European TMT & Privacy Bulletin - July 2012
Sections of this issue:
Contracts & E-Commerce
Privacy & Data Protection
CONTRACTS & E-COMMERCE
Dutch Supreme Court Endorses Lotto Monopoly After Court of Justice's Ruling
On 24 February 2012, the Dutch Supreme Court ("Hoge Raad") issued its ruling in the case of Ladbrokes vs. De Lotto. It held that De Lotto's monopoly on games of chance in The Netherlands is compatible with the freedom to provide services and that Ladbrokes may be enjoined from targeting Dutch citizens with its sports betting offer. The Hoge Raad found guidance for this ruling in a preliminary ruling by the Court of Justice of the European Union ("ECJ").
The (current) Dutch Gaming Act and the dispute before the courts
The current Dutch ‘Wet op de kansspelen' ("Gaming Act") provides for a very restrictive policy on games of chance. Indeed, per type of game of chance allowed under the Gaming Act, only one license is granted. And for lottery games, scratch cards and sports betting, De Lotto (Dutch national lottery) is the holder of that sole license. Moreover, the Gaming Act does not currently provide for a license for online games of chance. Consequently, there is no room for (online) sports betting operators such as Ladbrokes under the current Dutch Gaming Act.
As Ladbrokes is duly licensed for its sports betting activity in the United Kingdom, it argued that it is entitled to offer its services in The Netherlands as well on the basis of that UK license and the EU principle of freedom of services. It thus made its offer available to Dutch customers via telephone and the internet, after which De Lotto initiated court proceedings and obtained an injunction against Ladbrokes. After the first and second instance, the case finally made it up to the Hoge Raad, which submitted references for a preliminary ruling to the ECJ.
The preliminary ruling by the ECJ
In essence, the Hoge Raad asked the ECJ whether the restrictive Dutch licensing regime is compatible with Article 49 of the EC Treaty (now Article 56 of the TFEU), even if De Lotto is permitted to make its products more attractive to the public by introducing new games and engage in advertising on a certain scale. If this is the case, the Hoge Raad further wanted to know whether national courts should assess each time, e.g. when imposing an injunction, whether the measure ordered actually serves the objectives of the national legislation and is not disproportionate in light thereof.
The ECJ answered that the Dutch legislation seeking to curb addiction and combat fraud and which contributes to the achievement of those objectives, can be regarded as limiting betting activities in a consistent and systematic manner, even where the holder of an exclusive license is entitled to make its offer attractive by introducing new games and by means of advertising. Indeed, says the ECJ, unlawful gaming may constitute a problem in the Member State concerned, which might be solved by an expansion of authorized and regulated activities. The national courts should however verify whether that expansion is kept within a certain scale that is proportionate with the scope of unlawful activity, so as to reconcile the lawful expansion with the objective of curbing addiction. In sum, the ECJ confirmed that a policy of expansion of and advertisement for the licensed offer of games of chance, in order to canalize consumers towards the licensed players(s), can be lawful provided that the principle of proportionality is complied with.
Further, the ECJ stated that the national courts should not each time assess whether the measure they impose is proportionate and suitable for achieving the legislator's objectives, provided that measure is necessary to ensure the effectiveness of the legislation and does not include any additional restriction over and above that which arises from the legislation itself.
Finally, and more generally, the Court of Justice is of the opinion that granting an exclusive license to a single operator, thereby excluding any and all other operators from the gaming market, both national and foreign, can under circumstances be compatible with Article 49 of the EC Treaty (now Article 56 of the TFEU).
The Dutch Supreme Court's ruling
In light of the ECJ's ruling, the Hoge Raad concluded that the Dutch authorities have implemented a restrictive ‘canalization' policy that actually and effectively controls the expansion of licensed games of chance in The Netherlands and is aimed at reducing the unregulated market for games of chance. It does so i.a. in light of a letter from the Dutch Minister of Justice, in which the latter requires that a restrictive advertising policy be conducted and a code of conduct and advertising be enforced for the regulated market. In addition, the Hoge Raad states that the profit generated from the regulated offer is a mere side-effect and not the real motivation of this policy.
Analysis and Conclusion
The CJEU has ruled before that an exclusive gaming license to a national monopoly holder may be compatible with the freedom to provide services (see in this regard CJEU, 8 September 2010, Liga Portuguesa de Futebol Profissional and Bwin International, C-409/06 and CJEU, 15 September 2011, Sporting Exchange, C-347/09).
However, the fact that it explicitly states that the controlled and proportionate expansion of and advertising for such monopoly is not necessarily incompatible with the requirement of limiting betting activities in a consistent and systematic manner is fairly new, although it is of course at the same time a logical consequence of the principle of proportionality.
Also new is the statement that national courts should not consistently assess whether a concrete measure they impose is proportionate and suitable, provided it is necessary and does not include an additional restriction on top of the legislation itself.
Finally, it should be noted that the Dutch Secretary of State, Mr. Teeven, has submitted a legislative proposal, whereby the market for online games of chance would be opened for commercial operators other than De Lotto. The draft law also aims at rendering the licensing procedure more consistent, transparent and non-discriminatory, which was apparently not always the case in the past. Indeed, according to a decision by the Dutch Council of State, the procedure for granting the license to De Lotto had not been sufficiently transparent. So all in all, the future might look a bit brighter for alternative operators in the Netherlands.
References: Articles 49 and 56 of the Treaty on the Functioning of the European Union (TFUE); ECJ, C 243/78, 5 March 1980; CJEU, C-243/01, 6 November 2003; CJEU, C-46/08, 8 September 2010; CJEU, C-258/08, 3 June 2010; CJEU, C-409/06, 8 September 2010; CJEU, joined Cases C-316/07, C-358/07 to C-360/07, C-409/07 and C-410/07; 8 September 2010; CJEU, C-64/08, 9 September 2010; CJEU, C-347/09, 15 September 2011; .
CONTRACTS & E-COMMERCE
Belgium (Finally) On Its Way To Implement The Reformed EU Telecom Package
On June 6, 2012, the Belgian House of Representatives approved the draft act to implement EU Regulation 1211/2009 and directives 2009/136/EC and 2009/140/EC. The Senate decided not to amend the text and approved it on June 26, 2012. One of the main purposes of the draft telecom act is to increase consumer protection.
In 2009, and after two years of discussion, the European Parliament and Council revised the EU Telecom Package of 2002 with Regulation 1211/20091 and Directives 2009/136/EC2 and 2009/140/EC3. The revised telecom rules had to be implemented in national legislation by May 25, 2011. As Belgium failed to do so timely, the European Commission recently decided to refer Belgium to the EU Court of Justice with a request to impose a daily penalty payment. On June 6, 2012, the Belgian House of Representatives approved a draft act revising the national legislation on electronic communication and consumer protection in accordance with the revised Telecom Package. The Senate decided not to amend the text and approved it on June 26.
Increased consumer protection
One of the main purposes of the draft telecom act (in addition to changes to the provisions regarding universal services, the national regulator, etc.) is to increase the subscriber’s protection in his contractual relationship with the operator. The following modifications have for example been adopted:
- Additional information must be included in the contracts with the subscribers, such as information with respect to:
- access to emergency services and possible restrictions thereof;
- minimum service quality levels, such as the timing for the first installation;
- procedures put in place to measure and shape traffic so as to avoid network congestion, and the consequences these measures may have on the quality of the service;
- the speed and download capacity of the connection - the national regulator (BIPT) is assigned with the task to determine the method to be used to measure the speed and download volume;
- the types of maintenance service and customer support services;
- restrictions on the use of terminal equipment supplied;
- payment methods offered and any differences in costs due to the payment method;
- the type of action that might be taken by the operator in reaction to security or integrity incidents or threats;
- The subscriber must be informed of the minimum duration of the subscription required in order to be entitled to benefit from promotional offers and has to be informed of all costs due upon termination of the contract. For subsidized handsets, a monthly installment table must be provided mentioning for each month of the contract the residual value of the handset that must be paid in case of early termination;
- For each service offered, operators must also draft an information card that is attached to the contract;
- The duration of consumer contracts may not exceed 24 months and operators must always offer their customers the possibility to conclude a contract with an initial maximum duration of 12 months;
- Replacing an existing contract by a new contract for a definite duration (hereby preventing it from converting into a contract for an indefinite duration) requires the written approval by the subscriber;
- The penalty that can be imposed in case of termination during the first 6 months of a contract for a definite duration cannot exceed the subscription fee that would be due until the end of the 6th month. After 6 months, the subscriber can terminate his contract at any time and free of charge. An additional compensation can be claimed for terminal equipment that was offered free of charge or at reduced cost when entering into the contract, but this compensation cannot exceed the residual value of the product at the time of termination in accordance with the installment table;
1 Regulation (EC) No 1211/2009 of the European Parliament and of the Council of 25 November 2009 establishing the Body of European Regulators for Electronic Communications (BEREC) and the Office.
2 Directive 2009/136/EC of the of 25 November 2009 amending Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector and Regulation (EC) No 2006/2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws.
2 Directive 2009/140/EC of the European Parliament and of the Council of 25 November 2009 amending Directives 2002/21/EC on a common regulatory framework for electronic communications networks and services, 2002/19/EC on access to, and interconnection of, electronic communications networks and associated facilities, and 2002/20/EC on the authorization of electronic communications networks and services.
For more information, contact: Karel Janssens
PRIVACY & DATA PROTECTION
Initial Reactions on The EU Commission's Proposal For a New Data Protection Regulation
As announced in our previous newsletter, on January 25, 2012, the EU Commission proposed a comprehensive reform of existing EU data protection rules, including a draft for a new Regulation that would immediately apply in all EU Member States (see previous newsletter).
Meanwhile, the article 29 Working Party as well as various Data Protection Authorities ("DPA's") have given their (initial) comments on the draft.
Whereas the draft is generally well received because the Regulation would strengthen the rights of data subjects, enhance the responsibility of controllers and aims at strengthening the position of the supervisory authorities, there are also various comments on certain key elements of the draft. Examples of comments on certain key elements of the draft include the extent to which the draft empowers the EU Commission to adopt delegated and implementing acts, uncertainty about the scope of application with respect to data controllers established outside the EU (in particular in an online environment), comments on certain key definitions such as the basic definitions of "data subject" and "personal data", …
The Article 29 Working Party calls on the Council and members of the European Parliament to take the opportunity to improve both proposals and enhance the protection of personal data in the European Union. The president of the Dutch DPA held that the draft is "a good basis" for the upcoming discussions in the Council of Ministers and the European Parliament.
Changes to the draft are therefore inevitable, although it seems that the main new principles described in our previous newsletter will themselves survive (but will be clarified and improved) and that for instance, the new enforcement mechanisms and the possibility of high fines being imposed in case of non-compliance are not under fire.
In this newsletter, we highlight some of the initial comments.
1. Article 29 WP
The Article 29 Working Party adopted an Opinion on the European Commission's reform proposals. This Opinion constitutes the various national DPA's contribution to the legislative process, before the discussions in the European Parliament and the European Council.
The Article 29 Working Party in general welcomes various aspects of the proposal. It in particular welcomes the inclusion of provisions that give incentives to controllers to invest, from the start, in getting data protection right (such as data protection impact assessments, data protection by design and data protection by default).
It also, however, has various comments and suggestions for clarification and improvement. These include:
- The draft holds exceptions and thresholds in order to limit administrative burden and alleviate the consequences for micro, small and medium size enterprises. The Article 29 Working Party is of the opinion that data subjects should have the same level of protection, regardless of the size of the company processing the data, while it recognizes that some obligations could be burdensome for small and medium size enterprises. The thresholds should therefore take into account the nature and extent of the data processing;
- The Article 29 Working Party has comments on the scope of application with respect to data controllers established outside the EU. The draft now provides that it applies to processing of personal data of data subjects residing in the Union by a controller that is not established in the Union, where the processing activities are related to the offering of goods and service to such data subjects in the Union or the monitoring of their behavior. The Article 29 Working Party wants this definition to be clarified, in particular with respect to the meaning of "offering of goods and services" (so as to include free services) and the "monitoring of behavior" (so as to include any processing activities that lead to decisions concerning a data subject or involve analyzing or predicting his or her personal preferences, behaviors and attitudes).
- The Article 29 Working Party has comments on a number of definitions used in the draft, including for some key wording in the draft Regulation, such as:
- data subject;
- personal data (the definition should be clear with respect to the fact that it includes IP addresses / cookies);
- main establishment (the manner in which it is decided where a multinational has its main establishment should be clarified, given the important consequences linked to the location of the main establishment, such a the determination of the "lead DPA" in a particular case).
- The draft does not pay attention to the issue of collection and transfer of data by private parties or non-law enforcement public authorities that are in fact intended for law enforcement purposes, as well as the subsequent use of these data by law enforcement authorities (e.g. retention of telecommunications data);
- The draft introduces the possibility of further processing of data for incompatible purposes in cases where another legal basis (except for legitimate interest of the controller) can be found. The Article 29 Working Party considers that this runs counter to the general purpose limitation principle which is one of the key notions of data protection in Europe, and therefore asks to delete this section of the draft or to redraft it in a more precise way.
- The Article 29 Working Party has various comments on the introduction of the right to be forgotten (while welcoming the introduction of the principle itself). Comments include:
- The obligations to make sure the data is erased are put with the controller while there may be cases where the controller has taken all reasonable steps to inform third parties about a data subject's request for his data to be erased, but is not aware of all existing copies or replications.
- No provision in the draft Regulation seems to make it mandatory for third parties to comply, unless if they are also considered controllers;
- There is no direction on how data subjects should act if the controller no longer exists or can no longer be identified or contacted.
- The Article 29 Working Party believes the role and obligations of the representative for controllers outside the EU should be further clarified. It should be made clear what role the representative has vis-à-vis data subjects, courts and DPAs, especially considering the fact that the draft provides for the highest possible fine in case of failure to designate a representative.
- With respect to the duty to notify personal data breaches within a 24 hours limit, the Article 29 Working Party proposes to apply a two-step approach, whereby notification of the breach by the controller must in principle take place within 24 hours after having become aware of the breach. In case all information cannot be provided within the 24 hour limit, the controller will have the opportunity to complete the notification in a second phase.
- The Article 29 Working Party stresses the need to include in the Regulation the obligatory use of Mutual Legal Assistance Treaties (MLATs) in case of disclosures not authorized by Union or Member States law. When a judgment of a court or tribunal or a decision of an administrative authority of a third country requests a controller or processor to transfer data from the EU to that third country and there is no MLAT or another international agreement in force between the requesting third country and the Union or Member State(s), the transfer of such data should, according to the Article 29 Working Party, be prohibited.
- While the Article 29 Working Party welcomes the significant fines that the DPA's will be able to impose, it has certain comments such as:
- The DPA's should have a margin of discretion when imposing a fine;
- Threshold in case of first and non-intentional non-compliance should be deleted: if threshold, it should be based on the number of (negatively) affected data subjects.
Many of the comments relate to key issues in the draft Regulation, so that it goes without saying that extensive debates will follow in the Council and the Parliament and that changes will be made. However, it seems that a lot of the changes will aim at clarification and improvement of the new principles, the principles themselves being maintained. Such clarification and improvement is definitively required for provisions which are sanctioned by heavy fines in case of non-compliance.
2. Individual DPA's
Some individual DPA's have also commented on the draft Regulation, for instance the French CNIL and the Dutch DPA. Their comments are to a large extent similar to those raised by the Article 29 Working Party, with some specific accents.
2.1. The French DPA (the CNIL), for instance, stresses the comments about the definition of "main establishment" (which is an issue that has also been raised by the French Senate and the Chamber) and highlights several risks:
- Risk of citizens being cut off from the national data protection authorities by having the competent DPA depend on the main establishment of the company;
- Risk of DPA's becoming P.O. boxes by making the DPA of the main establishment of the company competent (e.g. in case of issues with a social network site of which the main establishment is located in another EU country, the complaint will be treated by the DPA in that country);
- Risks of "forum shopping";
The CNIL also emphasizes the comments raised with respect to the extensive power that would be granted to the European Commission to the detriment of the national DPA's.
2.2. The Dutch DPA highlights i.a. the following:
- the provisions with respect to the requirement of "consent" in the draft regulation (i.e. explicit consent is required, so that implicit consent or consent without action of the data subject would be insufficient), should be maintained;
- a provision, as included in an earlier draft version of the Regulation, stating that no judgment and no decision of an administrative authority of a third country requiring a controller or processor to disclose personal data shall be recognized or be enforceable in any matter, without prejudice to a mutual assistance treaty or an international agreement in force between the requesting third country and the Union or a Member State. This aims i.a. at US discovery proceedings or SEC investigations. Separate treaties would have to be entered into.
- The criteria to determine who should be the lead authority (depending on the main establishment) should be clearer. The Regulation should determine that if the main establishment cannot be designated in an unambiguous way, the European Data Protection Board (in which all DPA's participate) should designate which DPA takes the lead and how coordination with other DPA's will be.
- The criterion to exempt companies from a number of duties, which refers to the number of employees (less than 250) is not the right criterion. Exemptions should be based on the risks related to the data processing (companies with a limited number of employees can perform very risky processing (e.g. apps industry)).
- The definition of "personal data" should also include someone who can be individualized or distinguished (singled out) so that decisions can be taken about him that have an impact on his social intercourse (because of new technologies unique numbers and data which only lead to a computer or device can be sufficient to distinguish someone from someone else).
For more information, contact: Frederik Van Remoortel
Crowell & Moring Seminar: "How to Defend Your Interests and Addressing the Competition in the New gTLDs, Whether you Applied or Not" in cooperation with ICC Belgium & Cepani-Cepina
On June 22, 2012 Crowell & Moring organized the seminar "How to Defend Your Interests and Addressing the Competition in the New gTLDs, Whether you Applied or Not" in cooperation with ICC Belgium & CEPINA-CEPANI. The seminar was held at the VBO (the Federation of Enterprises in Belgium) in Brussels.
Since ICANN's publication of the list of new applied-for gTLDs (generic Top Level Domains) on June 13, gTLD, applicants have the possibility to object to other applications, and will have to defend their own application. Third parties who did not apply for a gTLD are also given the opportunity to take action. Alternative dispute resolution procedures have been put in place in order to get fast decisions at a reasonable cost.
The aim of this seminar was to provide an overview of all possible actions in order to defend someone's interests in the context of the new gTLDs. More specifically, representatives of WIPO and the ICC explained the alternative dispute resolution procedures. Alike ICDR (the International Center for Dispute Resolution, an organisation that is part of the American Arbitration Association), WIPO and ICC have been invited by ICANN to administer part of the dispute proceedings.
Michel Flamée, the President of Belgian Arbitration and Mediation Center Cepani-Cepina, has introduced the seminar, followed by a presentation of John Murino (from the Washington DC office of Crowell & Moring) regarding the different opportunities for applicants and third parties to intervene in order to defend their interests. Brian Beckham (WIPO) spoke about Legal Rights Objections and Hannah Tuempel (ICC, Paris) spoke about Community and Limited Public Interest objections. The seminar ended with a panel discussion including all speakers, as well as James Nurton (Managing Editor of MIP (Managing Intellectual Property)) and was moderated by Flip Petillion, partner at Crowell & Moring.
Crowell & Moring and Queen Mary Seminar: "Trends and Developments in Global Competition Law"
On June 15th, 2012, the sixth edition of the "Trends and Developments in Global Competition Law" conference was held at Le Méridien in Brussels. This seminar was organized by Crowell & Moring and the Interdisciplinary Centre for Competition Law and Policy (ICC), Queen Mary University in London.
The conference offered a unique forum for exchanging ideas and discussing recent developments in competition law across the globe. Leading figures in the field from around the world including judges, competition officials, academics, in-house counsel and private practitioners were brought together.
The four major areas of focus were: international merger control; regulating market power in emerging economies; the relationship between competition law enforcement and innovation; and international cartel procedures.
Randy Smith (Partner at Crowell & Moring) presided the International Merger Control panel, with panelists: Rainer Nitsche (Managing Director of ECA); Barbara Schulze (Head of Unit, Bundeskartellamt); and Christoph Feddersen (Assistant General Counsel at UTC).
The Regulating Market Power in Emerging Economies panel was presided by Frédéric Jenny (Judge of the Supreme Court of France; Chairman at the OECD Competition Law and Policy Committee). His panellists were Eduardo Perez Motta (President of the Mexican Competition Authority; Hilary Jennings (Head of Outreach at OECD); and Lerzan Kayihan Ünal (Head of the International Relations Department at the Turkish Competition Authority).
Bo Vesterdorf (Senior Consultant at Herbert Smith, former President of the EU General Court) presided the competition law enforcement and innovation panel. Panelists were Matthew Heim (Senior Director, Government Affairs & Counsel at Qualcomm Inc); Thomas Kramler (Deputy Head of Unit, Antitrust, IT, Internet and Consumer electronics, DG Competition, European Commission); and Rob Lipstein (Partner at Crowell & Moring).
Chairman Koen Lenaerts (Judge of the European Court of Justice) discussed the International Cartel Procedures with Walter Theiss (General Attorney & Associate General Counsel at AT&T); Dirk Van Erps (Head, Cartels II Unit, DG Competition at European Commission); and Annette Schild (Partner at Arnold & Porter).
Almost 70 participants attended this successful event.
For a copy of the presentations of this seminar - please contact Priscilla Van Runckelen.
For more information, please contact the professional(s) listed below, or your regular Crowell & Moring contact.