EU/Competition: Digital agenda and Telecom
On 16th July 2020, the CJEU delivered 16.07.20 its judgment in the Schrems II case (C-311/18). Most organisations rely on data transfer agreements – SCC/Standard Contractual Clauses – to transfer personal data to countries outside the EEA. Organisations which transfer personal data to the US can also often rely on the EU-US Privacy Shield. The CJEU was asked to consider if law and practice in the US relating to access to personal data by the intelligence services should mean that either, or both – of these mechanisms should be invalidated. The decision concludes that the Privacy Shield is invalid. SCCs remain valid. However, the CJEU sets out a heavy burden on data exporters which wish to use SCCs; the data exporter must consider the law and practice of the country to which data will be transferred, especially if public authorities may have access to the data. Additional safeguards, beyond the SCCs, may be required. The Commission has also been working on modernizing the SCCs, which date back to 2010 and do not reflect the GDPR requirements. The result was postponed until the Schrems II case was resolved, but we should now expect updated clauses, although the exact timing for the new SCCs is unclear. Companies and organizations will also need to adapt to the successor SCCs in a second phase. The European Data Protection Board (EDPB) published 24.07.20 a set of FAQs on the judgment. The key takeaways are: (i) The CJEU’s assessment of U.S. law must be taken into account for any transfers of personal data to the U.S., irrespective of the transfer mechanism used. (ii) There is no grace period for companies that relied on the EU-U.S. Privacy Shield framework. (iii) Companies can rely on the derogations set forth under Article 49 of the GDPR, provided that the conditions as interpreted by the EDPB in its guidance on Article 49 of the GDPR are met. When transferring personal data based on individuals’ consent, such consent should be explicit, specific to the particular data transfer(s) and informed, particularly regarding the risks of the transfer(s). (iv) Companies should verify whether the processors they use (and their respective sub-processors) transfer data to the U.S. If that is the case and such transfers are not considered adequate (because supplementary measures cannot be provided or because no derogations under Article 49 of the GDPR apply), companies must re-negotiate their contracts to forbid transfers to the US. Visit the EDPB FAQs here. Visit the judgment here.
The sector inquiry, launched 16.07.20, will cover products such as wearable devices (e.g. smart watches or fitness trackers) and connected consumer devices used in the smart home context, such as fridges, washing machines, smart TVs, smart speakers and lighting systems. The sector inquiry will also collect information about the services available via smart devices, such as music and video streaming services and about the voice assistants used to access them. If, after analysing the results, the Commission identified specific competition concerns, it could open case investigations to ensure compliance with EU rules on restrictive business practices and abuse of dominant market positions (Articles 101 and 102 TFEU). In the coming weeks, the Commission will send requests for information to a range of players active in the Internet of Things for consumer-related products and services throughout the EU. The companies concerned may include, for example, smart device manufacturers, software developers and related service providers. Under EU antitrust rules the Commission can require companies and trade associations to supply information, documents or statements as part of a sector inquiry. The inquiry does not cover the EEA/EFTA states. ESA may open a similar sector inquiry for this countries. In any event, any policy initiatives or major enforcement steps will be taken by the Commission. Read more here.
The Commission adopted 20.07.20 a communication on the protection of confidential information by national courts in proceedings for the private enforcement of EEA competition law. In this regard, national courts are likely to receive requests for disclosure of evidence containing confidential information. The Commission sees it as very important that national courts strike the right balance between the claimants’ right to access relevant information and the right of a party to protect confidential information. To support national courts in this task, the Commission has adopted a Communication seeking to provide practical guidance to national courts in selecting effective protective measures, considering among others the specific circumstances of the case, the type of information requested, the extent of the disclosure, the parties and relationships concerned as well as any administrative burdens and cost implications. The Communication presents a number of measures (e.g. redactions, confidentiality rings, use of experts, closed hearings) national courts may, depending on their procedural framework, order to protect confidential information in the context of disclosure requests throughout and after the closing of the proceedings, and it describes how and when such measures could be effective. The Communication is not binding for national courts and does not modify or bring about changes to the procedural rules applicable to civil proceedings in the different EEA countries. Visit the guidance paper here.
The Commission launched 23.07.20 a public consultation inviting interested parties to comment on draft revised EEA guidelines on regional State aid (the “Regional Aid Guidelines”). The guidelines are key for the assessment of many Norwegian financial mechanisms for regional policies. Stakeholders can respond to the consultation until 30.09.20. Visit the consultation here.
The European Securities and Markets Authority (ESMA), the EU’s securities markets regulator, published 15.07.20 its final Guidelines on disclosure requirements under the Prospectus Regulation. The Guidelines provide guidance to financial market participants regarding the disclosure of financial and non-financial information in the prospectus. The Guidelines cover a variety of financial and non-financial topics, including: Pro Forma information; Working capital statements; Capitalisation and indebtedness; Profit forecasts and estimates; Historical financial information; Operating and financial review; Options agreements; and Collective investment undertakings. Visit the guidelines here.