Header graphic for print

Technology's Legal Edge

A Technology, Privacy, and Sourcing Blog

Zero rating and Internet.org

Posted in Telecoms

I have written about the perverse effects of “strong” net neutrality already  but a recent story  prompts me to add a few further thoughts.

Internet.org is a project led by Facebook to offer a completely free sub-set of the internet (including, presumably, Facebook itself) to people in emerging markets who might otherwise not be able to afford it.

The article above suggests that the concept has met strong criticism in India because, by zero-rating a sub-set of content  (ie not charging end users for the data transmission) but not others it is said to violate the “principle of net neutrality“.

Surely the most ardent advocates of net neutrality would agree that there is no sacrosanct principle at stake here? Net neutrality in and of itself is not a human right. Surely all would agree that if it makes sense at all it’s just a means to an end – the end being making the internet as open to innovation and to new services as possible?

If so then it seems extraordinary to me to criticise this initiative on the basis that it violates some sacred principle.  It may well be that internet.org deserves criticism – perhaps it really is a way to entrench facebook’s position in the minds of the not-yet-connected – but debate about it should focus on that not on whether or not in conforms to some arbitrary and invented standard of openness.

This blog piece is of course my own personal opinion.

Cloudy Days….Where Next for Outsourcing?

Posted in Cloud Computing, Strategic Sourcing, Technology and Commercial

Written by Kit Burden

In recent times, we have seen an increasing number of deals where the required services have been delivered from the cloud, i.e., from remotely hosted solutions, usually (albeit not always) offered on a “one to many” basis and on a subscription/usage based model. This is obviously a trend that has been building over the last few years in any event, but what is particularly interesting at this point is the way in which the size and sophistication of the cloud-based offerings has developed so as to encompass the kinds of services which might hitherto have been the subject of some form of outsourced service solution.

One can readily see why this might be the case. A driver for many outsourcing projects is the desire of the customer to “transform” its legacy IT infrastructure and to create additional flexibility….and this is clearly something which can be well facilitated by a shift to a cloud solution, where the need for the customer’s own infrastructure can be largely done away with. Even if the entirety of the outsourced solution cannot be shifted into the cloud, it is possible that elements of it at least can be.

So what then will the impact of this be upon the wider outsourcing market? Time will tell, but for the time being, there are at least two obvious consequences:

(1) Customer expectations on contract provisions are being challenged. Cloud service providers have – until recently at least – been able to promulgate some highly restrictive standard contract terms, relying in particular on the argument that their “one to many” service delivery model means that they cannot accept many of the traditional obligations and liabilities which a customer might expect. Customers who are therefore now looking to procure cloud based solutions for services which they might previously have outsourced can therefore get a nasty surprise when they see the contract provisions which are proposed to underpin the services. However, as the market matures (and in particular as competition grows and the size of the deals get larger), we see a more flexible approach developing from many if not all of the major cloud suppliers.

(2) There is increased pressure on those outsource service providers who have made best advantage of their offshore delivery capabilities and so as to make use of the labour arbitrage that offshoring provides. This has however in no small part been dependent upon the end customer having its own infrastructure and set of applications which needed support, even if to be done remotely. Clearly, the more that the customers embrace cloud solutions, the less of their own infrastructure and application stacks they will need….and the less demand in turn they will have for the “traditional” offshore outsource model.

Pandora’s Box is well and truly open in this regard.

Internet of Things: Business and Legal Framework Webinar

Posted in Internet of Things

The DLA Piper Internet of Things group just launched a series of webinars on legal and business issues of the Internet of Things. The first webinar will cover the Business and Legal Framework of the Internet of Things and will take place on Wednesday 22 April 2015 from 3.00 to 4.00pm UK time.

In order to tackle the massive potentials of the Internet of Things, DLA Piper created a global Internet of Things group which includes 70+ partners of our firm. The Internet of Things market needs expertise from different areas of law and therefore the members of the group are experts not only on tech and sourcing and privacy matters, but also, among others, on telecoms, intellectual property, cybersecurity, life sciences, open source, media, commercial, product liability and advertising law issues.

We already discussed on this blog about some of the legal issues of the Internet of Things and this first webinar will provide an overview of the Internet of Things market and the critical legal issues in this developing market such as privacy, data ownership and use, software licensing, cybersecurity and liability rules. Subsequent sessions will cover areas including The Role of Open Source, Connected Cars, Smart Homes, eHealth and Wearable Technology, more details will follow.

The speakers of this webinar include myself Giulio Coraggio together with our colleagues Giangiacomo Olivi and Mark Radcliffe and our guest speaker, Dr. Stan Schneider, CEO, Real-Time Innovations, Inc. who is on the Steering Committee of the Industrial Internet Consortium.

The webinars are free and delivered to your desk. You can access the slides on your PC and access the audio presentation by freephone number. There will be an opportunity at the end of each session to ask questions.

In order to register to the webinar, you need just to click HERE.

FTC Announces Office of Technology Research and Investigation

Posted in Privacy and Data Security, US Federal Law

This week the FTC Bureau of Consumer Protection announced a new office to bolster the technological expertise of the Bureau and the FTC regional offices handling law enforcement investigations.  The Office of Technology Research and Investigation (OTRI) replaces the Mobile Technology Unit (MTU) and will take on new technology in addition to mobile technology.  The work of the Office will be used to protect consumers in emerging areas including the Internet of Things (“IoT”), connected cars, smart homes, algorithmic transparency, emerging payment methods, and big data.  The OTRI will continue the MTU’s work in support of FTC staff reports on privacy and data security, which has previously included the Kids Apps Privacy Reports, the Mobile Shopping Report, and the IoT Report.  The OTRI will operate in close coordination with the FTC’s Chief Technologist and we expect to see even greater technical sophistication from the FTC as a result.

Internet of Things: Business and Legal Framework Webinar

Posted in EU Data Protection, Internet of Things, Privacy and Data Security, Technology and Commercial, Telecoms

The DLA Piper Internet of Things group just launched a series of webinars on legal and business issues of the Internet of Things.  The first webinar will cover the Business and Legal Framework of the Internet of Things and will take place on Wednesday 22 April 2015 from 3.00 to 4.00pm UK time. Continue Reading

EUROPE: EU-US data flows at risk? European Court of Justice today heard Facebook case.

Posted in EU Data Protection, International Privacy

By Patrick Van Eecke and Julie De Bruyn

Today the Schrems v. Irish Data Protection Commission case was brought before the Court of Justice of the European Union (‘CJEU’) for an oral hearing, following referral by the Irish High Court. While the final ruling by the CJEU is to be awaited until June 24, it is expected that it may impact the (further existence of the) Safe Harbor Decision governing EU-US data flows. This may affect not only US companies participating in the PRISM program, but also other US organisations that rely on their Safe Harbor certification for EU-US personal data flows.

The proceedings were initiated by Maximilian Schrems – an Austrian privacy activist with a PhD in law – who contacted the Irish Data Protection Commission (DPC), i.e. the data protection authority (DPA) which has regulatory competence of Facebook Ireland Ltd in Ireland. Mr. Schrems, a Facebook user, expressed his concerns to the Irish DPC about the transfer of his data to Facebook in the US, referring to the mass surveillance of data by the NSA, and asked the Irish DPC to stop Facebook Ireland Ltd from transferring his personal data to the Facebook US headquarters. Following refusal by the Irish DPC to grant the request, Mr. Schrems brought the case before the Irish High Court, which subsequently referred the following questions to the CJEU:

  1. Is a DPA bound by an adequacy decision of the European Commission for a third country if it is claimed that the laws and practices of such third country do not contain adequate protection for the individuals concerned?; and
  2. May DPAs alternatively conduct their own investigation of the adequacy of a third country in light of factual developments since the Commission Decision on the adequacy of that third country was published?

Today’s oral hearing before the CJEU was attended by the 12 parties who had previously laid down written submissions (including 7 EU Member States, the European Parliament, European Commission, Mr. Schrems and the Irish DPC) as well as by other organisations such as the European Data Protection Supervisor. Each of the parties clarified their position during the hearing of today, and the topics on the table included the validity of the Safe Harbour Decision, its binding nature, the current adequacy level of the US and the powers of DPAs to suspend data flows to Safe Harbour certified organisations under certain circumstances.

The European Commission in particular was placed in the hot seat today, having to justify its adequacy decisions and to respond to a series of questions by the CJEU.

The ruling of the CJEU in the present case is expected on 24 June. While the validity of the Safe Harbour Decision does not form the subject matter of the present case, it is nevertheless expected that the ruling may have an impact on the further existence of the Decision, especially considering that when the European Commission could not confirm that the US still provides for an adequate level of protection, when asked by the CJEU.

We note that Mr. Schrems is also the initiator of a second lawsuit against Facebook, a class action involving over 25,000 participants, claiming that Facebook is in violation with European data protection laws. A first hearing of this lawsuit will take place on 9 April before the Austrian courts. Updates on this lawsuit can be found on our blog.

For further information, please contact patrick.vaneecke@dlapiper.com or julie.debruyn@dlapiper.com.

Middle East – Telecoms Tegulatory Round-Up

Posted in Telecoms

Eamon Holley of DLA Piper briefly reviews some key developments in four Gulf telecoms markets during 2014 and looks to what might lie ahead in 2015.



Bahrain’s TRA has a reputation for being a dynamic and forward looking regulator.  It upheld this reputation in 2014 by publishing a series of very interesting reports considering regulation of the new telecoms world. Over The Top (“OTT”) services, like Skype, Whatsapp, Netflix, cannot be regulated in the same way as traditional telco services, but they appear to be here to stay.  Recurring regulatory issues include consumer protection, licensing and Government revenue raising, competition and national security.  The TRA considered how some of these issues may be addressed in the region.

Bahrain continued to focus on further strengthening its current framework through the publication of new fining guidelines, inter-operator dispute resolution guidelines, the continued reviews of competition in certain markets which  resulted in the lifting of some regulations from Batelco in some broadband markets, and consultations on a bulk messaging regulations and in-building access.

It is expected that at some point in 2015 Bahrain will announce the launch of a National Broadband Network (“NBN”) in conjunction with Batelco.


Saudi Arabia

In late 2014 Saudi Arabia’s CITC launched two consultations; one on interconnection, and the other on access to physical infrastructure.  For those who don’t know, interconnection is the connection of different networks, allowing users on different networks to call each other.  Access to physical infrastructure is where operators open (provide access to) parts of their network, like their ducts, in order to for another operator to use them, for example to install their own fiber.  Sounds easy, right?  It’s not.  Incumbents want to protect their positions, challengers want to attack these positions, and so negotiations are often slow and tricky.  Clear rules on interconnection and access are therefore essential. The CITC’s consultations will be critical in reviewing what’s working and what isn’t, ultimately with a view to strengthening fair competition between operators for the benefit of consumers.  The consultations were due to end in early February 2015.



This market is in a real state of transition.  In May 2014 the Kuwaiti Government published its long awaited Telecommunications Law, with a view to establishing an independent telecoms regulator.  The regulator’s board has been established, but the executive regulation required to fully effect the new law is not yet published.  The new law says that the regulator will take over from the Ministry of Communications 6 months after the executive regulation is published and in the meantime parts of the old regulatory regime that are not inconsistent with the new law will remain in effect.  Kuwait already has three mobile operators and a number of ISPs but only one fixed line operator, which is the Ministry of Communications itself.  It will be interesting to see whether and how the fixed line market opens up.



In April 2014 the Omani Government incorporated an NBN Co however little is available in the public domain about how or what precisely it will do.  The industry is watching this closely to see exactly what will be implemented.


With two new NBN Cos expected to become operational in Bahrain and Oman, a new regulator in Kuwait and potentially a new access regime in Saudi Arabia, there is a lot to keep an eye on in 2015.


Eamon Holley, Legal Director, DLA Piper Middle East LLP

Back to Top of Page