Category Archives: regulation

Europe looks to set new rules for OTT in September

EuropeThe European Commission is set to release new rules in September, which will aim to tighten up how OTT’s such as WhatsApp and Skype are regulated in the European markets, according to the Financial Times.

How Over-the-top players are regulated has been a point of contention within the European markets in recent years, as it does fall into a grey area currently. Although telcos are under guidance from the European Commission regarding SMS and traditional voice calling, these rules do not directly address the services offered by the OTT’s, such as Facebook’s WhatsApp, which has been stealing business off the telcos. According to the FT, this grey area will be addressed in September, when the commission will release new rules focusing on how OTT’s comply with security requests from the state, and also how customer data can be monetized.

According to the reports, the commission will make an initial announcement in September, before providing more clarity in a separate review of the EU’s “ePrivacy” law later in the year. This is one of a number of moves across the industry to redefine regulation in light of how quickly technology has advanced over the last few years. French authorities for example, will decide in September whether Google, Viber and Skype should be registered as a telecoms provider, a move which has the potential for widespread ripples.

The reports will come as good news to various players in the telco industry, who have not been happy with the light-touch regulation which is in place for the OTT’s. Back in 2014, Spanish giant Telefónica complained there wasn’t a level playing field, as the OTT’s do not have to comply with the EU’s regulation on issues such as user rights, antitrust, security, net neutrality or Significant Market Power (SMP) obligations. The complaint, which is largely a fair one, was built on the idea that if OTT’s offer similar, or almost identical, services, they should be held accountable to the same rules.

These complaints were furthered last year, as a group of European operators, including Orange, Deutsche Telekom, Telefónica and KPN, wrote to the President of the European Commission urging changes to the regulatory landscape to enable the telcos to better compete with the new waves of OTT’s. While the telcos have been held accountable to strict regulation in recent years to ensure competition and a fair deal to the consumer, the growth in popularity for OTT’s has proved to be a tough time for the industry.

Only recently Ofcom released its Communications Market Report 2016 which added weight to the claims OTT’s are becoming increasingly popular across various demographics. The report claims the number of people who are now using instant messaging services such as WhatsApp is up from 28% to 43% in the UK. This surge in popularity has seemingly come at the expense of more traditional means of communication, such as SMS and email, which demonstrated a decline of eight and seven percentage points respectively. These stats highlight the growth of the OTT’s is likely to continue, as well as the plight of the operators.

While it has not been confirmed whether the regulations will be changed in the near future, a problem which could be faced by the European Commission may focus around investments in network infrastructure. Over recent months there have been a number of mergers which have been rejected by the European Commission, most notably O2 and Three in the UK, with the reasoning relating to competition.

Should the level of competition drop in any markets, the need for telcos to continue investment in their own infrastructures to remain competitive would also drop. This is a concern of the European Commission, though the growth of OTT’s could inadvertently have the same impact. OTT’s are certainly providing cheaper services to the consumer, though the result is a decrease in revenues for the telcos which could impact the investments which are made elsewhere within an operators business.

The report from the FT remains officially unconfirmed for the moment, though it should not be seen as a surprise should it be true. The issue over OTT regulation has been bubbling away for some time, and considering the telecommunications industry is one of the heavier hitters in terms of lobbying, pressure would have likely been exerting on the commission for some time.

Although the European Commission would not confirm the rumours, it did offer us a statement:

“The Commission is indeed working on an update of EU telecoms rules under its Digital Single Market strategy. The upcoming reform of the EU telecoms framework should incentivise and leverage more private investment in next generation networks, provide regulatory predictability and the right conditions for all operators to invest,” said Nathalie Vandystadt, Spokesperson for the Digital Single Market at the European Commission.

“The Commission has been looking into the growing importance of online players that provide similar or equivalent services to traditional communication services. The Commission is looking into to what extent people can consider OTT services like WhatsApp and Skype to be functional substitutes for services provided by traditional telecoms operators, and is considering whether scope of the current EU rules needs to be adapted, to ensure adequate levels of consumer protection and ensure that regulation does not distort competition. This does not necessarily mean treating all communications services the same for all purposes. We will present our reform of the EU telecoms framework in September.”

Cyber security top of the list for European Commission after launch of €1.8bn initiative

EuropeThe European Commission has launched a new public-private partnership aimed at tackling the challenges of cyber security, and helping European companies become more competitive, reports

As part of the partnership, the EC will invest roughly €450 million, and will encourage industry to contribute healthily, targeting a total investment of €1.8 billion by 2020. The new initiative will take form through four pillars.

Firstly, the EC will encourage member states to make the most of the cooperation mechanisms under the new Network and Information Security (NIS) directive. Secondly, the EC will explore the possibility of creating a framework for certification of security products, which can then be distributed in any member state. Thirdly, the EC will establish a contractual public-private partnership with industry to nurture innovation. And finally, the team will create funds to enable SME’s to source investment and scale up.

“Europe needs high quality, affordable and interoperable cybersecurity products and services,” said Günther H. Oettinger, Commissioner for the Digital Economy and Society. “There is a major opportunity for our cybersecurity industry to compete in a fast-growing global market. We call on Member States and all cybersecurity bodies to strengthen cooperation and pool their knowledge, information and expertise to increase Europe’s cyber resilience. The milestone partnership on cybersecurity signed today with the industry is a major step.”

The new strategy builds on the EC’s ‘Open, Safe and Secure Cyberspace’ strategy which was launched in 2013 to ‘protect open internet and online freedom and opportunity’. While the initiative has launched a number of new legislative actions, there would appear to be little evidence much else has been achieved aside from ‘ensuring cooperation’, ‘ensuring a culture of security’ and ‘stepping up cooperation across Europe’. While previous work has been generalist and vague, the new proposition does at least offer encouragement there will be more concrete work achieved.

The NIS directive will support strategic cooperation and exchange of relevant information between member states, as well as creating a number of new bodies including EU Agency for Network and Information Security (ENISA), EU Computer Emergency Response Team (CERT-EU) and European Cybercrime Centre (EC3) at Europol. The plan will be to deliver a blueprint during the first half of 2017, and then deliver the initiative in an undefined timeframe. The EC has outlined a specific plan, though the lack of a timeframe seemingly removes some of the gained credibility.

“Without trust and security, there can be no Digital Single Market. Europe has to be ready to tackle cyber-threats that are increasingly sophisticated and do not recognise borders,” said Andrus Ansip, Vice-President for the Digital Single Market. “Today, we are proposing concrete measures to strengthen Europe’s resilience against such attacks and secure the capacity needed for building and expanding our digital economy.”

75% of apps not compliant under EU data protection rules

Research from Netskope has claimed more than 75% of business apps lack key capabilities to ensure compliance under EU General Data Protection Regulation.

The company tracked 22,000 apps of which three quarters failed to meet minimum requirements of the EU, falling down in areas such as deleting personal data in a timely manner or violating data portability requirements.

The companies who have not met the required standards now have just under two years to ensure compliance, when GDPR comes into play in 2018. Failure to meet the criteria will see a company fined up to $22 million or up to four percent of annual worldwide revenue, whichever is greater.

“The shift to the cloud presents an increasing complexity and volume of security challenges for enterprises, including regulations like the EU GDPR,” said Sanjay Beri, CEO of Netskope. “With the deadline for compliance looming, complete visibility into and real-time control over app usage and activity in a centralised, consistent way that works across all apps is paramount for organisations to understand how they use and protect their customers’ personal data.”

The number of sanctioned apps containing malware increased from 4.1% to 11% in the period between reports. More of a quarter of the instances of malware was detected in files that had been shared with others within the organization. In terms of cloud data loss prevention, cloud storage applications accounted for 73.6%, with Webmail coming in at second with 22.1%.

India to answer unanswered cloud questions

Location India. Red pin on the map.The Telecom Regulatory Authority of India (TRAI) has launched a consultation project to identify the challenges of governing a digital economy driven by cloud computing, reports

TRAI launched a consultation paper last week which outlined questions which still remain over the adoption and management of cloud computing. Before an adequate regulatory framework can be built, the team have highlighted a complete understanding of cloud as a technology and its business implications are required. TRAI has seemingly unearthed a number of unknowns which have been swept aside during the speedy adoption of cloud computing.

The consultation process itself will focus on several areas affecting the adoption of cloud computing in India including future trends, security, interoperability, quality of service, a legal & regulatory framework and the overall implementation of cloud services. The objective of the consultation process is to create a framework which encourages growth and adoption of the technology, while also protecting the interests of the customer.

“With a view to bring out all relevant aspects of the issues and to provide a suitable platform for discussions, TRAI has initiated this consultation paper to engage the industry and all the stakeholders on the key issues referred by Department of Telecom,” the team outlined in the consultation paper.

India is generally recognised as one of the more lucrative markets for the cloud computing industry, owing to a large population and a healthily growing economy. The report states the public cloud service market in India is expected to grow from $ 838 million in 2015 to $ 1.9 billion by 2018, while social, mobility, analytics and cloud technologies collectively could account for $1 trillion in 2016 alone.

The basis of the consultation paper would seem to be based on not only a lack of information available, but also a lack of constancy and clarity of the benefits, cost and ongoing management of the technology itself. Two areas which were given particular attention in the paper was that of lawful interception and interoperability.

According to TRAI there is currently a lack of clarity on how lawful interception will be justified and managed in a cloud-orientated, but also how data will be managed in the international community.

“One of the top security concerns of enterprises is the physical location of the data especially if they are located in another country because the laws of the host country apply to the machine and data residing on it,” the report highlighted. “That becomes an issue if the host country does not have adequate laws to protect sensitive data or if the host nation becomes hostile and depends largely on the government concerned. The primary location of the data and any backup locations must be known to ensure these laws and regulations are followed.”

From an interoperability perspective, there could be a need to formalize the means in which a customer moves from one cloud provider to another to ensure a fair proposition for the customer. Here the consultation process will focus on identifying how vendors can standardize processes and aspects of the technology to ensure interoperability, as well as what regulations need to be put forward so the customer is able to have control over his data while moving it in and out of the cloud.

Those who wish to put forward their opinions have until 22nd July to make their comments known to the organization.

UK Government passes spy bill with strong majority

Lady Justice On The Old Bailey, LondonThe House of Commons has voted in favour of the Investigatory Powers Bill which gives UK intelligence agencies greater power to examine browsing histories and hack phones, reports

The bill, which now passes through to the House of Lords, has been under scrutiny since last year, with the latest version being reviewed since March. The original version of the bill, known as the ‘Snooper’s Charter’ by critics, came up against strong opposition from a host of technology companies who have registered privacy concerns. The bill itself will require technology companies to collect and store data on customers, while also allowing intelligence agencies to remotely access smartphones and other devices.

“The Bill provides a clear and transparent basis for powers already in use by the security and intelligence services, but there need to be further safeguards,” said, Harriet Harman, MP for Camberwell and Peckham and Chair of the Joint Committee on Human Rights. “Protection for MP communications from unjustified interference is vital, as it is for confidential communications between lawyers and clients, and for journalists’ sources, the Bill must provide tougher safeguards to ensure that the Government cannot abuse its powers to undermine Parliament’s ability to hold the Government to account.”

Although proposed by the Conservative party, the bill was strongly supported by the Labour party as well as the majority of the commons, with opposition primarily coming from the Scottish National Party. Despite privacy and civil rights concerns from the SNP, the bill passed with a vote of 444 to 69. The vote in the House of Lords is expected to take place in the next couple of months with the bill being passed to law in January 2017.

The bill was deemed as a high priority for intelligence agencies within the UK, it has been under scrutiny from the Joint Committee on Human Rights, after concerns it could potentially violate privacy and civil rights. As part of the review, extended protection will also granted to lawyers and journalists.

“The Joint Committee heard from 59 witnesses in 22 public panels,” said Victoria Atkins, MP for Louth and Horncastle, speaking on behalf of the Joint Committee on Human Rights and the Bill Committee. “We received 148 written submissions, amounting to 1,500 pages of evidence. We visited the Metropolitan police and GCHQ, and we made 87 recommendations, more than two thirds of which have been accepted by the Home Office.”

One of the initial concerns was a permanently open backdoor which could be accessed by intelligence agencies without oversight, which has seemingly been addressed. Intelligence agencies will have to request access, which will be granted should it not be too complicated or expensive. What the definition of complicated or expensive has not been given, however it does appear to end concerns of a government ‘all-access-pass’. Whether this is enough of a concession for the technology companies remains to be seen.

What happens to EU General Data Protection Regulation if the UK votes for a Brexit?

EuropeBusinesses warned not to give up on data reforms just because UK could quit Europe

As the UK prepares to vote on whether to leave the European Union, businesses are being warned not to give up on data reforms inspired by the forthcoming EU General Data Protection Regulation (GDPR).

Businesses across the country have been studying implications of the new Regulation, due to be in force in May 2018, which aims to create a ‘one-stop shop’ for data protection across the European Union.

Some of the key aspects of the bill include huge fines for data breaches, new rules around the collection of personal data and new rights for European citizens to ask for data be deleted or edited. Many businesses will also be required to appoint a Data Protection Officer.

However, the Brexit vote opens up the possibility that the UK could be out of the EU by the time it comes into force.

John Culkin, Director of Information Management at Crown Records Management, said: “It would be tempting for businesses to think that if the UK leaves the EU this regulation would not apply. In fact, that isn’t the case. Although an independent Britain would not be a signatory of the Regulation, in reality it would still be impossible to avoid its implications.

“The Regulation governs the personal data of all European citizens, providing them with greater control and more rights over information held about them. So any company holding identifiable information of an EU citizen, no matter where it is based, needs to be aware. With millions of EU citizens living in the UK, too, it’s hard to imagine that many businesses here would be unaffected.

“The same applies to data breaches involving the personal data of European citizens. So it will still be vital to have a watertight information management system in place which allows businesses to know what information they have, where it is, how it can be edited and who is responsible for it.”

Even if the UK votes to leave the EU, data in Great Britain & Northern Ireland will continue to be regulated by the current Data Protection Act, which was passed in 1998.

A spokesperson for the Information Commissioners’ Office (ICO), an independent body set up to uphold information rights, said: “Although derived from an EU Directive, the Data Protection Act was passed by the UK Parliament and will remain in place after any exit, until Parliament decides to introduce a new law or amend it.

“The UK has a history of providing legal protection to consumers around their personal data. Our data protection laws precede EU legislation by more than a decade, and go beyond the current requirements set out by the EU, for instance with the power given to the ICO to issue fines.

“Having clear laws with safeguards in place is more important than ever given the growing digital economy, and is also central to the sharing of data that international trade relies on. The UK will continue to need clear and effective data protection laws, whether or not the country remains part of the EU.”

Culkin believes there is a real danger that UK businesses will defer crucial reforms of their information management systems – just in case the Brexit vote in June changes the agenda. But he warns it is a big risk.

He said: “Businesses should be thinking about the benefits of good information governance rather than hesitating because of what could happen in the future.

“There is no point putting in place systems that ignore privacy by design, for instance, when that is good procedure – no matter what happens in Europe in June. The same is true of measures to protect a business from data breaches, which have reputational as well as financial implications – no matter who imposes the fine.

“As for personal data, citizens, in the UK are only going to be more demanding about how their data is collected, stored and edited in future – the genie is out of the bottle and it’s not sensible to think that leaving the EU will change it. Preparing for a modern data world is not only about the GDPR.”

This a view shared by the ICO which will continue to ensure organisations meet their information rights obligations no matter how the UK votes.

A spokesperson said: “Ultimately, this is a decision for organisations based on their own particular circumstances. Revisiting and reassessing your data protection practices will serve you well whatever the outcome of the referendum. Investing in GDPR compliance will ensure an organisation has a high standard of data protection compliance that will enable the building of consumer trust.”

European Commission to reform mobile cloud services regulations – report

The EC is looking to create a level playing field in how telcos and mobile cloud service providers are regulated

The EC is looking to create a level playing field in how telcos and mobile cloud service providers are regulated

The European Commission is considering plans to reform how mobile cloud service providers, also know as Over The Top (OTT) companies, are regulated, according to reports from the FT.

Draft documents unveiled by the commission indicate that initiative to create a level playing field between the telecoms industry, cable operators and mobile cloud services like Whatsapp and Skype has long since been forgotten.

According to the Commission, telcos are currently being forced to compete with OTT services “without being subject to the same regulatory regime”, and that it intends to create a “fair and future-proof regulatory environment for all services”.

One of the main directives of the digital single market proposals advocated by the commission relates to the roll-out of superfast broadband infrastructure across the continent. With traditional revenue streams for telcos, such as calls and messaging, on the decline, operators frequently point the finger at OTT services for enabling free and wide-reaching services.

As a consequence, operators claim a lack of incentive when it comes to investing in overhauling  increasingly depreciated copper network infrastructure, particularly around the last mile.

That said, telcos remain hesitant to give its competitors free access to high-speed broadband infrastructure if it isn’t able to suitably monetise the service, which is where net neutrality enters the picture. Aside from the ongoing debate raging in the US of late, net neutrality formed one of the cornerstones of Neelie Kroes’ digital single market proposals, along with the abolishment of consumer roaming fees.

Last month, reported that the European Union’s Telecoms Council effectively conceded that a U-turn on its net neutrality ambitions was on the cards. There has yet to be an update on whether the open-letter signed by more than 100 MEPs has convinced the Council to steer clear of paid prioritisation of any kind.

It is believed the commission intends to unveil its new digital single market strategy on the 6th May.