Clifford Chance

Kenya increases focus on localisation

In a push to encourage Kenyan citizens to actively participate in the technology sector, Kenya's recently published ICT Policy Guidelines 2020 requires companies providing  ICT services in Kenya and seeking to be licensed by the Communication Authority to have at least 30% Kenyan ownership. This is an increase from the 20% currently required under law. Technology companies will have three years to meet the local equity ownership requirements.

The Policy Guidelines echo the intentions of the newly announced Kenyan 'Start-up Bill 2020', which requires start-ups seeking to make use of the local incubation facilities to be: (i) registered in Kenya; (ii) headquartered in Kenya; and (iii) majority owned by one or more Kenyan citizens.

Angola creates a fintech regulatory sandbox

Seeking to move beyond its reliance on the oil market and following a general trend towards more digitised economy, Angola, in collaboration with Portuguese consultancy Beta-i, has launched a regulatory sandbox to enable fintech start-ups to develop and test products in a real market environment and receive guidance on applicable regulation and law. The hope is that the sandbox will stimulate innovative digital financial services, accelerate the development of fintechs that promote access to financial services, increase financial inclusion and, crucially, create jobs. For further information, see here.

Nigeria seeks to bring data protection legislation in line with the GDPR

The Nigerian government has introduced a draft Data Protection Bill 2020. The draft bill seeks to fill in some of the gaps left in data protection law by the more limited Nigeria Data Protection Regulation, introduced in January 2019, and bring the national data protection framework in line with GDPR and best practice around the world.

Compliance would be monitored by a new government enforcement body and breaches of the proposed bill could result in sanctions of up to 10 million naira for every year of default and criminal liability for responsible directors of offending companies. The bill is currently being reviewed by the National Assembly.

Nigerian Communications Commission prepares policy for introduction of 5G

The Nigerian Communications Commission (NCC) has recently revealed plans for a multi-sector policy framework in order to ensure that 5G is rolled out safely and in a manner that maximises the benefits of 5G for the country. Over the last year or two, we have seen Nigeria embrace the concept of a digitised economy and this is demonstrated by the rising levels of tech start-up and cryptocurrency activity. This trend has been accelerated by the effects of Covid-19 and with more individuals and companies than ever relying on the internet and mobile broadband, the NCC has made 5G implementation a priority. Details about the policy have not yet been published.

US House Judiciary report released, Justice Department launches case against Google

On October 6, 2020, the US House Judiciary Committee's Subcommittee on Antitrust, Commercial, and Administrative Law issued a 449-page report on competition in digital markets, with a clear focus on the dominance of the "GAFA"—Google, Apple, Facebook and Amazon. The report is the culmination of a sixteen-month investigation launched in June 2019 into the state of online competition. Although the investigation was bipartisan, the House majority released its own report. The Subcommittee requested detailed information from the tech giants, as well as other market participants and digital competition experts, and held several public hearings with testimony from GAFA executives and other participants in the digital marketplace.

The purpose of the investigation was multifold: to determine the state of competition in digital markets, whether firms are acting anti-competitively, and whether existing antitrust laws, policies, and enforcement levels are sufficient to address these issues. The Subcommittee concluded that the GAFA—branded "dominant platforms" by the House report—possess monopoly power due to factors including their role as "gatekeepers" of key distribution channels, which allows them to control access to digital markets. "To put it simply," the report states, the "companies that once were scrappy underdog startups that challenged the status quo have become the kinds of monopolies we last saw in the era of oil barons and railroad tycoons."

Additionally, the investigation found that the GAFA engaged in a series of anti-competitive conduct to maintain their market power, including self-preferencing and so-called "killer acquisitions" of potential competitors. An appendix to the report lists over 560 GAFA acquisitions going back to as early as 1988, and the report underscores that the federal antitrust agencies investigated few of these hundreds of transactions.

The Subcommittee issued a series of potential reforms for consideration aimed at "(1) address[ing] anticompetitive conduct in digital markets; (2) strengthen[ing] merger and monopolization enforcement; and (3) improv[ing] the sound administration of the antitrust laws through other reforms." Its recommendations include:

• Legislative reform of antitrust laws, including revitalizing the "essential facilities" doctrine requiring dominant firms to provide non-discriminatory access to their services and overriding recent jurisprudence to make clear that two-sided platforms can compete with one-sided firms;
• Breaking up the dominant platforms through structural separations and line-of-business restrictions;
• Non-discrimination provisions to prevent the dominant platforms from self-preferencing; and
• Shifting presumptions for future acquisitions by the dominant platforms and requiring HSR notification for all acquisitions by the dominant platforms.

For more details on the report, see Clifford Chance's briefing, "U.S. House Report on Competition in Digital Markets Focuses on Big Tech Dominance and Need for Antitrust Reform".

Since the publication of the House Judiciary report, the US DOJ has filed a case against Google, a complaint joined by Attorneys General from eleven states. The DOJ alleges that Google has monopoly power in three markets: general search services, search text advertising and search advertising, and that Google unlawfully maintains its monopoly through the use of exclusionary agreements with device manufacturers, wireless carriers, and other companies. In its public statements, DOJ officials stressed that the agency will continue its investigation into competitive practices by market-leading online platforms.

Facebook comes out in support of India's new data protection law

Facebook has come out in support of proposed data protection law in India.

"We believe that India’s data protection law has the potential to propel the country’s digital economy and global digital trade, and we wholeheartedly support this effort."

The comments were made by Facebook India’s policy head Ankhi Das before the Joint Committee of Parliament on the Personal Data Protection Bill in October.

The bill has previously received a tepid response from industry, in particular, because of data localisation rules – effectively requiring personal data about Indians to be stored on servers physically in India. The bill also requires tighter privacy rules to be put in place for people under 18. This is more restrictive than the GDPR, for example.

Facebook's apparent endorsement of the bill breaks a recent trend by the company of taking a more antagonistic approach to proposed legislation, most notably in Australia (see the September 2020 edition of the Horizon Scanner).

Japanese big tech regulation on the horizon

According to reporting in Reuters, Japan is planning to follow the lead of the EU and the US and take steps to regulate "big tech". Kazuyuki Furuya, chairman of Japan's Fair Trade Commission (FTC), commented that “This is an area I will push through aggressively.”

PRC government issues draft Personal Information Protection Law

On 21 October 2020, the Standing Committee of the National People's Congress issued a draft of the Personal Information Protection Law (PIPL) for public consultation until 19 November 2020. The draft law reaffirms the current principles on data processing, which are generally aligned with existing laws and regulations, and in particular introduces certain extra-territorial effect. According to the draft law, an overseas institution that processes personal information of natural persons who are within the PRC should comply with the PIPL if the purpose of such processing is to (a) provide products or services to or (b) analyse or assess behaviours of natural persons within the territory of the PRC.

Separately, the draft law offers several permissible routes for exporting personal information from China, including (a) completing security assessment organised by PRC regulators; (b) completing personal information protection verification by licensed institutions; and (c) entering into a special data protection contract and supervising the data recipient to ensure satisfaction of standards under the PIPL.

A new Digital Markets Act will address competition concerns in relation to large digital gatekeepers

Alongside the Digital Services Act, the European Commission is planning to propose a new Digital Markets Act (DMA) to tackle the market power of online gatekeepers with the aim of keeping markets fair and open to competition. On 29 October, Margrethe Vestager, Executive Vice President of the European Commission said the DMA will have two pillars; (i) ex ante regulation targeted at a small number of large digital gatekeepers, setting out a clear list of dos and don’ts and (ii) case-by-case enforcement that would allow the Commission to investigate digital markets and intervene, including by imposing remedies, where structural market issues or failures are identified.

The first pillar would ban self-preferencing where platforms use their power to make their own services succeed over those of rivals, such as via greater prominence in search results. It will also ban companies from collecting data on their business users when they compete with them in other markets.

The second pillar would put a harmonised market investigation framework in place across the single market, giving the Commission the power to tackle market failures in digital markets, and stop new ones from emerging. Vestager argued this move is justified because we have come to a "point where the power of digital businesses – especially the biggest gatekeepers – threatens our freedoms, our opportunities, even our democracy. And where the trust that successful digitisation relies on is becoming seriously frayed."

On 15 October, France and the Netherlands issued a non-paper in which they supported the idea of a list of dos and don’ts for powerful digital platforms, accompanied by a more flexible mechanism to scrutinize and remedy the conduct of gatekeepers. They argued this could be done by giving new powers to competition regulators, or allowing it to be done by another regulatory body.

The European Commission is expected to publish its proposals for the new DMA on 2 December. The proposals must then be submitted to the European Parliament and Council for adoption before becoming law.

New Digital Services Act will address role of algorithms

On 30 October, Margrethe Vestager, Executive Vice President of the European Commission who is leading the work on the Digital Services Act (DSA) gave a speech about the role of algorithms. She stated that one of the main goals of the DSA will be to make sure that platforms are transparent about the way algorithms work, for example being required to tell users how their recommender systems decide which content to show and better information about the ads that users are seeing.

The DSA will also ensure regulators can access the information they need to understand and govern the way algorithms work, imposing a new duty to cooperate on all digital services, with the biggest platforms being required to provide more information on the way their algorithms work when regulators ask for it. Vestager also said that researchers must have access to data that allows them to understand how those algorithms are affecting our society, including ad archives.

The European Commission is expected to publish its proposals for the new DSA on 2 December. The proposals must then be submitted to the European Parliament and Council for adoption before becoming law.

European Parliament has its say on future Digital Services Act

The European Parliament has adopted three reports in relation to the forthcoming Digital Services Act (DSA). The reports call on the Commission to address and tackle perceived shortcomings in the online environment, notably by introducing stronger rules to tackle illegal content online, creating a safer Internet for consumers, and making users less dependent on algorithms by giving them greater control over what they see online. One of the reports relates to fundamental rights and calls for content removal to be “diligent, proportionate and non-discriminatory” to safeguard freedom of expression and information, as well as privacy and data protection.

The reports are based on articles 47 and / or 54 of the Parliament's rules of procedure and - while non-binding on the European Commission - set out the Parliament's position, with the aim of influencing the Commission's legislative proposals.  

On 15 October 2020, Saudi Arabia's National Cybersecurity Authority ('NCA') issued its Cloud Cybersecurity Controls ('CCC'), which aim to "minimise the cybersecurity risks" of cloud providers and users of cloud services under the scope of the law. The CCC applies in particular to government organisation in the KSA as well as private sector organisations owning, operating, or hosting critical national infrastructures that currently use or are planning to use any cloud service. In addition, the NCA strongly encouraged all other organisations to leverage these controls to implement best practices to improve and enhance their cloud cybersecurity.