European Privacy Regulators Now Not Happy With US #PrivacyShield

It all seemed to be going so smoothly for US policy-makers when the gathering of the EU's privacy regulators (the Article 29 Working Party) issued a draft review of the US Privacy Shield in February. But the final report means the champagne will remain in the bottle for sometime yet.

Basically, the regulators found the Privacy Sword Shield is hard to read, unclear, inconsistently worded, inconsistent with the new General Data Protection Regulation, does not provide equivalent protection, makes it too hard for foreigners to get redress, the proposed Ombudsman will be neither independent nor adequately resourced; and does "not exclude massive and indiscriminate collection of personal data originating from the EU"!

Meanwhile, data transfers from the EU to the US are still okay to take place under the existing data transfer mechanisms ('standard model clauses' and 'Binding Corporate Rules').

Pity Mr Schrems who managed to overturn the 'Safe Harbor' but leave us even less protected than before!

There's No Single Market For Consumer Finance: What Next?

Perhaps it's not what the European Commission intended, but its green paper on retail financial services is a great explanation of why there is so little cross-border activity in consumer finance: 3% for payment cards, current accounts and mortgages; 5% for loans (less than 1% between Eurozone countries!) and only 3% of gross insurance premiums. For a very long list of reasons, it's just not practicable for most retail financial services providers to operate across EU borders, as the EC has known since at least 2007. Could it be time, therefore, to scale back EU requirements for firms that only focus on their national market, so consumers have a clear choice between national and genuinely cross-border suppliers and products?

The Commission concedes that its vast, confetti-like attempt to harmonise EU financial regulation  has proved futile in catalysing a single retail finance market, yet it continues to ask what more can be done.

One issue in particular that the Commission is huffing and puffing about is 'geo-blocking', the use of technology to identify and block or re-direct consumers based in certain countries.

But the Commission's own findings are that few players have the resources to focus on cross-border markets. Suppliers who do target multiple countries typically use separate local operating entities to deal with all the problems listed in the green paper, so they don't even properly qualify as 'cross'-border. At any rate, how can you force a Spanish motor insurer to sell policies to Germans if it simply can't afford to administer claims in Germany? How would that be in the policyholders' interests? Even assuming the focus solely on Spanish customers is the supplier's own choice, rather than due to some legal restriction, wouldn't requiring the firm to deal with Germans or Swedish consumers put it at risk of going bust, leaving the whole market to a few big players who can afford to serve customers everywhere?

In its response to the green paper, the UK's Financial Conduct Authority quite rightly urges caution on the economic impact of more (futile) regulation, as well as careful analysis of consumer needs and behaviour before churning it out. The FCA points out that existing regulation must be allowed to 'bed-in' before assessing its real impact; and the Commission needs to consider that EU consumers are not some amorphous clump of flesh waiting eagerly for Greek insurance policies homogeneous, but diverse in their needs and behaviours - so a 'one-size-fits-all' approach won't be universally acceptable and risks crushing local financial services that are working well.

The FCA hints at the idea of a range of EU-approved products that might be provided by any EEA firm to any EEA consumer in a standard way, though this still begs the question whether the providers are able to manage this operationally. 

I guess it's possible that those able to target cross-border markets would benefit from some kind of voluntary EU-cross-border safe harbour scheme that enables them to adopt the same approach to marketing, contracts, customer service, complaints handling and enforcement and so on throughout their target market(s). It could even be very a attractive product in some national markets that are currently under-served or where consumers are being fleeced.

But that's more or less what the current regime allows, yet few firms are bothering to do it: the whole point is that we know it is futile to impose a cross-border scheme on firms and consumers who just want to focus on their own national, regional or local market.

Which begs the question: rather than add more regulation, why not allow member states to scale back EU requirements for firms that wish to remain nationally focused? This would allow further differentiation between national and cross-border suppliers and products, presenting consumers with a clearer choice to make.

Of Brexit, Red Tape and Light At The End Of The Eurotunnel

A pragmatic approach to the Brexit debate is to ask whether withdrawal from the European Union would solve enough root causes of Britain's problems to make up for the inevitable disruption.

But we are yet to see that level of analysis, and I doubt we ever will.  

That, and the fact that opportunists like Boris Johnson are able to swing their booms from one side of the debate to the other in the hope of catching any old puff of political wind, tells me the UK's membership of the EU is just a political issue, unconnected to anything 'real'.

One thing that is clear, however, is that cutting the ties with Brussels will not automatically cut the UK's source of red tape: Britain is expert at producing its own. You only need to look at the NHS, the social welfare 'system', the Home Office or education to see how much of a mess the UK is capable of making on its own turf; and its approach to implementing EU law is similarly self-defeating...

Generally speaking, you might say that 'an Englishman's red tape is a Frenchman's business plan'. The English common law principle is that 'the law follows commerce' and we should be able to get on with something until the law forbids or restricts it; while civil law dictates that an activity is not lawful until the state says so. Another difference, somewhat surprising in light of the first, is that the common law system is based on literal interpretation; while civil law is interpreted on the basis of its purpose - the spirit rather than just the letter - and this is how EU law is interpreted by the European Court of Justice.

While the EU's civil law countries rely on EU regulation to tell them more or less how to act, the UK has not coped with this distinction very well. Firstly, the UK's attitude to EU membership means that it misses opportunities to influence the favourable development of EU law in the first place - the UK always seems to be on the back foot. Then, once EU laws are passed, the UK suffers from a policy of 'gold-plating' directives by simply copying them word-for-word into its own national laws which are interpreted literally under common law principles rather than reflecting the purposive interpretation that civil law member states adopt. So the UK creates several rods for its own back.

While it is said that the English courts do (or should) adopt a purposive approach when interpreting national legislation in areas covered by EU law, in practice this opportunity is not widely embraced either by officials or the legal and regulatory community. Once any awkward or confusing EU requirements are transposed into national law, everyone in the UK seems doomed to take them literally.

The result is a system that pushes the burden of resolving any EU regulatory awkwardness or confusion off the public sector's plate and onto the private sector (and, ultimately, the consumer or citizen). A recent case in point include the UK's approach to implementing the Payment Accounts Directive. There are others too numerous to mention.

I do have a little sympathy with the UK's approach to the EU legislative process. It is outnumbered by civil law countries who may not appreciate or respect the more reactive common law approach.  It is also tempting to avoid the expense in time and resources required to continually debate with EC officials whether UK regulation reflects the purpose of EU directives, rather than the letter. But this doesn't bother Italy, Germany, France or the other countries higher on the league table of those failing to implement European laws.

Maybe you could say this failure to navigate the EU legislative process is a reason to leave the EU, but it seems pretty feeble for the UK to lose the benefits of membership due to a political problem of its own making. At any rate, if UK ministers and officials would only take full advantage of the opportunity to resolve any problems in the formation of EU laws in Brussels and take a purposive approach to enacting them nationally, they would surely reduce any adverse impact on the wider UK community from laws that might be unduly restrictive.

Meanwhile, ironically, the EU authorities are beginning to take a more common law wait-and-see approach to regulation, having realised that regulation won't catalyse cross-border markets that don't already exist. Contrast the futile approach to consumer credit with the more cautious approach to regulating crowdfunding and virtual currencies/distributed ledger technology.  

In other words, the UK seems keen to leave when there may be light at the end of the Eurotunnel.

Distributed Ledger Technology: Cutting Through The Hype

A busy start to 2016 has meant the blogging has suffered, but I have at least co-written an article with Susan McLean of Morrison & Foerster that cuts through the hype around blockchain and other distributed ledger technology (DLT). 

The article includes updates on a range of DLT initiatives across numerous business sectors; various policy and regulatory responses; as well as some thoughts on the challenges involved in implementing DLTs.

You won't be able to put it down! ;-)

Of Royalty Problems and Distributed Ledgers

January has been a whirlwind of meetings and discussion around the idea of using 'blockchains' and other distributed ledger technology to help track and collect royalties on creative works, starting with music and the Digital DNA Genome Project. The potential is certainly there for a new ledger-based environment for creative works. But whether distributed ledger technology will address the root causes lurking beneath the biggest problems that the creative industry faces is another question. Here are some observations relating to problems in the music sector, which I know from other conversations and reports resonate in other creative industry sectors...

The current processes for producing and distributing music are clearly broken.  A trawl through the comments below this 'story' on how much YouTube pays in royalties to artists gives you some insight into the problems faced even by those who work really hard at tracking and claiming what they are owed. Responding to a Wall Street Journal report on claims that Spotify fails to properly account for royalties, musician and critic David Lowery wrote to the Attorney General of New York State demanding action. Civil litigation has followed, seeking $150m in unpaid royalties. 

But the more you dig into the royalty problems, the more you realise they are just a symptom, not the cause, of the music sector's woes. One has to be careful about apportioning blame among the multitude of different types of participant involved in the overall process for creating, distributing and performing musical works. What some see as misconduct can easily be attributed to poor systems and record-keeping and a failure to address the root causes of those failures. But, again, go easy on the blame: it's a huge and daunting task to figure out all the processes involved in such a diffuse sector and then how to improve and control each of them so you know when things are going awry and how to respond.

Ultimately, however, one can't help feeling that listeners are not getting access to the sort of range and quality of music that a more efficient sector could deliver.

So, where to start?

The high level problem statement is that the ability to efficiently monetise music has simply not kept pace with the ability to generate and consume it. Why? Well, let's say that the back-office processes have not kept up with the front of house processes. How so? Back office staff at record labels and collection agencies, artist's agents - and even the artists themselves - manually reconcile paper contracts and bank statements to figure out who is owed what; and royalties are often still paid by cheques, even for tiny amounts. At the other end of the process, consumers can stream music and watch video clips on their smartphones. The distribution processes in the middle are also far from operationally efficient. They don't properly track and account for what is made available to consumers at the front end, and don't interface efficiently with the back office.

Why? 

Well, this is where the sector seems to have stopped analysing the situation, which is what we humans tend to do in such situations. We leap to conclusions and solutions. "It's in the interest of the big labels to do nothing about it," has been the most popular refrain, although "Google and Spotify don't care" seems to the latest chart-topper. Current 'solutions' range from sending in the auditors, to filing law suits, to preferring to stage live gigs and concerts as the way to make money. From a technology standpoint, we have the Codec idea from Benji Rogers - not to mention the distributed ledger initiatives that we'll come to.

But these are really just solutions in search of the root cause to the sector's actual problems, spawned more by a sense of helplessness and frustration than any pure insight.

To identify the solutions that will give the most bang for the buck there is a lot more work to be done in understanding all the processes; defining the key problems more precisely, measuring which cause the most pain, then analysing the range of root causes of those problems; before then figuring out which improvements are worthwhile implementing. Finally, all that work will be lost unless there are controls in place to know when the processes are starting to fail again.

Any new system for monetising music efficiently must be “customer-centric” and not merely ‘consumer-centric’ or ‘artist-centric’. It has to cater for the entire set of end-to-end business processes and treat all industry participants fairly. We have to recognise that each participant may be a supplier in one step of the overall process, yet the customer of another step; and which hat they are wearing when they complain. One could argue, for example, that artists are perhaps most upset not in their role as suppliers of music, but in their role as customers in process steps related to distribution, consumption and payment.

To become sustainable, 'the system' must evolve in a customer-centric fashion at each step, otherwise the participant in the role of the ‘customer’ will not buy in to the solution for that step. Equally, however, no one can afford to get caught up in anger and blame. The whole sector needs to move along the change curve to accepting that the system is broken and participate positively in the work required to fix it.

So it's simply too early to say what role, if any, distributed ledgers have to play in solving the creative industry's problems. It's not about imposing a solution, but rather fostering agreement on root causes of the problems and the necessary improvements and controls to be implemented.

That's not to say work should not continue on the use of ledgers in relation to music and other works. It is exciting to see the work on releasing music into ledgers by Ujo Music and MyCelia; Audiocoin; Aurovine; Revelator; Colu; and OCL (One Click Licence); as well as the work of the Kendra Initiative on the wider development of a distributed marketplace; and collaborative forums like the Digital DNA Genome Project mentioned earlier. I just don't think we should saddle these initiatives with the responsibility for solving the current woes of the creative industry - the two can co-exist quite peacefully.