recent EU agreements in the area of digital services and trade, by including provisions of electronic authentication, cross-border data flows, smart contracts, and online harms. The UK's draft text would also prohibit the parties from imposing customs duties on electronic transmissions between the two (see 'Coronavirus: Tech and the global response', above).
A new £2 million 'lawtech' initiative, to be delivered by the Ministry of Justice in collaboration with Tech Nation and the Lawtech Delivery Panel, has been announced. The centrepiece of this work programme will be a new 'Lawtech Sandbox' targeted at "truly innovative initiatives looking to reinvent how legal services, processes or systems are delivered". This is inspired by the FCA's Regulatory Sandbox which allows FinTech businesses to test new products and services in the market.
The planned £300m acquisition of Newcastle United football club by a consortium led by Saudi Arabia’s Public Investment Fund appears in doubt. This follows early reporting of a WTO ruling suggested to conclude that the Saudi government is in breach of international law as a result of its alleged links with beoutQ, a TV service which reportedly enables major broadcasters' services (including those of BT and Sky) to be streamed illegally.
While the UK government may have granted Chinese companies a limited role in the UK's nascent 5G sector less than six months ago, the Telegraph reports that Boris Johnson's government is now exploring new limits which could be placed on China's involvement in UK infrastructure.
Saudi Arabia and the UAE have published a significant number of new tech regulations, with implications for businesses in the fields of e-commerce, cloud computing, and insurance
Businesses which sell goods and services to consumers in Saudi Arabia through online marketplaces (and intermediary platforms which facilitate such sales) are to be subject to new obligations, set out in the Executive Regulations to the Saudi E-Commerce Law 2019. While Saudi Arabia has not introduced a general data protection law, the Regulations now require e-commerce businesses to take steps to protect consumers' personal data – for example, by refraining from using personal data for marketing purposes without first obtaining consumers' explicit consent. Amongst further changes is a requirement for Saudi-based e-commerce businesses to join a government register, while intermediary platforms such as online marketplaces and app stores will be required to comply with take-down orders and retain certain contractual data for a minimum of three years.
Meanwhile, the Saudi National Cybersecurity Authority (NCA) has published the draft Cloud Cybersecurity Controls (CCC-1: 2020) for public consultation. This follows the essential Cybersecurity Controls (ECC:2018), which were notable for introducing an apparent prohibition on the use of cloud services providers based outside of Saudi Arabia by government agencies and entities, and certain private sector entities of strategic significance. This requirement appears to be unchanged, but the draft Controls suggest that a future licensing regime for cloud service providers may be introduced. In addition, cloud service providers are required to inform the Saudi Arabian authorities in the event that they are directed to disclose data held in Saudi Arabia to third country authorities.
In the United Arab Emirates, the online marketing of insurance will now require prior approval from the UAE's Insurance Authority. Insurers, insurance brokers, and third party entities such as price comparison websites will be affected by the Electronic Insurance Regulations which, amongst other requirements, introduce new restrictions on the storage of customer data. Insurers will be prohibited from transacting life insurance policies which include investment components over the internet.
Why not subscribe to future editions of the round-up.
This publication does not necessarily deal with every important topic nor cover every aspect of the topics with which it deals. It is not designed to provide legal or other advice. Clifford Chance is not responsible for third party content. Please note that English language translations may not be available for some content.