Despite having finally achieved a Parliamentary majority in favour of a way of delivering Brexit, in the Second Reading of the Withdrawal Agreement Bill on 22nd October, Prime Minister Boris Johnson decided – in the face of Parliament’s refusal to allow him to put the Bill through very rapidly so as to meet the 31st October Brexit deadline – to pursue a General Election instead of pushing the Bill through.
After some “after you, Claude” to-ing and fro-ing, the EU agreed to the request to extend the Article 50 deadline of 31st October which the Prime Minister had been forced by Parliament to send. The EU did so under condition that there should be no re-opening of withdrawal negotiations, no disruption to EU business by the UK (including the UK appointing a member of the new European Commission), and that the UK could leave earlier if the ratification process completed earlier.
A delicate game ensued in Parliament about the basis for a decision to hold the election, with opposition parties wanting to remove the Prime Minister’s discretion over the date of the election, and to make it impossible for him to try again to push the Withdrawal Agreement Bill. On 28th October Parliament rejected the Prime Minister’s attempt to secure an election on 12th December. Parliament then decided on 29th October that the election should be held on 12th December. The difference between the first 12th December and the second 12th December would take too long to explain, and would anyway test the sanity of all but the most extreme political geek.
And so the unhappy child of Theresa May’s disastrous 2017 election fades into the twilight…
The election Bill still needs to go through the House of Lords (unlikely to be problematic) and receive Royal Assent, and the House of Commons needs to tidy up some necessary business. So on current plans Parliament will dissolve on Wednesday 6th November for MPs to campaign for the General Election on Thursday 12th December. The British electorate, used to voting at national level every five years, had a General Election in 2015, the Brexit referendum in 2016, a further General Election in 2017, and now a third General Election in 2019 (the Scots also had an independence referendum in 2014).
Was the 2017-2019 Parliament a travesty of democratic accountability, or a powerful example of representative democracy grappling with issues which had split the nation in two through a binary exercise in direct democracy? Historians will judge. It was certainly a tough one for individual MPs, who regularly found themselves objects of extremely hostile, sometimes violent, social media messaging. Parliament certainly seemed to reflect accurately the division in the electorate, which the polls show has not shifted significantly throughout the period since the 52:48 result of the 2016 Brexit referendum.
“Prediction is very difficult, especially if it’s about the future” – Nils Bohr
So what’s going to happen in the 12th December election? It will be the first December election for almost a century, and the hardest to predict for many decades. Will Boris Johnson scoop the Leave vote across the country, or will Nigel Farage’s Brexit Party damage the Conservatives by arguing that Johnson’s Brexit deal is not really Brexit? Will the clarity of the Liberal Democrats’ Remain position help them and weaken Labour, or will Labour be able to sit on the fence on Brexit and focus the campaign on Tory austerity and public services?
The next six weeks will be exhilarating, confusing and passionate. They will decide the future course of the nation. Nothing more will happen on Brexit until after the election. Whether the election provides a clear way forward will depend on whether a party achieves a clear majority or the election produces another hung Parliament. Watch this space…
To the interest of many a scouser and football fan alike, Liverpool Football Club’s attempt to register as a UK trademark LIVERPOOL has been rejected by the UKIPO on the grounds that the word is of “geographical significance” to the city. Liverpool FC had filed its application in regards to various goods in relation to football and the filing had attracted significant public attention.
Other English football clubs (Everton, Chelsea and Tottenham) have managed to register several trade marks for each of their respective area names. In addition Southampton Football Club has managed to register SOUTHAMPTON as an EU trade mark. As a result, it is not surprising that Liverpool FC would seek to register a similar mark to help protect its valuable brand.
However, as a result of the filing the club received significant backlash from the people of Liverpool, including their own supporters, and – probably in a related move – Liverpool FC has said that it does not plan to appeal the refusal and it has withdrawn the application. An additional trade mark application for LIVERPOOL with different claims has also been withdrawn.
The matter presents a great case study for brand owners on balancing the need to protect their brand whilst being considerate of the potential adverse PR that will come with the application for certain trade marks.
Innovation in protecting your brand
Brand owners certainly need to adopt innovative tactics when looking to fight counterfeiters and to protect their brand and Liverpool FC has shown a keen eye to identifying new brand assets.
Liverpool FC may have been unsuccessful with this application but they recently successfully applied to trade mark the phrase “LET’S TALK ABOUT SIX BABY” in the UK. The saying was coined by Reds Manager Jürgen Klopp when he ended his run of six successive final defeats and claimed a first trophy as Liverpool FC’s manager with the UEFA Champions League triumph earlier this year. No doubt will form an important part of the club’s merchandise moving forward and is a cunning registration.
Consideration of PR implications
However, all innovative steps in brand protection must be considered in their context.
Liverpool FC argued that the trade mark application was purely “in the context of football products and services” and to stop counterfeiters from benefiting from the sale of counterfeit Liverpool FC products. However, this does raise the question as to why the existing portfolio of club name, mottos and logos would not be sufficient to defeat the majority of inauthentic products that are currently on the market.
In addition, the vitriol with which the application was greeted raises further queries concerning the club’s decision to apply to register the trade mark. The Liverpool FC supporters group ‘Spirit of Shankly’ called the UKIPO’s rejection of the application a “victory for common sense” and declared that the word LIVERPOOL belongs to the “city of Liverpool”. Supporters also took the decision to wear non-official items of clothing carrying the club’s name and logo during a match against Newcastle in protest.
As a result, the case highlights the perils brand owners face when pursuing a robust approach to protecting their brand, particularly when looking to register terms as trade marks with cultural significance. Applicants must bear in mind the negative PR that can accompany any new filing strategy.
On Oct. 4, 2019, President Trump issued a Proclamation, that will be effective on Nov. 3, 2019, suspending the entry of immigrants who will financially burden the United States healthcare system. The reasoning behind the issuance of this Proclamation is to not burden American taxpayers with immigrants who utilize the U.S. healthcare system without payment and who allegedly contribute to overcrowding of emergency rooms and hospitals. The Proclamation includes a reference to data that shows lawful immigrants being three times more likely than U.S. citizens to lack health insurance, and while the United States will still continue to welcome immigrants, the country must protect its own citizens.
President Trump, through the Proclamation, declares the following:
– The immediate suspension of immigrants entering the United States who does not have approved health insurance, within 30 days of entry, or unless the alien possesses the financial resources to pay for medical costs. Approved health insurance is defined in the Proclamation, which can be found here.
– The Proclamation only applies to those who are seeking immigrant visas, as opposed to those seeking nonimmigrant visas.
The Proclamation will not apply to those who hold a valid immigrant visa issued before the effective date of the proclamation; those who are seeking to enter the United States pursuant to a Special Immigrant Visa, who is a national of Afghanistan or Iraq, or any alien who is the child of a U.S. citizen seeking to enter the U.S. pursuant to the following categories: SB-1, IR-2, IR-3, IR-4, IH-3, IH-4, and IR-5 (with limitations).
b. The Proclamation will also not apply to those aliens under 18, and any other aliens whose entry would be in the national interest.
c. The Proclamation will not affect those who are lawful permanent residents (e.g., already received green cards), and will not affect eligibility regarding asylum, refugee status, etc.
– The Proclamation will be implemented and enforced immediately, and a report must be submitted within 180 days of the effective date.
The EU plans to impose retaliatory tariffs on $20 billion of U.S. exports in response to subsidies allegedly provided to American plane manufacturer Boeing. However, the EU will have to wait for WTO approval in separate proceedings. The United States and the EU have been involved in WTO dispute settlement proceedings regarding subsidies for large civil aircraft since 2004.
Duties of 10 percent apply to imports of passenger and cargo aircraft from France, Germany, Spain, and the United Kingdom (where the majority of Airbus production is based), provided that they have an unladen weight exceeding 30,000 kg.1
Duties of 25 percent apply to imports of other products from all EU member states (or a subset of these member states, depending on the product category). These products include certain cheeses, pork, coffee, seafood, fruit, dairy spreads, wine, whisky, apparel, bedding, optical instruments, appliances, tools, folding knives, and magnets.
Military aircraft, civil helicopters, and parts or components of civil aircraft are not subject to the duties.2
1 Examples of subject aircraft over 30,000 kg are regional jets capable of seating more than 100 passengers (such as the Airbus A220) and any larger aircraft (including long-haul, wide-body jets). Smaller aircraft, including recreational aircraft, private jets, most turboprop aircraft, and most regional jets with a capacity of fewer than 100 passenger, have an unladen weight of less than 30,000 kg and are excluded.
2 Airbus has production facilities in the United States, that rely on components imported from the EU. Additionally, some EU companies produce certain components of military aircraft for export to the United States.
The need to coordinate individual country compliance across numerous countries whilst still maintaining a common company culture requires extensive knowledge of national laws and considerable flexibility.
Contracts
US-based businesses will be used to working with at-will offer letters, but these are mostly unheard of elsewhere. In most jurisdictions, detailed employment contracts are not only customary, but are required by law. As you would expect, companies must ensure the legal compliance of their contractual documentation for each country in which they do business. This includes engagement letters, employment offers, employment contracts, bonus schemes, stock option plans, etc.
With employment contracts, the most common approach is to prepare a contract compliant with local law in accordance with best practices in the jurisdiction where the individual is to be employed. Contracts should incorporate crucial terms, such as probationary periods, termination grounds, working time provisions, and post-termination non-compete and/or non-solicitation provisions.
Countries have varying rules on the maximum duration of a probationary period. For example, France permits an eight-month probationary period, one renewal included, for executives under an indefinite-term contract (contrat à durée indéterminée); whereas a 90-day probationary period is standard in the United States.
Subject to applicable statutory restrictions in each country, termination provisions provide a good starting point to enforce the departure of an employee, for example in case of a violation of company policies, such as a code of conduct.
In France, where the legal working time is 35 hours per week, there is the option of entering into flat-rate pay agreements for autonomous executives whose roles and responsibilities do not permit alignment with the collective working time/office schedule. In the United Kingdom, there exist more flexible, zero-hours contracts, under which the employer is not obliged to provide any minimum working hours but, equally, the employee has no obligation to accept the work offered.
The rules on post-termination provisions, such as confidentiality, non-compete and non-solicitation restrictions, vary significantly. Some jurisdictions follow a reasonableness approach (Australia, the United Arab Emirates, and the United Kingdom); others have outright prohibitions (India, Mexico, and Russia); and others mandate compensation for non-compete clauses (China, France, and Germany).
With so many nuances country-by-country, contract drafters often consider choice of law and jurisdiction clauses. Public policy considerations may, however, override such clauses. For an Italian citizen hired in Italy to work in Italy, it will be difficult to apply Australian law merely because the employer is an Australian corporation. The general rule is that the laws of an employee’s physical worksite will likely apply, regardless of such clauses.
The relevant law for all European Union countries is the Rome I Regulation. Under Rome I, foreign employees in Europe benefit from the mandatory laws of the country with which they have the closest connection, which will usually be the country where they normally work. Accordingly, a German employee working in France should receive a French law-governed employment contract, even if the employee works for a UK employing entity.
For highly mobile employees, however, the place of work is often debatable. For instance, English employment courts have decided that an employee working remotely in Australia has the right to bring an unfair dismissal claim in the United Kingdom if the work is done for a UK employer, regardless of the employee’s physical worksite.
Forum-selection provisions that call for a forum other than the place of employment tend to be unenforceable outside the United States. In London, US expatriates working under contracts with such clauses who sue before an English Employment Tribunal are unlikely to see their claim dismissed when their employer invokes the forum-selection clause.
In choice-of-forum situations, Europeans invoke the provisions of the “Recast Brussels Regulation.” These codify the general rule that employees rarely have to litigate employment disputes outside their host country place of employment, even if a choice-of-foreign-forum clause purports to require otherwise.
Communicating Global Policies
Every organisation has bespoke policies, employee handbooks, and a code of conduct. In addition, every organisation has its own HR practices, such as evaluation processes and training programmes, all dictated by the corporate culture and even corporate vocabulary. It can be challenging to extend those across borders and the legal systems of different countries.
In France, policies related to safety, disciplinary procedures, harassment, whistleblowing, etc., particularly if the policy provides sanctions, must be incorporated within internal rules (règlement intérieur), which must be filed with the employment court and inspectorate. If a company fails to file its policies correctly, it may not be able to discipline employees for violating the rules.
Country by country, companies must consider the interrelationship between the contract and the applicable policies. In some jurisdictions, it is advisable to incorporate relevant handbook policies into the contract. In the United Kingdom, for example, it is compulsory to mention disciplinary and grievances procedures in the contract.
Language Barriers
Where the policies are written is, however, merely the beginning. How they are written is much more complicated. Communicating clearly in multiple languages is now a core HR function for global entities. Many jurisdictions, such as Belgium, France, and Poland, require contracts to be in the local language, even for an employee fluent in the primary language used by the employer. If the contract is not in the local language, its provisions, the policies, and other elements, will be unenforceable, at least for the employer.
A typical example is a global bonus plan, where a failure by the employer to translate the target objectives can allow the employee to claim a bonus without needing to comply with the terms of the plan (i.e., without achieving the stated goals or objectives). This has been confirmed by French case law.
In some countries, such as Turkey, the local language will always prevail, regardless of what is provided for in the contract. In those cases, ensuring translation accuracy can avoid inadvertently granting employees more generous terms under a local translation than the company intended.
Local language translations are also required for other purposes. For instance, in Spain the employment contract needs to be filed with the government, in Spanish. In other countries, such as China, works councils and unions will need to be consulted on the implementation of policies, and submissions for those consultations will need to be in the local language.
As a result, businesses now often consider whether to create employment documents in the local language only, or in two languages. If a document is used that has two columns showing the corporate language and the local language, it is crucial to state which language prevails.
As we reported earlier this year, a new rule dealing with the depiction of harmful gender stereotypes, was introduced into the BCAP and CAP Codes as of June 2019.
The first decisions under the new rules have been released and we have seen two separate ads by Volkswagen and Philadelphia banned by the Advertising Standards Authority (ASA) under the new rule.
Volkswagen’s advert for its eGolf electric car, with the slogan “when we learn to adapt, we can achieve anything” features a man and a woman camping on a sheer cliff face, two male astronauts floating in space, a male athlete with a prosthetic limb, and a woman sitting next to a pram.
Separately, the Philadephia ad by Mondalez depicts fathers being distracted by the cheese spread long enough for their babies to end up on a conveyor belt of Philadelphia, resulting in an embarrassed dad saying “let’s not tell mum”.
Both ads received a number of complaints from the public on the basis that they were contrary to the new rule, which aims to ban harmful gender stereotypes in ads which can
Whilst Volkswagen argued that caring for a new born child was a life-changing experience about adaption, regardless of the gender of the parent depicted, and that a female was also engaged in the adventurous activity of camping on the mountain, the ASA ruled that “unlike her male counterpart, the female rock climber was passive, because she was asleep” and that the woman with the pram was depicted in a stereotypical care-giving role.
Mondalez told ASA that it was in a “no-win situation” having deliberately chosen two dads to avoid depicting the stereotypical image of women handling the childcare responsibilities. However the ASA banned the ad on the basis that it reinforced the stereotype that males are ineffective in care-giving roles.
Critics have said that the watchdog has gone too far and in a statement posted on the website for ISBA, the body representing the UK’s leading advertisers, Phil Smith (director-general and a member of a working group that helped develop the new rules) said the bans are “concerning, both in terms of the precedent they set and the likely impact they will have on advertisers.”
Smith further commented
“In our view, the two decisions go beyond the intent of the new rule and guidance and will likely create confusion for advertisers and the broader co-regulatory system as they seek to address the harmful gender stereotypes and outdated portrayals this rule was designed to tackle.”
The effectiveness of the new rule will be reviewed by CAP in June 2020, to determine whether it is suitable in helping the ASA meet the rule’s objective. It will be interesting to see how the ASA applies the rule in future decisions.
The World Intellectual Property Organization (WIPO) launched a Uniform Domain-Name Dispute-Resolution Policy (UDRP) for .CN and .中国 (China) country code Top-Level Domain (ccTLD), the first non-Chinese entity to do so. Previously, the China International Economic and Trade Arbitration Commission Online Dispute Solution Center (CIETAC ODRC) or the Hong Kong International Arbitration Center (HKIAC) were authorized by the China Internet Network Information Center (CNNIC) to handle domain name disputes for these domains. The .CN and .中国ccTLD is among the largest in the world with over 22 million registered domain names.
The WIPO UDRP for .CN and .中国 ccTLD is only applicable to .CN and .中国domain names that have been registered for less than three years. In contrast to the conventional UDRP, the Chinese UDRP applies to domain names that are identical or confusingly similar, not only to a mark, but to any “name” in which the complainant has civil rights or interests.
The complainant must prove that either registration or use of the disputed domain name is in bad faith, but not both as in the traditional UDRP. Examples of bath faith provided by WIPO include:
The purpose for registering or acquiring the domain name is to sell, rent or otherwise transfer the domain name registration to the complainant who is the owner of the name or mark or to a competitor of that complainant, and to obtain unjustified benefits;
The disputed domain name holder, on many occasions, registers domain Names in order to prevent owners of the names or marks from reflecting the names or the marks in corresponding domain names;
The disputed domain name holder has registered or acquired the domain name for the purpose of damaging the Complainant’s reputation, disrupting the Complainant’s normal business or creating confusion with the Complainant’s name or mark so as to mislead the public;
Other circumstances which may prove the bad faith.
The language of proceedings will be in Chinese unless otherwise agreed by the parties or determined by the Panel. More information is available at WIPO’s site.
Last week, on the heels of a significant decline in Bitcoin prices, Forbes reported that China’s Central Bank is set to launch the world’s first state-backed cryptocurrency. The cryptocurrency will be made available initially to seven of China’s largest financial institutions, including three banks and two financial technology companies (including Alibaba). It is planned to eventually reach the virtual wallets of U.S. consumers, through relationships with Western correspondent banks.
Meanwhile, in the United States, litigation rages on against Mark Karpeles, the President and CEO of Mt. Gox. Formerly the world’s leading bitcoin exchange platform, Mt. Gox filed for bankruptcy protection in Japan in 2014 amidst reports of rampant security breaches and refusal by its Japanese banking partner, Mizuho Bank, to process withdrawals for Mt. Gox users. Before its bankruptcy, Mt. Gox announced that 850,000 bitcoins valued at more than $450 million had gone “missing,” likely due to cyber theft.
In the aftermath, Mt. Gox account holders filed putative class actions against Karpeles and Mizuho in the Central District of California, the Northern District of Illinois, and the Eastern District of Pennsylvania, asserting causes of action for negligence, fraud, and tortious interference. In each action, both defendants filed motions to dismiss, claiming lack of personal jurisdiction due to their residences in France and Japan, respectively.
Earlier this year, all threecourtsdismissed Mizuho from the litigation, agreeing that the bank did not purposefully direct any activity at the forum states. Mt. Gox’s bank accounts with Mizuho were located in Japan, the decisions not to process withdrawals from those accounts were made by Mizuho employees located in Japan, and all wire transfers were initiated or received in Japan.
However, all three courts denied Mr. Karpeles’ motions to dismiss for lack of personal jurisdiction. Mr. Karpeles, a French citizen, argued that his contacts with the forum states were merely the incidental result of where some Mt. Gox users lived. The courts unanimously disagreed.
In the most recent of these three decisions, the Eastern District of Pennsylvania, relying on the previous decisions by the courts in California and Illinois, held that it has specific jurisdiction over Karpeles “because he availed himself of the privilege of conducting business in Pennsylvania through soliciting business from [a named plaintiff] and thousands of other Pennsylvania residents through the Mt. Gox website.” Pearce v. Karpeles, No. CV 18-306, 2019 WL 3409495, at *4 (E.D. Pa. July 26, 2019).
The Court applied the “sliding scale” test established by Zippo Manufacturing v. Zippo Dot Com, Inc., 952 F. Supp. 1119, 1123-24 (W.D. Pa. 1997), which has been characterized as “a seminal authority regarding personal jurisdiction based upon the operation of an internet website,” to determine that Karpeles’ internet presence sufficiently gave rise to personal jurisdiction over him. Karpeles, 2019 WL 3409495, at *4-5. The Zippo scale “ranges from situations where a defendant uses an interactive commercial website to actively transact business with residents of a forum state (personal jurisdiction exists) to situations where a passive website merely provides information that is accessible to users in the forum state (personal jurisdiction does not exist).” Id. at *4. Under that Pennsylvania precedent, a defendant has purposefully availed itself of the privilege of doing business in the state if its website “repeatedly attracts business from a forum or knowingly conducts business with forum state residents via the site.” Id. at *5.
The Court held that Mt. Gox’s internet activity fell at the “interactive end of the Zippo spectrum.” Id. Mt. Gox’s website was interactive, allowing users to open and manage accounts, make purchases and trades, and transfer and deposit cash. Id. Further, Mt. Gox had knowledge of the residences of its users because at the time they opened accounts, they had to provide Mt. Gox with their addresses and other personal information. Id. Users could also purchase “Yubikeys” (a hardware authentication device that allows users to securely log into their accounts) to be sent to their physical addresses. Id. Approximately 4% of all Mt. Gox users (over 19,000 individuals) who registered with addresses were Pennsylvania citizens, making Karpeles’ interactions with the forum state neither random, isolated, nor fortuitous. Id. at *6.
The Court also rejected Karpeles’ assertion that it would be unfair to force him to defend in the United States since he is on probation in Japan and prohibited from leaving the country, holding that the interests of the plaintiffs and the forum state justified any burden of defending in Pennsylvania. Karpeles, 2019 WL 3409495, at *8-9.
The increased use of cryptocurrency looks inevitable, with Facebook’s cryptocurrency, Libra, poised to launch in 2020, and some economists proposing that a cryptocurrency backed by central banks throughout the world will email one day replace the U.S. dollar as the world’s global reserve currency. As cryptocurrency proliferates, it is likely that so too will cryptocurrency litigation, bringing with it a host of jurisdictional challenges for litigants. The Mt. Gox-related orders provide valuable insight into how some such challenges may be resolved in the future.
Hyperconnectivity is a real phenomenon and it is changing the concerns of society because of the kinds of interactions that can be brought about by IoT devices, which could be: i) People to people; ii) People to things (objects, machines); iii) Things/machines to things/machines.
It gives rise to different issues for people. According to a European Survey, 72% of EU Internet users worry that too much of their personal data is being shared online and that they have little control over what happens to this information[1]. It gives rise to inevitable ethical issues and its relationship with the techno environment.
The discussion on ethics that follows aims to provide a quick tour on general ethical principles and theories that are available as they may apply to IoT[2]. Law and ethics are overlapping, but ethics goes beyond law. Thus, a comparison of law and ethics is made and their differences are pointed out in the great work of Spyros G Tzafestas, who wrote Ethics and Law in the Internet of Things World. In this article, he considers that the risks and harms in a digital world are very high and complex, especially explaining those tech terms and their impact in our private life. Thus, it is of primary importance to review IoT and understand the limitations of protective legal, regulatory and ethical frameworks, in order to provide sound recommendations for maximizing good and minimizing harm[3].
Major data security concerns have also been raised with respect to ‘cloud’-supported IoT. Cloud computing (‘the cloud’) essentially consists of the concentration of resources, e.g. hardware and software, into a few physical locations by a cloud service provider (e.g. Amazon Web Service)[4]. We are living in a data-sharing storm and the economic impact of IoT’s cyber risks is increasing with the integration of digital infrastructure in the digital economy[5]. We are surrounded by devices which contain our data, for instance:
Wearable health technologies: wearable devices that continuously monitor the health status of a patient or gather real-world information about the patient such as heart rate, blood pressure, fever;
Wearable textile technologies: clothes that can change their color on demand or based on the biological condition of the wearer or according to the wearer’s emotions;
As a result of the serious impact IoT may have and because it involves a huge number of connected devices, it creates a new social, political, economic, and ethical landscape. Therefore, for a sustainable development of IoT, political and economic decision-making bodies have to develop proper regulations in order to be able to control the fair use of IoT in society.
In this sense, the most developed regions as regards establishing IoT Regulations and an ethical framework are the European Union and the United States both of which have enacted:
Legislation/regulations.
Ethics principles, rules and codes.
Standards/guidelines;
Contractual arrangements;
Regulations for the devices connected;
Regulations for the networks and their security; and
Regulations for the data associated with the devices.
In light of this, the next section will deal with Data Protection Regulations, Consumer Protection Acts, IoT and Cyber Risks Laws, Roadmap for Standardization of Regulations, Risk Maturity, Strategy Design and Impact Assessment related with 2020 scenario, which is: 200 billion sensor devices and market size that, by 2025, will be between $2.7 trillion and $3 trillion a year.
Europe
The Alliance for Internet of Things Innovation (AIOTI) was initiated by the European Commission in order to open a stream of dialogue between European stakeholders within the Internet of Things (IoT) market. The overall goal of this initiative was the creation of a dynamic European IoT ecosystem to unleash the potential of IoT.
In October 2015, the Alliance published 12 reports covering IoT policy and standards issues. It provided detailed recommendations for future collaborations in the Internet of Things Focus Area of the 2016-2017 Horizon 2020 programme[7].
The IoT regulation framework in Europe is a growth sector:
EU Directive-2013/40: this Directive deals with “Cybercrime” (i.e., attacks against information systems). It provides definitions of criminal offences and sets proper sanctions for attacks against information systems[8].
EU NIS Directive 2016/1148: this Network and Information Security (NIS) Directive concerns “Cybersecurity” issues. Its aim is to provide legal measures to assure a common overall level of cybersecurity (network/information security) in the EU, and an enhanced coordination degree among EU Members[9].
EU Directive 2014/53: this Directive “On the harmonization of the laws of the member states relating to the marketing of radio equipment”[10] is concerned with the standardization issue which is important for the joint and harmonized development of technology in the EU.
EU GDPR: European General Data Protection Regulation 2016/679: this regulation concerns privacy, ownership, and data protection and replaces EU DPR-2012. It provides a single set of rules directly applicable in the EU member states.
EU Connected Communities Initiative: this initiative concerns the IoT development infrastructure, and aims to collect information from the market about existing public and private connectivity projects that seek to provide high-speed broadband (more than 30 Mbps).
United States
A quick overview of the general US legislation that protects civil rights (employment, housing, privacy, information, data, etc.) includes:
Fair Housing Act (1968);
Fair Credit Reporting Act (1970);
Electronic Communication Privacy Act (1986), which is applied to service providers that transmit data, the Privacy Act 1974 which is based on the Fair Information Practice Principle (FIPP) Guidelines;
Breach Notification Rule which requires companies utilizing health data to notify consumers that are affected by the occurrence of any data breach; and
IoT Cybersecurity Improvement Act 2019: the Bill seeks “[t]o leverage Federal Government procurement power to encourage increased cybersecurity for Internet of Things devices.” In other words, this bill aims to shore up cybersecurity requirements for IoT devices purchased and used by the federal government, with the aim of affecting cybersecurity on IoT devices more broadly.
SB-327 Information privacy: connected devices: California’s new SB 327 law, which will take effect in January 2020, requires all “connected devices” to have a “reasonable security feature.”
The above legislation is general, and in principle can cover IoT activities, although it was not designed with IoT in mind. Legislation devoted particularly to IoT includes the following:
White House Initiative 2012: the purpose of this initiative is to specify a framework for protecting the privacy of the consumer in a networked work.
This initiative involves a report on a ‘Consumer Bill of Rights” which is based on the so-called “Fair Information Practice Principles” (FIPP). This includes two principles:
Respect for Context Principle: consumers have a right to insist that the collection, use, and disclosure of personal data by Companies is done in ways that are compatible with the context in which consumers provide the data;
Individual Control Principle: consumers have a right to exert control over the personal data companies collect from them or how they use it.
China
Where we start to see the most advanced picture is in China. In 2017, the Ministry of Industry and Information Technology (MIIT), China’s telecom regulator and industrial policy maker, issued the Circular on Comprehensively Advancing the Construction and Development of Mobile Internet of Things (NB-IoT) (MIIT Circular [2017] No. 351, the “Circular”), with the following approach in the opening provisions:
Building a wide-coverage, large-connect, low-power mobile Internet of Things (NB-IoT) infrastructure and developing applications based on NB-IoT technology will help promote the construction of network powers and manufacturing powers, and promote “mass entrepreneurship, innovation” and “Internet +” development. In order to further strengthen the IoT application infrastructure, promote the deployment of NB-IoT networks and expand industry applications, and accelerate the innovation and development of NB-IoT[11]
Nowadays China already has a huge packet of regulation on technological matters:
2015 State Council – China Computer Information System Security Protection Regulation (first in 1994);
2007 MPS – Management Method for Information Security Protection for Classified Levels;
2001 NPC Standing Committee – Resolution about Protection of Internet Security;
2012 NPC Standing Committee – Resolution about Enhance Network Information Protection;
July 2015: National Security Law – ‘secure and controllable’ systems and data security in critical infrastructure and key areas;
2014 MIIT – Guidance on Enhance Telecom and Internet Security;
2013 MIIT – Regulation about Telecom and Internet Personal Information Protection
2014 China Banking Regulatory Commission – Guidance for Applying Secure and Controllable Information;
Technology to Enhance Banking Industry Cybersecurity and Informatization Development
Further, as if this were not enough, the Chinese government is being proactive and has several important laws and regulations in the Pipeline, as it can be seen from the list below:
CAC: Administrative Measures on Internet Information Services;
CAC Rules on Security Protection for Critical Information Infrastructure;
Cybersecurity Law;
Cyber Sovereignty;
Security of Product and Service;
Security of Network Operation (Classified Levels Protection, Critical Infrastructure);
Data Security (Category, Personal Information);
Information Security.
Finally, China established, in 2016, the National Information Security Standardization Technical Committee and its current work is developing a Standardization – TC260 (IT Security) on Technical requirement for Industrial network protocol and general reference model and requirements for Machine-to-Machine (M2M) security.
Latin America
The Latin American countries have different levels of development and this sets up a huge asymmetry between the domestic legal frameworks. The following is a quick regulation overview on Latin American countries:
Brazil has the “National IoT Plan” (Decree N. 9.854/2019) that aims to ensure the development of public policies for this technology sector and members of Brazilian parliament presented the bill No. 7.656/17 with the purpose of eliminating tax charges on IoT products;
Colombia has a Draft of Law No. 152/2018 on the Modernization of the Information and Communication providing investments incentives to IT Techs (article 3);
Chile has a new Draft Law Boletín N° 12.192-25/2018 on Cyber crimes and regulation on internet devices and hackers attacks;
In 2017, Argentina launched a Public Consultation on IoT regarding regulations that must be updated and how to get more security and improve the technological level of the country[12].
Most Promising Smart Environments
Smart environments are regarded as the space within which IoT devices interact connected through a continuous network. Thus, smart environments aim to satisfy the experience of individuals from every environment, by replacing the hazardous work, physical labor and repetitive tasks with automated agents. Generally speaking, sensors are the basis of these kind of smart devices with many different applications e.g. Smart Parking, Waste Management, Smart Roads and Traffic Congestion, Air Pollution, River Floods, M2M Applications, Vehicle auto-diagnosis, Smart Farming, Energy and Water Uses, Medical and Health Smart applications, etc[13].
Another way of looking at smart environments and assess their relative capacity to produce business opportunities is to identify and examine the most important IoT use cases that are either already being exploited or will be fully exploited by 2020.
For the purposes of this article, the approach was restricted to sectors consisting of the most promising smart environments to be developed up to 2020 in the European Market as displayed in the Chart below:
Vertical IoT Market Size in Europe
The conclusions of the last report of the European Commission are impressive and can help to understand the continuous development of the IoT market and how every market has to comply with the law and they will emerge facing a regulatory avalanche as mentioned in item 2 on the Regulatory Ecosystem.
Final Considerations: IoT as Consumer Product Health and Safety
IoT safety is becoming more important every day. On the one hand, as mentioned above, most concerns for IoT safety are primarily in the areas of cyber-attacks, hacking, data privacy, and similar topics; what is better referred to as security than safety. On the other hand, it can be approached by physical safety hazards which may result from the operation of consumer products in an IoT environment or system. IoT provides a new way to approach business and it is not restricted to one or other market or topic. It is a metatopic ormetamarketshowing different possibilities and applications and will be spread in the near future.
In general, IoT products are electrical or electronic applications with a power source and a battery connected by a charging device. So long as the power source, batteries and charging devices are present we have the usual risks of electrical related hazards (fire, burns, electrical shock, etc.). Nonetheless, IoT makes matters more complicated as smart devices have the function to send commands and control devices in the real world.
IoT applications can switch the main electrical powers of secondary products or can operate complex motor systems and so on. Then they have to be accurate and might provide minimal requirements to care of consumer health and safety. Risk assessment and hazard mitigations will have to adapt to IoT applications reinventing new methods to assure regular standards of IoT usability. Traditional health and safety regulations might be up to date with this new technological reality to be effective at reducing safety hazards for consumer products.
To conclude, this article was intended to summarize two main issues: I) IoT as an increasing and cross topic market which will become a present reality closer to our daily lives; II) IoT will be regulated and become an important concern in consumer product health and safety.
[1] Nóra Ni Loideain. Port in the Data-Sharing Storm: The GDPR and the Internet of Things. King’s College London Dickson Poon School of Law Legal Studies Research Paper Series: Paper No. 2018-27.P2.
[4] Nóra Ni Loideain. Port in the Data-Sharing Storm: The GDPR and the Internet of Things. King’s College London Dickson Poon School of Law Legal Studies Research Paper Series: Paper No. 2018-27.P. 19.
[5] Petar Radanliev, David Charles De Roure and others. Definition of Internet of Things (IoT) Cyber Risk – Discussion on a Transformation Roadmap for Standardization of Regulations, Risk Maturity, Strategy Design and Impact Assessment. Oxford University. MPRA Paper No. 92569, March 2019, P. 1.
This is reflected in the composition of the UK Parliament and has resulted in an impasse, with Parliament rejecting both the transitional ‘deal’ to leave the EU negotiated by former Prime Minister Theresa May at the end of 2018 and the prospect of leaving the EU without a deal – a ‘no deal’ Brexit. The election of Boris Johnson as the new UK prime minister and his appointment of a government leaning firmly towards leaving the EU, with or without a deal on October 31, 2019, throws up some distinctive legal challenges: If a new deal cannot be struck with the EU, is a no-deal Brexit inevitable, or can the remainer MPs stop it?
Concluding a new deal with the EU by October 31 is challenging, not least given the limited time available for negotiating it and having it approved by the European and UK Parliaments. This is compounded by the complexity of the issues the UK government seeks to renegotiate, particularly the Irish backstop, and the EU’s no-renegotiation stance – although it has indicated willingness to revisit the nature of the future relationship between the EU and UK.
The legal position on a no-deal Brexit is set out in the European Union (Withdrawal) Act 2018, as amended in April 2019. This Act sets Brexit date at October 31, 2019. It also requires Parliament to approve any withdrawal agreement with the EU. What it does not require is that there should, in fact, be a withdrawal agreement. Consequently, the Act does not require parliamentary consent for a ‘no deal’ Brexit. Prime Minister Johnson does not, accordingly, need to secure any parliamentary majority for this. And since the Act will prevail over any parliamentary vote to reject a no-deal Brexit, he does not have to comply with any vote passed to the contrary.
The first legal route open to remainer MPs is to seek to amend the 2018 Act. The problem that they would have is timing. Parliament is in recess until September 3. There is usually a further recess from mid-September to the second week in October for the party conference season. Even if the second recess were to be abandoned, there is insufficient time for an amending bill to be passed before October 31 using normal parliamentary procedures. There is provision for emergency legislation to be passed very quickly, but this would require a consensus among all parties and the support of the government, both of which seem unlikely given the split between remainers and leavers within the main parties and the new government’s express intention to achieve Brexit by October 31.
The second legal route open to remainer MPs is to force a general election. Under the terms of the UK Fixed-term Parliaments Act 2011, Leader of the Opposition Jeremy Corbyn would need to propose a motion of no confidence in Prime Minister Johnson’s government. At present, the Conservatives have a majority of one in Parliament, but only with the support of the Democratic Unionist Party from Northern Ireland. However, a number of Conservative MPs have indicated that they would be prepared to bring their own government down on this issue. An unknown factor is whether leaver MPs in the Labour Party are prepared to abstain or even vote against such a motion.
A motion of no confidence under the 2011 Act requires only a simple majority of MPs voting in favour. However, there are still timing issues. The earliest that such a motion can be proposed is September 3. If passed, it would trigger a cooling-off period of 14 days for an alternative government to be formed. At the end of this period, if, as he would be entitled to do, Mr Johnson were to remain prime minister, UK electoral law would require him to announce the date for a general election within a further 25 days. However, there is no requirement for the election actually to be held within a particular time. Although the Queen must be consulted about the date, this is a formality. Prime Minister Johnson would, therefore, be within his constitutional rights to call an election only after the October 31 Brexit deadline has passed and the UK has left the EU.
Remain supporters have indicated that their strategy, if they are able to force an election, would be to rely on the legal status of the ‘standstill’ or status quo convention to prevent a no-deal Brexit on October 31. When an election is called, the government immediately becomes a caretaker administration. By parliamentary convention (‘convention’ in the sense of accepted practice), this administration should not embark on any major new projects and may not use the UK civil service for such a purpose. Cabinet Secretary Sir Mark Sedwill, the head of the civil service, is reported as having expressed the view that the ‘standstill’ in this situation would be that the UK remains in the EU. However, government spokespersons have said that this would involve the civil service effectively acting in contravention of the 2018 Withdrawal Act.
It seems likely, if this scenario develops, that the matter will be referred to the UK Supreme Court. The British constitution is not written down and relies on many traditions and convention, some of considerable antiquity. However, there is precedent in a December 2018 Supreme Court case, which decided that the legislative consent motions passed by the Scottish Parliament under the Scotland Act 1998 could not be used to affect the validity of the 2018 Withdrawal Act. It had been argued that the convention requiring the Scottish government to be consulted on any UK legislation that involved matters devolved to Scotland was absolute. The Supreme Court disagreed, on the basis that a convention could not take precedence over a statute. On this basis, any reference to the Supreme Court seeking to block the operation of the 2018 Act through convention would likely fail.
It is often said ‘a week is a very long time in politics’. Prime Minister Johnson may be able to secure some last-minute concessions from the EU negotiators enabling a withdrawal agreement to be approved by Parliament, but this looks challenging. Legal routes to block Brexit are also likely to meet several hurdles. Consequently, at this stage, Britain’s exit from the EU on October 31 looks the more likely outcome. Whether that means an abrupt departure from the EU, or whether a managed ‘no-deal’ Brexit could be achieved through negotiation and agreement on key matters, remains to be seen.
