Tech Policy Unit Horizon Scanner - May 2020
More than 300 million people logged into Zoom meetings on April 21 - a 2,900% increase from the video-conferencing platform's 10 million daily users at the end of December. The company illustrates both the challenges and opportunities of the coronavirus pandemic for the tech sector: European and US regulators are starting to circle, following a catalogue of privacy and data security concerns.
Amid another month of news cycles dominated by the pandemic, tech policy developments continue apace. Many of the stories covered below show that regulators and governments are in many respects continuing with business as usual. The development of new standards to regulate the use of AI and algorithms continues in the United States and EU – and there is a new Libra white paper for us to get our teeth into. Nigeria is cracking down on fraudulent activities linked to SIM card use. Kenya has enabled electronic signatures to be used to sign contracts.
The measures are accompanied by targeted regulatory responses to the pandemic. In many countries, app-based platforms are a cornerstone of these efforts. GCC states such as the United Arab Emirates are at the forefront of these efforts.
This month we have two great in-depth pieces on how courts and arbitral tribunals are grappling with the implications of conducting hearings over video or audio in the United Kingdom (thanks Jeremy Kosky, Matthew Scully, and Haafiz Suleman) and on how Chile, New Zealand and Singapore have concluded the Digital Economy Partnership Agreement, a stand-alone trade agreement that focusses entirely on digital technologies (thanks there to Fraser Eccles and Jeremy Stewart).
In Focus // Coronavirus: How will UK courts and arbitral tribunals cope in a virtual world?
Covid-19 has had profound impacts on the administration of justice in the United Kingdom. Whilst some Court hearings have been adjourned, at the end of March, the Lord Chief Justice released a statement that "it is of vital importance that the administration of justice does not grind to a halt". In the days that followed, the Courts issued a "Protocol Regarding Remote Hearings" and even expanded the Civil Procedure Rules to include a new Practice Direction 51Y on "Video or Audio Hearings During Coronavirus Pandemic".
In Focus // Chile, New Zealand and Singapore conclude 'digital only' trade agreement
Trilateral negotiations between the governments of Chile, New Zealand and Singapore on the Digital Economy Partnership Agreement (DEPA) concluded in January of this year (full text). The DEPA is currently awaiting signature and ratification by the three signatory states prior to entering into force.
In the United States, the sudden shift to mass remote working has driven increased reliance on digital means of transacting business and technology-related service providers, with governments at the federal, state, and local levels trying hard to smooth the transition while keeping a watchful eye on misconduct.
By way of illustration, the Small Business Administration's FAQ guidance for the Paycheck Protection Program recognizes that lenders can accept electronic signatures from borrowers. Acknowledging the fact that working from home is the "new normal", New York joined a number of other states in temporarily permitting remote online notarization for the first time, where the person executing the document appears before the notary remotely, using audiovisual technology, instead of in person. In search of a federal solution, U.S. Senate Bill 3533, the Securing and Enabling Commerce Using Remote and Electronic Notarization Act of 2020, or SECURE Act, was introduced with bipartisan support to (i) authorize and establish minimum standards for electronic and remote notarizations, and (ii) require each state, and federal courts sitting in that state, to recognize notarizations performed by notaries commissioned in other states, provided the notarization occurs in, or affects, interstate commerce.
However, both federal and state authorities have also recognized that working remotely creates or exacerbates risks to user privacy and data security. For example, Zoom was reportedly subject to a request for information from the New York Attorney General's office about its security measures, and several members of Congress, including U.S. Senator Sherrod Brown of Ohio, have called for an investigation of Zoom by the Federal Trade Commission over its advertising regarding "end-to-end" encryption of its virtual meetings.
Outside of the COVID-19 context, the US witnessed legislative and regulatory developments regarding AI and fintech.
The Director of the FTC Bureau of Consumer Protection released a post on April 8 with guidance on how companies can manage consumer protection risks associated with using AI and algorithms. The FTC can bring enforcement actions against companies under the FTC Act as well as other laws. The FTC's guidance focuses on transparency and fairness regarding how companies use algorithms to make decisions that affect housing, finances, and other key issues.
Washington has become the first U.S. state to pass a facial recognition law. The law, which comes into effect in 2021, allows government agencies to use facial recognition technology with various restrictions. The restrictions require a government agency to provide public notice before implementing facial recognition, and to obtain a court order before use of the technology in certain circumstances. The statute, written by a Microsoft employee, has critics among both civil liberties and law enforcement groups.
In an effort to address some of the concerns raised by global regulators in response to the initial draft (published in 2019), the Libra Association released a revised version of its white paper (White Paper 2.0). Overall, The Libra Association's second White Paper is a more thoughtful effort to engage with the unprecedented regulatory issues facing Libra due to the scope of its stablecoin project. The White Paper contains a wealth of new information, but, from a regulatory perspective, the net effect is unclear. Some of the new information may improve Libra's regulatory posture, including discussions of combatting financial crime. On the other hand, U.S. regulators may focus on investment company status issues due to Libra's desire for the Libra Reserve to hold 80% short-term government securities and only 20% of cash, among other issues.
Read our briefing "Libra 2.0 - Taxing Problems Remain Unresolved" on the tax implications of the Libra proposals.
China move one step further toward launching a digital flat currency
On 3 April 2020, the People’s Republic of China (PBOC) reaffirmed its determination in further researching on and developing its own central bank digital currency (CBDC) during its video conference. On 17 April 2020, an officer from PBOC Digital Currency Research Institute confirmed that China has rolled out pilot programmes, as internal testing of CBDC, in four cities (namely Shenzhen, Suzhou, Chengdu and Xiong'an) and for application by the 2022 Winter Olympic Games. Details of such pilot programmes have not been officially disclosed, but reportedly, in Suzhou, one of the application scenarios is to provide CBDC to local government officers as a transportation allowance.
Coronavirus has sharpened political focus on Chinese foreign investment in infrastructure and sensitive technologies in the UK
The UK Government has stated it intends to bring forward a Telecoms Security Bill in the summer, and senior back-bench Conservative MPs have established a "China Research Group" to scrutinise government policy on Chinese investment in the UK. Tom Tugendhat MP, chairman of the House of Commons Foreign Affairs Select Committee, said "[w]hoever writes the code, writes the rules for the world, more than any regulation passed by bureaucrats. There’s no point in taking back control from Brussels, only to hand it over to Beijing". We can expect more such positioning in the months to come.
Meanwhile, China has announced new cybersecurity procurement rules for domestic purchasers of certain types of technology equipment.
Financial regulators in South Africa published a position paper on 16 March to establish a regulatory framework for cryptocurrency. The paper contains 30 recommendations that follow the standards set by the Financial Action Task Force (the global money laundering and terrorist financing watchdog).
In Nigeria, the Federal Government has directed the Nigerian Communications Commission to create a new policy which will make SIM card registration using personal details (such as National Insurance or a passport number) compulsory. SIM card registration has the potential to curb criminal and fraudulent activities linked to SIM card use, such as use of unregistered SIMs to transfer ill-gotten gains. Critics of the policy have expressed concerns over the privacy rights of SIM card users and have argued that it could result in the emergence of a black market to service those who wish to use SIM cards anonymously.
The 2019 Civil Aviation (Unmanned Aircraft Systems) Regulations Act has been approved in Kenya, meaning that Kenyans can now lawfully buy and operate drones. In contrast, the South African Department of Transport has implemented restrictions on flying drones. The restrictions form part of the government's coronavirus national lockdown, but have been met with a surge in applications for permission to fly drones from South African citizens.
The Kenyan government have passed the Business Laws (Amendment) Act 2020, which enables electronic signatures to be used to sign contracts and provides for the digitization of document registries, including the Companies Registry. This gives scope for Kenyan corporate registry documents to become publicly accessible online, which would facilitate pre-completion and due diligence checks for Kenyan-incorporated targets
As Europe continues to battle the coronavirus pandemic, there has been an increased focus on data protection and some key announcements on future tech policy
Addressing the American Bar Association's (ABA) annual antitrust spring meeting, European Commission Executive Vice-President Margrethe Vestager is reported to have outlined a three pronged strategy for tackling abuses by big tech companies. In an attempt to keep the digital economy open, the Competition Commissioner said there would be a combination of (i) new rules on companies that are considered "digital gatekeepers", (ii) continued investigations into conduct that is presumed to be harmful and (iii) a new competition tool to stop markets "tipping" by identifying structural problems in emerging markets where a company may be seeking to expand aggressively but is not yet dominant enough to fall under existing EU antitrust powers. Further details on the two legislative initiatives are likely to emerge as the preparatory work by the European Commission services continues.
The revamp of the EU’s e-commerce and competition rules for online platforms should still be ready before the end of the year despite the coronavirus crisis, according to European Commissioner for the single market, Thierry Breton. He told a Committee of the French Senate that he wanted to have the Digital Services Act ready before the end of 2020. A leaked document from the European Commission, however, indicated that it might be delayed until the start of 2021. The Act will replace the 2000 e-Commerce Directive.
On 8 April the European Commission issued a Recommendation on a common EU toolbox for the use of technology and data to combat and exit from the coronavirus crisis, in particular in relation to mobile applications and the use of anonymised mobility data. The purpose of the Recommendation is, among other things, to develop a common European approach for the use of mobile applications and for warning, preventing and contact tracing to help limit the spread of coronavirus. The document sets out how the toolbox should be developed, identifying for example the need to involve the European Data Protection Board and the European Data Protection Supervisor to ensure data protection and privacy-by-design principles are integrated.
As a follow-up to the Recommendation, on 16 April the European Commission issued Guidance on apps supporting the fight against coronavirus pandemic in relation to data protection. Speaking to a Committee of the French Senate, the initial reaction from Wojciech Wiewiórowski, the European Data Protection Supervisor, was that governments should consider deploying contact-tracing apps as long as "specialists (epidemiologists and public health officials in particular) say that they are useful and necessary". Earlier in April, Thierry Breton had told a European Parliament Committee meeting that he was “investigating” whether tracing apps violate EU data protection rules.
At the end of March 2020, the European Commissioner for Justice and Consumers Didier Reynders wrote to a number of online platforms, social media, search engines and market places to require their cooperation to help stop scams related to the coronavirus crisis. The scams included the sale of fake products such as masks, gloves and hand sanitizers. The Commission welcomed the positive response it received from Allegro, Amazon, AliExpress, Bing, CDiscount, Ebay, Facebook, Google, Rakuten, Wish and Yahoo who put in place communication channels to increase cooperation with national consumer authorities, and took measures to address and prevent misleading practices and consumer scams. Didier Reynders said: “I welcome platforms, social media, marketplaces and search engines' prompt reaction to my call to build a strong alliance with EU consumer watchdogs."
On 3 April 2020, the European Commission launched an online consultation on digital finance: "A new digital finance strategy for Europe / FinTech action plan". The Commission linked this workstream to the coronavirus outbreak which it says has highlighted the increased reliance by consumers and businesses on digital financial services. The consultation is seeking views on the possible measures needed to further enable innovative digital financial services in the EU, while considering possible competition issues with big tech companies. The consultation will feed into the Commission's new Digital Finance Strategy / FinTech Action Plan, which will be presented later this year. The deadline for responses is 26 June 2020.
The European Commission is preparing a report on the General Data Protection Regulation (GDPR), two years after its entry into force in line with Article 97 of the GDPR. The report will focus in particular on international transfers of personal data to non-EU countries and the cooperation mechanism between national data protection authorities. A public consultation was open between 1 and 29 April 2020 for interested parties to submit their views.
With everything that is going on, the European Commission has pushed back the deadline for contributions to its consultation: "On Artificial Intelligence - A European approach to excellence and trust". The new deadline is 14 June 2020.
The EIB issued a report on 20 April 2020 entitled: “Who is prepared for the new digital age? Evidence from the EIB Investment Survey”. The report compares the state of digitalisation in the EU and the United States on the basis of a company-level survey. The EIB Digitalisation Index, introduced in the report and based on firm-level data and perception shows that the EU falls short of the US. Only four EU countries are ahead of the US in terms of digitalisation: the Czech Republic, Denmark, Finland and the Netherlands. “If European policymakers want European firms to become more digital they need to address structural barriers to investment in digitalisation,” said Debora Revoltella, the EIB's Chief Economist.
In Abu Dhabi, the Financial Services Regulatory Authority has launched three RegTech pilot initiatives, which have the object of helping regulated financial services to achieve better compliance outcomes while reducing regulatory costs. Venture Capital fund managers will be able to interact with an "AI-enabled RegBot", which will, amongst other things, prompt applicants to provide missing information and classify their readiness. The FSRA is also utilising APIs to monitor client money held by such licensed firms with custodian banks, on a real time basis. The FSRA's long-term aspiration is that its regulations can be digitised and expressed as a set of APIs, which will allow firms to test and deploy innovations that are compliant by design.
As the coronavirus pandemic continues, GCC states are making use of AI tools to enforce social distancing measures and implement contact tracing. The application of technology has been credited as helping the United Arab Emirates to respond quickly. In Dubai, citizens have previously been required to obtain permits to leave home – such permits can be applied for and viewed on a smartphone, and the approval process is automated. Police can make use of the app, coupled with surveillance cameras linked to a system of facial and license plate recognition, to monitor citizens' movements and ensure that they comply with the requirements of the permit in respect of destination and time period. Similar apps have been launched in Bahrain and Qatar.
Trade finance is a cornerstone of the global economy. However, it is costly, unwieldy and slow. Blockchain technology addresses these shortcomings by digitising, optimising and shortening the trade finance process and making it more transparent, cost-efficient and accessible. Abu Dhabi Islamic Bank has announced that it has become the first Islamic bank to execute a Sharia’a-compliant trade finance distribution transaction using Blockchain technologies.
Further information on the use of blockchain technology in trade finance is provided in our briefing "Blockchain, Trade Finance and Sanctions issues".