Part 1: Cutting through the Internet of Things hyperbole

Posted on October 15th, 2014 by



I’ve held back writing anything about the Internet of Things (or “IoT“) because there are so many developments playing out in the market. Not to mention so much “noise”.

Then something happened: “It’s Official: The Internet Of Things Takes Over Big Data As The Most Hyped Technology” read a Forbes headline. “Big data”, last week’s darling, is condemned to the “Trough of Disillusionment” while Gartner moves IoT to the very top of its 2014 emerging technologies Hype Cycle.

Something had to be said. The key point for me is that the IoT is “emerging”. What’s more, few are entirely sure where they are on this uncharted journey of adoption. IoT has reached an inflexion point and a point where businesses and others realise that identifying with the Internet of Things may drive sales, shareholder value or merely kudos. We all want a piece of this pie.

In Part 1 of this two part exploration of IoT, I explore what the Internet of Things actually is.

IoT –what is it?

Applying Gartner’s parlance, one thing is clear; when any tech theme hits the “Peak of Expectations” the “Trough of Disillusionment” will follow because, as with any emerging technology, it will be sometime until there is pervasive adoption of IoT. In fact, for IoT, Gartner says widespread adoption could be 5 to 10 years away. However, this inflexion point is typically the moment in time when the tech industry’s big guns ride into town and, just as with cloud (remember some folk trying to trade mark the word?!), this will only drive further development and adoption. But also further hype.

The world of machine to machine (“M2M“) communications involved the connection of different devices which previously did not have the ability to communicate. For many, the Internet of Things is something more, as Ofcom (the UK’s communications regulator) set out in its UK consultation, IoT is a broader term, “describing the interconnection of multiple M2M applications, often enabling the exchange of data across multiple industry sectors“.

The Internet of Things will be the world’s most massive device market and save companies billions of dollars” shouted Business Week in October 2014, happy to maintain the hype but also acknowledging in its opening paragraph that IoT is “beginning to grow significantly“. No question, IoT is set to enable large numbers of previously unconnected devices to connect and then communicate sharing data with one another. Today we are mainly contemplating rather than experiencing this future.

But what actually is it?

The emergence of IoT is driving some great debate. When assessing what IoT is and what it means for business models, the law and for commerce generally, arguably there are more questions than there are answers. In an exploratory piece in ZDNET Richie Etwaru called out a few of these unanswered questions and prompted some useful debate and feedback. The top three questions raised by Ritchie were:

  1. How will things be identified? – believing we have to get to a point where there are standards for things to be sensed and connected;
  2. What will the word trust mean to “things” in IoT? – making the point we need to redefine trust in edge computing; and
  3. How will connectivity work? – Is there something like IoTML (The Internet of Things Markup Language) to enable trust and facilitate this communication?

 

None of these questions are new, but his piece reinforces that we don’t quite know what IoT is and how some of its technical questions will be addressed. It’s likely that standardisation or industry practice and adoption around certain protocols and practices will answer some of these questions in due course. As a matter of public policy we may see law makers intervene to shape some of these standards or drive particular kinds of adoption. There will be multiple answers to the “what is IoT?” question for some time. I suspect in time different flavours and business models will come to the fore. Remember when every cloud seminar spent the first 15 minute defining cloud models and reiterating extrapolations for the future size of the cloud market? Brace yourselves!

I’ve been making the same points about “cloud” for the past 5 years – like cloud the IoT is a fungible concept. So, as with cloud, don’t assume IoT has definitive meaning. As with cloud, don’t expect there is any specific Internet of Things law (yet?). As Part 2 of this piece will discuss, law makers have spotted there’s something new which may need regulatory intervention to cultivate it for the good of all but they’ve also realised that there’s something which may grow with negative consequences – something that may need to be brought into check. Privacy concerns particularly have raised their head early and we’ve seen early EU guidance in an opinion from the Article 29 Working Party, but there is still no specific IoT law. How can there be when there is still little definition?

Realities of a converged world

For some time we’ve been excited about the convergence of people, business and things. Gartner reminds us that “[t]he Internet of Things and the concept of blurring the physical and virtual worlds are strong concepts in this stage. Physical assets become digitalized and become equal actors in the business value chain alongside already-digital entities“.   In other words; a land of opportunity but an ill-defined “blur” of technology and what is real and merely conceptual within our digital age.

Of course the IoT world is also a world bumping up against connectivity, the cloud and mobility. Of course there are instances of IoT out there today. Or are there? As with anything that’s emerging the terminology and definition of the Internet of Things is emerging too. Yes there is a pervasiveness of devices, yes some of these devices connect and communicate, and yes devices that were not necessarily designed to interact are communicating, but are these examples of the Internet of Things? Break these models down into constituent parts for applied legal thought and does it necessarily matter?

Philosophical, but for a reason

My point? As with any complex technological evolution, as lawyers we cannot apply laws, negotiate contracts or assess risk or the consequences for privacy without a proper understanding of the complex ecosystem we’re applying these concepts to. Privacy consequences cannot be assessed in isolation and without considering how the devices, technology and data actually interact. Be aware that the IoT badge means nothing legally and probably conveys little factual information around “how” something works. It’s important to ask questions. Important not to assume.

In Part 2 of this piece I will discuss some early signs of how the law may be preparing to deal with all these emerging trends? Of course the answer is that it probably already does and it probably has the flexibility to deal with many elements of IoT yet to emerge.

.............................................................................................................................

How can I use my US sales terms in Europe?

Posted on October 14th, 2014 by



Nearly every US in-house counsel has faced the task of tackling an impending overseas deal when only US State law governed terms are at hand. Staring down the barrel at an unknown legal system, a familiar scene plays out:

Do you push to use the US terms unamended?

Often, there is an overwhelming desire to use what you have. You have invested time in these terms, you understand their structure and where you would concede on them. What’s more, they are based on your home law. If you get embroiled in litigation, it is not far to travel to litigate in the Santa Clara County courts and you will be defending your position with California law and with terms you drafted.

However, if you use them abroad, are they enforceable?

Should you fully localise the US terms?

If there is the budget and time available, another option is to take the US form and have someone with the right expertise “localise” the contract. They can make the necessary amendments to ensure the provisions comply with the relevant local law and local market practices. Inevitably, this involves relinquishing the relative sanctity of local courts and familiar law.

When localised, you know the contract will now be enforceable and acceptable. But what have you lost? Unfamiliar with your systems and appetite for risk, has the local counsel “given away” ground? Why are there now fewer exclusions and wider warranty provisions? Inevitable, some control is ceded.

The contractual dilemma

Depending on the scenario, it may be reasonable to take either approach. Seasoned advisors will know where to draw the line. The decision is a fundamental one which sets the tone and shape of negotiations immediately. Where each side favours their own system and laws, building an entrenched position in favour of home advantage may, in practice, turn out to be the wrong decision.

Yes, each party could agree to local law and the right to apply for their home courts when defending an action under the contract. But what will a French court make of a US style exclusion of liability clause crafted for Washington State law? At that point you may wish you had localized.

Yes, local counsel can attempt to cobble together an agreement which would “work” in every EU Member State as well as the US, but do you understand and accept the consequential risks of an imperfect document? With a true blend of applicable systems, can anyone actually understand the extent of the compromises being made?

The legal dilemma

Like it or not, different territories have different laws. There are 28 states in the European Union and across these states there are tranches of relatively harmonised laws in certain areas. The basic underlying laws of contract and case law or codes which aid their interpretation are, however, all different.

Faced with just such a decision regarding localisation – what are 10 issues should you consider?

One: Freedom of contract

In Europe we have “freedom of contract”. For most business-to-business (B2B) contracting scenarios, it is possible for the parties to negotiate freely and choose the law that should apply to the contract and to the forum that should hear any resulting dispute. Yes, particular local regulation may intervene in a few areas, but there is nothing to outlaw a Delaware State law deal between two consenting businesses in Italy.

The instinctive reaction is to go with what is familiar. Instead, step back and consider the likely scenarios in which the contract could be enforced. Consider also which legal concepts/provisions on which you are most likely to rely.

Two: When consumers are involved in Europe, work to their local law

Across the European Union, when consumers are contracting, the game changes. EU consumers are always entitled to have any contract they are entering into subject to the law of the land in which they are domiciled. This is the case whether the Dutch consumer is offered Californian or Belgium law. Any attempt to over-ride this will fail.

Additionally, an EU-based consumer cannot be denied their local court. And, no matter how hard you try, you cannot force a consumer into arbitration.

If a court will apply the consumer’s local law, to get the best protections for the business, you should try to craft terms around these laws. Take time to assess the local system and approach of peers and regulators. In Germany consumer organisations and even competitors have standing to object. Elsewhere, there are potentially more lenient enforcement regimes. US terms maybe unenforceable but, if it’s a free product, perhaps retaining US State law is an acceptable risk to take?

Additionally, European consumers are entitled to terms which are:

  • fair” and “reasonable“; and
  • accessible in “plain and intelligible” language.

This means not only the use of clear and non-technical language, but also local language (English language terms for a French customer are always “unfair” and unenforceable). The law also overreaches to restrict how aggressive and one-sided you can be. There cannot be a “significant imbalance” in approach. Admittedly, drafting to this vague and flexible notion can be a challenge. 

Three: Be aware of legalese and differences in terminology

Words familiar and acceptable in the US sometimes have a different interpretation in the EU. For example, only an individual goes “bankrupt” in the UK and- at times- restrictions permissible in the US are outlawed in the EU. The use of stock phrases like “save as maybe permitted by law” or “including the occurrence of any analogous event in any jurisdiction“, can get you so far but, as in any legal system, there is an art to crafting restrictions within laws and limitations.

As discussed below, this is particularly the case with vocabulary used to exclude liability

Four: Consider and assess mandatory laws

Make the necessary amendments for local mandatory laws“- this is a common instruction which is rarely understood. Few have the confidence to get to the bottom of whether there is value in doing this kind of review. The answer varies depending on the context and market.

Sometimes, including a provision which over-steps a mandatory law simply renders the provision unenforceable. Occasionally, it may be tactical to include the restriction, knowing that some opposing parties may believe it to be enforceable and not open to challenge. However, over-step in areas of competition/anti-trust law (e.g. by fixing prices or imposing minimum pricing in a vertical agreement) could lead to significant fines and pain.

Five: Dealing with intellectual property

There are a number of nuances to be aware of when dealing with intellectual property (IP). First, be aware that “Works for Hire” concepts do not apply in Europe. If you want to own the IP created, you will need to get an express written assignment.

If the circumstances dictate, ensure a developer of IP waives any moral rights (rights to be recognised as author). These moral rights can be waived but only by the author. Consider contractual obligations to ensure the appropriate waivers are provided by legal persons other than the contracting party.

Thanks to international treaties many IP concepts are similar, but be aware of Europe’s unique beast – the database right. Where there is specific effort involved in compiling a database (even absent any element of creativity), an IP right known as database right may arise. Does the contract consider this right and do you need any specific rights to use, transfer, or protect any database?

Six: Effectively excluding liability

If you do anything, consider provisions limiting or excluding liability:

(1) There are certain liabilities which cannot be excluded by law (e.g. causing death or personal injury as the result of negligence in the UK).

(2) Case law or codified law in various European countries ascribes particular meaning to commonly used words like “indirect“, “consequential“, and “direct” loss. In the UK loss of profit can be a direct loss. In most jurisdictions the courts will never make exemplary or punitive awards. Use of any of these words in exclusions is likely to be unfair when dealing business-to-consumer.

(3) There is often an over-riding concept of reasonableness which pervades contractual exclusions. This applies where a vendor deals on non-negotiated standard terms or to provisions which are not negotiated. Under unfair contract legislation, in many circumstances, clauses which exclude too much, and leave no real remedy other than refund of monies paid, may well contain unreasonable exclusions which are open to challenge in the courts (even B2B).

While evolving case law applies at common law, if you move to France, Germany or Austria your exclusion clause may need to say much less because the applicable codes imply core principles around recovery and exclusions.

Seven: Effectively dealing with privacy

A common mistake when deploying a US-style contract in a European situation is to forget to consider what is not there; privacy is seldom sufficiently dealt with. As you will be aware, European privacy laws are rigorous and have ubiquitous application to personal data, unlike the US situation where particular privacy wrongs have been addressed on a sectoral basis.

In a nutshell, in Europe, the “data controller” (as the entity than makes decisions about the manner in which personal data is used) has a legal responsibility in relation to the use and sharing of that data. As data controller, rules which apply across the EU require them to handle data in accordance with eight broad principles. The seventh principle requires the data controller to ensure it has a written contract with a data processor (i.e. an entity processing or using the data on their behalf) requiring certain contractual protections to ensure that the data remains adequately protected. Under that same principle, they also have an obligation to ensure they take technical and organisational steps to keep those data secure.

Data controllers are required to pass on certain contractual requirements to ensure that data is protection both by their data processor but also ensuring these obligations are flowed down to any sub-processors. Of course, European rules equally restrict the transfer of personal data outside of the European Economic Area (the 28 EU Member States plus Norway, Iceland, and Lichtenstein), unless there is adequate protection for that data. Typically this is a key point of contractual friction.

Eight: Assess and understand what terms are automatically implied into a contract

On the basis that implied provisions usually add risk and liability, it is important to understand what terms will be implied into any contact. Broad-brush exclusions can be effective but be aware some implied terms are conditions and not warranties like the US. Standard US language often misses this or alternative concepts like “satisfactory quality“.

Not all implied terms can be excluded in all situations. Importantly, know where these can be excluded and, where possible, ensure that you effectively exclude them.

Nine: Boilerplate

An area often ignored is the boilerplate. Sometimes, localisation focuses only on how and where to serve notices within the EU. Precedent law has evolved to require terms be drafted in a particular manner. Whilst the boilerplate in US and EU agreements may appear similar at first glance, there are subtle differences which are there for a reason. Fraudulent misrepresentations cannot be effectively excluded with an entire agreement clause in the UK. Some EU jurisdictions have laws which dispense with the rules of privity of contract- do you want a third party who is not a party to this contract taking a benefit?.

Ten: “Look and feel”

So, you think this final point is trivial? While many agreements used in Europe have their roots in the US, it’s amazing how easy it is to spot a US agreement. Whether it is the lengthy paragraphs, references to “Section” and not “Clauses”, CAPITLISATION, or simply the tone, a US agreement is easily identified. This is not always an issue, but, if you’re a vendor competing with other European businesses or trying to get your own terms accepted in a battle of the forms scenario – “look and feel” counts.

In Europe, it’s not necessary to capitalise to ensure the effectiveness of clauses. Equally, if you’ve not fully localised, a single unenforceable clause or concept included within a large paragraph this may cause the entire clause to fail. If you are not fully localising, sometimes breaking up concepts and clauses and considering severability counts.

Conclusions

There is lots to think about and the devil is in the detail. Striking a clear balance and making a determination based on the actual risk is important. Risks will vary depending on the circumstances. In a business-to-consumer context, more careful and more piecemeal localisation is typically required.

Ultimately, do you want to understand why a provision works effectively in the EU, or are you prepared to risk it?

Mark Webber, Partner – Fieldfisher (Palo Alto, California)

mark.webber@fieldfisher.com

 

 

.............................................................................................................................

Local Digital Terrestrial Television Licensing Update

Posted on October 1st, 2014 by



In July 2011, the then Culture Secretary, Jeremy Hunt, set out his proposed framework for local television in the UK*, and the Local Digital Television Programme Services Order 2012 was passed amending the Broadcasting Act 1996 and the Communications Act 2003 to enable the provision of local digital television services.  Also passed were the Wireless Telegraphy Act 2006 (Directions to OFCOM) Order 2012, providing for spectrum to be kept available for the broadcast of local television services; and the Code of Practice for Electronic Programme Guides (Addition of a Programme Service) Order 2011, amending s.310 of the Communications Act 2003 to make local television services a ‘public service channel’, requiring them to be given preference along with the other public service offerings.

On 15th September Ofcom, which has responsibility for licensing local television stations, issued an update to summarise the progress made over the last two years – the headlines are that:

– 30 local television licences have been granted to a number of different organisations across the UK – these include not-for-profit community ventures, as well as commercial ventures involving TV production companies, local newspapers, and the education sector; and

– there are currently six local channels on air (in London, Nottingham, Glasgow, Norwich, Brighton & Hove, and Grimsby), broadcasting local services to a potential audience of 6 million viewers. Ofcom believes that, to date, around 6,400 hours of local programming has been transmitted.

A second phase of licensing is now underway**.

*The framework is available at http://goo.gl/LU9oSN

**For further information regarding the licensing of local television, see Ofcom’s website – http://stakeholders.ofcom.org.uk/consultations/local-tv/

 

.............................................................................................................................

The Smart Metering Implementation Programme – an update

Posted on September 15th, 2014 by



The latest report of the Public Accounts Committee on the preparations for the UK Smart Metering Implementation Programme was published on 10 September 2014.  The report provides an insight into the progress of the Programme along with recommendations on how to tackle a steadily growing list of potential issues.

The Smart Metering Implementation Programme is an initiative led by the Department of Energy and Climate Change which requires UK energy suppliers to replace existing gas and electricity meters in homes and small businesses with smart meters.  The cost of this (currently estimated to be £215 per household) will be passed on to consumers by energy suppliers via a small increase in energy bills over the course of several years but offset by increased savings to consumers as a result of their new found ability to keep track of and optimise their energy use.  Along with establishing the necessary infrastructure to facilitate the Programme, the Department of Energy and Climate Change has established the regulatory framework requiring suppliers to install the meters and to establish and fund a new central body whose role is to increase awareness of the Programme and promote long-term behavioral changes in consumers.

Although a number of potential issues are identified by the Committee, the two key concerns (besides predictable reservations over the increasing cost of the Programme) were as follows:

1. “The [Department of Energy and Climate Change] is primarily relying on assumed competition in the industry to control costs and deliver benefits. This may well prove insufficient on its own to protect consumers”; and

2. “There is also a danger that the Government gets locked into an existing technology when technologies are changing fast – leading to consumers paying for investment in a system which is already out of date.”

With regards to the latter, of particular concern to the Committee is that certain aspects of the Programme could be out-of-date by the time it is fully rolled out. The example given in the report to illustrate this is that of the in-home displays which allow consumers to view real time data of their energy usage becoming redundant even before they’re installed owing to the increasing likelihood that such a function could be carried out using a consumer’s smart phone instead.

The UK wide roll-out is currently penciled in to be completed by the end of 2020.

.............................................................................................................................

EU Cloud Strategy — a step towards model SLAs?

Posted on September 10th, 2014 by



In late June 2014 the Cloud Select Industry Group (C-SIG) delivered guidelines to help EU businesses contract in the cloud. This output is one of a number of pillars within the Commission’s European Cloud Strategy and emanates from the work stream tasked with the development of model safe and fair contract terms. These Guidelines are not prescriptive cloud terms but aim to be the first step towards standardised building blocks for Service Level Agreements (SLAs) and associated metrics. Not law, but it may influence the development of contracting standards.

The context

The European Commission consulted on the future for cloud computing within the digital economy in 2011. This led to the Cloud Computing Strategy published with great fanfare in September 2012. Setting out its vision of the future, the Commission indicated it would be “unleashing the potential of cloud computing in Europe”. In a communication bearing this phrase, it set an objective of “enabling and facilitating faster adoption of cloud … throughout all sectors of the economy”. Aimed squarely at finding “ways to maximise the potential offered by the cloud” this Cloud Strategy is the result of analysis of the overall policy, regulatory and technology landscape.

Preparatory work

In announcing its Cloud Strategy the Commission highlighted an urgent need for actions to address three key areas :

  • Fragmentation of the single market due to differing national legal frameworks and uncertainties over applicable law, digital content and data location;
  • Problems with contracts related to worries over data access and portability, change control and ownership of the data; and
  • A jungle of standards generates leading to confusion by a proliferation of standards and a lack of certainty as to which standards provide adequate levels of interoperability of data formats to permit portability.

Select industry groups The Strategy explains that: “several of the identified actions are designed to address the perception, by many potential adopters of cloud computing, that the use of this technology may bring additional risks.” Working groups were set up via DG Connect and, in November 2013, the European Cloud Partnership launched to assess and potentially coordinate common and transparent public sector cloud procurement processes throughout the EU. This is something which could be of great benefit to large enterprise cloud vendors seeking simplified and more consistent procurement models across multiple jurisdictions in the EU.

The working groups have started to feedback their early findings. In November 2013 the European Telecommunications Standards Institute (ETSI) published its final report titled “Cloud Standards Co-ordination” concluding that “cloud standardization is much more focussed than anticipated”. They portrayed the landscape as “complex but not chaotic and by no means a ‘jungle’”. ETSI’s report tries to define the cloud and classify numerous use cases. It then goes on to list some 20 relevant organisations with a hand in cloud standardisation and over 150 associated documents, specifications and whitepapers. These are all cloud enablers but are maturing and ETSI recommends further monitoring and reporting. Interesting stuff, but far from definitive, and offering little guidance to today’s cloud adopters.

Safe and Fair Contract Terms and Conditions

The EU Cloud Strategy is seeking a new approach and is in part based upon the idea that the EU may be able to ease the pain of adoption via new regulation (including data privacy reform). Thankfully, this is not solely about new potential laws. There are wider policy and political commitments. The EU’s Digital Agenda set the objective to “simplify copyright clearance, management and cross border licensing” now viewed as an element of the necessary steps to make Europe more cloud friendly. Part of this vision also involves the Common European Sales Law (CESL) proposals which envisage a single EU wide consumer contract law which could displace national contracting regimes and jurisdictional issues thus facilitating more cross border trading in the EU.   The political belief is that current contract laws potentially impact digital confidence as consumers have a lack of certainty about their rights.   It’s hoped that a uniform law may change this but any such change is a long way away today.

With all of the above in mind, the Cloud Strategy aimed to address issues not being considered within the CESL and the wider Digital Agenda. Importantly four elements were called out:

  • Data preservation after termination of the contract;
  • Data disclosure and integrity;
  • Data location and transfer / Ownership of the data; and
  • Direct and indirect liability, change of service by providers and subcontracting.

The EU plans to identify and then publish best practices in relation to model contract terms. The hope is that by socialising this information, and providing better optics in relation to the “how to” of cloud contracting, this should lead to more supplier consistency and transparency but will also accelerate cloud adoption by building trust in the cloud.

C-SIG reporting on SLAs

The June 2014 report from C-SIG (made up on a select group of industry bodies and IT service providers) offered up a 41 page

cause. What the Cloud Service Level Agreement Standardisation Guidelines do well is set out and further define a range of concepts which, depending of the nature of the cloud model and the type applicable services, could be employed in a cloud SLA. The intention is to set out a “set of principles that can assist organizations, through the development of standards and guidelines for cloud SLAs and other governing documents”.   The C-SIG makes it clear that the principles are not intended to be limiting nor to even set model terms. They are “guidelines“ and could be used as a checklist or prompt during drafting and negotiations.

The Guidelines are intended to be technology neutral, to have worldwide applicability and attempt to set out some unambiguous definitions of common cloud concepts and terminology.

Comparable Service Level Objectives (SLO)

The C-SIG believes that in order for cloud customers to easily make like-for-like comparisons and be informed about the services of competing cloud vendors, it would be best if the service level objectives derive from the same roots. They explain that the SLO does not need to be determined by identical means, but sufficient information about the SLO needs to be provided. This is why they are setting out standardized terminology, metrics and templates — they hope these will be used to provide extra insight in making these decisions.

The Guidelines go on to expand upon what the C-SIG believes to be the some of the most common SLOs and the performance of related aspects of the interface between the cloud service customer and the vendor.   There is an outline SLO and associated description for:

  • Performance including : Availability; Response Time; Capacity; Capability indicators; Support; Reversibility and the Termination Process;
  • Security including : Service Reliability, Authentication & Authorisation, Cryptography; Security Incident Management and Reporting, Logging and Monitoring; Auditing and Verification and Governance;
  • Data Management including : Data Classification, Data Monitoring, Backup and Restore, Data Lifecycles and Data Portability; and
  • Personal Data Protection including : Codes of Conduct, Standards and certification mechanisms, Purpose Specification, Data Minimisation, Use, Retention and disclosure limitation, Openness, Transparency and notice, Accountability, Geographical location of data, Intervenability

What next?

Whether this information rather than structure approach will be adopted remains to be seen. The next step is for the Commission to test the Guidelines with users and discuss it within an expert group in October 2014. If the Guidelines are to gain traction there needs to be significant vendor buy-in (particularly from the dominant US players). If the International Standards Organisation (ISO) or other bodies move to incorporate or adopt these Guidelines this may in turn feed new international standards on SLAs for cloud.

Thought also needs to be given to the Guideline’s applicability to multi-tenanted services . Perhaps time should be invested gathering the views of smaller cloud vendors as the Guidelines contain more extensive SLOs than many standard cloud deals today. Vendors will be shifting uneasily if these are to shape all EU cloud deals in the future. Protecting buyers is one thing, but trust comes from balance and fairness. This is not law but it may force into being guidelines that are treated as EU law.

 

.............................................................................................................................

Ofcom consultation on mobile spectrum licence fees

Posted on August 1st, 2014 by



Ofcom has recently conducted research which shows that UK consumers now believe that the ability to obtain emergency assistance, contact friends and family, access information, education and entertainment make the provision of mobile telecommunications essential services. This demonstrates how access to voice services and mobile internet has become central to the way we live and work in the 21st Century.

Today, Ofcom has published its latest consultation document in relation to the revision of the annual licence fees for the use by mobile network operators (“MNOs“) of the 900MHz and 1900MHz bands of the electromagnetic spectrum. The bands are currently used for the delivery of 2G, 3G, and 4G mobile services. This review arises out of Ofcom’s mandate, imposed by the Government, to ensure that the annual licence fees reflect full market value following completion of the 4G auction.

MNOs currently pay a total of £24.8m per year for spectrum in the 900MHz band, and £39.7m for spectrum in the 1800MHz band. The revised figures currently proposed are £109.3m per year for spectrum in the 900MHz band, and £137.5m for spectrum in the 1800MHz band – an average increase of around 394%.

This is, however, around 29% lower than Ofcom’s previous proposal in October 2013, and reflects its updated analysis of the market value of the 800MHz and 2.6GHz spectra; international benchmark evidence; and calculations to convert lump-sum values into annual licence fees. The calculation also takes into account the anticipated co-existence costs in relation to avoiding unwanted interference with digital terrestrial television broadcast signals. The reduction from the last proposal is partly as a result of proposals made by certain of the MNOs (such as EE and H3G) as to calculation methods.

As part of the consultation, Ofcom has calculated what it believes to be the market values of the 800MHz and 2.6GHz spectra, and has valued spectrum within those bands at £32.63m/MHz and £5.5m/MHz (although it acknowledged that the latter figure may undervalue the spectrum band by up to £900k/Mhz).

The closing date for response to the consultation is 26th September 2014.

 

In other news, Ofcom has also invited applications for new local television channels in a further seven locations: Aberdeen; Ayr; Carlisle; Dundee; Forth Valley; Inverness; and Stoke-on-Trent. Local television is currently broadcast in the same spectrum bands as the national channels, typically in the range between 470MHz and 790MHz (albeit with the upcoming clearance exercise channels at the top end of this range are intended to be moved to frequencies below 694MHz). These will join the other locations for which licences have been granted, being: Basingstoke; Belfast; Birmingham; Brighton & Hove; Bristol; Cambridge; Cardiff; Edinburgh; Glasgow; Grimsby; Guildford; London; Leeds; Liverpool; Manchester; Maidstone; Middlesbrough; Mold; Newcastle; Norwich; Nottingham; Oxford; Preston; Reading; Salisbury; Scarborough; Sheffield; Southampton; Swansea; and York.

.............................................................................................................................

Queen’s Speech 2014: Legislative change imminent

Posted on July 14th, 2014 by



The Queen’s Speech, setting out the government’s legislative plans for the forthcoming year, was given on 4 June 2014.

 

This year the Serious Crime Bill (the “Bill”) will be the measure that is of particular interest to the technology and IT industries. The Bill sets out proposed amendments to the Computer Misuse Act 1990 (“CMA) which aim to ensure sentences for attacks on computer systems fully reflect the damage they cause.

 

The amendments to the CMA will:

  1. Create a new offence of unauthorised acts in relation to a computer causing, or creating risk of, serious damage (of various sorts).
  • Where such cyber-attacks result in (or give rise to a significant risk of): loss of life; serious illness or injury; or serious damage to national security, the maximum sentence for the new offence will be life imprisonment.
  •  Where a cyber-attack causes or creates a significant risk of severe economic, social or environmental damage, the maximum sentence will be 14 years’ imprisonment.
  1. Implement Directive 2013/40/EU on attacks against information systems. European member states are required to implement this directive by 4 September 1015. Key changes to the CMA include:
  • criminalising the making, distribution or use of tools that are primarily designed to be used in hacking offences; and
  • providing a legal basis to prosecute a UK national who commits a CMA offence outside the UK. This will be true even where the offence has no link to the UK, provided it was also an offence in the country in which it took place

The Bill had its second reading in the House of Lords on 16 June 2014 and is currently in the committee stage which will continue on 15 July 2014. Subject to its progress in parliament, the Serious Crime Bill is likely to come into force some time in 2015.

.............................................................................................................................

Ruled by Secrecy

Posted on July 9th, 2014 by



In 2010, the European Commission adopted a strategy for smart, sustainable and inclusive growth (Europe 2020) which requires strengthening knowledge and innovation as drivers of the Union’s economic growth.  In this context, in November 2013, the EU Commission submitted to the Council and the Parliament a draft directive on the protection of trade secrets.  Whilst it has yet to be discussed by the European Parliament the Council has recently given an opinion on the draft.

Recent studies by the Commission have highlighted the fragmented and diversified nature of the existing protection for trade secrets across the European Union and concluded that:

  • differences in trade secret protection can hinder cross-border research and development, and may place companies within the EU at a competitive disadvantage; and
  • harmonisation of the law in this area would improve conditions for businesses to develop, exchange and use information and know how.

The harmonisation process is intended make it easier for national courts to deal with the misappropriation of confidential business information, to remove infringing products from the market, and make it easier for victims to receive compensation for illegal actions.  All patents, designs and trade marks begin life as commercially sensitive information which is, until an intellectual property right is obtained, vulnerable to theft.  As the rate of innovation tends to be greatest in small and medium sized businesses, start-ups, and those in the technology industry, these tend to be the organisations most at threat and therefore could be the ones to benefit most from an update to the law.

To facilitate harmonisation the draft directive introduces a common definition of trade secret; that is, information that:

  • is secret in the sense that it is not, as a body or in the precise configuration and assembly of its components, generally known among or readily accessible to persons within the circles that normally deal with the kind of information in question;
  • has commercial value because it is secret; and
  • has been subject to reasonable steps by the person lawfully in control of the information to keep it secret.

This is useful as it gives a common understanding across the European Union as to what should, as a minimum, be protected.  As the definition of trade secret holder is fairly wide, being any person that lawfully controls a trade secret, this could arguably give licensees (as well as the ultimate ‘owners’ of the trade secret) a right to prevent and obtain redress for the unlawful us or disclosure of a trade secret.  This is not generally the case with other intellectual property rights.

However, there are a number of issues with the directive which lead commentators to believe that it may not give the full protection to trade secrets which is enjoyed in relation to other intellectual property rights, for example, the lack of availability of measures for collecting evidence of illegal disclosure, acquisition, or use.

It seems that whilst this may be a step in the right direction the best advice is, in the wise words of Gandalf the Grey – “Keep it secret, keep it safe”.

 

.............................................................................................................................

Update: New Consumer Rights Regime in Europe – now in force

Posted on June 13th, 2014 by



Who needs to read this update?

The EU’s Consumer Rights Directive (CRD) applies to all businesses selling products, services and digital content to European consumers.

The CRD represents a major change in Europe’s consumer regulatory landscape, bringing changes that carry a significant compliance impact, especially for online businesses.

As of 13th June 2014, the new rules have been implemented into national law across all key European markets. In the UK, the rules have been implemented by the Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013 and the Consumer Rights (Payment Surcharges) Regulations 2012.

This briefing note gives an overview of the key changes and addresses some of the common challenges digital businesses face when assessing how to balance user experience with robust compliance under the new framework.

 

What are the top 10 changes I need to know about?

1. 14 day cooling off period: Customers can cancel an order without charge within 14 days of purchase (for services) or receipt of goods (for goods)

2. Special cancellation rules for digital content: The 14 day period won’t apply to digital content purchases, provided the seller fully complies with sometimes complicated information requirements

3. Ban on pre-ticked boxes: Additional services must not be pre-selected in the transaction process and extra costs must be transparent

4. Payment buttons: If clicking a button will oblige the customer to pay, the button must clearly indicate this (e.g. “Pay Now” but not “Order and Proceed”)

5. No excess payment surcharges: Charges for using credit cards and other payment methods must reflect real cost to seller

6. Pre- and post-contract information obligations: The rules include a new list of information to be provided on a “durable medium”, which now has new definition

7. Information obligations now implied terms of contract: This means the contract may not bind the customer at all if you fail to fully comply (but business will still be obliged to perform)

8. Model cancellation form: Must be made available, but will not restrict customers’ options for communicating their cancellation

9. Ban on premium rate customer service numbers: If you have a customer service phone line, it must charge no more than the basic call rate

10. Delivery restrictions & accepted payment methods must be indicated upfront: This information must be clear before the consumer is obliged to pay

 

What compliance challenges does the CRD present for digital businesses?

Experience so far shows that digital businesses are facing challenges when deciding how to comply with the new distance selling rules under the CRD, especially with regard to cancellation rights and refunds. Available guidance from national regulators has often not addressed the kinds of practical compliance measures online businesses must now implement.

As a “maximum harmonisation” Directive, in order to avoid country specific variances, the EU Commission was itself keen to publish unifying guidance applicable across the EU.  In background briefings during 2013 members of this firm were promised practical high level guidance would be made available.

Yet, at the 11th hour, it seems this is still yet to materialise.  A flurry of thoughts in February this year socialised some suggestions for a transparency model for digital sales which suggested the use of icons to inform consumers during internet and mobile sales. Perhaps the proposed use of iconography was too much for industry to bear? We can at least borrow some ideas for what “good” would look like from Germany (whose current rules the CRD is based upon).  What is clear is that online merchants face extremely convoluted new rules and scant examples of how to proceed.

For example, businesses selling digital items generally want to rely on the exception from the 14 day cooling off period for digital content. This ensures that they are not obliged to refund customers who may have used and enjoyed fully functioning digital products. However, in order for this exception to apply, the business must:

– obtain the customer’s express consent to the content being provided right away and acknowledgement that they will lose their right to cancel; and

– confirm that consent and acknowledgment, plus other mandatory information, in a durable medium within a reasonable time.

Implementing this in practice may be straightforward, or more complex, depending on factors affecting your customers’ user journey, such as whether your business controls the full transaction flow, whether you are using a bespoke or multi-vendor platform (such as a social media network) and how payments are made (e.g. cash, credit, virtual currency).

 

What happens if we don’t comply?

National regulators will be keen to set examples during 2014 and 2015, and businesses that fail to comply with the new requirements run the risk of:

– civil or sometimes criminal action, for serious breaches;

– negative PR and customer backlash;

– customers not having to pay for your products and services, whilst the business remains obliged to provide them; and

– questions around revenue recognition where non-compliance with the CRD potentially renders online sales voidable by customers for extended periods.

 

What should I do now?

Since the new rules are in force as of 13th June 2014, you should act fast to assess the impact on your business and update your compliance programme as necessary. For more guidance, please contact David Lewis or Sonal Patel.

.............................................................................................................................

Androids live among us…

Posted on June 11th, 2014 by



…ok, so perhaps not, but according to the BBC (http://goo.gl/ldMrLP) there has been a significant step forwards in the development of an artificial intelligence.

The Turing Test was proposed by Alan Turing in his 1950 paper, “Computing Machinery and Intelligence”, and is widely considered to be an excellent test of whether a machine is able to ‘think’. Essentially it is a text-based game of imitation, testing a machine’s ability to display behaviour which cannot be distinguished from that of a human being whilst holding a text-based conversation.

The test doesn’t directly deal with the question of whether the computer has so-called ‘artificial intelligence’, only whether it accurately simulates human behaviour (which can be decidedly unintelligent on occasion). That said, if a machine has genuinely passed the test as the BBC article suggests, then it can be considered a significant milestone in the quest for ‘AI’ and we should perhaps be on the lookout for cyborg assassins from the future. There is significant doubt however, and the results have been criticised on a number of grounds.

The development of AI – for example cybernetics and reasoning functions wider than pure logic – are likely to contribute significantly to the way we live and work in the coming decades in the same way that they have already done in the last two. The development of Google’s search engine for example, beginning in around 1997, is an important example of this and in 2012 Google’s official blog referred to the development of artificial intelligence and machine learning using large-scale brain simulation. Even without the benefit of a crystal ball (or a cyborg from the future) it is a relatively safe bet that significant value will be generated out of the processing of big data using machines capable of self-taught learning.

This area has particular resonance with me, as part of my Masters’ thesis was on the subject of autonomous navigation systems for planetary exploration. The developments made over the last eight years have really moved us forward in terms of what is achievable and the rate of progress, to my mind, seems to be increasing. As new concepts are developed and moved from the laboratory to our homes and workplaces, I have no doubt that it will be exciting to watch the information age unfold.

 

.............................................................................................................................