Tech Policy Unit Horizon Scanner - July 2020
In this July edition of our Horizon Scanner, we cover novel deployments of blockchain in Saudi Arabia, increased scrutiny of facial recognition software in the United States against a backdrop of social justice protest, and a contested 5G spectrum award in Malaysia.
We have two 'In Focus' pieces, one on the upheaval caused by the United States' decision to withdraw from OECD efforts to reform the taxation of multinational tech companies (thanks there to Dan Neidle, Julian Feiner and Fraser Eccles), and another on the precipitous rise of esports during the coronavirus pandemic (thanks there to Rory Scott and Jonathan Coote).
A Clifford Chance partner recently carried out an experiment to test whether accompanying LinkedIn posts on DAC 6 (the EU's new mandatory tax disclosure rules) with cute cat GIFs would boost their reach. We would never deploy such cynical tactics, but there is much to enjoy in a Thai shopping mall's deployment of 'K9': a 5G-connected, hand sanitiser-dispensing robot dog which roams its hallways. Meanwhile in Singapore and Japan, smart robots been deployed to sterilise surfaces using ultraviolet light, while in Malaysia ward rounds are being performed by a 1.5 meter tall 'Medibot'.
Prospect of more unilateral 'digital services taxes' on big tech increases as US withdraws from OECD programme to reshape international tax system
United States Treasury Secretary Steven Mnuchin has announced that the US will suspend its engagement with proposals emerging from 'Pillar 1' of the OECD's work programme to reshape the international tax system, in a letter sent to finance ministers in France, Italy, Spain, and the UK. Those proposals would have seen more profits allocated to the jurisdictions where customers are located, creating new rights for countries to tax multinational companies that derive revenue from customers in their territories. While the OECD proposals would have economy-wide impacts their consequences for 'big tech' companies have attracted the greatest attention, as all would likely have seen Silicon Valley giants paying more tax overseas.
As most proposals relied upon the US's agreement to amend its existing tax treaties, the prospect of a global accord being reached in 2020 as planned now looks vanishingly slim. In its absence, the proliferation of unilateral 'digital services taxes' (DSTs) looks almost certain. One example is the UK's 2% tax on the revenues of search engines, social media services and online marketplaces that derive value from UK users, which came into force in April.
With US digital giants their obvious targets, these countries face a genuine threat of US retaliation. The prospect seems more likely following an announcement by United States Trade Representative Robert Lighthizer in early June that he had initiated a Section 301 investigation into DSTs. Section 301 accords USTR wide-ranging authority to address a foreign country’s unfair trade practices.
The threat of retaliatory tariffs is not only relevant to European nations. June saw legislation tabled in the Kenyan Parliament that would introduce a new 1.5% DST on the value of qualifying transactions conducted by non-resident technology firms. The legislation has the potential to jeopardise efforts to negotiate a free trade agreement between Kenya and the US to succeed the US African Growth and Opportunity Act (AGOA), set to expire in 2025, under which the US extends significant non-reciprocal trade preferences to a range of sub-Saharan African countries.
A second, under-appreciated, risk of DSTs is that businesses may simply decide to withdraw from smaller markets where the costs of compliance with the idiosyncrasies of national DSTs outweigh the benefits of entry. Similar actions were evident following the introduction of the EU's GDPR (and while GDPR was harmonised at an EU level, national DSTs show no such consistency of approach). The US's decision may ostensibly be to the benefit of its digital national champions, but all paths ahead will likely see greater frictions placed upon cross-border trade in digital services.
Esports fills the void left by the suspension of traditional sporting events during the coronavirus pandemic
The esports industry reached an audience of over 440 million viewers last year, and is expected to generate c. US$2.5 billion in annual revenue by 2022. The coronavirus pandemic has given these numbers a significant boost. Twitch – the largest esports live-streaming platform, and a subsidiary of Amazon – reported a 101% year-on-year increase in hours watched in April. As the esports audience is a coveted demographic (and one that is particularly difficult to reach through traditional media, with approximately 79% of viewers aged under-35) this dramatic growth has attracted attention.
Whilst there is still no harmonised definition of esports, we define esports as the playing of competitive video games by professional gamers, in an organised format (e.g. a tournament / league) and with a specific goal (e.g. a title / prize money). Key stakeholders in the industry include video-game publishers (who own the intellectual property, in the games); competitions / leagues; teams; players; online streaming services; traditional broadcasters; and traditional sports teams / leagues. Video-game publishers may occupy multiple roles within the industry: owning the games, running the leagues, and broadcasting gameplay.
The two main revenue streams in esports are media rights and sponsorship. One further prospective revenue stream is "in-game advertising", i.e. adverts or sponsorship, which can be coded into the games themselves. At present there is little regulation regarding such advertising, but future government intervention may be on the horizon (particularly due to esports' popularity with minors). Attempts to monetise video games through advertising also risk potential backlash from the gaming community.
Esports stakeholders are afforded greater protection than in traditional sports, as the games themselves can be protected by IP rights. However, the interests of different stakeholders can come into conflict, which has led to disputes regarding enforcement action. As esports' profile and revenues continue to increase, so will the need for commercial, legal, and regulatory certainty.
This is an abridged version of an article written by Clifford Chance and published in the journal LawInSport. The original is available to view here. The next article in this series will examine regulation and governance within esports, and consider how the continued absence of a universally recognised esports governing body may make government intervention inevitable.
Several African countries are in the process of implementing new taxes which would apply to the digital economy
In addition to proposals for a digital services tax (discussed in our In Focus section, above) Kenya's Finance Bill 2020 contains proposals for a 14 per cent rate of VAT which would apply to digital marketplaces, including e-commerce sites and online subscription services. The measures are scheduled to come into force on 1 January 2021. The Government of Nigeria published the Companies Income Tax (Significant Economic Presence) Order 2020 in June, which will expand the reach of the Nigerian tax system to include non-Nigerian companies with a "significant economic presence" in Nigeria, and whose activities through digital platforms produce ₦25 million or more in gross annual turnover. On 19 June, the Parliamentary Budget Office of South Africa published Tax Brief: Digital Economy and Taxation Policy Considerations 2020 which examined possible taxation of digital services such as Netflix and Spotify. Finally, in Uganda the Minister of Investment and Privatisation has announced plans to impose a 10 per cent tax on imported phones – a bid by the government to limit their importation and encourage local production.
June has also seen developments in communications policy. On 29 May 2020, Niger's Congress voted on a law allowing ministers to compel telecommunications companies to assist with the interception of communications. Controversially, current plans dictate that discretion as to whether interception should occur will lie solely with the Nigerien President. On 22 June, the South African president announced commencement dates for parts of the Protection of Information Act (the Act). From 1 July, provisions regulating direct marketing by means of unsolicited electronic communication and provisions on the lawful processing of personal information will be implemented. On 16 June 2020, the National Communications Institute of Mozambique (INCM, the sector's regulatory body) announced the creation of the Telecommunications Traffic Control Unit (UCTT). In addition to being responsible for the control of telecommunications traffic, the UCTT will manage the registration of mobile phone cards and the protection and security of telecommunications networks.
On 8 June 2020, Ghana's National Communications Authority (the NCA) announced it was taking steps to ensure a level playing field for all network operators in the Ghanaian telecommunications sector. The Authority has focused on MTN (which currently holds a 70 per cent market share in Ghana) and has proposed establishing floor and ceiling prices on all minutes, data, text messages, and mobile money. The NCA also plan to implement "corrective measures" to break up MTN's control – such as granting a favourable connection rate to disadvantaged operators.
In one week, Amazon and Microsoft each announced sweeping restrictions on the sale of their facial recognition tools, and IBM announced it would cease all sales, development and research of such technology. Civil liberty advocates question the timing of the announcement as recently the tech companies were pushing sales of their technology to law enforcement. Advocates have raised issues with facial recognition technology, including that facial recognition technology has generally been trained on sample sets of white-skinned males and has a difficult time identifying darker-skinned individuals or even determining their gender. There is no federal law governing the use of facial recognition technology by law enforcement, and most states do not have legislation governing its use either. While lawmakers consider regulation of the use of such technology, the Department of Housing and Urban Development recently admitted that it does not know how surveillance technology can be used on the approximately 1.2 million households which are part of its public housing programs, or whether such technology had been purchased for use in public housing.
After a very public fight with Basecamp over Apple's rejection of an email application from the Apple App Store, Apple recently announced two major changes to how it handles disputes with third-party app developers. Apple will now allow developers to appeal a specific violation of an App Store guideline and will create a separate process for challenging the guideline. Additionally, for apps already on the App Store, bug fixes will no longer be delayed over guideline violations, aside from legal issues. The dispute involving Hey, Basecamp's app, was whether the app qualified for an exemption not to use Apple's in-app payment system. Apple claimed that the app violated three guidelines by not allowing users to sign up or purchase Hey from mobile, while Basecamp management indicated it was a sign of inconsistency by Apple.
2020 has seen a glut of 5G spectrum auctions and licence awards across the APAC region, including in Thailand, New Zealand, and Hong Kong. In Malaysia, regulators announced in January that 'blocks' of the 5G spectrum would be allocated through an open tender process – in May, however, the blocks were instead directly awarded to four major domestic telecoms companies and a private firm. In early June, it was announced that the May award had been revoked following political controversy and legal challenge.
The government of Singapore reportedly proposes to give every one of its 5.7 million residents a wearable device which will replicate the function of its earlier coronavirus contact tracing app TraceTogether, which has encountered problems. Testing of the devices began in early June. The devices can be worn on a lanyard or wrist, or carried in a handbag, and do not rely on a smartphone to function.
The popular file sharing website WeTransfer has been banned in India, following an order by the Department of Telecommunications (DoT). It is unclear precisely why the website has been banned, though a DoT official has been quoted as stating that "it was done in public interest. People should understand that we received a genuine request, assessed it and decided it was best to block the website." The Internet Freedom Foundation has sent a representation to the DoT urging it to recall the direction, and to reform regulations that have also permitted the blocking of secure messaging app Telegram.
Facebook and PayPal have invested in Indonesian platform and digital payment technology group, Gojek. First operating as a motorcycle ride-hailing service in 2010, Gojek has since expanded to offer deliveries, shopping and commuting services, and digital payments across Southeast Asia. It reports more than 170 million users. The investment is Facebook's first in Indonesia.
The PRC has adopted the long-awaited Civil Code, a comprehensive legislative reform with consequences for all aspects of civil society – including privacy rights and personal information
The new PRC Civil Code (2020) (the “Civil Code”) will take effect on 1 January 2021, having been enacted by the National People's Congress. Alongside its codification of a sweeping range of legal matters, including contract law, family law, and tort, the Civil Code includes a specific chapter containing new rights to privacy and the protection of personal information. Breaches of these rights may prompt civil action from affected parties, alongside existing risks of administrative investigation and penalty.
In respect of personal information, the Civil Code reaffirms current practice (i.e. the principles of legitimacy, appropriateness and necessity shall be duly followed when processing personal data) and places a duty of confidentiality upon competent government officials who have access to such information.
In respect of the right to privacy, the Civil Code further clarifies the scope of the right and emphasises the possible tortious liabilities that may arise from infringements of privacy. The Civil Code also provides guidance on civil liability exemptions associated with certain data processing activities.
Apple, Facebook in the line of fire in Europe as competition concerns come to the fore
On 18 June, the European Parliament adopted an update to its annual report on EU competition policy and pledged its support for tougher competition laws, in particular for online platforms under the Digital Services Act. This follows a 9 June statement adopted by EU Member States supporting the Commission's intention to collect evidence and "further explore ex ante rules to ensure that markets characterized by large platforms with significant network effects, acting as gatekeepers, remain fair and contestable for innovators, businesses and new market entrants." By way of reminder, the European Commission launched two public consultations at the start of June on its future Digital Services Act and in relation to online platforms and "gatekeepers". The deadline for submissions to the inception impact assessments was 30 June 2020, and for the consultations it is 8 September 2020.
Facebook has been ordered by the German Federal Supreme Court in Karlsruhe to comply with the Bundeskartellamt's order to curb data collection of its users without requesting their consent. In so doing, the Court overturned the suspension of an antitrust decision. The issue relates to how Facebook merges data from across its platforms, including WhatsApp and Instagram, with other data collected on third party websites via its business tools. The Court in Karlsruhe ruled that in future Facebook would have to offer users a choice when it collects and merges data from websites outside the Facebook group. Another appeal in the Higher Regional Court in Düsseldorf is expected by the end of the year or early in 2021. The ruling was welcomed by Ulrich Kelber, Germany's Federal Commissioner for Data Protection and Freedom of Information.
The European Commission announced on 16 June that it has opened two formal antitrust investigations in relation to practices by Apple. The investigations relate to the compatibility with EU competition rules of (i) Apple's conduct in connection with Apple Pay and (ii) Apple's rules for app developers on the distribution of apps via the App Store. The first investigation concerns Apple's terms, conditions and other measures for integrating Apple Pay in merchant apps and websites on iPhones and iPads, Apple's limitation of access to the Near Field Communication (NFC) function (“tap and go”) on iPhones for payments in shops, and alleged refusals of access to Apple Pay. The second relates to the mandatory use of Apple's own proprietary in-app purchase system and restrictions on the ability of developers to inform iPhone and iPad users of alternative cheaper purchasing possibilities outside of apps.
Following the US decision on 17 June to withdraw from negotiations organised by the OECD to create a global system for taxing digital services, the EU vowed to push ahead with its own digital services tax. At a joint press conference, French Finance Minister Bruno Le Maire and his German counterpart Olaf Scholz said they remained committed to reaching an international deal on a digital tax.
European Commission for Financial Services, Valdis Dombrovskis, has announced that a proposal for new laws on cryptoassets will be issued later this year. The new rules will create a bespoke regulatory regime requiring a passport to access them. In relation to stablecoins whose value is pegged to a currency like the euro or a basket of currencies, there will be a distinction between "global stablecoins" and those created by start-ups and FinTech innovators, with the former subject to a stronger regime because they are "likely to raise additional challenges in terms of financial stability and monetary policy".
The European Commission has published an evaluation report into the General Data Protection Regulation (GDPR), just over two years after it first applied. Hailing the GDPR "the fabric of a success story", the report concludes that harmonisation across EU Member States is increasing, but there is a certain amount of fragmentation that must be monitored. Didier Reynders, European Commissioner for Justice, said: "The GDPR has successfully met its objectives and has become a reference point across the world […]. We can do better though, […] we need more uniformity in the application of the rules across the Union: this is important for citizens and for businesses, especially SMEs."
On 22 June, the European Commission released the results of its fifth evaluation of the 2016 Code of Conduct on countering illegal hate speech online. According to the results, IT companies are assessing 90% of flagged content within 24 hours and removing 71% of the content deemed to be illegal hate speech. However, the Commission sees room for improvement in relation to platform transparency and feedback to users.
On 24 June, the European Commission and the European Agency for Cybersecurity (ENISA) announced the creation and first meeting of a Stakeholders Cybersecurity Certification Group (SCCG). The SCCG was foreseen by the EU Cybersecurity Act and will advise on strategic issues regarding cybersecurity certification, and assist the Commission with its preparation of the EU rolling work programme. The aim is to create market driven certification schemes and help reduce fragmentation between various existing schemes across the EU Member States. The SCCG is made up of representatives from academic institutions, consumer organisations, conformity assessment bodies, standard developing organisations, companies, trade associations and others.
The UK has introduced new legislation to scrutinise certain foreign takeovers of businesses central to national security, while political opposition to Chinese investment in sensitive sectors continues
Factions opposed to Chinese investment in UK telecoms infrastructure are seeking to curtail foreign investment by amending the Telecommunications Infrastructure (Leasehold Property) Bill, currently being considered in the House of Lords, to prevent companies from using UK telecommunications infrastructure to facilitate human rights abuse. These amendments are unlikely to pass into law, but foreshadow further such efforts by a growing number of concerned politicians.
The UK government has also published amendments to its Foreign Direct Investment (FDI) regime, adding new categories of foreign investment which could be subject to regulatory or government intervention. These new areas include artificial intelligence, cryptographic authentication and advanced materials. These amendments also clarify that the government can intervene in investments in businesses that are directly involved in the coronavirus response.
The government intends to introduce legislation (the National Security and Investment Bill) which will substantially widen the scope of transactions that can be reviewed on national security grounds irrespective of their turnover. This Bill is intended to be introduced imminently.
Further information is provided in our briefing: UK national security reviews: lower thresholds for more sectors
The Saudi Arabian Monetary Authority (SAMA), the central bank of Saudi Arabia, has announced its use of blockchain technology to distribute part its injection of over US $13 billion (SAR 50 billion) into its domestic banking sector to enhance banking liquidity. The funds took the form of one-year no-interest deposits. The average capital adequacy ratio of Saudi banks stands at 18.6%, in excess of the requirements of the Basel III Accord. SAMA has not disclosed what portion of the funds were distributed using blockchain technology, or the platform used.
The Islamic Development Bank, a multilateral development finance institution headquartered in Saudi Arabia, has partnered with blockchain technology firm Blocko to develop a 'Smart Credit Management System' based on the Aergo blockchain. The System will be used to enable Islamic banks and other financial institutions to perform credit assessments in a transparent and secure way.
The Abu Dhabi Department of Economic Development (ADDED) has launched the use of e-contracts and e-signatures in the issuance of licenses for sole traders and limited liability companies, removing the need for the use of a notary.
The President of the United Arab Emirates has established an independent Advanced Technology Research Council (the ATRC), which is to oversee all R&D activity in the emirate. The ATRC is responsible for proposing general policies, strategic plans and initiatives related to R&D in the field of advanced technology as well as for setting R&D priorities, with a goal of making the emirate a more attractive hub for start-ups and tech companies. The ATRC will be led by Faisal Al Bannai, the founder of cybersecurity consultancy DarkMatter and CEO of the UAE national defence group, Edge.