Photo of Alistair Maughan

Geo-blocking is the practice of preventing Internet users in one jurisdiction from accessing services elsewhere based on the user’s geographic location. The European Commission wants to eliminate geo-blocking within the EU—and has taken a significant step forward in its plans to do so by clearing key votes in the EU legislative process.

By the end of 2018, we expect that online retailers will need to ensure that they phase out the use of geo-blocking across the EU except in limited circumstances.

These changes are part of a wider programme of reform affecting all businesses operating in the Technology, Media, and Telecoms sectors in Europe.

Background

The European Commission launched its Digital Single Market (“DSM”) strategy in May 2015. We have written a number of articles following the DSM’s progress: at its inception, one year in, and in 2017 following a mid-term review.

Continue Reading EU Regulation Reform—Unjustified Geo-Blocking to Be Phased Out by End of 2018

The European Union (EU) has made reform of the e-commerce rules in Europe one of its main priorities for 2018.

The European Commission has already published two proposed Directives relating to cross-border e-commerce but legislative progress has been slow—a situation that the Commission plans to correct in 2018.

The Commission’s stated aim is to establish a more harmonised set of rules for the supply of digital content and sale of online goods across the EU, and to make it easier and less costly for businesses to engage in cross-border commerce. But what most e-commerce providers will focus on is the increased rights for EU consumers, particularly in the context of defects. The new rules will apply to online e-commerce providers, whether EU-based or not.

These changes are part of a wider programme of reform affecting all businesses operating in the Technology, Media and Telecoms (TMT) sectors in Europe.

Background

The European Union’s 2018 Work Programme sets out a challenging agenda of legislative and regulatory change for the TMT sectors, to be delivered in conjunction with the EU’s Digital Single Market (DSM) strategy. The Work Programme includes a list of the pending legislation that the Commission wants to have delivered most swiftly to European citizens as part of the DSM strategy. Any business with digital or technology operations in the EU will need to monitor and react to the EU’s planned changes.

The Commission launched its DSM strategy in May 2015. We have written a number of articles following the DSM’s progress: at its inception, one year in and in 2017 following a mid-term review. With the Commission still waiting for a number of its proposals to be delivered, 2018 is a key year in the life of the DSM.

The DSM strategy is broken down into three “pillars” and 16 Key Actions. The first “Key Action” is to develop rules to make cross-border e-commerce easier, including harmonised rules on contracts with consumers and other consumer protection when buying online. Two proposed Directives relating to cross-border e-commerce were issued relatively quickly – firstly, a proposed Directive on the supply of digital content (Digital Content Directive) and, secondly, a proposed Directive on online and other distance sales of goods (Online Goods Directive) (together, the “Proposed Directives”).

In a 2016 blog post we explored the scope, content and likely impact of the Proposed Directives across the EU generally (and in the UK and Germany specifically). In this alert, we review the progress that has been made so far and look ahead at the likely impact of these Directives in 2018.

The Digital Content Directive

At present, some EU Member States (such as the UK, the Netherlands and Ireland) have introduced legislation to govern the sale of digital content to consumers; other member states apply existing rules on the sale of goods or services that were not intended for digital content. That makes it very hard to apply EU-wide principles on the sale of digital content. Depending on the member state, the sales contract could be considered as a sales contract, as a services contract or as a rental contract. And then there’s the question of whether consumer sales law is applicable to digital content: in Germany and in Italy, a consumer is protected under consumer sales law when it comes to digital content, and the courts qualify intangible goods as a moveable object; whereas in Norway, the online supply of digital content is considered a service contract, and consumer sales law is not applicable.

The draft Digital Content Directive will harmonise the rules that apply to the provision of digital content to EU consumers, including rules on the remedies to which consumers are entitled for allegedly defective content. If any digital content is defective, firstly the EU consumer will be able to request that the defect be fixed – with no time limit on the ability to make that request—and, secondly, the burden of proof is reversed so that it will be the supplier’s responsibility to prove that the defect did not exist at the time of supply. See a more detailed summary here.

The rules would apply: (i) regardless of the method of sale, and (ii) to both digital content sold to the consumer (i.e., licensed on a perpetual basis) and digital content supplied under a temporary licence on a subscription basis. Currently, most EU Member States do not have national consumer protection legislation specifically concerning sales or subscription of digital content to consumers (the issue tends to be covered by sales of goods or services rules).

European Council: General Approach

After the Commission issued the draft Digital Content Directive in December 2015, there was steady progress through 2016 and various committees debated or “took stock” of the proposal.

In March 2017, the European Data Protection Supervisor raised concerns with the proposal – namely that the provision of data as “counter-performance” was problematic (as discussed further below) and that there was a potential overlap in scope with the incoming General Data Protection Regulation.

However, the first major development on the Digital Content Directive took place in June 2017, when the European Council clarified the EU’s position on the proposal as follows:

  • Scope. The scope of the Digital Content Directive includes so-called “over-the-top” interpersonal communication services (such as voice and video calling, text messaging, email and social networking), bundle contracts and the processing of personal data. However, the Council recommended that embedded digital content (meaning, digital content or services that are pre-installed in goods such as smart fridges) should be excluded, leaving these issues to be governed by the rules on the sale of goods. Additionally, the Council explicitly stated that the proposal would not affect existing national and EU laws on copyright and related rights.
  • Non-conformity. The Digital Content Directive, as initially drafted, allowed subjective conformity criteria (i.e., criteria that are agreed in an individual contract) to prevail over objective conformity criteria (i.e., criteria that are stipulated by law). The Council rejected the idea that subjective conformity takes priority, requiring compliance with both subjective and objective criteria for conformity, unless the latter is expressly waived in advance by the consumer.
  • Remedies. The Council suggests that suppliers should have a second chance to supply the digital content or service in certain situations and proposes eliminating the strict hierarchy of remedies for lack of conformity that were initially proposed by the Commission.
  • Time limits. The Council proposes both that there should be a one-year time limit in relation to the reversed burden of proof on suppliers and also that any warranty or limitation period relating to the liability of the supplier must be at least two years under applicable domestic law. It stopped short of suggesting that warranty periods should be mandatorily harmonised across the EU.

European Parliament: Joint Report

The next key development took place in November 2017 when the two committees within the European Parliament that are responsible for progressing the proposed Digital Content Directive (being the Internal Market and Consumer Protection Committee (IMCO) and Legal Affairs (JURI)) adopted a joint report on the proposal. A number of compromise amendments to the draft Digital Content Directive were prepared on the basis of the report, of which the main ones were:

  • Emphasis on data protection. The provisions on data protection in the draft Digital Content Directive should be prioritised over the contract law provisions.
  • Provision of data as counter-performance. The Digital Content Directive was drafted to cover digital content that is provided for non-monetary consideration, such as when a consumer provides his/her data to a supplier in exchange for access to content. The compromise amendment suggested in the report is to limit the provision of data as counter-performance to only personal data.
  • Latent defects. The draft provisions on a supplier’s liability for latent defects were removed, allowing Member States to retain or introduce domestic laws on liability for such defects.
  • Non-conformity. Consistent with the Council’s approach, the report suggests that all subjective and objective criteria for conformity must be met, unless the consumer expressly consents to waive compliance with such objective criteria in advance.
  • Time limits. Also in keeping with the Council’s approach, a time limit was introduced in connection with the proposed reversal of the burden of proof. However, the report suggests a time limit of two years (rather than the Council’s proposal of one year) and introduces an additional time limit relating to trader liability for defects of one or two years.
  • Embedded digital content. The scope of the draft Digital Content Directive was expanded to cover digital content embedded in tangible goods, in contrast to the amendment proposed by the Council.

Next Steps

The report was referred to the European Parliament, Council and Commission to commence informal trialogue talks, which are now expected to take place in the first part of 2018.

The Online Goods Directive

The draft Online Goods Directive will apply new rules to goods sold online or otherwise at a distance to EU consumers. Face-to-face sales are not covered, nor are contracts for the supply of services.

The key provisions of the Draft Online Goods Directive include a reversal of the burden of proof (i.e., the onus will be on the seller to prove that any defect didn’t exist at the time of sale) for two years; consumers won’t lose their rights if they don’t inform the seller of a defect within a certain period of time (as is currently the case in some Member States); if the seller is unable or fails to repair or replace a defective product, consumers will have the right to terminate the contract and be reimbursed also in cases of minor defects. See a more detailed summary here.

The draft Directive replaced the Commission’s previous attempt at harmonisation, which took the form of a proposed Regulation on a Common European Sales Law. The EU Parliament’s IMCO published its draft report on the Directive in November 2016, supporting the full harmonisation measures envisaged, but suggesting an expansion of the scope of the Directive to cover offline sales. This was driven by the desire for consistency – the idea that a common set of rules across Member States would be valuable for online, distance and face-to-face sales alike, rather than having a fragmented legislative framework that would vary depending on the method of sale.

After publishing its draft report, IMCO tabled over 200 amendments to the draft Online Goods Directive during a committee meeting in January 2017, and more in July 2017 (mostly relating to the expansion of the scope of the draft Directive to offline sales).

The Commission subsequently released an amended proposal on 31 October 2017. Although the main elements of the Online Goods Directive were unaltered, the amended proposal did provide for the following noteworthy changes:

  • Offline sales. In alignment with the suggestions in the draft report, the scope of the proposed Directive was expanded to cover offline sales. As a result, Directive 1999/44/EC on consumer sales and guarantees would be fully repealed (whereas before, it would have been only partially amended).
  • Second-hand goods. Member States will have the option of narrowing the scope of the Online Goods Directive to exclude contracts for the sale of second-hand goods sold at public auction.

Next Steps

The amended proposal has been resubmitted to the European Parliament and Council. We await a decision from the European Economic and Social Committee, after which the European Parliament will need to vote on the proposal at first reading.

What Should We Expect in 2018?

We will be keeping tabs on the Proposed Directives as they progress under the ordinary legislative procedure, although, because there is no time limit on the first reading stage, it is difficult to predict exactly when we will see movement.

It is also difficult to predict the impact of the Proposed Directives on the UK. The UK is, of course, due to leave the EU in March 2019, which is likely to be before the Proposed Directives are implemented. It will therefore be for the UK to decide the extent to which it wishes to reflect the provisions of the final Proposed Directives in national law, if at all. The commercial benefits of harmonisation with EU Member States will need to be weighed carefully against the drawbacks of overhauling consumer laws so soon after the changes introduced by the UK Consumer Rights Act 2015.

iStock_000048822690_smThe European Commission has announced new draft laws that would give consumers new remedies where digital content supplied online is defective or not as described by the seller.

On Dec. 9, 2015, the European Commission proposed two new directives on the supply of digital content and the online sale of goods. In doing so, the Commission is making progress towards one of the main goals in the Digital Single Market Strategy (the “DSM Strategy”) announced in May 2015: to strengthen the European digital economy and increase consumer confidence in trading across EU Member States.

This is not the first time that the Commission has tried to align consumer laws across the EU; its last attempt at a Common European Sales Law faltered earlier this year. But the Commission has now proposed two new directives, dealing both with contracts for the supply of digital content and other online sales (the “Proposed Directives”).

National parliaments can raise objections to the Proposed Directives within eight weeks, on the grounds of non-compliance with the subsidiarity principle—that is, by arguing that that regulation of digital content and online sales is more effectively dealt with at a national level.

Objectives

Part of the issue with previous EU legislative initiatives in this area is that “harmonized” has really meant “the same as long as a country doesn’t want to do anything different.” This time, the Proposed Directives have been drafted as so-called “maximum harmonization measures,” which would preclude Member States from providing any greater or lesser protection on the matters falling within their scope. The Commission hopes that this consistent approach across Member States will encourage consumers to enter into transactions across EU borders, while also allowing traders to simplify their legal documentation by using a single set of terms and conditions for all customers within the EU.

An outline of the scope and key provisions of each of the Proposed Directives, as well as the effect on English law, are summarized after the jump.

Continue Reading Harmonizing B2C Online Sales of Goods and Digital Content in Europe

The cloud computing market is evolving rapidly. New as a service (aaS) platforms are appearing and the dichotomy between public and private cloud domains has been fractured into many different shades of hybrid cloud alternatives. And while many of the key issues – privacy risk, data location, service commitment – remain the same, service providers’ commercial offerings are becoming more flexible.

Over the past 18 months, we have even started to see changes in the “take it or leave it” approach to cloud contracts. Negotiations of cloud contracts have started to occur. But at this stage in cloud computing’s evolution, even more so than for traditional ICT contracting, the key is to know what can be negotiated and how much.

Cloud Market

The global cloud computing market is reportedly worth approximately $157 billion in 2014, and is expected to reach $290 billion by 2018. The market is growing at an annual rate of almost 50%. North America continues to represent the largest share of the global cloud market with over 50% of the market, followed by the EMEA region with approximately 29%.

Software as a service (SaaS) is still the biggest sell, followed by infrastructure as a service (IaaS) and platform as a service (PaaS). The Big 3 aaS cloud offerings represent 90% of the global cloud market according to a recent survey.

Flexibility and cost savings are still the main drivers for customers selecting cloud services – while security and privacy remain the top concerns. Interestingly, some customers are starting to consider cloud offerings as a means of improving the security of their data, taking the view that leading cloud providers have more expertise in protecting data and are able to invest more heavily in evolving technologies.

As the cloud market continues to grow in volume terms, the diversity of the market offerings is also increasing.  There is more competition than ever before in most of the main cloud market segments, with well-publicized price cuts, more service offerings and many, if not most, software providers examining ways to move into service-based offerings. Traditional market leaders, such as Microsoft and IBM, experience year-on-year growth. Reputation and cost are the key factors in cloud vendor selection, followed by performance assurance related issues.

In general, most large cloud providers are showing a renewed focus on multinational clients and also want to move up the value chain and target larger institutional clients. Outsourcing arrangements now increasingly encompass a cloud computing element, and some cloud providers are prepared to offer managed services to mimic elements of so-called “traditional” outsourcing.

Genuine adoption by regulated entities, especially financial services institutions, is the next big target; although the take-up is not helped by the reticence of regulators in some key global markets (with the notable exception of the United States) to provide a road map to assist regulated entities’ engagement of the cloud model.  Nevertheless, reticence to adopt a multi-tenanted cloud solution in regulated sectors is being eroded by the availability of aaS models available through virtual private cloud services and dedicated servers.

Cloud Contracts

It remains axiomatic that contracts for cloud computing services are generally implemented on the provider’s terms. Even projecting forward at the current rate of evolution, it is hard to see that core principle changing.  However, contract terms are increasingly negotiable to some extent; although the degree of negotiability pales in comparison with the contracting model in traditional services-based outsourcing.

In our experience there continues to be a (resigned) acceptance from most customers of the providers’ terms, i.e., the terms are what they are, and there’s a general recognition that that is the place to start. After all, if a customer organization expects customization of services and a genuine negotiation of service terms, then maybe the cloud is not the right place to be considered as a solution for those specific services.

Nevertheless, we have experienced greater negotiability compared to 18 months ago, and we anticipate that trend continuing in the future. The contracting areas where we perceive the most scope for negotiation tend to be commercially oriented issues such as price, privacy and security, scope and service levels, and liability caps. Technical areas, such as the variability of service elements that depend on specific data center features, do not lend themselves to negotiation because the shared service nature of cloud facilities limits the ability of providers to agree on changes in those areas. These are areas where customers often show their naivety of how cloud computing works by asking for changes that directly contradict the commoditized nature of the service offering.  That said, some providers do not help themselves by justifying their refusal of almost every requested change based on the invariability of the technical solution, even when an issue is plainly commercial and not technical.

Among the key issues that recur in cloud contract negotiations are:

  • Customer control and visibility over subcontracting: there is a general reluctance of providers to allow approval of, or even to identify, subcontractors.  Often, that can be for very good reasons, especially in a public cloud situation;
  • The limitation of the provider’s ability to change the nature of the services provided. Again, there may be very valid reasons for this depending on the nature of the services, but, typically, the negotiation ought to focus on the commercial implications of such changes rather than the basic right itself;
  • Privacy and data security commitments by the provider;
  • Rights of the provider to suspend services under circumstances such as non-payment or violation of an acceptable use policy;
  • Limitation of liability;
  • Termination assistance provisions allowing the customer to extend service for a period after termination or expiration to allow migration to the replacement solution; and
  • The stretching of some common contracting provisions into some pretty unfamiliar directions. One motto to bear in mind when reviewing cloud terms is “never assume that you know what’s in a provision based on its heading.” Force majeure provisions are a good example. You may have thought that it would be hard to reinvent force majeure, but in some cloud instances force majeure seems to be elastic-sided enough to capture “changes in the taxation basis of services delivered via the Internet” as a force majeure event.

Another area where some providers have not helped their industry’s cause is in the proliferation of complex, multi-document contract structures which are often poorly updated and oddly worded. Customers need to wade through the many pieces of paper and URL links, and with a lack of consistency among the documents frustration mounts and patience wears thin. These multi-layered contract structures are unwieldy and often, when quizzed, even the providers’ representatives cannot navigate their way around them. It would be beneficial if the cloud industry generally – and some notable large cloud providers specifically – were to address this contracting approach over the next couple of years.

Privacy and Security

MoFo’s Global Privacy Group has already written extensively about the privacy implications of moving data to the cloud. The conjoined issues of privacy and security remain center stage in most cloud contract negotiations. The key issues generally are who is responsible for data security and how obligations should be allocated between service provider and customer. Importantly, there may be a different analysis between different types of cloud services, e.g., between IaaS and SaaS for example. But it is worth understanding the exact commercial and legal implications of a provider that commits only to be responsible for the “security of our network” and expects its customer to be responsible for the “security of its data.”

Typically, of course, providers are more willing to take responsibility for the integrity of their networks, while attempting to steer clear of obligations in relation to data. However, some service providers now accept that a failure to improve their privacy offerings may compromise future growth in certain markets and be a competitive disadvantage.

So, for example, there is an increased willingness to adopt the EU model clauses for data transfer, and most of the large cloud providers are reacting to commercial pressures from Europe-based clients to offer services from ring-fenced European data centers. Despite this, there is still a lack of appreciation among many customers of the difference between commitments in relation to data “at rest” (i.e., where the data are stored) and where data can be accessed from.

Performance

In general, most cloud contracts are still relatively light in terms of service level commitments, with availability being the main measurement metric. There is no sign yet of widespread (or, indeed, early stage) acceptance of the EU’s standardized SLA suggestions.

In terms of remedies for service failure, the concept of providing credit via further services or contract extension is still prevalent despite the illogicality (from a customer perspective) of accepting more of the same as a service remedy.

Conclusion

The old maxim “Be careful what you wish for” applies to the cloud market at this stage of development. Many commercial users of cloud services have chafed at the “take it or leave it” approach to cloud contracts. But, now that some degree of negotiation is becoming possible in some areas of the cloud market, it is clear that users need to understand more than ever what can realistically be negotiated.

At the same time, users need to clearly distinguish their reasons for adopting cloud solutions in the first place and understand the specific sector of the market that they are seeking to access. If users perceive the risks to be so great that contract negotiation seems essential before putting services in the cloud, it is possible that they need to consider whether the services that they have in mind properly belong there in the first place.

In general, customers need to approach cloud computing transactions with realistic expectations. It is unrealistic to expect to re-negotiate a provider’s cloud contract terms materially on a project with a relatively low cost/value.  Providers are either technically constricted or simply commercially unwilling to devote expensive commercial management time or legal resources to negotiate the terms of a project with a relatively low margin or revenue generation.

 

 

In November 2012, we wrote an Alert about the European Commission’s Communication on Cloud Computing intended, it said, to “… unleash the potential of cloud computing in Europe”.  Sceptics were doubtful that the cloud industry needed much help from European regulators to thrive.

Twenty months later, the Commission has begun to deliver on its key actions in the Communication with the publication of its Cloud Service Level Agreement Standardisation Guidelines.

How helpful are these Standardisation Guidelines to the cloud sector at this point in its development?

The recently-issued Cloud Service Level Agreement Standardisation Guidelines have their origin back in November 2012.  At that time, the European Commission issued a Communication setting out a road map for the future growth of cloud computing in Europe.

In the 2012 Communication, the Commission set out a number of key actions, including to cut through the jungle of standards and to promote safe and fair cloud contracts.  The Commission believes that the development of model terms for cloud computing – and, specifically, service level agreements in the cloud sector – is one of the most important issues affecting the future growth of the cloud industry in Europe, and that standardising the approach to cloud services will enable buyers of cloud computing services to make fair comparisons between different providers’ offerings.

Continue Reading EU Cloud Standardisation Guidelines

Cisco estimates that 25 billion devices will be connected in the Internet of Things (IoT) by 2015, and 50 billion by 2020. Analyst firm IDC makes an even bolder prediction: 212 billion connected devices by 2020. This massive increase in connectedness will drive a wave of innovation and could generate up to $19 trillion in savings over the next decade, according to Cisco’s estimates. 

In the first part of this two-part post, we examined the development of, and practical challenges facing businesses implementing, IoT solutions. In this second part, we will look at the likely legal and regulatory issues associated with the IoT, especially from an EU and U.S. perspective.

The Issues

In the new world of the IoT, the problem is, in many cases, the old problem squared. Contractually, the explosion of devices and platforms will create the need for a web of inter-dependent providers and alliances, with consequent issues such as liability, intellectual property ownership and compliance with consumer protection regulations. Continue Reading The Internet of Things Part 2: The Old Problem Squared

The Internet of Things (IoT) is the network of everyday physical objects that surround us and are increasingly being embedded with technology to enable those objects to collect and transmit data about their use and surroundings. TVs connected to the Internet and refrigerators connected to online delivery services are just the start of it. In the new world of the IoT, the possibilities are enormous, and the technology industry has so far only scratched the surface of what “machine-to-machine” (M2M) interconnectivity could achieve.

But the ingenuity and innovation which companies will apply to turn the IoT into practical reality is constrained by law and regulation. Existing issues may take on new dimensions and, as technologies combine, so will the legal consequences of those technologies.

In this post, we look at the prospects for the IoT. In a second post to be published shortly, we will examine the likely legal and regulatory factors that will affect the development and growth of IoT technology and the markets that such technology will create. Continue Reading The Internet of Things Part 1: Brave New World

On March 27, 2014, the highest court in the European Union—the Court of Justice for the European Union (CJEU)—decided that copyright owners have the right to seek injunctions against Internet service providers (ISPs) requiring the ISPs to block access to pirate websites illegally streaming or making copyright material available for download.

The case arose out of a dispute in Austria between two movie companies and an Austrian ISP, UPC Telekabel Wien GmbH. The movie companies were concerned about access to an illegal streaming site, Kino.to, which was making copies of films such as Vicky the Viking and The White Ribbon available to its subscribers. The Austrian Supreme Court had asked the CJEU whether the movie companies were entitled under European law to seek an injunction against the ISP, not just against the illegal streaming site.

EU law allows holders of intellectual property rights to seek an injunction against any “intermediary” that provides services to third parties and, in doing so, helps them to infringe copyrighted works. The Austrian Supreme Court asked the CJEU for a ruling on whether ISPs in this position were considered to be an intermediary for the purposes of the European legislation. Continue Reading The Umpire Strikes Back: European Court Rules That ISPs Can Be Forced to Block Pirate Websites

Peer-to-peer (“P2P”) business models based on the Internet and technology platforms have become increasingly innovative.  As such models have proliferated, they frequently result in clashes with regulators or established market competitors using existing laws as a defensive tactic.  The legal battles that result illustrate the need for proactive planning and consideration of the likely legal risks during the early structuring phase of any new venture.

Collaborative consumption, or the “sharing economy” as it is also known, refers to the business model that involves individuals sharing their resources with strangers, often enabled by a third-party platform.  In recent years, there has been an explosion of these P2P businesses.  The more established businesses include online marketplaces for goods and services (eBay, Taskrabbit) and platforms that provide P2P accommodation (Airbnb, One Fine Stay), social lending (Zopa), crowdfunding (Kickstarter) and car sharing (BlaBlaCar, Lyft, Uber).  But these days, new sharing businesses are appearing at an unprecedented rate; you can now find a sharing platform for almost anything.  People are sharing meals, dog kennels, boats, driveways, bicycles, musical instruments – even excess capacity in their rucksacks (cyclists becoming couriers).

The Internet and, more specifically, social media platforms and mobile technology has brought about this economic and cultural shift.  Some commentators are almost evangelical about the potential disruption to traditional economic models that the sharing economy provides, and it’s clear that collaborative consumption offers a compelling proposition for many individuals.  It helps people to make money from under-utilized assets and tap into global markets; it gives people the benefits of ownership but with reduced costs and less environmental impact; it helps to empower the under-employed; and it brings strangers together and offers potentially unique experiences.  There’s clearly both supply and demand, and a very happy set of users for a great many of these new P2P services.

However, not everyone is in favor of the rapid growth of this new business model.  Naturally, most of the opposition comes from incumbent businesses or entrenched interests that are threatened by the new competition or those that have genuine concerns about the risk posed by unregulated entrants to the market.  Authorities and traditional businesses are challenging sharing economy businesses in a variety of ways, including arguing that the new businesses violate applicable laws, with accommodation providers and car-sharing companies appearing to take the brunt of the opposition to date.

Bed Surfing

One of the most successful P2P marketplaces, San Francisco-founded Airbnb is a platform that enables individuals to rent out part or all of their house or apartment.  It currently operates in 192 countries and 40,000 cities.  Other accommodation-focused P2P models include One Fine Stay, a London-based platform that allows home owners to rent out empty homes while they are out of town.

Companies such as these have faced opposition from hoteliers and local regulators who complain that home owners using these platforms have an unfair advantage by not being subject to the same laws as a traditional hotel.  City authorities have also cited zoning regulations and other rules governing short-term rentals as obstacles to this burgeoning market.  It has been reported that some residents have been served with eviction notices by landlords for renting out their apartments in violation of their leases, and some homeowner and neighborhood associations have adopted rules to restrict this type of short-term rental.

These issues are not unique to the United States.  Commentators have reported similar resistance with mixed responses from local or municipal governments in cities such as Barcelona, Berlin and Montreal.

It’s not particularly surprising that opposition to P2P accommodation platforms would come from existing incumbent traditional operators after all, that’s typical of most new disruptive business models in the early stages before mainstream acceptance.  But the approaches taken by P2P opponents illustrate that most regulations were originally devised to apply to full-time commercial providers of goods and services, and apply less well to casual or occasional providers.

This has consequences for regulators, who are likely to have to apply smarter regulatory techniques to affected markets.  Amsterdam is piloting such an approach to accommodation-sharing platforms, realizing the benefits that a suitably-managed approach to P2P platforms could have on tourism and the local economy.

Car Sharing

Companies that enable car-sharing services have also faced a barrage of opposition, both from traditional taxi companies and local authorities.  In many U.S. cities, operators such as Lyft and Uber have faced bans, fines and court battles.

It was reported in August 2013 that eleven Uber drivers and one Lyft driver were recently arrested at San Francisco airport on the basis of unlawful trespassing offenses.  In addition, during summer 2013, the Washington, D.C. Taxicab Commission proposed new restrictions that would prevent Uber and its rivals from operating there.  Further, in November 2012, the California Public Utilities Commission (“CPUC”) issued $20,000 fines against Lyft, SideCar and Uber for “operating as passenger carriers without evidence of public liability and property damage insurance coverage” and “engaging employee-drivers without evidence of workers’ compensation insurance.

All three firms appealed these fines, arguing that outdated regulations should not be applied to peer-rental services, and the CPUC allowed the companies to keep operating while it drafted new regulations, which were eventually issued in July 2013.  In August 2013, the Federal Trade Commission intervened and wrote to the Commissions arguing that the new rules were too restrictive and could stifle innovation.  The CPUC rules (approved on September 19, 2013) require operators to be licensed and meet certain criteria including in terms of background checks, training and insurance.  The ridesharing companies will be allowed to operate legally under the jurisdiction of the CPUC, and will now fall under a newly created category called “Transportation Network Company.”

Some operators have structured their businesses in an attempt to avoid at least some of the regulatory obstacles.  For example, Lyft does not set a price for a given journey; instead, riders are prompted to give drivers a voluntary “donation.”  Lyft receives an administrative fee in respect of each donation.  In addition, in its terms, Lyft states that it does not provide transportation services and is not a transportation carrier; rather, it is simply a platform that brings riders and drivers together.  In BlaBlaCar’s model, drivers cannot make a profit, just offset their actual costs, which helps to ensure that drivers are not considered to be traditional taxi drivers, thereby helping them avoid the regulation that applies to the provision of taxi services.

Traditional players embracing the new model

Interestingly, not all traditional players are taking a completely defensive approach.  From recent investment decisions, it appears that some companies appreciate that it could make sense for them to work closely with their upstart rivals, rather than oppose them.  For example, in 2011, GM Ventures invested $13 million in RelayRides and, in January 2013, Avis acquired Zipcar, giving Avis a stake in Wheelz, a P2P car rental firm in which Zipcar has invested $14 million.

The incentive for incumbent operators to embrace P2P models will likely vary by sector.  Perhaps it’s no surprise that this is best illustrated in the car rental industry, where there already exists a financial “pull” and a regulatory “push” towards greener and more sustainable models of service provision.

Legal and Regulatory Issues

Lawmakers and businesses around the world are currently grappling with how to interpret existing laws in the context of P2P sharing economy business models and considering whether new regulation is required.  For example, the European Union is preparing an opinion on collaborative consumption in the light of the growth of P2P businesses there.  One hopes that European policy makers focus more on incentivizing public investment in P2P projects via grants or subsidies than on prescriptive regulation of the sector.

Importantly, however, it’s a particular feature of the market for P2P platforms that much of the regulatory activity tends to be at the municipal or local level, rather than national.  This tends to make for a less cohesive regulatory picture.

In the meantime, anyone launching a social economy business will need to consider whether and how various thorny legal and regulatory issues will affect both the platform operator and the users of that platform.  Often, this may mean tailoring services to anticipate particular legal or regulatory concerns.

  • Consumer protection.  Operators will need to consider the extent to which their platforms comply with applicable consumer protection laws, for example when drafting appropriate terms of use for the platform.
  • Privacy.  Operators will need to address issues of compliance with applicable privacy laws in terms of the processing of the personal data of both users and users’ customers, and prepare appropriate privacy policies and cookie notices.
  • Employment.  Where services are being provided, the operator will need to consider compliance with any applicable employment or recruitment laws, e.g., rules governing employment agencies, worker safety and security, and minimum wage laws.
  • Discrimination.  Operators will need to consider potential discrimination issues, e.g., what are the consequences if a user refuses to loan their car or provide their spare room on discriminatory grounds, for example due to a person’s race or sexuality?  Could the operator attract liability under anti-discrimination laws?
  • Laws relating to payments.  One key to success for a P2P business model is to implement a reliable and effective payment model.  But most countries impose restrictions on certain types of payment structures in order to protect consumers’ money.  Where payments are made via the P2P platform rather than directly between users, operators will need to address compliance with applicable payment rules, and potentially deal with local payment services laws.  Fundamentally, it needs to be clear whose obligation it is to comply with these laws.
  • Taxation.  Operators will need to consider taxation issues that may apply – both in terms of the operator and its users.  Some sectors of the economy – hotels, for example – are subject to special tax rates by many cities or tax authorities.  In such cases, the relevant authorities can be expected to examine closely – and potentially challenge, or assess municipal, state or local taxes against – P2P models that provide equivalent services.  In some places, collection of such taxes can be a joint and several responsibility of the platform operator and its users.
  • Safety and security.  When strangers are being brought together via a platform, security issues will need to be addressed.  Most social economy businesses rely on ratings and reciprocal reviews to build accountability and trust among users.  However, some platforms also mitigate risks by carrying out background and/or credit checks on users.  Airbnb also takes a practical approach, employing a full-time Trust & Safety team to provide extra assurance for its users.
  • Liability.  One of the key questions to be considered is who is legally liable if something goes wrong.  Could the platform attract liability if a hired car crashes or a host’s apartment is damaged?
  • Insurance.  Responsibility for insurance is also a key consideration.  The issue of insurance for car-sharing ventures made headlines in April 2013 when it was reported that a Boston resident had crashed a car that he had borrowed via RelayRides.  The driver was killed in the collision and four other people were seriously injured. RelayRides’ liability insurance was capped at $1 million, but the claims potentially threaten to exceed that amount.  Given these types of risks, some insurance companies are refusing to provide insurance coverage if policyholders engage in P2P sharing.  Three U.S. states (California, Oregon and Washington) have passed laws relating to car sharing, placing liability squarely on the shoulders of the car-sharing service and its insurers.
  • Industry-specific law and regulation.  Companies will need to consider issues of compliance with any sector-specific laws, whether existing laws or new regulations that are specifically introduced to deal with their business model (such as crowd-funding rules under the JOBS Act in the United States, and P2P lending rules to be introduced shortly in the United Kingdom).  As noted above, some social economy businesses have already experienced legal challenges from regulators, and as collaborative consumption becomes even more widely adopted, regulatory scrutiny is likely to increase.  Accordingly, rather than resist regulation, the best approach for sharing economy businesses may be to create trade associations for their sector and/or engage early on with lawmakers and regulators in order to design appropriate, smarter policies and frameworks for their industry.

Conclusion

Erasmus said, “There is no joy in possession without sharing.”  Thanks to collaborative consumption, millions of strangers are now experiencing both the joy – and the financial benefits – of sharing their resources.  However, the legal challenges will need to be carefully navigated in order for the sharing economy to move from being merely disruptive to become a firmly established business model.

We reported this past May in our Socially Aware blog about efforts of law enforcement authorities in the United Kingdom to adapt existing laws to police potential offenses committed via social media.  The UK government has just announced proposals that will make it easier to identify people who abuse social media.

The UK government’s somewhat surprising announcement came just after a recent case that highlighted the problem that some law enforcement authorities seem to be having in deciding when to get involved.  That case also illustrated that the social media industry could be quicker to self-police, were it not for the fear of legal action.  In part, the UK government’s move is a reaction to the need—from both the police and the social media industry—for a better legal framework in which to take action against social media abusers.

In the recent case, a woman who had been targeted by trolls with a campaign of online abuse won a UK High Court order requiring Facebook to reveal the names, emails and IP addresses of the individuals behind the abusive messages.  Interestingly, the court action began only after the woman’s local police force refused to take action and was undertaken with the apparent full support of Facebook.

The campaign of harassment against Nicola Brookes began when she posted a comment on Facebook in support of a contestant on the UK talent show “The X Factor”.  Immediately after Ms. Brookes had made the posting, she was subject to a campaign of harassment by anonymous Internet trolls who targeted her Facebook account, set up a fake Facebook profile in her name using her picture, and posted explicit comments that, among other things, branded her a pedophile.

Ms. Brookes quickly became frustrated by the lack of action from the Sussex Police and decided to take matters into her own hands by initiating a criminal suit against the anonymous trolls via private prosecution.  In order to do so, however, she needed to know who the perpetrators were.  To get that information, she applied to the High Court for a procedural order under UK law known as a Norwich Pharmacal Order—which the court quickly granted. 

A Norwich Pharmacal Order requires the person to whom it is directed (in this case, Facebook) to disclose particular documents or data.  Usually, Norwich Pharmacal Orders are targeted at individuals or companies who are somehow involved in wrongdoing, whether innocently or not, but are unlikely to be a party to a potential proceeding.  These types of orders are often used to identify the correct defendant in an action or to obtain information to bring a suitable claim.

Facebook is supportive of Ms. Brookes’ court order application.  Facebook reportedly shares information such as IP addresses and basic subscriber information when there is legal justification and an obligation to do so; however, given that it receives similar requests frequently, its policy is that all demands for information must be backed up by a court order.

Facebook will be required to release the information as soon as all of the procedural requirements (which include serving the court order on Facebook at its U.S. headquarters) have been complied with.  In a recent statement, the company noted:  “There is no place for harassment on Facebook, but unfortunately a small minority of malicious individuals exist online, just as they do offline.  We respect our legal obligations and work with law enforcement to ensure that such people are brought to justice.”

In a separate case, on June 11, 2012, a British court handed down a suspended jail sentence to an Internet troll who posted abusive tweets threatening a British member of parliament.

The cases of Ms. Brookes and Ms. Mensch are merely the latest in a series of UK cases involving lawsuits arising as a result of social media use. 

The UK government, as keen as any set of politicians to latch on to a populist bandwagon, reacted to this recent spate of cases.  As luck would have it, a draft Defamation Bill is already making its way through the UK legislative system—and rapidly. The government has announced an amendment that will require websites to identify people who have posted defamatory messages online and will give victims of Internet trolls a right to know who is behind malicious messages, without the need for costly legal battles.  The new laws will apparently offer a defense to defamation claims to any online provider that identifies the author of defamatory material when requested to do so.

It is far from clear, however, how the proposed legislation will work.  In theory, the power to compel disclosure will be balanced by measures to prevent false claims, but operators of websites and other social media platforms will also be concerned with not being placed in the position of having to make subjective judgments as to what meets the takedown or disclosure criteria.  There are further concerns that the legislation will find it hard to distinguish between abusers and genuine whistleblowers; and some futher doubt exists as to how the laws will apply to non-UK operated websites and online platforms.