Federal Circuit Decision Settles GAO/COFC Split on Agency's Use of Cooperative Agreements

This post was written by Carlos A. Valdivia and Gunjan Talati.

In March, the Federal Circuit settled a split between the Government Accountability Office ("GAO") and the Court of Federal Claims that focused on the gray area between cooperative agreements and procurement contracts. Siding with the GAO, the appeals court ruled that the Department of Housing and Urban Development could not sidestep federal competition requirements by using cooperative agreements, instead of procurement contracts, to outsource its contract administration services. The ruling provides rare insight on the Federal Circuit’s interpretation of the Federal Grant and Cooperative Agreements Act, and serves as a warning shot against any federal agency that feels inclined to disregard the GAO. Similarly, federal contractors should remain vigilant and determine whether their agencies’ use of cooperative agreements gives rise to a potential protest.

Click here to read the issued Client Alert.

DC Circuit Invalidates Conflict Mineral Reporting Regulations

This post was written by Jeffrey Orenstein.

This week the U.S. Court of Appeals for the D.C. Circuit held that the Security and Exchange Commission’s (“SEC”) final rule concerning “conflict mineral” disclosures is unconstitutional.  Nat’l Assoc. of Mfrs v. SEC, No. 13-5252 (D.C. Cir., decided April 14, 2014).  The SEC rule requires registrants to disclose annually on a Form SD whether their products incorporate conflict minerals (i.e., tin, tungsten, tantalum, and gold, mined in war-torn Central Africa) or whether their products are “DRC Conflict Free.” 

The court ruled that, by requiring companies to report whether their products are free of conflict minerals, the SEC rule improperly compelled commercial speech in violation of the First Amendment.  Accordingly, the court invalidated both the SEC’s final rule and the underlying statutory provision in the 2010 Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank”), but only “to the extent the statute and rule require regulated entities to report to the Commission and to state on their website that any of their products have ‘not been found to be “DRC conflict free.”’”   The court reasoned that “the label ‘conflict free’ is a metaphor that conveys moral responsibility for the Congo war” and, “[b]y compelling an issuer to confess blood on its hands, the statute interferes with that exercise of the freedom of speech under the First Amendment.”

With the June 2, 2014 deadline fast approaching for filing a Form SD, many manufacturers and other parties impacted by the SEC’s final rule are eager to know whether the D.C. Circuit’s decision relieves them of their upcoming filing requirement. Unfortunately, the immediate impact of the decision is not entirely clear.

The court remanded the case to the District Court for a review of whether the SEC’s rulemaking, or language in the Dodd-Frank statute itself, is at the root of the free speech conflict.  In the interim, it is possible that the SEC will provide guidance indicating that issuers should file their Form SD but, per the D.C. Court’s decision, issuers may omit the declaration of whether their products are “DRC conflict free.”  It is also possible that the plaintiffs will move in District Court to stay implementation of the rule, pending the court’s decision on remand.  In the long term, the SEC may appeal the D.C. Circuit’s decision, putting its validity back into play once more, or it may amend its final rule in an effort to satisfy the constitutional standards articulated by the D.C. Circuit this week.
 

Ridiculous and Complicated: Proposed Changes to Support Documents for EAR Licenses

This post was written by Leigh T. Hansson, Carlos A. Valdivia, and Joelle E.K. Laszlo.

On April 9th, the Bureau of Industry and Security (“BIS”) proposed a rule that would remove certain documentation requirements in connection with Export Administration Regulations (“EAR”) license applications. Export nerds are well aware that changing these requirements would go a long way toward streamlining the license application process (which is ridiculous and complicated). As the BIS itself notes, the IC/DV system is the vestigial appendage of a long-defunct Cold War relic. (That is not a quote; it’s just the pent-up frustration of every export lawyer in the country.) For all its support documentation requirements, the IC/DV system nevertheless fails to obtain an affirmative statement from the ultimate end-user regarding the actual end use of the imported item.

Under the proposed changes, however, the following would happen:

  • International import certificates or delivery verifications would no longer be required in connection with license applications
  • Statements by the ultimate consignee and purchaser would be required for most license applications that previously required an international import certificate
  • Value threshold for requiring a Statement by Ultimate Consignee would increase from $5,000 to $50,000

It’s like Christmas in July. Incidentally, comments on this proposed rule must be received by June 9, 2014. If your business would benefit from reducing delays and administrative burdens in connection with exports or imports, you may want to voice your support for this rule change. And if you think we’re exaggerating when we characterize the IC/DV requirements as onerous, just read the description for obtaining an international import certificate.

ICANN Goes to Singapore

This post was written by Gregory S. Shatan.

The Internet Corporation for Assigned Names and Numbers (ICANN) held its 49th semi-annual meeting in Singapore in March.  Reed Smith partner, Gregory Shatan, provided real time reports Straight from Singapore on our sister blog AdLaw By Request.

Article 29 Working Party adopts opinion on Personal Data Breach Notification

This post was written by Cynthia O'Donoghue.

At the end of March, the EU’s Article 29 Working Party adopted an opinion on Personal Data Breach Notification (the Opinion). The Opinion is designed to help data controllers decide whether they are obliged to notify data subjects when a ‘personal data breach’ has occurred.

A ‘personal data breach’ under Directive 2002/58/EC (the Directive) broadly covers the situation where personal data is compromised because of a security breach, and requires communications service providers (CSPs) to notify their competent national authority. Depending on the consequences of the personal data breach, CSPs may also be under a duty to notify the individual data subjects concerned.

The Opinion contains factual scenarios outlining the process that should be used by CSPs to determine whether, following a personal data breach, individuals affected should be notified. Each scenario is assessed using the following three “classical security criteria”:

  • Availability breach – the accidental or unlawful destruction of data
  • Integrity breach – the alteration of personal data
  • Confidentiality breach – the unauthorized access to or disclosure of personal data

The Opinion includes practical guidance for notifying individuals, including where a CSP does not have the contact details of the individuals concerned, or where the compromised data relates to children.  The Opinion also stresses the importance of taking measures to prevent personal data breaches.
 

Overview of Primary Provisions of U.S. and French Sunshine Reporting Requirements

This post was written by Elizabeth B. Carder-Thompson and Daniel Kadar.

2013 was a year of unprecedented scrutiny of financial relationships between manufacturers and health care professionals, such as physicians. Both the United States and France imposed sweeping new reporting and disclosure requirements in an effort to provide transparency and, theoretically, to enable the public – including patients – to make informed treatment decisions and assess possible conflicts of interest. Both sets of requirements carry potentially large financial penalties for failure to report and for incorrect reporting. For manufacturers operating globally, compliance with these provisions will be an ongoing challenge.

Click here to view the full issued Client Alert.
 

OpenSSL reveals significant security flaw

This post was written by Cynthia O'Donoghue.

On 7 April, OpenSSL released a Security Advisory exposing a flaw which, if exploited, would allow hackers to reveal communications between servers and the computers of Internet users.

OpenSSL is the most popular open source encryption service on the Internet, and is used by a large number of commercial and private service providers, including many social medial sites, email providers and instant messaging platforms.  The tool is used to encrypt information passed between Internet users and website operators, and the encrypted communication should have only been capable of being decrypted by the particular service provider.

When exploited, the security flaw, dubbed “Heartbleed”, revealed the encryption keys of service providers using the system. Once decrypted, the hackers essentially had unrestricted access to the communications.  OpenSSL has released an update to address the security flaw; however, service providers will find it impossible to assess whether the security of their systems has been compromised, making the situation particularly serious. In addition, the update will only protect future communications, and therefore any that may have already been intercepted will remain vulnerable.

Internet users are being advised to change all of their passwords, and in particular those for important services such as Internet banking.

The security flaw is likely to raise data protection issues for organisations, and it may behoove users of OpenSSL to take a proactive approach to communicating with their customers about security issues.  Those organisations that have suffered a security breach may be under a duty to notify individuals, and could be subject to adverse publicity, as well as litigation and regulatory investigation. 
 

Update on Federal Trade Commission v. Wyndham Worldwide Corp.: FTC Allowed To Proceed with Data Security Suit, Rejects Fundamental Challenge to FTC Authority

This post was written by Paul Bond and Christine N. Czuprynski.

A New Jersey federal court is allowing the FTC’s case against Wyndham Worldwide Corporation to go forward, denying Wyndham’s Motion to Dismiss on both the unfairness and deception counts.  In this closely watched case, the court emphasized that in denying Wyndham’s request for dismissal, it was not providing the FTC with a “blank check to sustain a lawsuit against every business that has been hacked.”  The far-reaching implications of this decision, though, cannot be ignored.

The Wyndham decision may well prove rocket fuel to an agency already proceeding at break-neck speed to formulate and enforce (often at the same time) new data security law.  Any company that was still waiting for the FTC to go through a formal rulemaking process on data security can wait no more.  The decision by Judge Salas has arguably ratified all of the reams of informal guidance the FTC has provided over the past decade, plus in enforcement actions, panel discussions, white papers, and more, as though they had gone through the formal notice and comment-based rulemaking process.  Unless a company is confident that it knows, has synthesized, and has applied this informal guidance to its own activities, it stands at risk of being the next target for the FTC's newly affirmed section 5 authority. 

The Federal Trade Commission sued Wyndham Worldwide in June 2012 in the District of Arizona.  The FTC alleged that Wyndham’s failure to properly safeguard the personal information in its possession led to a data security breach that exposed thousands of customers to identity theft and other fraud. The case was transferred to the District of New Jersey in March 2013.  Soon thereafter, Wyndham filed its Motion to Dismiss.

Wyndham challenged the FTC’s authority to regulate unfairness in the data security context.  Wyndham further argued that the FTC could not bring unfairness claims unless and until it had promulgated regulations on the issue.  U.S. District Judge Esther Salas rejected both of these challenges, as well as Wyndham’s third challenge, that the FTC failed to sufficiently plead both its unfairness and deception claims.

Wyndham argued that section 5 of the FTC Act does not confer unfairness authority that covers data security.  Wyndham contrasted section 5 of the FTC Act to the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA), and the Children’s Online Privacy Protection Act (COPPA), all of which include specific authority for the FTC to regulate data security in certain contexts.  Wyndham argued that those statutes, which were enacted after the FTC Act, would be superfluous if the FTC had the general data security authority it seeks to wield in this case.  The court disagreed and ruled that the FTC’s general authority over data security can coexist with more specified authority in the FCRA, GLBA, and COPPA.

Wyndham also argued that the FTC had not provided fair notice of what data-security practices a business had to implement in order to comply with the FTC Act. . In rejecting that argument, the court held that the FTC was not required to engage in rulemaking before enforcing Section 5 in data-security cases, but could instead develop the law on a case-by-case basis. The court also found that fair notice was provided through the FTC’s public complaints, consent agreements, public statements and business guidance brochure. As such, the FTC was not required to also promulgate formal regulations. In addition, the court found that the FTC had pled with enough particularity to satisfy the heightened requirements in Rule 9(b), even though it was no persuaded that this action fell under that rule.

With respect to the deception claim, the ruling also touched on the respective liability between franchisors and franchisees, and issues we’ve written about recently.  Wyndham sought to exclude Wyndham-branded hotels from the case on the grounds that Wyndham Hotels and Resorts is a legally separate entity from Wyndham-branded hotels.  It therefore argued that statements on the Hotels and Resorts website privacy policy could not form the basis for deception claims, where personal information was accessed from Wyndham-branded hotels.  The court reviewed the language from the privacy policy to determine that a reasonable person could conclude that the privacy policy on the Hotels and Resorts website made statements about data security at both the Hotels and Resorts and the Wyndham-branded properties.  Despite the court’s claims of not providing the FTC with carte blanche to pursue companies that fall victim to hackers, the court’s ruling makes clear that when companies experience data breaches, they – and their franchisees – are now more, not less, likely to face the possibility of enforcement action by the FTC.
 

Spain's AEPD Publishes Draft Privacy Impact Assessment Guide

This post was written by Katalina Chin.

On 17 March, the Spanish data protection agency (la Agencia Española de Protección de Datos - AEPD) published a draft privacy impact assessment guide (Evaluación del Impacto en materia de Protección de Datos Personales). At the same time, the AEPD has initiated a public consultation, open until 25 April, to garner opinion and comments on the guide, after which they will issue a final version.

The guide sets out a framework to improve privacy and data protection in relation to an organisation’s technological developments, with the aim of helping them identify, address and minimise data protection risks prior to the implementation of a new product or service.

In this draft guide, the AEPD comments on the increasing importance for organisations to demonstrate their commitment to the rights of individuals whose personal data they process, and in meeting their legal obligations (essentially advocating the principle of accountability). In this regard, they advise that a developed privacy impact assessment will go a long way in evidencing an organisation’s good diligence, as well as assisting it to develop appropriate methods and procedures for addressing privacy risks.

It is not suggested, however, that the guide will provide the only methodology for carrying out a privacy impact assessment. Indeed, the AEPD says that they would be receptive to organisations who wish to develop an assessment specifically adapted to their business or sector, and they would be open to providing such organisations with guidance to ensure that they meet the minimum regulatory requirements.

As well as providing general guidance on privacy impact assessments, the guide sets out a set of basic questions, together with an ‘evaluation’ tool developed by the AEPD, whereby organisations can ‘check off’ and determine the legal obligations that must be met in order to implement their intended product or service in compliance with data protection legislation.

While this privacy impact assessment is not obligatory in Spain, this type of compliance review could become a legal requirement across the EU if the European Regulation on Data Protection remains as currently drafted (Article 33).
 

The ICO Sets Out Agenda for 2014-2017

This post was written by Cynthia O'Donoghue.

At the end of March, the UK Information Commissioner’s Office (ICO) released its corporate plan for 2014-2017 titled “Looking ahead, staying ahead” (the Plan). Information Commissioner Graham stated that the changes proposed are “about getting better results, for both consumers and for data controllers.”

As the UK’s supervisory body for upholding information rights, the ICO has a wide range of responsibilities. These include educating citizens and organisations about their rights and responsibilities under the various pieces of legislation, and also investigating complaints and taking enforcement action when things go wrong.

In the Plan, the ICO recognises that its role will evolve in light of the proposed EU General Data Protection Regulation and in relation to press regulation stemming from the Levison report. In order to be proactive in fulfilling its duties, the ICO has stated that there will be a “shift in focus, with cases brought to the ICO used to identify broader data protection problems and improve organisations’ current practices.”

The Plan details a number of specific changes and initiatives that organisations can expect to see over the next three years, including:

  • Closer work with organisations such as trade bodies and other regulators to improve compliance and develop privacy seals and trust marks
  • The introduction of an on-line, self-reporting breach tool to assist organisations in complying with the law
  • The development of new and existing codes of practice to ensure organisations have access to up-to-date advice
  • The reactive investigation of offences under the Data Protection Act 1998 and Freedom of Information Act 2000, along with initiatives for increased cooperation between the ICO and other regulators
  • The introduction of a monitoring process to check how quickly data controllers respond to subject access requests
  • A target of resolving 90% of data protection and freedom-of-information complaints within six months of being opened
  • The development of free training materials for organisations to use when training their own staff

Further reform in Australia

This post was written by Cynthia O’Donoghue.

Australia’s privacy protection reform laws came into force in mid-March, making significant changes to the regulation of data. Further reform is now on the horizon, with theAustralian Law Reform Commission (the Commission) publishing a discussion paper titled, ‘Serious Invasions of Privacy in the Digital Era’ (Discussion Paper).

The Commission is carrying out an inquiry at the request of the Australian government to find “innovative ways the law might prevent or redress serious invasions of privacy.”  Two of the Commission’s proposals are likely to be of particular concern to businesses.

First, the Discussion Paper proposes the introduction of a principle for the deletion of personal data. The principle would differ significantly from the ‘Right to Erasure’, one of the headline provisions contained in the proposed EU General Data Protection Regulation.

The current draft of the EU provision would allow citizens to request the deletion of any personal data held about them, where the data controller has no reason for retaining it. Data controllers would also be required to take reasonable steps to inform any third parties to whom they have passed the data of this request. In contrast, the Australian recommendation on data erasure would apply only to data that the citizen had personally provided to a data controller. The Discussion Paper calls for comments as to whether the data controller should be under a duty to inform third parties of this request.

Second, the Discussion Paper contains a proposal to introduce a new Commonwealth Statute which would apply to all territories in Australia. This statute would provide citizens with the ability to bring a cause of action against any individual or entity that seriously invades their privacy. The action would enable individuals to obtain damages independent of breach of the Australian Privacy Act.

The Commission is scheduled to deliver its final report to the Attorney-General in June 2014.

 

Safety of US-EU Safe Harbor Given Boost

This post was written by Cynthia O'Donoghue.

Following months of uncertainty about the future of the EU-U.S. Safe Harbor Framework, political leaders from the EU and the United States reiterated their commitment to the regime in a joint statement issued 26 March (the Statement).

EU-U.S. Safe Harbor is designed to essentially transpose EU data protection law into U.S. law so that organisations certified to the program are deemed to adequately protect personal data transferred from the EU to them in the United States. 

The future of the Safe Harbor regime was cast into doubt last year, following Edward Snowden’s revelations about the extent of NSA information gathering. In November 2013, the European Commission released a Strategy Paper which noted that “the current implementation of Safe Harbor cannot be maintained.” In particular, the paper pointed to shortcomings in transparency, enforcement and the use of the national security exception.

The situation became worse at the beginning of last month when a resolution of the EU Parliament drastically called for the “immediate suspension” of the Safe Harbor regime on the ground that it provides an insufficient level of protection to EU citizens.

The Statement is the latest development in the saga, with officials pledging to maintain the Safe Harbor framework subject to a commitment to strengthening it “in a comprehensive manner by summer 2014”. This demonstrates a slightly more diplomatic approach, which should be reassuring to businesses that currently rely on the Safe Harbor exception.

The Statement also confirms the commitment of the EU to introducing a new “umbrella agreement” for the transfer and processing of data in the context of police and judicial proceedings. The aim of this agreement is to provide citizens with the same level of protection on both sides of the Atlantic, with judicial redress mechanisms open to EU citizens who are not resident in the United States. Negotiations around this agreement commenced in March 2011, and are still on-going.
 

McCutcheon v. Federal Election Commission: The Political Parties Strike Back

This post was written by Christopher L. Rissetto, Lorraine M. Campos, and Robert Helland.

The Supreme Court decided last week in McCutcheon v. Federal Election Commission that aggregate donation limits, which capped the total on how much someone can contribute to candidates and political parties, per election, violated the free speech protections of the First Amendment, 572 U.S. ____(2014).  If this sounds familiar, it should:  the Court used similar reasoning in Citizens United v. Federal Election Commission, to hold that restrictions on corporate spending in political campaigns also violated the First Amendment's protection of political speech.  Citizens United, 558 U.S. 310 (2010).  Citizens United gave rise to the “Super PAC,” which can raise and spend unlimited amounts of funds on behalf of political candidates, provided their activities are not coordinated with any candidate or campaign committee.  Consider McCutcheon to be a counter-balance, at least for political parties: they can now similarly raise unlimited amounts from donors as Super PACs.  At the very least, donors should expect to get more fundraising calls and emails.

Individual and Aggregate Campaign Donation Limits, Pre- and Post-McCutcheon.  Limits on both campaign donations and expenditures were set by the Federal Election Campaign Act, 2 U.S.C. § 431 et seq. (“FECA”), and then amended by the Bipartisan Campaign Reform Act Public Law 107-155, (“BCRA”).  The donation limits apply to how much an individual may contribute to a political candidate, party committee or political action committee (“PAC”).  They also apply to how much these last three entities can give each other.

The Federal Election Commission lists the inflation-adjusted amounts an individual may contribute for the 2013-2014 election cycle

  • $2,600 per candidate/candidate committee per election (primary and general)
  • $32,400 per year to a national party committee
  • $10,000 per year to a state, district or local party committee
  • $5,000 per year to a political action committee

Those amounts are capped so that an individual may only donate:

  • $48,600 to all candidates; and
  • $74,600 to all PACs and party committees, for 2013-2014

It is these latter caps on total donations that were challenged by plaintiff Shaun McCutcheon and one of the party committees he wished to donate to, the Republican National Committee.  Chief Justice Roberts, writing for the Court, concluded that those limits were invalid under the First Amendment.

McCutcheon rejects reasoning that without aggregate limits, individual limits are useless.  The limits on campaign donations and expenditures first put into place under FECA were upheld by the Supreme Court in Buckley v. Valeo, 424 U.S. 1 (1976).  In McCutcheon, Chief Justice Roberts discusses the Court’s reasoning in Buckley but notes that “its ultimate conclusion about the constitutionality of the aggregate limit in place under FECA does not control here.” McCutcheon, 572 U.S. at 11.  That is because the aggregate limits that were amended by BCRA created “a different statutory regime.”  Further, a number of protections put in place under both FECA and BCRA:

  • Prohibit donors from creating or controlling multiple affiliated political committees (so-called “anti-proliferation” provisions found at 2 U.S.C. § 441a(a)(5)); and  
  • Prohibit donors from circumventing individual limits by donating to multiple political campaigns and then having those funds “earmarked” to a specific candidate (so-called “anti-earmarking” provisions found at 2 U.S.C. § 441a(a)(8))

Finally, the limits in place on how much political campaigns contribute to each other also serve as another layer of base contribution limits; i.e., even if a donor wanted contributions to be re-distributed to a different political campaign or committee, these entities are limited as to how much they can transfer between themselves.  Id. at 11-13.  So McCutcheon found that even without aggregate limits, donors are limited from exercising excessive influence with high levels of campaign contributions.  

The First Amendment presents a high hurdle to contribution limits. McCutcheon found significant First Amendment concerns were implicated by the contribution limits.  “[T]he aggregate limits prohibit an individual from fully contributing to the primary and general election campaigns of ten or more candidates, even if all contributions fall within the base [individual] limits,” it notes.  Further, “to require one person to contribute at lower levels than others because he wants to support more candidates or causes is to impose a special burden on broader participation in the democratic process.”  Id. at 15-16.  The only “legitimate government interest” that would support such contribution limits, the Court found, was “preventing corruption or the appearance of corruption.”  Further, the Court found, citing Buckley, that Congress may only target one type of corruption, quid pro quo corruption.  Here, “[s]pending such large sums of money in connection with elections, but not in connection, with an effort to control the exercise of an officeholder’s official duties, does not give rise to such quid pro quo corruption.”  In reaching this view, the majority rejected the dissent’s view of protecting the public’s interest in collective speech.  Instead, it notes that the First Amendment “does not protect the government,” but rather the individual.  Id. at 17-19.

From Citizens United to the Super PAC to an end to aggregate contribution limits.  What will the Supreme Court decide next?  Citizens United held that corporations, trade associations and labor unions could use their general treasuries to fund direct political advertising against political candidates provided that this was not coordinated with a candidate or campaign committee, so-called “independent expenditures.”  Citizens United.  The same year as the Court’s decision in Citizens United, the United States Court of Appeals for the District of Columbia held that as a result of Citizens United, the government could not limit contributions to PACs set up specifically to make such independent expenditures, so-called “Super PACs.” Speechnow.org v. FEC, No. 08-5223, D.C. Cir. (2010).  Now McCutcheon has gone the next step, ending aggregate limits for individual campaign donations.  With the last two remaining (and attractive) campaign finance restrictions being the ban on direct contributions from corporations and the individual limit on campaign donations, we do not expect the decision in McCutcheon to be the last word.  Justice Thomas in his concurring opinion suggests as much, noting:  “[t]his case represents yet another missed opportunity to right the course of our campaign finance jurisprudence by restoring a standard that is faithful to the First Amendment.  Until we undertake this reexamination, we remain in a 'halfway house' of our own design.” Concurring Opinion at 5. 
 

Brazil's Internet Bill: Latest Developments

This post was written by Cynthia O’Donoghue.

At the end of March, the Brazilian Chamber of Deputies voted in favour of the Marco Civil da Internet (Internet Bill), bringing the ground-breaking legislation one step closer to enactment. The Internet Bill will now progress to the Senate for approval.

In the wake of Edward Snowden’s revelations about global surveillance programs, the Internet Bill had included a provision that would have required organisations to store all data held on Brazilian citizens within the country’s border. This controversial requirement has been dropped by the Brazilian government in the latest version of the Internet Bill. However, the text voted on by the Chamber of Deputies now provides that organisations will be subject to the laws and courts of Brazil in cases where the information of Brazilian citizens is involved.

The Internet Bill will introduce a variety of measures to govern the use of the Internet, providing civilians with robust rights and implementing strict requirements for organisations to comply with. The legislation is the first of its kind, and has been hailed by the Brazilian Minister of Justice as a sign that Brazil is at the forefront of efforts to regulate the web democratically. The most important provisions in the legislation are:

  • A statement of the rights of web users, including freedom of expression and the confidentiality of online communications
  • The enshrinement of “net neutrality”, a principle that prohibits ISPs and governments from making a distinction between different types of data traffic. This will prevent organisations from being able to limit access to different websites based upon subscription plans.
  • Confirmation that ISPs cannot be held liable for content uploaded by third parties using their services unless they refuse to remove such content following a court order

EU nears finalisation of new law to promote anti-trust claims

This post was written by Edward S. Miller, Marjorie C. Holmes, Angela Gregson.

Member States’ ambassadors to the EU, known as the Committee of Permanent Representatives, have endorsed the agreement between the Council Presidency and representatives of the European Parliament on a proposed new EU Directive on rules governing actions for damages for infringements of competition law. The final text is expected to be voted through by the Parliament mid-April and could be formally adopted by the end of the year. Member States will then have two years to implement required national rules.

Click here to read the issued Client Alert.