Category: Administrative & Regulatory

Department Of Financial Protection & Innovation Issues Guidance Regarding “Situation in Ukraine and Russia”

Last Friday, Commissioner Clothilde V. Hewlett issued guidance concerning the “situation in Ukraine and Russia”.   The guidance reminds licensees of their obligations under federal, and to a lesser extent, California law.  The guidance mentions three areas of concern: sanctions, virtual currency and cybersecurity.  I was somewhat taken aback by the guidance reference to the “situation”, but in several places, the guidance refers to the “Russian invasion”.

With respect to virtual currency, Commissioner Hewlett notes that the Russian invasion “significantly increases the risk that listed individuals and entities may use virtual currency transfers to evade sanctions”.   She advises that all licensees engaging in financial services using virtual currencies should have policies, procedures, and processes to protect against the unique risks that virtual currencies present.

When Russia Came To California

In may come as a surprise that Russia once had plans to expand into California and even occupied a fort here for nearly three decades.  Fort Ross, now a California state park, is situated on the California coast about 60 miles north of San Francisco.  It was established in 1812 and represents Tsarist Russia’s southernmost settlement on the North American continent.  The name of the fort is derived from the word “Russia”, which is derived from the name of a medieval people known as the Rus.

© 2010-2022 Allen Matkins Leck Gamble Mallory & Natsis LLP
For more articles on cybersecurity, visit the NLR Cybersecurity, Media & FCC section.

US Crypto Regulatory Enforcement Ramps Up – NFTs Now More in Focus

For the past decade the crypto space has been described as the wild west. The crypto cowboys and cowgirls have innovated and moved the industry forward, despite some regulatory certainty. Innovation always leads regulatory clarity. There’s a new sheriff in crypto town – the US government and its various regulatory agencies. They seem intent on taming the wild west.

According to a recent report, the IRS Has Sent 10,000 Letters on Taxpayer Digital Assets seeking to collect taxes on gains from crypto assets including NFTs. This is no surprise and we have cautioned on this dating back to 2017. While many people have focused on the tax issues with crypto currencies, the IRS is also focusing on NFTs as reported here.

This comes on the heels of another report this week that the SEC is now targeting certain NFT uses. According to the report, the SEC is probing whether NFTs are being utilized to raise money like traditional securities. The SEC has reportedly sent subpoenas related to the investigation and is particularly interested in information about fractional NFTs. As we discussed here, fractionalization is just one of the potential securities law concerns with certain NFT business models. NFTs that represent a right to a revenue stream and NFT presales can also presents issues in some cases.

Other recent regulatory activity relating to NFTs includes the following. The Department of the Treasury published a study on the facilitation of money laundering and terrorist financing through the art trade, including NFTs. See our report on this here.  The Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned a Latvia-based digital asset exchange and designated 57 cryptocurrency addresses (associated with digital wallets) as Specially Designated Nationals (SDNs). These designations appear to be the first time NFTs have been publicly impacted as “blocked property” – as one of the designated cryptocurrency addresses owns non-fungible tokens (NFTs). See our report on this here. A number of NFTs are also being used to facilitate illegal gambling.

In addition to the regulatory issues, the number of NFT-related lawsuits and other legal disputes continues to increase. Many of these disputes relate to IP ownership, IP infringement, failure to apply an clear or enforceable license to the NFT, among others.

Most of these issues are avoidable with proper legal counseling early on.

The use of NFT technology to tokenized and record ownership of physical and digital assets, as well as entitlements (e.g., tickets, access, etc.) is just getting started. We believe this technology will see wide scale adoption across many industries. The vast majority of the NFT business models are legal.

Copyright © 2022, Sheppard Mullin Richter & Hampton LLP.
For more about cryptocurrency regulations, visit the NLR Cybersecurity, Media & FCC section.

Government Continues Aggressive Antitrust Enforcement in the Healthcare Space

On February 24, 2022, the U.S. Department of Justice (“DOJ”) filed suit to block UnitedHealth’s proposed acquisition of Change Healthcare. UnitedHealth owns the largest health insurer in the U.S., while Change Healthcare is a data company whose software is the largest processor of health insurance claims in the U.S. The DOJ alleges that the acquisition, if allowed to proceed, would give UnitedHealth unfettered access to rival health insurers’ competitively sensitive information, including health insurance pricing. According to the complaint, this would lessen competition and “result in higher cost, lower quality, and less innovative commercial health insurance for employers, employees, and their families.”

The DOJ’s challenge continues a recent trend of aggressive enforcement involving vertical mergers (i.e. transactions between firms at different levels of the supply chain), with the Federal Trade Commission challenging three vertical mergers in the last year alone. These enforcement efforts represent a material shift from the prior enforcement attitude, which often allowed parties to resolve competition concerns raised by vertical mergers through conduct remedies such as information firewalls or supply commitments. The DOJ’s decision to forego such a remedy (assuming one was proposed) signals the government’s intent to take a tougher stance on mergers in the healthcare space. President Joe Biden previously listed prescription drugs and healthcare services as an antitrust priority area in his July 9, 2021 executive order.

The complaint was filed in the District Court for the District of Columbia and can be accessed here: https://www.justice.gov/opa/press-release/file/1476676/download.

Christopher Gordon also contributed to this article.

© Copyright 2022 Squire Patton Boggs (US) LLP
For more articles about healthcare, visit the NLR Health Care Law section.

A View From Washington, DC — Budgets, Bills, and Elections

February in Washington, DC, usually ushers in the start of a new federal budget approval process, but that will not be the case this year. President Joe Biden is not expected to release his fiscal year 2023 budget until later this spring, which will be followed by congressional hearings and oversight on our nation’s federal spending. While the president’s budget is not binding, in a Congress controlled by his own party, his suggestions on how Congress should appropriate our federal dollars are certainly taken seriously.

Furthering delays, Congress is still mired in passing the fiscal year 2022 appropriations bills — which appear to now be on target for passage in mid-March. Part of the slowdown on passing these bills revolves around an agreement on the overall topline spending number. The House approved $1.506 trillion in spending in its versions of the 12 annual appropriations bills. The Senate never released a topline number. President Biden’s budget request was for $1.523 trillion, $770 billion for nondefense spending and $753 billion for defense spending. Also of note, assuming these bills are enacted, it will be the first time in a decade that Congress has provided funds for earmarks (now referred to as “community projects”) through appropriations legislation.

Another weighty item on Congress’ agenda is the reauthorization of the nation’s flood insurance program. The National Flood Insurance Program (NFIP) was last reauthorized in 2012, when Congress passed the Biggert-Waters Flood Insurance Reform Act of 2012. The NFIP’s five-year reauthorization ended on September 30, 2017, and since then, the program has been funded by a series of short-term measures. The program is currently operating under an extension that expired on February 18, 2022. The purpose of the Biggert-Waters Act was to make the NFIP solvent, as the program faced a $24 billion deficit. But anyone who has kept apprised of the program knows it’s not solvent and is broken in many respects. Current policyholders are facing an 18% policy rate increase in the coming year.

Finally, once summer arrives, many in Congress will turn their attention in earnest to the mid-term elections in November. Several states have new congressional maps due to redistricting. The released census data gave Texas, Florida, North Carolina, Montana, and Oregon additional seats, while California, New York, and Pennsylvania (among others) lost seats. In an almost evenly divided House, the Republicans only need to pick up three to five seats in order to take control, and most observers expect that to happen. The current US Senate is evenly divided and most incumbent Senate seats are safe, but a few states, such as Georgia, Nevada, Wisconsin, and Pennsylvania, are statistically tied in current polling and are truly toss-up elections at this point, leaving control of the US Senate up for grabs.

© 2022 Jones Walker LLP
For more articles about election and legislative updates, visit the NLR Election & Legislative section.

What You Don’t Know Can’t Hurt You: SCOTUS Rules Inadvertent Legal Errors Cannot Overturn Copyright Infringement Decisions

“No harm, no foul.” That was the message the U.S. Supreme Court delivered Feb. 24 in ruling that a copyright infringement verdict should not have been overturned because of inaccurate information in the copyright registration asserted. The Court’s 6-3 opinion vacates a Ninth Circuit decision that threw out an infringement verdict on the ground that the registrant should have known the law regarding filing multiple works within one registration, a practice referred to as group registrations.

In Unicolors Inc. v. H&M Hennes & Mauritz LP, a jury found that Unicolors’ fabric pattern copyrights were violated and the district court entered judgment for H&M to pay nearly $800,000 for selling jackets that infringed on Unicolors’ copyrights.  H&M moved for judgment as a matter of law that Unicolor’s copyright registration was invalid because for group registrations, all works in the applications must be published “in the same unit of publication.”  Unicolor released some of the garments containing the protected patterns to private customers, and released the others to the public at a different time.  Thus, the asserted registration did not technically satisfy the requirements.  The district court denied H&M’s motion and found that safe harbor provision of the Copyright Act allows for innocent mistakes of fact and law.  In this case, Unicolor was not aware that all works in a group registration had to be published “in the same unit of publication.”

The Ninth Circuit overturned this ruling, siding with H&M that Unicolors’ copyright registration was invalid because of legal errors in the application, saying a safe harbor provision for copyright registration errors only applies to factual mistakes, not unintentionally misreading the law. Justice Stephen Breyer, writing for the majority, pushed back on this idea:

“In our view, however, §411(b) does not distinguish between a mistake of law and a mistake of fact. Lack of knowledge of either fact or law can excuse an inaccuracy in a copyright registration,” he wrote.

Justice Breyer also noted that many copyright applicants are often “novelists, poets, painters, designers, and others without legal training” and said Congress never intended to make it more difficult for those non-attorneys to successfully apply for a copyright. “Given this history, it would make no sense if §411(b) left copyright registrations exposed to invalidation based on applicants’ good-faith misunderstandings of the details of copyright law,” he said.

The Supreme Court’s decision is s a victory for creators’ rights and provides some peace of mind for those creators filing copyright applications without the assistance of an attorney.  However, this decision will focus discovery on whether any errors in a registration—be them factual or legal—were made “with knowledge that [the error] was inaccurate.”

Copyright © 2022 Womble Bond Dickinson (US) LLP All Rights Reserved.
For more articles about the U.S. Supreme Court, visit the NLR Litigation section.

California Considers Unclaimed Property Voluntary Disclosure, Interest Forgiveness Legislation

The California State Assembly is considering Assembly Bill 2280, which would launch a much-anticipated opportunity for businesses to report unclaimed property to California – interest-free – under an amnesty program.

Unclaimed property is a regulatory challenge for businesses in every industry and commonly results when company financial obligations remain unsatisfied or inactive for a legally defined period.

The unclaimed property is often owed to vendors, employees, customers, or shareholders stemming from ordinary business transactions, including:

  • accounts receivable credits
  • bank and investment accounts
  • gift cards
  • royalties
  • securities and dividends
  • uncashed payroll and vendor payments
  • virtual currencies

California has tried passing voluntary compliance legislation since its amnesty program expired several years ago, but has been unsuccessful. The sleeping giant has again awakened.

Any company with operations in California, with California-formed entities, or with customers, vendors, or employees in California should proactively evaluate its unclaimed property compliance and monitor this legislation carefully.

Every state’s law requires companies to report unclaimed property to the state annually, yet compliance rates are low nationwide. AB 2280 estimates that 1.3 million California tax-filing businesses did not correctly report unclaimed property in 2020. To close this compliance gap, California and most other states regularly audit companies to identify unreported unclaimed property. Such audits often involve detailed reviews of company accounting records for 10 or more years by third-party auditors on behalf of numerous states.

Currently, California imposes 12 percent annual interest on any past-due unclaimed property identified, which likely deters annual compliance, with companies electing to wait for the state to authorize an audit rather than pay the interest assessment. The new bill aims to fix that.

Under AB 2280, California’s Controller is authorized to establish a voluntary disclosure agreement (VDA) or voluntary compliance program for any company that:

  • is not currently under examination by California
  • is not involved in a civil or criminal action involving unclaimed property compliance
  • has not been notified of an unclaimed property interest assessment or negotiated a waiver of interest in the last five years

The proposed law would allow the state to forgive the interest if the company:

  • participates in an educational training program
  • reviews accounting records for unclaimed property for 10 years
  • makes sufficient efforts to reunite property with owners
  • timely files initial reports and remits all identified unclaimed property for the 10 years

The bill may be heard in committee March 19 and it is unclear whether this legislation will become a reality. AB 2280 is not California’s first voluntary disclosure effort. California had a temporary unclaimed property amnesty program in the early 2000s, and the State Assembly declined to advance voluntary disclosure program legislation in February 2018.

Notably, even if AB 2280 successfully becomes law, the voluntary compliance program is contingent upon the legislature appropriating funds in the Budget Act.

Beyond AB 2280, California is ramping up other efforts to drive unclaimed property compliance:

  • In the 2019 California Budget Act, the State Controller’s Office was tasked with increasing unclaimed property compliance, including through adopting an unclaimed property amnesty program; it’s unclear whether this particular bill satisfies that task or if there is more to come
  • In July 2021, California’s governor approved and signed into law Assembly Bill 466, which authorizes the Franchise Tax Board to share information with the Controller’s

Office regarding the taxpayer’s revenue and previous unclaimed property compliance (or lack thereof). This development is notable because revenue and reporting history detail is often used by states to identify companies for unclaimed property enforcement initiatives.

Voluntary compliance programs and VDAs that include an interest abatement are a common-sense incentive for voluntary compliance for states, and the advantages for companies merit thoughtful consideration.

© 2022 BARNES & THORNBURG LLP
For more articles about California legislation, visit the NLR California law section.

Federal Trade Commission Implements Annual Adjustments to Hart-Scott-Rodino Notification Thresholds

The Federal Trade Commission (“FTC”)’s adjusted notification thresholds for the Hart-Scott-Rodino Anti-Trust Improvement Act of 1976 (“HSR Act”) for 2022 have gone into effect beginning February 23, 2022. The “size of the transaction” thresholds have increased to $101 million (from $92 million) and $403.9 million (from $368 million), and the “size of the person” thresholds have increased to $20.2 million (from $18.4 million) and $202 million (from $184 million). The new thresholds apply to transactions that close on or after February 23, 2022, while the prior “size of the transaction” and “size of the person” thresholds will apply to transactions closing before February 23, 2022.

The HSR Act requires the parties to a merger or other M&A transaction to file a notification of the transaction with the FTC and the Department of Justice (“DOJ”) if the transaction meets the “size of the transaction” test and the parties meet the “size of the person” test. These dollar thresholds are adjusted annually based on changes to the United States gross domestic product.

Notification is required if (a) the transaction is valued at more than $403.9 million, regardless of the size of the parties; or (b) a transaction is valued at more than $101 million, but not more than $403.9 million, and, generally, one party has total assets or annual net sales of at least $20.2 million and the other party has total assets or annual net sales of at least $202 million.

If notification is required, the FTC and DOJ will have 30 days from the date on which both parties file their notices to review the competitive effects of the transaction. Prior to the expiration of this 30-day review period, the FTC or DOJ may make an additional request for documents or information from either or both parties. The parties will not be permitted to close the transaction until the 30-day review period expires, or if the FTC or the DOJ has made an additional document or information request, until 30 days after the agencies confirm that the additional request has been satisfied in full. In the past, parties filing HSR Act notifications ordinarily could request an “Early Termination” of the 30-day waiting period. However, the FTC and DOJ announced, on February 4, 2021, that they were temporarily suspending the Early Termination practice during the transition to the new Biden administration. The agencies have not yet announced when they will resume the Early Termination practice.

The FTC also announced that the maximum civil penalty amount for failure to comply with the premerger notification rules of the HSR Act has increased to $46,517 per day, from $43,792 per day.

© 2022 Giordano, Halleran & Ciesla, P.C. All Rights Reserved

Article By Craig Ismaili and John Sikora of Giordano, Halleran & Ciesla, P.C.

For more articles on trade, visit the NLR Antitrust & Trade Regulation section.

Russian Invasion of Ukraine Triggers Global Sanctions: What Businesses Need to Know

The Russian invasion of Ukraine has triggered swift international retribution. Global powers—including the European Union (EU), the United Kingdom (UK) and the United States (US)—have announced sanctions as the crisis in Europe escalates. As governments expand these sanctions, businesses dealing in Russia or with the Russian government are urged to take immediate steps to ensure compliance. This On the Subject outlines the scope and applicability of these sanctions in each major jurisdiction.

IN DEPTH

EUROPEAN UNION

Targeted Sanctions on Entities and Individuals

In addition to the sanctions against Russia already in place following its annexation of the Crimean Peninsula, cyberattacks and human rights abuses (which were extended until 31 July 2022, and will likely be extended again), the Council of the European Union imposed restrictive measures on 21 February 2022, on five additional individuals (Aleksei Yurievich Cherniak, Leonid Ivanovich Babashov, Tatiana Georgievna Lobach, Nina Sergeevna Faustova and Aleksandr Evgenevich Chmyhalov) for actively supporting actions and implementing policies that undermine or threaten the territorial integrity, sovereignty and independence of Ukraine. The designated persons are members of the State Duma of the Russian Federation, and they were elected to represent the illegally annexed Crimean Peninsula and the City of Sevastopol on 19 September 2021, as well as the head and deputy head of the Sevastopol electoral commission.

On 23 February 2022, following a joint press statement of the Presidents of the European Commission and Council, the European Union extended the existing sanctions framework to cover all of the 351 members of the Russian State Duma who voted for the recognition of Donetsk and Luhansk as independent entities. The European Union also extended sanctions on an additional 27 high-profile individuals and entities who have played a role in undermining or threatening the territorial integrity, sovereignty and independence of Ukraine.

The restrictive measures include asset freezes, a European Union-wide travel ban and a prohibition from making funds available to the listed individuals and entities. Pursuant to European Union asset freezes, all funds and economic resources that belong to, are owned, held or controlled by a designated person are frozen. “Ownership” is triggered by a party holding more than 50% of proprietary rights in an entity or a majority interest in that entity. Therefore, entities owned by designated individuals will also be affected by the targeted sanctions.

Economic Restrictions

The European Union also imposed various economic restrictions on the Donetsk and Luhansk regions, specifically:

  • An import ban on goods from those regions;
  • An export ban on certain goods and technologies;
  • A prohibition on tourism services; and
  • A restriction on trade investments related to certain economic sectors.

Financial Restrictions

Notably, the European Union also imposed a sectoral prohibition to finance the Russian Federation, its government and its Central Bank in the hope of limiting the financing of escalatory and aggressive policies.

Germany also put on halt the certification process for the North Stream 2 pipeline, which is meant to deliver natural gas directly from Russia to Germany. The pipeline is owned by a subsidiary of Gazprom.

Applicability of EU Sanctions

The sanctions announced on 21 February and 23 February have been published in the Official Journal of the European Union and take effect immediately. New sanctions are directly applicable in all EU Member States, with existing penalties in place at a Member State level in relation to any breaches.

EU sanctions are broad in scope and apply to any person inside or outside the territory of the European Union who is a national or is incorporated under the laws of a Member State, as well as any legal person in respect of any business done in whole or in part within the European Union. Likewise, any events taking place within the territory of the European Union, including its airspace and on board any aircraft or vessel under the jurisdiction of a Member State, would be subject to the EU sanctions.

Further Developments

In a statement on 24 February, EU President Ursula von der Leyen announced that the European Union will present a further “package of massive, targeted sanctions” aimed at strategic sectors of the Russian economy in response to Russia’s continued escalation of the conflict. The new measures will block Russia’s access to technologies and markets that are key for Russia, freeze Russian assets in the European Union and stop the access of Russian banks to European financial markets. The further measures could include Russia being removed from SWIFT (the Society for Worldwide Interbank Financial Telecommunication), which is the worldwide communication system used by banks.

The European Union may also expand the sanctions to target those who “provide support or benefit from the Russian government” as a response to Belarus support for Russia.

UNITED KINGDOM

UK Prime Minister Boris Johnson announced a “first barrage” of sanctions against Russia with the designation of five Russian banks and three high-net-worth Russian individuals. The sanctions have been imposed pursuant to the recently amended Russia (Sanctions) (EU Exit) Regulations 2019 (SI 2019/855).

  • Designated entities: IS Bank, Rossiya Bank, PJSC Promsvyazbank, JSC Genbank and JSC Black Sea Bank Development and Reconstruction.
  • Designated individuals: Gennady Timchenko, Boris Rotenberg and Igor Rotenberg.

Similar to the EU sanctions, any assets held in the United Kingdom by the individuals concerned will be frozen, and the individuals will also be banned from travelling to the United Kingdom. There will also be a prohibition on all UK individuals and entities from having any dealings with the designated entities and individuals.

Further Developments

The UK government stated it will further extend targeted sanctions to the Russian politicians who voted to recognise the independence of Donetsk and Luhansk and economic restrictions currently applicable to the Crimean Peninsula to the Donetsk and Luhansk regions. On 23 February, Prime Minister Boris Johnson warned London bank chiefs to expect tougher sanctions on Russia if the crisis in Ukraine escalates.

The UK government is likely to follow the European Union lead with respect to additional and broader sanctions (i) seeking to curtail Russia’s ability to raise funds in UK markets, prohibiting a range of high-tech exports and further isolating Russian banks from the global economy; (ii) targeting the Russian financial sector and trade; and (iii) prohibiting Russia from issuing foreign debt on UK markets.

In line with previous statements from the UK government, on 24 February Prime Minister Boris Johnson announced it will take measures to exclude Russian Banks from London’s financial system “stopping them from accessing sterling and clearing payments through the UK” and limiting the amount of money the Russian nationals will be able to deposit in their UK bank accounts.

UNITED STATES

The US sanctions announced immediately after the beginning of the current crisis effectively prohibit US persons from engaging in any economic activity with the breakaway Donetsk and Luhansk “republics.” This includes investment, exports to and imports from these regions. US President Joe Biden subsequently announced a new set of sanctions aimed at cutting off Russia from western financing and targeting high-net-worth Russian individuals.

Targeted Sanctions

The United States imposed new sanctions against two banks and three individuals who are the sons of three previously sanctioned President Putin inner circle members.

  • Sanctioned entities: Corporation Bank for Development and Foreign Economic Affairs Vnesheconombank (VEB) and Promsvyazbank Public Joint Stock Company (PSB), along with 42 of their subsidiaries.
  • Sanctioned individuals: Denis Aleksandrovich Bortnikov, Petr Mikhailovich Fradkov and Vladimir Sergeevich Kiriyenko.

As mentioned above, the fathers of the newly sanctioned individuals are already subject to US sanctions. These new sanctions aim to prevent the previously sanctioned individuals from transferring their assets to family members to evade sanctions. Any entities owned 50% or more by sanctioned individuals will also be sanctioned entities.

The United States has also subjected Nord Stream 2 AG, the Swiss company building the Nord Stream 2 natural gas pipeline from Russia to Germany, to sanctions.

Financial Restrictions

In addition to targeted sanctions, the United States adopted Directive 1A under Executive Order 14024. This directive expands existing sovereign debt prohibitions applying to “US financial institutions” to cover participation in the secondary market for bonds issued after 1 March 2022, by the Central Bank of the Russian Federation, the National Wealth Fund of the Russian Federation or the Ministry of Finance of the Russian Federation. These restrictions previously applied only to participation in the primary market for this debt.

“US financial institutions” is defined broadly and includes all US entities and their foreign branches which engage in activities as “depository institutions, banks, savings banks, money services businesses, operators of credit card systems, trust companies, insurance companies, securities brokers and dealers, futures and options brokers and dealers, forward contract and foreign exchange merchants, securities and commodities exchanges, clearing corporations, investment companies, employee benefit plans, dealers in precious metals, stones, or jewels, and US holding companies, US affiliates, or US subsidiaries of any of the foregoing.”

Further Developments

During his speech on 22 February, President Biden announced that more measures would be imposed in the event of Russia’s invasion of Ukraine, including additional sanctions targeting Russia’s biggest banks and export control measures. Considering President Putin’s launch of military operations in Ukraine, it is expected that the United States and its allies will announce “further consequences” for Russia on 24 February.

GLOBAL

Canada, Japan and Australia have also announced sanctions against Russia in response to the Ukraine crisis, including targeted sanctions against Russian individuals and financial institutions, and an import/export ban of goods on the Donetsk and Luhansk regions. Canada and Japan also implemented new prohibitions on dealings in Russian sovereign debt.

IMPACT ON BUSINESS 

If you or your company have dealings with Russian entities or individuals:

  • Immediately conduct a thorough review of your business agreements to ensure you have no dealings directly or indirectly with designated individuals or entities, and if there is any connection to designated people, promptly seek out legal advice;
  • Ensure you have robust sanction compliance measures to screen third parties which may be subject to sanctions; and
  • Monitor the developing situation and seek out legal advice if concerned about potential breaches.
© 2022 McDermott Will & Emery

GDPR Privacy Rules: The Other Shoe Drops

Four years after GDPR was implemented, we are seeing the pillars of the internet business destroyed. Given two new EU decisions affecting the practical management of data, all companies collecting consumer data in the EU are re-evaluating their business models and will soon be considering wholesale changes.

On one hand, the GDPR is creating the world its drafters intended – a world where personal data is less of a commodity exploited and traded by business. On the other hand, GDPR enforcement has taken the form of a wrecking ball, leading to data localization in Europe and substitution of government meddling for consumer choice.

For years we have watched the EU courts and enforcement agencies apply GDPR text to real-life cases, wondering if the legal application would be more of a nip and tuck operation on ecommerce or something more bloody and brutal. In 2022, we received our answer, and the bodies are dropping.

In January Austrian courts decided that companies can’t use Google Analytics to study their own site’s web traffic. The same conclusion was reached last week by French regulators. While Google doesn’t announce statistics about product usage, website tracker BuiltWith published that 29.3 million websites use Google Analytics, including 69.5 percent of Quantcast’s Top 10,000 sites, and that is more than ten times the next most popular option. So vast numbers of companies operating in Europe will need to change their platform analytics provider – if the Euro-crats will allow them to use site analytics at all.

But these decisions were not based on the functionality of Google Analytics, a tool that does not even capture personally identifiable information – no names, no home or office address, no phone numbers. Instead, these decisions that will harm thousands of businesses were a result of the Schrems II decision, finding fault in the transfer of this non-identifiable data to a company based in the United States. The problem here for European decision-makers is that US law enforcement may have access to this data if courts allow them. I have written before about this illogical conclusion and won’t restate the many arguments here, other than to say that EU law enforcement behaves the same way.

The effects of this decision will be felt far beyond the huge customer base of Google Analytics.  The logic of this decision effectively means that companies collecting data from EU citizens can no longer use US-based cloud services like Amazon Web Services, IBM, Google, Oracle or Microsoft. I would anticipate that huge cloud player Alibaba Cloud could suffer the same proscription if Europe’s privacy panjandrums decide that China’s privacy protection is as threatening as the US.

The Austrians held that all the sophisticated measures taken by Google to encrypt analytic data meant nothing, because if Google could decrypt it, so could the US government. By this logic, no US cloud provider – the world’s primary business data support network – could “safely” hold EU data. Which means that the Euro-crats are preparing to fine any EU company that uses a US cloud provider. Max Schrems saw this decision in stark terms, stating, “The bottom line is: Companies can’t use US cloud services in Europe anymore.”

This decision will ultimately support the Euro-crats’ goal of data localization as companies try to organize local storage/processing solutions to avoid fines. Readers of this blog have seen coverage of the EU’s tilt toward data localization (for example, here and here) and away from the open internet that European politicians once held as the ideal. The Euro-crats are taking serious steps toward forcing localized data processing and cutting US businesses out of the ecommerce business ecosystem. The Google Analytics decision is likely to be seen as a tipping point in years to come.

In a second major practical online privacy decision, earlier this month the Belgian Data Protection Authority ruled that the Interactive Advertising Bureau Europe’s Transparency and Consent Framework (TCF), a widely-used technical standard built for publishers, advertisers, and technology vendors to obtain user consent for data processing, does not comply with the GDPR. The TCF allows users to accept or reject cookie-based advertising, relieving websites of the need to create their own expensive technical solutions, and creating a consistent experience for consumers. Now the TCF is considered per-se illegal under EU privacy rules, casting thousands of businesses to search for or design their own alternatives, and removing online choices for European residents.

The Belgian privacy authority reached this conclusion by holding that the Interactive Advertising Bureau was a “controller” of all the data managed under its proposed framework. As stated by the Center for Data Innovation, this decision implies “that any good-faith effort to implement a common data protection protocol by an umbrella organization that wants to uphold GDPR makes said organization liable for the data processing that takes place under this protocol.” No industry group will want to put itself in this position, leaving businesses to their own devices and making ecommerce data collection much less consistent and much more expensive – even if that data collection is necessary to fulfill the requests of consumers.

For years companies thought that informed consumer consent would be a way to personalize messaging and keep consumer costs low online, but the EU has thrown all online consent regimes into question. EU regulators have effectively decided that people can’t make their own decisions about allowing data to be collected. If TCF – the consent system used by 80% of the European internet and a system designed specifically to meet the demands of the GDPR – is now illegal, then, for a second time in a month, all online consumer commerce is thrown into confusion. Thousands were operating websites with TCF and Google Analytics, believing they were following the letter of the law.  That confidence has been smashed.

We are finally seeing the practical effects of the GDPR beyond its simple utility for fining US tech companies.  Those effects are leading to a closed-border internet around Europe and a costlier, less customizable internet for EU citizens. The EU is clearly harming businesses around the world and making its internet a more cramped place. I have trouble seeing the logic and benefit of these decisions, but the GDPR was written to shake the system, and privacy benefits may emerge.

Copyright © 2022 Womble Bond Dickinson (US) LLP All Rights Reserved.
For more articles about international privacy, visit the NLR Cybersecurity, Media & FCC section.

Reform Bill Proposal to Article 8 of The Federal Law of Cinematography in Mexico

A proposal was published in the Gazette of the Chamber of Senators on February 9, 2022, to reform Article 8 of the Federal Law of Cinematography, signed by María del Carmen Escudero Fabre together with other members of the PAN Parliamentary Group.

The intention of the proposed bill is to reform Article 8 of the Federal Law of Cinematography, which may guarantee access to audiovisual material exhibited in movie theaters for people who suffer from some degree of visual disability.

The explanatory memorandum of the proposal states that the General Law for the Inclusion of Persons with Disabilities establishes that the denial of reasonable adjustments constitutes a discriminatory act on the grounds of disability, a provision expressly prohibited in the first article of the Constitution.

It further details that it is necessary to recognize that people who suffer from disability may face difficulties when exercising their rights, such as access to health, work, education, transportation, communications, to culture, tourism, among others, being the responsibility of the State to design a normative framework that allows its access in equitable conditions.

The bill’s author comments that this would be an advancement for Mexicans with some degree of visual impairment, with the understanding that auditory stimuli can be used to compensate for visual ones and build the ideas of the spectators based on them, and that access to educational and recreational material for this group continues to be a challenge under the current legislation.

She continues that for this reason and being aware of the difficulties faced by a person with any type of disability, efforts like this can help reduce barriers found in society, highlighting the importance of adapting places, services, and information, so they are accessible to this sector of the population, ensuring their full inclusion and participation.

The bill proposes that films should be shown to the public in their original version, dubbed and subtitled in Spanish, under the terms established by the Regulations. Those classified for children and educational documentaries must be shown dubbed and always subtitled in Spanish.

This proposal may be unfeasible, since the Federal Law of Cinematography cannot govern by itself in the field corresponding to the Federal Law of Copyright. Forcing audiovisual works in certain categories to be exhibited dubbed, eliminating the possibility of being exhibited in their original language, would constitute a limitations of copyrights, which should be regulated, where appropriate, by the law of the matter, in accordance at all times, to what is established in international treaties that Mexico is a part of.

The protection of copyright and related rights comes from various international treaties considered by the court as human rights treaties, so the proposal would not only constitute a direct violation of the LFDA but of various treaties as well.

The control of conventionality is understood as the tool that allows countries to specify the obligation to guarantee human rights in the internal sphere through the verification of the conformity of national norms and practices with the American Convention on Human Rights and its Jurisprudence. Therefore, the reform to our fundamental law of June 10, 2011 on human rights, orders that the interpretation of the norms related to this subject be carried out in accordance with the Constitution of Mexico and the international treaties that the nation has signed in this matter, observing at all times the pro homine principle.

There are specific treaties that deal with limitations to Author’s Right, such as the Marrakesh Treaty, but what the Legislator intends to reform is not a specific case.

To conclude, this reform would create a direct impediment to access to culture and education, since forcing people to appreciate certain genres of audiovisual productions only in Spanish and not in their original languages, would also create direct harm to those who seek to expand their knowledge and learning of new languages and cultures.

© 2005-2022 OLIVARES Y COMPAÑIA S.C.
Article By Luis C. Schmidt with OLIVARES
For more articles on the arts, visit the NLR Entertainment, Art & Sports section.