ELSA Maastricht Law Review 7th Edition by ELSA Maastricht Law Review

This issue: Law & Tech EDITION 07 | JUL 2022 07

(This page is intentionally left blank)

- Carmen Enciso Director of the ELSA Maastricht Law Review

EMaas has as its mission to contribute to legal education by creating a forum for the analysis and discussion of contemporary legal issues. It intends to provide promising young legal thinkers a platform to promote and test their ideas, as well as to actively encourage law students and young lawyers to practice their legal writing skills outside the scope of the traditional legal curriculum.

EMaas is a biannual, student-edited and peer-reviewed law journal pub lished by the Maastricht branch of the European Law Students’ Association (ELSA). The Law Review was founded by the 2017-2018 Board of ELSA Maastricht.

EMaas: ELSA Maastricht Law Review Edition 07, July 2022 Copyright © 2022 ELSA Maastricht Authors:Kanerva Jalas Rémi A Saïdane Thibault Sophie-CharlotteVerbiest LM Prévot Anna EditorialLudovicaSahelCristianDavidMaximilianSinaMarcelKozarówMartinussenAbelTipp-McKnightKermodeZubcoBahmanLacasellaTeam:CarmenEncisoDavidKermodeHarrietSalemAnaLazićAydinClaraOrberkAnaFukaiSanchezMiguel Castro Rémi A Saïdane Cover photo: © Bram Gino (Adobe Stock) Layout: StudioCALS No part of this publication may be reproduced and/or published by means of print, photocopy, microfilm or any other medium without the prior written consent of the publisher. 4

Section Articles(I)

Law & Tech

Section Dissertations(II) 5

The Reality of Blockchain Agreements: Challenges & Stepping Stones to the Development of Smart Contracts in the EU by Anna Kozarów, LL.B. candidate - page 41

Artificial Intelligence in Healthcare: The EU Regulatory Framework & the In-/Efficiency of Existing Liability Mechanisms by Sina Abel, LL.B. candidate - page 61

Data Transfers in the US & the EU: An Analysis of the Mechanisms Employed to Overcome Differences in Data Protection between Jurisdictions by Kanerva Jalas, LL.B. candidate - page 11

Section (I): Articles

Pirates of the Internet: Non-Fungible Tokens & Copyright Law Challenges by Marcel Martinussen, LL.B. candidate - page 51

The Legal Classification of NFTs: A Comparative Exploration of the EU, French & American Approaches by Rémi A Saïdane, LL.B. candidate & Thibault Verbiest, qualified lawyer - page 21

How Can the EU Facilitate the Integration of Tokenised Real Estate Assets into the Land Registry Systems within the EU? by Maximilian Tipp-McKnight, LL.M. candidate - page 71

Internet Law & Governance: The Comparative Evolution of Net Neutrality Regulatory Stances in the US & the EU by Sophie-Charlotte LM Prévot, LL.B. candidate - page 29

Amazon's Echo Voice System: A New-Age Commodity or A Corporate Eavesdropper? by Cristian Zubco, LL.M. candidate - page 105

Anti-Trust Rules: Set by Legislators or Private Entities? A Case Study on Apple's Dominant Position in the Distribution of Music Streaming Apps Market & the EU Response through the Digital Markets Act by Ludovica Lacasella, LL.B. candidate - page 147

Section (II): Dissertations

Market Definition in the EU Digital Sector: A Multi-Sided Problem by David Kermode, LL.B. candidate - page 83

Liability for Trespass by Drones: The Cases of Germany & England by Sahel Bahman, LL.B. candidate - page 127

Law & Tech

Section Articles(I)

Article 1

Data Transfers in the US & the EU: An Analysis of the Mechanisms Employed to Overcome Differences in Data Protection between Jurisdictions

by Kanerva Jalas Kanerva Jalas is a Finnish third-year LL.B. candidate at the European Law School of Maastricht University. In addition to her international law studies in Maastricht, she is also completing her legal studies in Finland at the Open University of Helsinki. Additionally, she is an active member of the ELSA network and, through her participation in the Honours Track at the Law Faculty of Maastricht University, she is pursuing a variety of projects within

12 Introduction

1. The Context

This section firstly discusses the rules governing data protection in the US and EU, followed by an analysis

The General Data Protection Regulation 2016/679 (‘GDPR’) on the protection of natural persons for the processing of data and on the free movement of such data replaced the previous Directive 95/46/EC and created barriers for arbitrary usage and movement of personal data of natural persons. Taking the form of a Union Regulation, it created uniform standards for the member states of the EU. The aim of this Regulation is to protect the personal data of individuals, but also through its harmonising effect to allow for free movement of data in the Union. As a result of the standardised level of data protection established by the GDPR, the Union has additionally recognised other data protection regulations which conform to the GDPR, eliminating barriers between the EU and specified third countries.1

1 Commission, ‘Adequacy Decisions’ (Commission, 17 December 2021) <https://ec.europa.eu/info/law/law topic/data protection/international dimension data protection/adequacy decisions_en> accessed 8 January 2022

2 Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, (General Data Protection Regulation) OJ 2016 L119/1 (GDPR), art 44.

4 Markus Krzysztofe, Post Reform Personal Data Protection in the European Union: General Data Protection Regulation (2016) (Kluwer Law International BV 2017) 202.

Generally speaking, data transfer as a concept refers to transferring or sharing data. In the GDPR, transferring data is referred to as ‘intentional sending of personal data to another party, or making the data accessible by it, where neither the sender nor recipient is a data subject.’2 This concept, however, has not been a straightforward matter between the Union and non EU/European Economic Area countries. The development of technology and digitalisation has resulted in a global economy, where international business makes use of the benefits of, among others, the usage of media and information on personal data to increase revenue.3 Consequently, it is important that the Union has a sufficient and functioning relationship for transfer and processing of personal data with its largest economic partners. One of these is the United States (US); together the two jurisdictions of the US and the EU generate half of the global gross domestic product.4 Evidently, the processing of personal data should therefore be smooth and protective, to ensure that it enables lucrative trade. Particular attention should be paid to

the transfer of data between the two jurisdictions, as this allows for the realisation that there are multiple fundamental differences between the regulations. The importance of analysing such differences arises from the requirement of a high level of protection that is guaranteed for Union citizens according to article 26(6) of Directive 95/46. This was established by the Court of Justice in the case C 311/18 Data Protection Commissioner v Facebook Ireland and Maximillian Schrems.

The aim of this article is to answer the question of: what mechanisms were developed to overcome the differences between the data protection regulations in the US and the EU to enable data transfer between the jurisdictions? The methodology used consists of a doctrinal and a comparative legal analysis which will involve both literature research and the use of legal sources. For the latter category, primary sources will include legislation and case law. The literature will consist of academic sources including legal journals and academic literature, notably as the main piece of literature Post reform personal data in the European Union: General Data Protection Regulation (EU) 2016/679 by Mariusz Krzystofek. The analysis is divided into three sections. Firstly, there will be an explanation of the relevant definitions, after which the regulations of the jurisdictions which govern data protection are assessed, in order to understand the dissimilarities between them. Secondly, attention will be paid to the mechanisms developed to overcome these dissimilarities of the regulations to enable data transfer between the jurisdictions. Thirdly, the findings will be brought together, and an answer to the research question will be extracted from these.

3 Ran Zhuo and others, ‘The Impact of the General Data Protection Regulation on Internet Interconnection’ (2020) 26481 National Bureau of Economic Research <www.nber.org/papers/w26481> accessed 8 December 2021.

of main legislative

5 GDPR, Preamble.

The Massachusetts General Law, ch 93H, reg 201 CMR 17.00.

instruments in existence

the

10 GDPR, art 4(2).

11 GDPR, art 3 (2)(a) (b).

<www.helpsystems.com/gdpr understanding 8 rights data subjects> accessed 5 December 2021.

1.1. Data Protection in the EU

HelpSystems, ‘GDPR Rights of Data Subjects’ (HelpSystems, 6 November 2021)

New York General Business Law, ch 20, s 899 BB Data Security Protections (US).

differences between the

1.2. Data Protection in the US

7 Krzysztofe (n 4) 1.

18 740 Illinois Compiled Statutes / Biometric Information Privacy Act.

In the US, there is no similar system of harmonisation of legislation on the matter of data transfer and of protection, but instead, multiple laws entailing different standards of protection are adopted by the States of the federal nation. 15 Extensive data protection is guaranteed e.g., in the States of Massachusetts (requiring security programs for each processor that receives personal data of Massachusetts citizens),16 New York (‘reasonable’ safeguards demanded from processors collecting data),17 and Illinois, which demands safety requirements for states which store or obtain biometric data.18 In addition to these sector specific legislative acts, a fascinating example can be found in California Consumer Privacy Act 2018 (CCPA), which by aiming to guarantee privacy rights for individuals relating to their data, such as the right of

behaviour of Union citizens.11 Finally, there is territorial applicability of GDPR, in case the law of a Member State of the Union applies in the location of the processor by virtue of international law 12 These articles comprise the legal basis of the Regulation for governing processing of data also outside the territory of the Union. The regulation also demands that in order for third countries to be able to process the personal data of the Union citizens, the jurisdiction should have protection of data equivalent to the standards of the EU 13 The extensive protection of the new Regulation grants individuals: the right to be informed (articles 12, 13 and 14); right to access the data after it has been collected (articles 12, 15); right to be forgotten, referring to the possibility of having personal data erased (articles 12, 17) and; the right to restrict or object to processing of such data (articles 12, 21).14

The GDPR is a legislative instrument of the EU, enacted by the European Parliament and the Council of Ministers for the purposes of protecting natural persons of the Union for processing of personal data and the movement of such data.5 The main aim of the Regulation is to protect and increase the control of individuals over their personal data.6 The GDPR does not only aim to secure protection of personal data within the EU by creating a harmonised standard7 it also applies to the processing of personal data of the Union individuals when such data is transferred to third countries.8 The definition of personal data is provided in article 4(1) of the GDPR. Namely, it refers to information that can be linked to ‘an identified natural person ’ A person can be identified as a ‘natural person’ if they can be differentiated from others on the basis of, among others, name and location.9 The processing of personal data refers to activities which are performed on such data e.g., by collecting, recording, storing, altering, disseminating, disclosing by transmission, restricting, making available, or combining by using other means.10 The territorial scope of the Regulation is defined in article 3 of the GDPR, which states that the Regulation applies for processing of personal data relating to activities of a processor or a controller in the Union, even when this processing is not located territorially within the Union; when personal data of the individuals of the Union is processed by controllers which are not established in the EU, the requirements of the Regulation are applicable, if the processor’s activities relate to: i) offering of goods and services to Union individuals, or ii) the monitoring of the

Owen McCoy, ‘A Legislative Comparison: US vs EU on Data Privacy’ (European Interactive Digital Advertising Alliance, 31 March 2020) <https://edaa.eu/a legislative comparison us vs eu on data privacy/> accessed 5 December 2021.

IT Governance Privacy Team, EU General Data Protection Regulation (GDPR) An Implementation and Compliance Guide (4th edn, IT Governance Publishing Ltd 2020) 13.

8 ibid 230.

9 GDPR, art 4(1).

12 GDPR, art 3(3).

13 GDPR, art 45(1).

the data subject to be informed, and the right of access to their data, to a large extent conforms to the level of protection guaranteed by GDPR.19

differences are to be discussed in the following section.

Andrada Coos, ‘EU vs US: What Are the Differences Between Their Data Privacy Laws?’ (Endpoint Protector, 17 January 2018) <www.endpointprotector.com/blog/eu vs us how do their data protection regulations square off/> accessed 5 December 2021

26 Rachel F Fefer and Kristin Archick, ‘EU Data Protection Rules and U.S. Implications’ (Congressional Research Service, 17 July 2020) <https://sgp.fas.org/crs/row/IF10896.pdf> accessed 13 December 2021

In addition to sector specific legislation, there are regulations created at the Federal level: The Federal Trade Commission Act (‘FTCA’) authorises the Federal Trade Commission to take enforcement action to guarantee that companies are conducting their businesses in accordance with the required standard of the Act multiple enforcement procedures have been performed e.g., for violations of deceptive practices in relation to commerce.20 Deceptive practices are viewed in light of the act as failures to abide by sufficient security on personal information.21 As a result of the fragmented approach, a proposal has been put forward in the Senate for the creation of a Data Protection Agency (s. 3300 Data Protection Act of 2020), which would investigate and enforce the existing data protection rules.22 Due to the lack of a harmonised approach concepts such as ‘personal data’ cannot be defined in a precise manner as lack of conformity allows what is considered personal data in one state not to be regarded as such in another.23 Furthermore, the basis of processing personal data is considered a matter of state legislation. Still, the Federal Trade Commission provides a recommendation that companies should notify their respective consumers that their personal data is being collected, used, or shared; and they should request and receive consent in cases where the usage of personal data is different from the purpose that is was initially claimed to be used.24 Due to this non compulsory nature of this recommendation of the federal level, the approach differs significantly from the Union’s harmonised one these

24 ibid.

22 Congress, ‘S.3300 116th Congress (2019 2020): Data Protection Act of 2020’ (Library of Congress, 12 December 2020) <www.congress.gov/bill/116th congress/senate bill/3300/all info> accessed 15 December 2021.

19 Alice Marini, Alexis Kateifides and Joel Bates, ‘Comparing Privacy Laws: GDPR v CCPA’ (2018) DataGuidance Comparison Guides Series ncontent/uploads/2018/11/GDPR_CCPA_Compariso<https://fpf.org/wpGuide.pdf>accessed13December2021.

21 Paul Pittman, Kyle Levenberg and Shira Shamir, ‘USA: Data Protection Laws and Regulations 2021’ (ICLG, 4 December 2021) <https://iclg.com/practice areas/data protection laws and regulations/usa> accessed 5 December 2021.

The differences between the two jurisdictions are highlighted exceptionally well in the case Maximillian Schrems v Data Protection Commissioner, where the Court of Justice of the EU ruled that the previous Commission decision was inapplicable to data transfer between the two jurisdictions; the Safe

1.3. Identifying Main Differences Between US/EU Regulations

23 Pittman, Levenberg and Shamir (n 21).

27 McCoy (n 15)

20 Federal Trade Commission, ‘Privacy and Security Enforcement’ (FTC, 5 December 2021) <www.ftc.gov/news events/media resources/protecting consumer privacy/privacy security enforcement> accessed 10 December 2021.

To highlight the main differences between the jurisdictions’ approaches to data protection, problems can be seen to arise from the fact that the US enable federal States to adopt legislation which differs from each other, lacking a harmonised approach. The EU, on the other hand, opts for a general Regulation applicable in all Member States.25 GDPR is also considered to impose a high level of security, objectively speaking, allowing Union citizens, among others, to make use of their right to be forgotten, right to restrict and object to processing and the right of access. Furthermore, the EU includes the right to data protection as a fundamental human right. 26 It can be clearly seen that the EU and the US take significantly different approaches to data protection. The Union, opting for enforcing identical legislation across the board, leaves little to no leeway for Member States to introduce their own requirements. The US, in comparison, has decided that it is more functional to maintain specific legislation as a matter of each State, and leave minimal enforcement to the Federal level.27

28 Case C 362/14 Schrems I [2015] ECLI:EU:C:2015:650

The Foreign Intelligence Surveillance Act of 1978, Pub.L. 95 511, 92 Stat. 1783, 50 U.S.C., ch 36 Case C 362/14 Schrems I [2015] ECLI:EU:C:2015:650, para 36 Krzysztofe (n 4) 205

2.1. The Safe Harbour Commission Decision

2. Mechanisms Used to Enable Data Transfers Between the US and the EU

only imposed obligations to those organisations which would proceed to receive and transfer data with the EU; this decision did not impose a harmonised legislative approach on the whole of US.31 This approach has, however, since been changed. In 2015, the applicant, Maximillian Schrems brought a claim against the Irish Data Protection Commissioner, who had refused to analyse the legality of transfer of Schrems’ personal data to the US by Facebook Ireland Ltd. The applicant highlighted that the procedure in which his personal data is stored and transferred is not in accordance with the standard that is demanded by the GDPR of the Union, and neither was the conduct of the US company in line with what was required by the US Constitution.32 The applicant was deemed to be correct in the assertion that the conduct was indeed in conflict with the Fourth Amendment of the Constitution, providing that ‘unreasonable searches and seizures’ conducted by the government are prohibited.33 Here, a fundamental condition of data protection in the US can be seen highlighted: the protection relating to personal data under the Constitution is only extended to the citizens of US nationals.34 Other nationals can be subjected to the supervision of the country’s authorities.35 The High Court of Ireland submitted the matter for a preliminary ruling for the Court of Justice, as it found that the acts of the National Security Agency, which was claimed to have accessed the personal data of the applicant, Mr. Schrems, were too far reaching.36 Due to the presumption of lawfulness of the self declarations provided by US organisations, the Safe Harbour decision, in practice resulted in a situation where individuals were unable to complain to the national authorities about the protection of their personal data.37 The Court saw that as a result, the current protection the Safe Harbour Commission decision was not adequate due to the lack of verification of the standards of protection of Krzysztofe (n 4) 204 Case C 362/14 Schrems I [2015] ECLI:EU:C:2015:650. US Constitution, 4th amendment Krzysztofe (n 4) 205.

The Commission Decision of Safe Harbour was previously on the 26 July in 2000 adopted by the EU to overcome the incompatibilities of the Federal nature of US legislation and the GDPR to enable free flow of personal data. The decision entailed that a company would qualify as a safe harbour if it acted in accordance with its enumerated principles.29 The Safe Harbour certificate could be granted to a company by filling in a self certification including: a description of the actions conducted on the personal data acquired from the Union; the accessibility of that company’s privacy regulations and; the policy decisions this Regulation would include. In addition to this, the declaration had to include the procedure used for processing complaints from a person complying with the requirements of Safe Harbour decision and the methods used for verification by the company. Lastly, the US Department of Commerce would keep an accessible list for the public of the organisations adhering with the Commission Decision.30 The level of protection was seen to equate to that of the Union’s GDPR, if it complied with the decision’s principles, and was subjected to the US Federal Trade Commission’s jurisdiction, capable of supervision. It should be noted that the Safe Harbour requirements

29 Commission Decision 2000/520/EC of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the Safe Harbour privacy principles and related frequently asked questions issued by the US Department of Commerce [2000] OJ L215, annex I

This section elaborates on the mechanisms that were developed by the EU to enable data transfers between the US and the EU

Harbour decision, which is to be discussed in the next chapter, was invalid as a result of the applicant, Schrems arguing that the US regulations do not conform to the level of protection in the Union, as demanded by article 45 (1) GDPR.28

30 ibid

Case C 362/14 Schrems I [2015] ECLI:EU:C:2015:650, para 107

41 Case C 362/14 Schrems I [2015] ECLI:EU:C:2015:650, para 163

review of the findings that the Shield is being complied with,45 and Section 4 which states that in case of clear abuse of the US authorities, complete suspension of the decision by the EU is possible.46 Second, the US government is required to have a base, such as necessity, in order to conduct large scale data monitoring on based on national security or another public interest ground.47 Third, a system for effective enforcement of the rights of natural persons whose data is transferred is guaranteed. Namely this is that the Shield decision requires that the included organisation as an adherent must respond to complaints of processing of data by that organisation within 45 days.48

Extensive effort has been made to overcome the complications which arise from these different models of data protection by the creation of agreements, such as the Safe Harbour decision of 2000 and the EU US Privacy Shield decision of 2015. In both of these schemes, the pattern formulated to enable data transfer is such that requirements of general principles are imposed on organisations based in the US. Furthermore, a list is included of the organisations which adhere to the standards of the Privacy Shield agreement, and verification processes are conducted in order to guarantee the adherence to the standardised level of protection of personal data. Improvements were made to the agreements with the Shield decision by requiring organisations to respond to individuals complaining about the activities performed on their personal data.49

39 Krzysztofe (n 4) 202

The current EU US Privacy Shield made multiple changes including taking into account the differences between the regulatory models of the Union and the US and amending the shortcomings of the Safe Harbour decision.44 First, the Shield created a requirement of verification of the organisation’s ‘adherent of the Shield’ status, and of compliance with the principles of the Decision. Namely these are Section 6 of the Decision which requires periodic

Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the EU US Privacy Shield [2016] OJ L207 (EU US Privacy Shield)

42 EU US Privacy Shield (n 40), Preamble

As a result of the judgement of Schrems I, the Safe Harbour decision previously used to govern data transfer between the jurisdictions was abolished. The previously mentioned significance (trade between the US and the EU generates half of the world’s GDP)39 of adequate data transfer between the two large jurisdictions required the quick setting up of a new data protection regime. In 2016, the European Commission adopted decision 2016/1250, labelled as the EU US Privacy Shield.40 Article 1 (1) of this decision entails that the US must ensure sufficient protection of personal data which is transferred from the Union to organisations; paragraph 2 of article 1 states that the Shield includes those principles which have been formulated by the Department of Commerce of the US on the 7 July 2016. These are set out in Annex II of the decision.41 The European Commission stated in this decision that the principles of the Shield conform to the standard which was, at the time, required by the Directive 95/46/EC42 (the current Regulation which repealed this Directive did not yet exist at the time).43

2.3. Insights on the State of Play & Outlook

privacy.38 This decision was labelled as the Schrems I, which led to the development of a new Commission decision, which will be discussed in the following section.

2.2. The EU-US Privacy Shield Commission Decision

However, the most recent development took place in July 2020, when the Court of Justice invalidated also the EU US Privacy Shield decision in continuance of the case Data Protection Commissioner v Facebook Ireland Limited and Maximillian Schrems, as a GDPR, Preamble. Krzysztofe (n 4) 208 EU US Privacy Shield (n 40), para 6 ibid, para. 4 ibid, s 3.1.1, para. 76 ibid, annex I Krzysztofe (n 4) 208 210.

Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council [2015] OJ L119, Preamble ibid, art 1(1) ibid. Coos (n 25)

result of the High Court of Ireland requesting a preliminary ruling from the Court of Justice also on the applicability of Commission decision 2016/1250 (EU US Privacy Shield). This invalidation was labelled Schrems II. 50 The Court stated that in a case where the personal data of a natural person is transferred to a third country, the country in question must offer protection which conforms to that of the GDPR, being read in light of the Charter.51 In assessing this standard, regard should be paid to: i) the contractual clauses between the exporter residing in the EU and the recipient of the third country; ii) the access which the state authorities have for that data, and; iii) the legal system regarding data protection in that country.52 By applying these criteria, the Court found that the protection offered by the US does not, in a sufficient manner conform to that of GDPR and, in particular, the limitations on the powers of the organisations in relation to data protection and enforceable rights against the US authorities were found to be insufficient.53

54 Angela Saverice Rohan and Fabrice Naftalski, ‘What to Do Now that the EU US Privacy Shield Framework Is

In light of these judgements, data transfer between the US and the EU seems complicated; the requirements imposed by GDPR seem too demanding for a system that abides by a fragmented approach of a federal state. Currently, it is not possible to rely on the Privacy Shield for data transfers from the US to the EU, which leaves the situation uncertain when transferring data. It does not seem to be an option for the EU to come to an agreement with a Commission decision; the differences between the regulations have, so far, proved too grave to be compromised with a solution similar to those of Safe Harbour and EU US Privacy

53 Case C 311/18 Schrems II [2020] ECLI:EU:C:2020:559, paras 199 202

Invalid’ (Ernst & Young, 28 September 2020) <www.ey.com/en_gl/consulting/what to do now that the eu us privacy shield framework is invalid> accessed 10 December 2021

Federal Trade Commission Act (FTCA), s 5(a). Joined Cases C 468/10 and C 469/10 Asociación Nacional de Establecimientos Financieros de Crédito and Federación de Comercio Electrónico y Marketing Directo v Administración del Estado [2011] ECR I 12181, paras 28 29

3. Conclusions

The purpose of this article was to answer the question of how differences between the regulations governing data protection in the US and the EU have been solved by various agreements. The importance of such an analysis was emphasised with reference to globalisation as a result of digitalisation. The differences were first analysed by comparing the respective regulations of the jurisdictions, after which the mechanisms to overcome these were discussed, concluding with the description of the current situation. The US regulates data flow at a sectoral state level,58 leaving possibilities for the federal level to enforce actions against only certain types of misbehaviour of organisations, such as deceptive practices (section 5(a) FTCA).59 In contrast, the EU has enacted legislation, by repealing the Directive 95/46/EC and enacting Regulation 2016/679 on protection of natural persons unifying rules of data protection within the Member States of the Union.60

Court of Justice of the European Union, ‘The Court of Justice Invalidates Decision 2016/1250 on the Adequacy of the Protection Provided by the EU US Data Protection Shield’ (CJEU, 16 July 2020) <https://curia.europa.eu/jcms/upload/docs/application/pdf/202007/cp200091en.pdf>accessed5December2021.

52 ibid

50 European Data Protection Supervisor, ‘EDPS Case Law Digest: Transfers of Personal Data to Third Countries’ (European Data Protection Supervisor, 9 June 2021) <https://edps.europa.eu/system/files/2021 06/21 06 09_case law digest_en.pdf> accessed 10 December 2021

Shield.54 At the current stage of data protection between the jurisdictions, Standard Contractual Clauses (‘SCCs’) still remain valid. On the 4 June 2021, the Commission created model clauses under the GDPR which allows controllers and processors to transfer personal data of natural persons (who are citizens of the Union) to third countries 55 SCCs include conditions which have been approved by the European Commission beforehand.56 At the moment, third country organisations which are not subject to the GDPR can rely on SCCs for the transfer of personal data of natural persons.57

As a result of this, it was established that the transfer of personal data between the two jurisdictions requires agreements which compromise the structural differences. Furthermore, mechanisms for ensuring smooth working of data transfer were needed as a result of the Union not recognising the level of protection offered by the US legislation as sufficient.61

Saverice Rohan and Naftalski (n 54).

Case C 311/18 Schrems II [2020] ECLI:EU:C:2020:559. 62 Krzysztofe (n 4) 203 63

Multiple compromises were brought forward for this purpose: first, US organisations were allowed to transfer and receive data on the condition that they would comply with the principles set out in the Safe Harbour Commission decision,62 which later came to be invalidated by the Court of Justice of the EU in the case Schrems I 63 This judgement was followed by the setting up of the EU US Privacy Shield Scheme (Schrems II), which aimed to repair the shortcomings of its predecessor by creating possibilities of judicial complaints of individuals, and verifications of the legitimacy of compliance with the principles it set out. 64 As the most current development in the relations between the US and the Union, the Court of Justice of the EU decided against the Privacy Shield, invalidating it, and hence leaving the situation unstable without a concrete agreement between the jurisdictions. Finally, it was noted that despite the current uncertain state of affairs, organisations are able to make data transfers with SCCs, contractual terms pre formulated and approved by the Union authorities. The usage of SCCs enshrines a standard of protection equivalent to that provided by the GDPR and the Charter of fundamental rights of the EU 65

Case C 362/14 Schrems I [2015] ECLI:EU:C:2015:650. 64 Krzysztofe (n 4) 210

Thibault Verbiest is a qualified lawyer at the Paris and Brussels Bars. He is currently an associate lawyer at Metalaw Avocats, a Parisian law firm. He is also an expert at the World Bank. Thibault Verbiest teaches as an adjunct professor at SKEMA Business School. He is additionally the President of the public utility foundation IOUR, which promotes the adoption of a new internet protocol, more open, pluralist and respectful of fundamental freedoms. He is the author of numerous books.

by Rémi A Saïdane & Thibault Verbiest

Rémi A Saïdane is a third-year LL.B. candidate completing both the European Law School programme at the University of Maastricht and the French Law programme at Paris II PanthéonAssas University in France. He is currently assisting with research at the Department of Public Law of the Faculty of Law of Maastricht University. Previously, Rémi worked as a consultant intern in the Fintech and Blockchain department of Ravet & Associés, a leading banking law firm in France. The present article is a product of his work as a legal consultant on Fintech issues for Ravet & Associés in Paris, under the supervision of Maître Thibault Verbiest.

Article 2

The Legal Classification of NFTs: A Comparative Exploration of the EU, French & American Approaches

3 Note this article was drafted in May 2021 and, as such, analyses the state of the law at that point of time. The French, EU and US legal framework regarding NFTs have changed since then by the time of the publication of the article. The absence of primary sources (e.g., legislation and judgments) and doctrine upon which to rely on at the time was due to the novelty of NFTs emergence in 2021.

22 Introduction

4 European Union Blockchain Observatory & Forum, ‘Blockchain and the Future of Digital Assets’ (European Union Blockchain Observatory & Forum, 19 February 2020) <www.eublockchainforum.eu/sites/default/files/report_digital_assets_v1.0.pdf>accessed19April2021.

2 Ethereum, ‘Non Fungible Tokens (NFT)’ (Ethereum, 23 April 2022) <https://ethereum.org/en/nft/> accessed 23 April 2021

The first section of this article will look at the classification of NFTs connected to art under French law. It will cover not only the classification under national law in the Code monétaire et financier (the Monetary and Financial Code or ‘CMF’) but also the potential future qualification under European law with the MICA Regulation proposal. The second section will analyse the potential approach to be adopted under American law. The third section will compare the French and American approaches (III). The research will be concluded with the answer to the question

On the 11 March 2021, the global art market experienced an unprecedented earthquake. Mike Winkelmann, a digital artist best known as Beeple, sold a non fungible token of his artwork ‘Everydays: The First 5000 Days’ for $69.3 million at Christie's, a British auction house, becoming the third highest auction ever achieved for a living artist 1

Theaddressed.methodology

European Banking Authority, ‘Report with Advice for the European Commission on Crypto Assets’ [2019] EBA Reports, 10 11.

Corporate Finance Institute, ‘What Is a Security?’ (Corporate Finance Institute) <https://corporatefinanceinstitute.com/resources/knowledge/finance/security/>accessed23April2021.

Non fungible tokens (NFTs) are units of data stored on a blockchain that can be used to represent ownership of unique items. They can only have one official right holder at a time and are not interchangeable for other items because of their unique properties.2 The legal classification of NFTs has posed a challenge to the public authorities.3 It could be classified as a digital asset i.e., ‘a string of characters, often stored in a binary format, that represent values or rights that can be exercised within a specific context ’4 It could also qualify as the narrower concept of crypto asset i.e., ‘an asset that depends primarily on cryptography and distributed ledger technology (DLT) or similar technology as part of its perceived or inherent value, which is neither issued nor guaranteed by a central bank or public authority, and, can be used as a means of exchange and/or for investment purposes and/or to access a good or service.’5 Traditional concepts such as securities i.e., financial asset that can be traded,6 could also cover the emerging concept of NFTs in some specific contexts

States have adopted various approaches to the new technologies related to the blockchain. The French government pursues a policy of prioritising the development of blockchain.7 Meanwhile, the US government has shown its desire to strengthen its control on the use of new technologies related to blockchain in the economy.8 It would be pertinent to analyse how these two legal systems approach the classification of NFTs, more precisely when these NFTs are connected to works of art. Therefore, the question to be addressed is: how different are the French and American approaches to the classification of NFTs connected to art?

adopted in this article will be a comparative legal analysis. Distinct doctrinal analyses of the French and American legal approaches will be conducted. These doctrinal analyses will then be followed by the comparative

8 Marta Belcher and Aaron Mackey, ‘The U.S. Government Is Targeting Cryptocurrency to Expand the Reach of Its Financial Surveillance’ (Electronic Frontier Foundation, 21 December 2021) <www.eff.org/fr/deeplinks/2020/12/us government targeting cryptocurrency expand reach its financial surveillance> accessed 23 April 2021.

1 Scott Reyburn, ‘JPG File Sells for $69 Million, as ‘NFT Mania’ Gathers Pace’ (The New York Times, 11 March <2021)www.nytimes.com/2021/03/11/arts/design/nftauctionchristiesbeeple.html>accessed23April2021

Direction Générale des Entreprises, ‘La Stratégie Nationale Blockchain’ (Ministère de l’Economie, des Finances et de la Relance, 8 October 2020) <www.entreprises.gouv.fr/fr/numerique/enjeux/lastrategienationaleblockchain#:~:text=Pr%C3%A9sent%C3%A9e%20le%2015%20avril%202019,une%20nation%20de%20la%20blockchain>accessed19April2021.

legal analysis stricto sensu. It should be noted that this article will only focus on NFTs connected to art NFTs dealing with other matters will not be considered

1. Classifying NFTs Connected to Art as Digital Assets under French Law

2019) <www.orwl.fr/blog/articles/de quoi les non fungible tokens nfts sont ils le nom/> accessed 19 April 2021.

The definition of digital assets (actifs numériques) under CMF includes two types of tokens. First, it includes utility tokens (jetons d’usage)9 i.e., all incorporeal goods representing, in a digital format, one or several rights, that can be issued, registered, kept or transferred by mean of a shared electronic ledger (dispositif d’enregistrement électronique partagé or ‘DEEP’) that allow identification, directly or indirectly, the holder of the property right of the good at stake.10 Second, the definition of digital assets includes payment tokens/cryptocurrencies (jetons de paiement) i.e., any digital representation of a value that is not issued or secured by a central bank or a public authority and which is not necessarily connected to a legal tender and that does not enjoy the legal status of currency, but is accepted by natural and legal persons as a medium of exchange that can be transferred, stocked or exchanged by electronic means. 11

9 Code monétaire et financier, art L54 10 1 1°.

1.1. The CMF & the Classification of NFT Connected to Art as Digital Assets

13 ibid.

In relation to the utility token type as defined in the CMF, NFTS could be considered as fitting in that category. NFTs are incorporeal goods that can be issued, registered, kept, or transferred through shared electronic ledgers. It has been argued by some authors that the criterion of ‘representing […] one or several rights’ excludes from the definition of utility tokens all the tokens acquired with the sole end of acquiring them, and not to acquire a right to some benefit against the issuer of the token. Consequently, according to this line of reasoning, NFTs would be excluded from the definition of utility tokens since it is acquired with the sole purpose of obtaining a property right, but not claiming ‘one or several rights’

The consequence of the classification of NFTs as digital assets would be the following. If the platform issuing NFTs implements, next to its primary market, a secondary market on which users would enjoy: (i) a service of storage of digital assets or access of digital assets for the benefit of a third

10 ibid, art L. 552 2

In relation to the payment token as defined in the CMF, NFTs could also be included in that broader concept. An NFT is a digital representation of a value that is not issued or secured by a central bank or a public authority, that is not necessarily connected to a legal tender and that does not enjoy the legal status of currency, and that can be stocked or exchanged by electronic means. The authors previously mentioned claimed that NFTs cannot be classified as payment tokens since NFTs cannot be classified as mediums of exchange due to their playful and artistic nature.13 Such an argument is however unsound: although the main purpose of NFTs is not to be a medium of exchange, they are subject to such exchange on the secondary market As a result, it can be argued that NFTs are not totally excluded from the definition of payment tokens, and more largely from the category of digital assets.

against the issuer of the token.12 However, such a line of reasoning is questionable. First, ‘representing […] one or several rights’ is not further defined by the CMF or any case law. Therefore, it cannot be said for certain that the requirement that the token must be acquired to claim a right against the issuer exists. Second, this requirement would nonetheless be fulfilled since an NFT is not only acquired to obtain a property right but also to claim the performance for one or several services. For example, digital cards on the online videogame SORARE are acquired not only to obtain a property right but also to enjoy the services offered by the issuers of these cards, namely participating in the game. Third, it can be argued that a property right is by nature claimed against the issuer, the latter being included in the erga omnes scope of property rights. Consequently, it can be concluded that NFTs could be classified as utility tokens, and more largely digital assets.

12 William O’Rorke, ‘De Quoi les « Non Fungible Tokens » (NFTs) Sont Ils le Nom ?’ (ORWL, 20 September

11 ibid, art L54 10 1 2°.

The fifth Anti Money Laundering Directive (AMLD5) had to be implemented by the Member States before the 10 January 2020.18 Under its regime, anybody trading or acting as intermediaries in the trade of works of art, including when this is carried out by art galleries and auction houses, where the value of the transaction or a series of linked transactions amounts to €10,000 or more, shall adopt ‘customer due diligence’ measures. Such measures include, inter alia, identifying the customer and verifying the customer's identity, identifying the beneficial owner, and adopting KYC measures i.e., taking reasonable measures to verify that beneficial owner’s identity so that the obliged entity is satisfied that it knows who they are 19 It can be said that issuers of NFTs connected to art (such as an NFT representing a property right on a digital piece of art) fulfil functions of intermediaries in the trade of works of art in a modern way, by trading these NFTs or acting as intermediaries between the artists and the clients.

1.2.1. The Current Application of the Fifth AntiMoney Laundering Directive for Intermediaries in the Trade of Works of Art

18 Directive 2018/843 of the European Parliament and of the Council of 30 May 2018 amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, and amending Directives 2009/138/EC and 2013/36/EU [2018] OJ L156/43, art 4

1.2. The Influence of EU Law on the Classification of NFTs Connected to Art

party in order to hold, stock or transfer such digital assets, and/or (ii) a service of buying or selling digital assets in legal tender, and/or (iii) a service of exchange of digital assets in return of other digital assets, and/or (iv) the operation of a digital asset trading platform,14 then a mandatory registration to the Autorité des marches financiers (The French Financial Market Authority, “AMF”) is required.15 Moreover, clients shall be identified by mean of a Know Your Customer system (KYC). 16

In the event a French court would not apply the domestic qualification of digital asset as a lex specialis to NFTs connected to art, EU law could instead be applied. This would include not only the fifth Anti Money Laundering Directive, but also MICA Regulation that might be adopted by the EU legislator in the future.

14 Code monétaire et financier, art L54 10 2

17 ibid, art L211 1 II.

19 ibid, arts 1(1)(c)(i) and 2(1)(3); Directive 2015/849 of the European Parliament and of the Council of 20 May 2015

The European Commission adopted in September 2020 the Digital Finance Package, which includes a legislative proposal on crypto assets, the Markets in Crypto Assets Regulation (herein MICA Regulation) 20 Since such a proposal is likely to be adopted in the coming years and to become a source of EU law, it is relevant to analyse it to assess its impact on French law.

on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC [2015] OJ L141/73, art 13.

20 Commission, ‘Proposal for a Regulation of the European Parliament and of the Council on Markets in Crypto assets, and amending Directive (EU) 2019/1937’ COM (2020) 593 final.

16 ibid, art R561 5 1.

1.2.2. The Proposal of MICA Regulation & the Classification of NFTs Connected to Art as Crypto Assets

15 ibid, art L54 10 3

Furthermore, one may argue that NFTs could qualify as securities (‘titres financiers’) under French law. Securities are defined as being either (i) capital securities issued by joint stock companies; (ii) debt securities; (iii) units or shares in collective investment undertakings.17 Indeed, an NFT could be qualified as security where it represents such security; the unique and non fungible nature of an NFT permits it to represent a similarly unique security. However, NFTs connected to art merely represent a property right connected to a form of art, and do not represent any security. The qualification of securities would therefore not be relevant in this article.

Therefore, AMLD5 would apply to the trade and intermediation in NFTs connected to art and would impose KYC measures to issuers of NFTs where the value of the transaction or a series of linked transactions amounts to €10,000 or more.

2.1. The Howey Test to Determine Whether Something Is Security

Third, the issuers of NFTs, in their quality of promoters, sign up with artists to create NFTs. The artists' benefit in the form of royalties is obtained solely from the promoters’ efforts in creating and <www.crowdfundinsider.com/2021/04/174155 are nfts securities omg/> accessed 19 April 2021. 25 ibid.

2.2. Application of the Howey Test to NFTs

21 ibid, art 3 (1)(2). SEC v Howey Co., 328 U.S. 293 (1946) Securities Act 1933, s 6. Howard Marks, ‘Are NFTs Securities? OMG!’ (Crowdfundinsider, 16 April 2021)

In the US, there is no case law yet on the classification of NFTs. However, NFTs could probably be deemed to be securities under US law

Regarding the first criterion, an NFT as such is not a common enterprise, it is a piece of code. However, it is sold by a common enterprise to investors. The requirement that a person invests their money in a common enterprise is therefore fulfilled.24 Second, NFTs are advertised as an investment that can appreciate, with a potential for valuation, and with a lucrative mindset. This is because NFTs are sold on secondary markets set up by the issuers of NFTs and are sold at a price higher than the price of the original sale. Thus, it creates liquidity and expectation of profits from the buyers. Additionally, artists get a royalty out of every transaction; it is permanent and paid via smart contract. Therefore, the requirement that a person is led to expect profits can be deemed to be fulfilled.25

It can consequently be concluded that NFTs could qualify as crypto assets under MICA Regulation if it were to be adopted by the EU legislator. This specific regime would be less burdensome than the general AMLD5 regime

2. Classifying NFTs as Securities under US Law

The MICA Regulation defines the concept of crypto asset as ‘a digital representation of value or rights which may be transferred and stored electronically, using distributed ledger technology or similar technology.’21 An NFT is a digital representation of a property right and other accessories rights (as in the example mentioned before, digital cards on the online videogame SORARE are acquired not only to obtain a property right but also to enjoy the services offered by the issuers of these cards, namely participating in the game) that can be transferred and stored electronically on a distributed ledger technology. Therefore, NFTs are crypto assets and the MICA Regulation would apply to NFTs. Importantly, the MICA Regulation refers explicitly to NFTs as crypto assets. Indeed, it provides that issuers of crypto assets that are ‘unique and not fungible with other crypto assets’, can, in the Union, offer such crypto assets to the public or seek admission of such crypto assets to trading on a trading platform for crypto assets as long as they are: (i) legal entities; (ii) acting honestly, fairly and professionally; (iii) communicating with the holders of crypto assets in a fair, clear and not misleading manner; (iv) preventing, identifying, managing and disclosing any conflicts of interest that may arise; (v) maintaining all of their systems and security access protocols to appropriate Union standards; (vi) acting in the best interests of the holders of such crypto assets and treating them equally, unless any preferential treatment is disclosed in the crypto asset white paper, and, where applicable, the marketing communications.

Under American law, the Supreme Court established the Howey test to determine whether something is security A transaction would need to meet three requirements: (i) a person invests their money in a common enterprise; (ii) the person is led to expect profits; (iii) that expectation came solely from the efforts of the promoter or a third party 22 If these three criteria are fulfilled, a burdensome registration with the U.S. Securities and Exchanges Commission pursuant to the Securities Act 1933 will be necessary.23

The classification of NFTs as digital assets under French law and as securities under American law reflects many differences in their approaches. A first observation is that the French approach is based on formal criteria: the digital format, the possibility to register, keep or transfer electronically, the status of the issuer. The American approach is based on material criteria: an investment, an expectation from a party, the efforts from a party. A second observation is that the French approach with the new category of digital assets is innovative and more adapted to the new challenges raised by NFTs The consequences of this classification would still imply some constraints for businesses with a registration and a KYC system, but would not be a major obstacle. The adoption of a mandatory KYC system would, however, be mandatory for all transactions with the qualification of digital asset, while the general regime of AMLD5 would have a higher threshold to adopt a KYC system of €10,000 for intermediaries in the trade of works of art. More importantly, if the MICA Regulation is adopted in its current form, the constraints will be lighter The American approach of adopting the classification of securities is more traditional and familiar to the authority and businesses but is also more burdensome than the French approach, with the consequence to be registered with the U.S. Securities and Exchanges Commission. Thus, the French and American approaches to the classification of NFTs are sensibly different: not only is the French approach focused on formalities while the American approach is centred on material criteria, but the French approach is also innovative and light, while the American approach is traditional and burdensome.

26 ibid.

advertising NFTs as well as setting up secondary markets It can consequently be claimed that the expectation of profit came solely from the efforts of the promoter or a third party 26 Since the three criteria are fulfilled, it can be concluded that NFTs would be deemed to be securities under American law

4. Conclusion

3. A Comparative Overview of the French & American Approaches to the Classification of NFTs

This piece has attempted to determine how different the French and American legal approaches are with regards to their classifications of NFTs. It has been shown that the French system would currently qualify NFTs as digital assets as understood in the CMF. The more general regime of AMLD5 intermediaries in the trade of works of art has then been studied. It has also been demonstrated that, with the coming adoption of the MICA Regulation, NFTs would qualify as a crypto assets. The American approach was then studied: it was argued that, under American law, NFTs would certainly qualify as securities. Finally, through a comparative approach, it has been inferred that the French and American approaches differ in two ways. First, the French approach is based on formal criteria while the American approach is focusing on material ones. Second, the French approach is innovative and implies light consequences on businesses, while the American approach is traditional and implies burdensome consequences on businesses. In any case, Beeple shall not be worried: he will experience a bright future, especially in the EU. His business in NFTs will not face too many obstacles in countries such as France at least not as many as in the US

Few similarities can be identified between the two approaches. However, it can be said that both legal systems share the commonality that NFTs would not be left unregulated and are subject to a certain legal status.

As a final remark, an area of further study for a complete understanding of the topic could be to study the approach in other Member States of the EU to assess which one would be the most welcoming for NFT businesses.

by Sophie-Charlotte LM Prévot

Article 3

Sophie-Charlotte LM Prévot is an L.L.B. candidate set to graduate from the European Law School programme at the University of Maastricht with an Interfaculty Minor on Art, Law and PolicyMaking. Additionally, she previously studied at the Faculty of Law of the Université Catholique de Louvain (UCL). Due to her keen interest in language studies, Sophie-Charlotte also completed the ‘History of Modern and Ancient China’ module, and subsequently went on to complete the four years curriculum of Mandarin Chinese at the Institute of Modern Languages (ILV).

Internet Law & Governance: The Comparative Evolution of Net Neutrality Regulatory Stances in the US & the EU

Marsden (n 2) 9 10.

4 Paul Ganley and Ben Allgrove, ‘Net Neutrality: A User’s Guide’ (2006) 22(6) Computer, Law & Security Report 454, 457; Yiannis Yiakoumis, Sachin Katti and Nick

1.1. Net Neutrality Measures: Scope of Application

Setting the growth rate in the hands of ISPs not only has political and economic implications, but also has a significant effect on communications, given certain senders of content may become privileged over others due to the new position of power they enjoy Concern over this control and over the commercialisation of the network usage prompted both the European Union (‘EU’) and the United States (‘US’) to consider establishing net neutrality policies. Although businesses, politicians, experts and consumer groups used to agree on leaving the internet unregulated, some leading figures such as Google, Microsoft and Amazon are now rallying behind the US government’s net neutrality policy. 7 Nevertheless, due to the economic and political

aspects attached to it, imposing net neutrality measures is not without consequences.

Before its commercialisation in 1995, the internet had never been subject to regulations beyond those necessary to guarantee proper interoperability and competition. 8 Designed as a ‘dumb’ network, its central function, strictly speaking, was to pass data packets via ‘pipes’, along a chain of ‘nodes’ until they

1. Net Neutrality: The Definition & Enforcement of A New Regulatory Stance

In November 2014, Senator Ted Cruz tweeted that ‘net neutrality is the Obamacare of the Internet: [it] should not operate at the speed of government’1 after Obama, President at the time, declared that he was in favour of implementing net neutrality measures. Over the years, the internet has become an important source of information, communication, productivity and entertainment. However, as the internet and its number of its users rapidly expanded, congestion and lack of bandwidth2 became a more common ailment.3 Hence, Internet Service Providers (‘ISPs’ a.k.a., ‘operators’) found an opportunity therein to profit by setting the price for internet access 4 A connection to the Internet typically requires a subscription with an ISP, ‘which becomes the customer’s sole gateway to the online world.’5 From that point on, ISPs saw a chance to ‘exchange traffic to make it travel faster than it would through the public hubs that were the foundation of the internet.’6

1.1.1. Ratione Personae

30 Introduction

3 ibid 9 10.

1 Alexandra Petri, ‘Obamacare for the Internet’? Net Neutrality, Ted Cruz, and the Danger of Bad Analogies’ (The Washington Post, 10 November 2014 Februarycr/11/10/obamacare<www.washingtonpost.com/blogs/compost/wp/2014fortheinternetnetneutralityteduzandthedangerofbadanalogies/>accessed52022.

2 Christopher T Marsden, Net Neutrality: Towards a Co Regulatory Solution (Bloomsbury 2010) 3.

Robert Hahn and Scott Wallsten, ‘The Economics of Net Neutrality’ [2006] Berkley Electronic Press 1ff

The question thus investigated in this article is, how has net neutrality evolved and been implemented in the US and EU comparatively? This research question will be answered by means of three different sections. The first section of this article introduces and defines net neutrality. The second and third respectively consider the legislative and regulatory approaches of the US vis à vis that of the EU towards net neutrality. The fourth section of this piece compares these two approaches, accounting and reviewing therewith some key differences and similarities between the US and EU With this in mind, and in order to carry out the proposed research, the present article will draw from secondary sources such as scientific papers, legal academic commentary, excerpts from books and articles from newspapers, as well as from primary sources such as regulations and case law of the Court of Justice of the European Union (‘CJEU’).

McKeown, ‘Neutral Net Neutrality’ (2016) Proceedings of the 2016 ACM SIGCOMM Conference 483 <http://yuba.stanford.edu/~yiannis/neutral net neutrality.pdf> accessed 20 March 2022.

Aaron K Brauer Rieke, ‘The FCC Tackles Net Neutrality: Agency Jurisdiction and the COMCAST Order’ (2009) 24(1) Berkeley Technology Law Journal 593.

John Gapper, ‘Is It Too Soon to Impose Net Neutrality’ Financial Times (London, 30 April 2006) 16 18

9 Jan Krämern, Lukas Wiewiorra and Christof Weinhardt, ‘Net Neutrality: A Progress Report’ (2013) 37 Telecommunications Policy 794.

ibid.

yet, the position of strength that most major ISPs enjoy is also the primary reason why regulatory bodies (such as the Federal Communication Commission (FCC) and EU equivalent bodies) aim at defending fairness and universality over other values of the complex ecosystem. By essentially focusing on the ISPs level, these regulatory bodies also ensure that the chain in the Internet is not only restricted to ISPs and CPs.

Now, as is well known, within the sphere of telecommunication and entertainment there are several actors which can be identified. Positioned at the centre, ISPs e.g., Comcast, Verizon, Orange should be understood as ‘platforms’ who stand between ‘Content Producers’ (‘CPs’) e.g., TV producers, YouTube, Netflix and ‘users’ i.e., the general population and companies , the final links in the chain. CPs are the main intermediaries of the delivery chain in the internet ecosystem. If we look towards the other end of the supply chain, we’ll observe that CPs’ success partly relies on the manner in which the latter (i) interact with other actors, (ii) their visibility and (iii) their capacity to reach a high level of Quality of Experience (‘QoE’). Created to simply do what they have been tasked with, these identified nodes do not ask any questions nor wonder who the sender is or what it is that each packet holds. In that sense, all packets are treated equally a principle referred to as ‘bit parity’ and often encapsulated in the ‘end to end’ (E2E) design jargon

12 In short, E2E bit parity means that all data packets travelling across the network are treated equally from origin to endpoint. In turn, the ‘intelligent’ component of the internet comes instead from the actors who incorporate it in applications sitting at the very edges, that is to say, the ‘ends.’ Not designed with any particular application in mind, the network will respond to the command of whoever cares to create and launch applications,13 and it is at

Patrick Maillé, Gwendal Simon and Bruno Tuﬀin, ‘Toward a Net Neutrality Debate that Conforms to the 2010s’ (2016) 54 IEEE Communications Magazine 94, 94 95.

Parminder Jeet Singh, ‘Net Neutrality Is Basically Internet Egalitarianism’ (2015) 50(19) Economic and Political Weekly 12, 12ff ibid 13.

1.1.2. Ratione materiae

this very singular spot of the playing field that net neutrality comes into play.

reached the desired destination. 9 ‘Pipes’ or ‘transport pipes’ thus play an essential role in the Internet’s architecture given that they connect ‘consumers’ to ‘content’ and vice versa. In turn, the role of ‘nodes’ is that of collecting ‘target information’ (data packets) and therewith transferring it to the central controller for further processing.10 This, as a result, enhances network coverage and connectivity.11

11 ibid.

Defined as ‘the principle that Internet service providers should enable access to all content and applications equally, regardless of the source, without favouring or blocking particular online services or websites’, 14 net neutrality has been the subject of continued regulatory discussion for over 25 years. In simpler words, therefore, the main objective of net neutrality is that ‘ISPs will treat all content, applications and services equally, and not prioritise or degrade any in relation to others’15 and give users the right to access or use any content, application or service of their choice. 16 Another reason why it is essential is that it is seen as the secret key to innovation. Given the internet is a platform which naturally encourages the survival of the fittest between new tech developers, the latter tend to be in a constant battle, continuedly competing for the attention and interest of end users at play Consequently, the so called platform that is the internet must remain neutral to ensure that competition between developers remains meritocratic, rather than being suffocated by major players on the rise.17 This, at least, is the theoretical gist of it.Further

Tim Wu, ‘Network Neutrality, Broadband Discrimination’ (2003) 2 Journal of Telecommunications and High Technology Law 141, 145 146.

12 Jerome H Saltze, David P Reed and David D Clark, ‘End to End Arguments in System Design’ (1984) 2(4) ACM Transactions in Computer Systems 277 278; Ganley and Allgrove (n 4) 456.

10 Sheetal Ghorpade, Marco Zennaro and Bharat Chaudhari, ‘Survey of Localization for Internet of Things Nodes: Approaches, Challenges and Open Issues’ (2021) 13 Future Internet 210, 211.

Importantly, throughout the development of the internet, ISPs have gradually shaped and taken over the internet’s traffic so as to extract additional revenue 18 Consequently, ISPs started to ‘throttle’ and slow the delivery of content, or even block it. This not only caused more congestion in the network but also hindered other types of services 19 As ISPs’ reasons for supporting and enforcing net neutrality could paint a grim picture to the cynical eye, there has been, in turn, a palpable taking to acting in plain sight by means of philanthropic commitments instead. For instance, FB developed the Free Basic project, with the aim of helping internet users access basic services free of charge. This was fiercely contested by other players of the tech industry and regulators alike, as an attempt to expand connectivity through digital colonialism, something which also allegedly proved that net neutrality must remain an essential notion for the enabling of internet users to have full access to services and content 20

Robert Easley, Hong Guo and Jan Kramer, ‘From Network Neutrality to Data Neutrality: A Techno Economic Framework and Research Agenda’ (2018) 29 Information Systems Research 253, 256.

26 ibid 7

21 Shobhna Kunwar, ‘Strident Politics and Grey Economics Debating Net Neutrality’ (2016) 51(2) Economic and Political Weekly 74, 74 75

Net neutrality only seeks to apply to the ‘last mile’ network providers the ISPs as they control the final and crucial transmission system to consumers 24 Neither a technical principle nor something aimed at upholding the free market, net neutrality is built on the principle of neutrality, non discrimination and equity. It seeks to preserve universal access for any internet user when they surf the internet for any lawful content or services, and ‘the reciprocal right to have their resources universally accessible to others on the internet.’25 Behind this idea to guarantee the universal, reciprocal and non discriminatory access traditionally associated with internet connectivity, net neutrality comprises two elements: the economic aspect and the freedom of expression

Milton Mueller and others, ‘Net Neutrality as Global Principle for Internet Governance’ (2007) GigaNet Global Internet Governance Academic Network Annual Symposium 2007 6.

Given the internet is built on principles such as the freedom of expression and the right to equal access and innovation, the extent of neutrality of the internet through regulatory means is therefore a legal matter of direct social and political impact. Even actors who have benefited from a form of monopoly over the internet’s environment have vowed to

19 Shane Greenstein, Martin Peitz and Tommaso Valletti, ‘Net Neutrality: A Fast Lane to Understanding the Trade Offs’ (2016) 30(2) Journal of Economic Perspectives 127, 128.

Nevertheless, it remains worthy of note that Content Delivery Networks e g., Akamai, Amazon, Cloud Front, Limelight who, arguably, are key components of the delivery chain, continue to stay conspicuous in their absence from the ongoing regulatory debate

1.2. Access to Internet as a Right

support net neutrality.21 It is against this background that, to reverse this trend, the US regulator FCC and the Body of European Regulators for Electronic Communications (‘BEREC’) decided to introduce the concept of internet neutrality in 2010 22 and 2009,23 respectively.

18 Marsden (n 2) 11.

20 Toussaint Nothias, ‘Access Granted: Facebook’s Free Basics in Africa’ (2020) 42 Media, Culture & Society 329, 331

The dynamics of net neutrality involve a ‘vertical tying between the supply of bandwidth and the supply of content, applications and terminal equipment (all of which are useless without bandwidth).’26 This ‘tying’ refers to the selling of one product which is conditional upon the purchase of another product, the tied product, thus giving the supplier of the tying product a significant market

22 Alexander Reicher, ‘Redefining Net Neutrality After Comcast v. FCC’ (2011) 26(1) Berkeley Technology Law Journal 733, 733ff

1.3. The Two Fundamental Pillars to Regulating Net Neutrality

Ben Scott, Stefan Heumann and Jan Peter Kleinhans, ‘Chapter Five: Landmark EU And US Net Neutrality Decisions: How Might Pending Decisions Impact Internet Fragments?’ (2017) Centre for International Governance Innovation 78

1.3.1. The Economic Dimension

Greenstein, Peitz and Valletti (n 19) 74 75.

environment and make internet users more likely to innovate

Over the last decade, the US, like the EU, has developed and adopted new regulatory frameworks which aim to limit the freedom of ISPs when they chose their management practice. However, their approach remains vague when it comes to drawing a line between neutral from non neutral practices.35

power to the point it can reach a monopoly. 27 As broadband network service can be a tying product, ISPs can bundle a limited set of selected content and applications as a tied product (often a specific package of channels and programmes). Similarly, Mobile Network Services (‘MNS’) sell mobile handsets at a ‘subsidized rate conditional upon the purchase of network services for a fixed term.’ 28

1.3.2. Freedom of Expression

Marsden (n 2).

Stuart M Benjamin, ‘Transmitting, Editing, and Communicating: Determining What “The Freedom of Speech” Encompasses’ (2011) 60(8) Duke Law Journal 1673, 1679.

To reverse the growing trend of ISP monopoly in the US, 39 the FCC thus decided that internet transmission would no longer be classified as ‘telecommunications services’ but as ‘information

32 Hsing K Cheng, Subhajyoti Bandyopadhyay and Hong Guo, ‘The Debate on Net Neutrality: A Policy Perspective’ (2011) 22 Information Systems Research 60, 61 62.

29 ibid.

Marsden (n 2) 9 10.

The US has played a significant role in the development of the internet. The original architecture and underlying technical standards of the internet were developed by the world’s leading internet companies, all of which are based in the US. It, therefore, comes as no surprise that any regulation that affects the internet and its market, becomes a major topic of discussion.36 The term ‘Net Neutrality’ was coined in 2003 by Columbia University Law Professor, Tim Wu 37 As users become more exposed to spam emails, viruses and botnets, the E2E principle governing the internet and inquiries by the FCC could no longer provide enough trust reliability and a guarantee against slow rate for users 38

Federal Communications Commission, ‘Preserving the Open Internet’ (52 Commc'ns Reg 2011) 3.

31 Greenstein, Peitz and Valletti (n 19) 74 75.

28 Tim Wu, ‘Wireless Carterfone’ (2007) 1 International Journal of Communication 389, 414.

From the cyber libertarian perspective, the internet was born with the idea to provide a free and equal platform for all. For many, ‘the internet has thrived because of its freedom and openness the absence of any gatekeeper blocking lawful uses of the network or picking winners and losers online.’ 30 However, with ISPs’ control over the speed at which information travel, only those who can afford the charges will be able to get preferential internet access 31 and the freedom of expression that derives from it.32 ISPs also have an incentive and ability to block or prioritise particular content, which intrinsically collides with users’ rights to freedom of speech 33 Net neutrality was brought to serve as an instrument to preserve the internet’s inherent free and egalitarian nature and having freedom of expression as a prerequisite for the proper functioning of the internet would guarantee a safe

27 Marc Bourreau, Frago Kourandi and Tommaso Valletti, ‘Net Neutrality with Competing Internet Platforms’ (2014) 9827 Centre for Economic Policy Research 1, 29.

The current ISPs market in the US is shared by only five ISPs, which are Verizon, Sprint, AT&T, Comcast, and Charter Communications. In 2019, thank to their position of power, ISPs Comcast and Charter have reached an annual revenue of $108.94 billion and $45.8 billion but they have failed to improve their service in a country where 53% of the rural population does not have any internet access, see Ryan Bayer, ‘Internet Service Provider Monopolies and the Digital Divide’ (2021) Harvard Model Congress 1, 2 3.

2. The US Perspective on Net Neutrality

Kunwar (n 21) 75.

Given that this tied product is competitive, the ISPs of MNS will sell the package at the most advantageous price and either force others to align to it or develop a monopoly that will suffocate any other provider 29

David C Mowery and Timothy Simcoe, ‘Is the Internet a US Invention? An Economic and Technological History of Computer Networking’ (2002) 31 Research Policy 1369, 1370.

2.1. The Development of the Concept of Net Neutrality in the US

services.’40 Following the ‘common carriage’ principle, this provided the basis for net neutrality regulations As the market for ISPs and content, services and applications led to the rising costs for internet services, regulations were necessary to avoid the situation getting out of control 41

The wireless broadband market itself provides strong recent evidence of how competition drives the market to serve the needs of customers: While advocates demanded that wireless carriers should accept any devices and applications (that meet standards) the customer brings (see Wu, 2007),48 it has been the competitive market in wireless that has delivered what customers want, not advocates.49

Gerald R Faulhaber, ‘Economics of Net Neutrality: A Review’ (2011) 3(1) Communications & Convergence Review 53, 61 Wu (n 28) 410.

its economic competition and growth.46 The question remains as to whether the benefit of imposing net neutrality regulations on broadband ISPs exceeds the costs or not. While there is clearly competition in the market, the conduct of ISPs naturally creates competition which, consequently, will lead to what customers demand as ISPs are forced to innovate 47

43 FCC, ‘Order Restoring Internet Freedom’ (2017) FCC 17 166 (D.C. 20554)

<file:///Users/ce/Downloads/FCC 17 166A1.pdf> accessed 1 April 2022. ibid 68 69. ibid 71. ibid 73.

Gerald R Faulhaber and David J Farber ‘The Open Internet: A Customer Centric Framework’ (2010) 4 International Journal of Communication 1. Bayer (n 39) 72. FCC (n 43).

40 Jay Pil Choi and Byung Cheol Kim, ‘Net Neutrality and Investment Incentives’ (2010) 41(3) The RAND Journal of Economics 446, 446.

2.2. The US Implementation of Net Neutrality

For many, when it comes to the future of the internet, there are only two options: the internet can either remain an open platform that unifies people through free speech and innovation, or a network overly controlled by the parochial interests of ISPs. The US government then has two choices, either lose time and resources through some semblance of policy or give the internet a proper infrastructure just like the physical infrastructure of a country is essential to

Forinternet.those

42 For instance, the EU Consumer Protection Law and Policy has a long history in attempting to promote competition in national consumer market by, for instance charging e transactions with companies outside the EU, see Mihaela Tofan and Ionel Bostan, ‘Some Implications of the Development of E Commerce on EU Tax Regulations’ (2022) 11 Law 1, 4 5.

In a 2010 study it was even demonstrated that customers will obtain the net neutrality they want:

It was with this mind that several figures, including Senators Mitch McConnell and Ted Cruz, have responded to Obama’s administration which let the FCC adopt a set of neutrality rules known as the 2010 Open Internet Order.50 With this Open Internet Order, the FCC has created a set of carefully tailored rules that aims to guarantee the ‘openness’ of the internet and, as a result, to ‘protect and promote the “virtuous cycle” that drives innovation and investment on the Internet.’51 Furthermore, by being consistent in its net neutrality policy, the FCC allows consumer to continue to enjoy an unfettered access to the

41 Nothias (n 20) 738 739.

If the FCC pursued a net neutrality policy but never actually reined in US ISPs, foreign companies saw in this new policy an attempt to protect US technology companies. Consequently, US companies started to be charged for access to foreign markets,42 or even be completely excluded and when the US government allowed US ISPs to charge for or block foreign technology, 43 other countries replicated the US strategy by allowing their providers to do the same. This escalation of penalties slowly started to weaken the ability of any foreign start up company to access the US market.44 Many became sceptical or critical of net neutrality since it was not consistently enforced and when the FCC defined an ISP as an ‘information service’, rather than a ‘common carrier’ in 2002, it could no longer treat ISPs like telephone companies and ban unreasonable discrimination under Title II of the Communication Act 45

who are in favour of letting competition establish a form of neutrality, the FCC does not encourage this model of neutrality since it

53 Bayer (n 39) 68.

56 Ammori (n 52).

BEREC Guidelines on Regulation (EU) No 531/2012, as amended by Regulation (EU) 2015/2120 and Commission Implementing Regulation (EU) 2016/2286 (Retail Roaming Guidelines); BEREC Guidelines on Regulation (EU) No 531/2012, as amended by

In 2015, the FCC attempted to rectify the situation by voting the 2015 Open Internet Order. For this new Open Internet Order to survive, the FCC decided to ground their new ‘open Internet rules in multiple sources of legal authority including both section 706 of the Telecommunications Act and Title II of the Communications Act.’ 58 This ‘light

3.1. The European Commission’s Discussions

Despite the EU’s conclusions of negotiations over net neutrality that occurred in 2017, 60 the scope and definition of net neutrality remain ambiguous as they will be interpreted by Member States. Its net neutrality policy also differentiates itself in two important ways from its US counterpart due to the market structure in Europe.

United States Telecom Ass’n v FCC [2016] (Case 359 F.3d 554) (US Court of Appeals, D.C. Columbia).

61 Allan Holmes and Chris Zubak Skees, ‘U.S. Internet Users Pay More and Have Fewer Choices Than Europeans’ (PublicIntegrity, 1 April 2015) <https://publicintegrity.org/inequality poverty opportunity/u s internet users pay more and have fewer choices than europeans/> accessed 22 March 2022; Ross Anderson and others, ‘Security Economics and European Policy’ [2008] ISSE 2008 Securing Electronic Business Processes 57, 101.

62 Simon Hampton, ‘ISPs & Broadband Access Competition in Europe’ (Commission, 2002) 3 depton_aol.pdf10/2002_local_loop_public_hearing_presentation_hampolicy/system/files/2021<https://ec.europa.eu/competition>accessed2April2022);cfAvisn°0235l'ART,Jan.02

ibid 63

touch regulatory framework’ aims to be more straightforward on the practices pursued by ISPs that are now fully banned (namely blocking, throttling and paid prioritization) and more transparent on the goals it views to achieve: protecting innovation, facilitating consumers’ access to internet and services and guaranteeing internets’ openness. This decision by the FCC was upheld after the case United States Telecom Ass'n v FCC raised in 2016 by the ISPs industry.59

Verizon v FCC [2014] (Case 740 F.3d 623) (US Court of Appeals, D.C. Columbia).

Firstly, in Europe there is considerably more competition between consumer ISPs and so consumers will shop around 61 For instance, in 2002, the French telecoms regulatory authority, ART, reported that, since the ISP ‘Wanadoo’ (which has since been integrated to the ISP ‘Orange’) is holding almost all ADSL Internet access’ customers, the effect is not only damaging to the ISPs economy but also to smaller ISPs, which will never be able to reach such a large number of customers 62 Secondly, in Europe, the launching of ‘over the top’ services

58 FCC (n 43).

Comcast Corp. v FCC [2010] (Case 600 F.3d 642) (US Court of Appeals, D.C. Columbia).

However, after the Federal Court rendered its judgement to the cases brought by Comcast in 201054 and Verizon in 2014,55 the neutrality rules imposed by the FCC in 2010 were struck down by the Federal Court which concluded that the FCC does not have the authority to enforce these net neutrality principles on Title I Information services. As a result, services providers, such as Netflix, ended up being forced to pay millions to ISPs, so their users could stream movies reliably. 56 Some companies, such as Apple, ended up having to enter in negotiation with Comcast, hoping they would enjoy some ‘special treatment’ by the ISP.57

Regulation (EU) 2015/2120 and by Regulation (EU) 2017/920 (Wholesale Roaming Guidelines).

3. The EU Perspective on Net Neutrality

52 Marvin Ammori, ‘The Case for Net Neutrality: What’s Wrong With Obama’s Internet Policy’ (2014) 93(4) Foreign Affairs 62, 62ff.

does not believe that stopping anticompetitive behaviour will inhibit the rapacious behaviour of some ISPs. To ensure a proper level of openness, the FCC refuses to support the argument that the market is competitive and, therefore, not in need of neutrality policy rules to be put into place 52 Rather, it advances the idea that a local cable monopoly is usually the principal, if not only the player when it comes to high speed access and thus can control two thirds of the market. Herewith, internet users will rarely be keen on switching services out of fear of penalties for terminating their contract early.53

In 2006, a discussion on net neutrality was initiated by the European Commission. 67 Supported by national telecommunications companies in some Member States, in 2009 the European Union published the EU Telecom Reform Legislation to, firstly, recognise internet access as a fundamental right and, secondly, to promote an open and free internet. Given that coordination and supervision were required, BEREC was created the same year. In October 2011, it started to publish reports citing Tim Wu’s definition of net neutrality 68 and launched consultations on the quality of the service in the scope of net neutrality. In 2013, the Commissioner for the Digital Agenda, Neelie Kroes, suggested

64 Ben Scott, Stefan Heumann and Jan Peter Kleinhans, ‘Landmark EU and US Net Neutrality Decisions: The Shifting Geopolitics of Internet Access. From Broadband and Net Neutrality to Zero Rating’ (2017) 6 Centre for International Governance Innovation 2, 78.

Although the 2014 legislation resolution 73 passed by the European Parliament on net neutrality was more rigid than the 2013 Commission’s initial proposal had envisioned, civil society reacted strongly against the joint proposals as they appeared weaker than the US version, namely the 2015 Open Internet Order Plus, as the proposals do not follow the FCC’s

65 Christopher T Marsden, ‘Zero Rating and Mobile Net Neutrality’ in Primavera de Filippi and Luca Belli (eds), Net Neutrality Compendium: Human Rights, Free Competition, and the Future of the Internet (Springer 2015) 248.

(‘OTT’) which are media entertainment services delivered over the Internet (such as the Nordic region’s NENT Group, Cyfrowy Polsat’s IPLA in Poland, Telenet/DPG Media’s Streamz in Belgium, Viaplay in Denmark and Finland), is quite scarce63 . So, as the digital market for OTT products is underdeveloped in Europe, the largest and wealthiest content and service companies that might be tempted to support a non neutral internet by paying extra fees are mostly non European. In that respect, the EU’s net neutrality policy will understandably be more oriented toward regional economic self interest over technology policy 64 In addition, long before the EU’s interest in net neutrality, it was already present at the national level across Member States. For instance, the Netherlands 65 and Slovenia 66 adopted laws to guarantee net neutrality in 2015 and net neutrality was hotly debated across other EU Member States.

68 Robin S Lee and Tim Wu, ‘Subsidizing Creativity through Network Design: Zero Pricing and Net

67 ibid.

71 Stefan Gadringer, ‘Network Neutrality in the European Union: A Communications Policy Process Analysis’ (2020) 4 Internet Histories 178, 187 188. ibid. 73 ibid.

3.2. The European Parliament’s Legislative Approach to Net Neutrality

creating a single European telecommunications market. However, after years of debate, this project never saw the light of day as the proposal from the European Commission followed the opinion of the net neutrality opponents. Nonetheless, the hope of seeing a European single market linked to net neutrality did not die, and the European Parliament launched a proposal in April 2014. As net neutrality is a topic of heated debate, the European Parliament finally chose to only strengthen the protection of the net neutrality principles 69 After the flop of the 2013 Commission’s proposal, what remained for further negotiations was mobile roaming and a potential net neutrality policy. Compared to the 2013 Commission’s proposal, the Parliament, in its first reading,70 showed that it was particularly sensitive to the call for awareness by civil society organisations and the general high public alertness by amending a very strong position on network neutrality policy.71 For instance, in article 8(3) of the future regulation on an European Single Market for electronic communications, the Parliament will add that not only the Commission should take into account ‘any regulatory best practice, report or advice issued by BEREC on matters within its competence.’72

Anil Kokaram, Regis Crinon and Nicolas Catania, ‘OTT (Over The Top)’ (2015) 124(6) SMPTE Motion Imaging Journal 65, 65ff

66 ibid 249

Neutrality’ (2009) 23 The Journal of Economic Perspectives 61, 62 63. 69 Ammori (n 52) 71

70 European Parliament, ‘Resolution of 3 April 2014 on the proposal for a regulation of the European Parliament and of the Council laying down measures concerning the European single market for electronic communications and to achieve a Connected Continent, and amending Directives 2002/20/EC, 2002/21/EC, 2002/22/EC, and Regulations (EC) No 1211/2009 and (EU) No 531/2012’ (2013/0309(COD))

the debate has remained fierce, net neutrality is enforced in the US and the EU. In the US, the idea of enforcing net neutrality has caused inner rumblings to the point where in the US there is now a serious split between those who are in favour of net neutrality and those who believe that the internet’s inner dynamic is better off without it. 81 In comparison, in Europe, Member States have been less refractory to net neutrality since a number have already legislated on the matter to protect their citizens. At the EU level, the debate surrounding net neutrality was rather at the level of the EU’s institutions where regulations over net neutrality and the idea of a European telecommunications market have not been well received.82

Mark A Lemley and Lawrence Lessig, ‘The End of End to End: Preserving the Architecture of the Internet in the Broadband Era’ (2000) 207 Stanford Law and Economics Olin Working Paper 1, 9 10. Ammori (n 52) 74.

The flexibility of the internet and its lack of regulation have allowed the misuse of the network by ISPs through charging inflated prices, which deters entry, reduces the content providers’ profits and limits innovation 78 This is the context in which net neutrality was put in place. In many ways, net neutrality is far from being new law but is rather an innovative principle that aims to codify and seal the internet’s principles: ‘preserving in formal legal rules

3.3. The Case of Telekom Deutschland GmbH v Bundesrepublik Deutschland

75 Council Regulation (EU) 2015/2120 of 25 November 2015 laying down measures concerning open internet access and amending Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services and Regulation (EU) No 531/2012 on roaming on public mobile communications networks within the Union [2015] OJ L310/1.

74 Michael Guihot, Anne F Matthew and Nicolas P Suzor, ‘Nudging Robots: Innovative Solutions to Regulate Artificial Intelligence’ (2020) 20 Vanderbilt Journal of Entertainment and Technology Law 385.

In 2021, the Court of Justice of the EU gave a preliminary ruling concerning the interpretation of article 3, paragraphs (1) to (3) of the Regulation which concerns the ‘safeguarding of open internet access’ (article 3), the right to access for end users (para. 1) and the obligations for internet providers to treat all traffic equally (paragraph 3). Hence, with the case Telekom Deutschland GmbH v Bundesrepublik Deutschland, it took the opportunity to remind ISPs that users have the right ‘only to access information and content, use applications and services, and distribute information and content, but also to provide applications and services.’77

Paul Njoroge and others, ‘Investment in Two Sided Markets and the Net Neutrality Debate’ (2014) 12(4) Review of Network Economics 1, 1ff Ammori (n 52) 72 ibid. Marsden (n 2) 11

Regardless of whether we take the US or EU perspective on the issue, the crux of the matter remains and which pushed both the US government and the EU to implement net neutrality measures the ISPs’ takeover of the network. When looking into their motivation to enforce net neutrality, several positive aspects can be seen. 83 From an economic point of view, data packets can no longer be discriminated against by ISPs’ priority pricing. From a social perspective, internet users will not only enjoy a greater quantity of content since all content providers are now treated equally, but also can change

the technical features that enabled the internet’s tremendous growth ’ 79 Viewed as ‘as a policy that mandates ISPs to provide open access, preventing them from any form of discrimination against content providers (CPs)’, 80 net neutrality has been hotly and widely debated by law and policy makers due to its significant financial and political repercussions.Although

4. Conclusion

‘virtuous cycle’, 74 some thought that it would open the door to paid prioritisation and specialised services, which was to be avoided. The European Council adopted the Telecoms Single Market Regulation in March 2015 75 and codified a core concept of net neutrality: quality of service. This text contains rules protecting all lawful content, prohibits applications and services to be blocked, but also throttling.76

Case C 34/20 Telekom Deutschland GmbH v Bundesrepublik Deutschland [2021] ECR I 677, para 19.

76 Ammori (n 52) 78 79.

Carlo Reggiania and Tommaso Valletti, ‘Net Neutrality and Innovation at the Core and at the Edge’ (2016) 45 International Journal of Industrial Organization 16, 26

Through an innovation lens, ‘preserving net neutrality may be the right policy to guarantee the largest availability of content and to provide incentives to invest and improve the existing networks ’ 85 However, the constant evolving nature of the internet does not allow for any definite answer to the question of whether net neutrality is the ideal model of protection. The constant variation in positions of strength and power of ISPs and content providers makes the economics of net neutrality subtle. The simplicity of the net neutrality model does not take into account, as some US scholars have observed, 86 the urge that some ISPs will have to innovate in order to offer the best bargain and, consequently, favour consumers’ interests 87 Overall, the internet’s versatile a complex character and the different motivations of its actors make it very difficult to find a ‘one solution, fits all’ approach. The mitigating aspect of net neutrality seems not to have found a way to encourage ISPs to invest in innovation while guaranteeing the absence of discrimination both for content providers and internet users. Given that the US and European legislators have not yet been able to find a way to avoid ISPs’ monopoly while inducing them to break new ground with the services they offer, net neutrality may be in the hands of ISPs, not the US government, nor the EU. Too absorbed by the power and financial gain they will have while reaching a position of economic strength, ISPs do not seem to notice that any net neutrality regulation or measure imposed can only be the result of their ruthless behaviour governed by their greed. ISPs do not need net neutrality to properly operate and they never will. However, to remain masters of the game, they must change their position and strategy.

ISP without fear of reprisal or consequence. 84

ibid. cf Mueller and others (n 25). Ammori (n 52) 71

The Reality of Blockchain Agreements: Challenges & Stepping Stones to the Development of Smart Contracts in the EU

Article 4

by Anna Kozarów

Anna Kozarów is a third-year LL.B. candidate set to graduate from the European Law School of Maastricht University. Anna is passionate about the effect of the development of new technol ogies on legal questions and debate. Previously, Anna trained as an intern at the Polish Data Protection Office in Warsaw (‘UODO'). She will continue to pursue her legal career in the field by working for the global law firm of Dentons.

The research question of this paper is: what are smart contracts and what has been achieved in this field by the European Union legislators? In order to give a final answer, two things will have to be considered and discussed. Firstly, smart contracts, as such, and their implications on the law will be explained. Secondly, the focus will be shifted to what the European Union has done so far with regards to blockchain based agreements and what is its approach to this innovation.

2 Primavera de Filippi and Aaron Wright, Blockchain and the Law: The Rule of Code (Harvard University Press, 2018) 33 58

Blockchain is an extraordinary tool providing transparency and security of transactions, and thus, it is becoming very popular in areas such as business, social security and law. 2 Many new solutions, that blockchain technology offers, could influence the world of law and change the way people deal with contracts, in their traditional understanding. This would require specific legislation and new legal ideas as traditional methods might not be sufficient to tackle the innovative and complex world of blockchain. Smart contracts, which are one of the newest and most unsettled innovations, remain controversial, as law makers are still unsure how to make best use of them. There is no doubt that contract law could greatly benefit from introducing blockchain based agreements 3 Many transactions could be self executory, meaning that no or little of lawyer’s involvement is needed and thus, the process goes much faster and is overall cheaper.4 However, this is not always possible as behind every transaction there are human beings, who often need legal help, and even the perfect computer system may not be useful

3 Paul Catchlove, ‘Smart Contracts: A New Era of Contract Use’ [2017] SSRN 9 <http://dx.doi.org/10.2139/ssrn.3090226> accessed 15 April 2022.

1 Riccardo De Caria, ‘Definitions of Smart Contracts: Between Law and Code’ in Larry A Di Matteo, Michel Cannarsa and Cristina Poncibò (eds), The Cambridge Handbook of Smart Contracts, Blockchain Technology and Digital Platforms (Cambridge University Press 2019) 19 36.

For this reason, the European Union and its Member States have now a challenge to adapt their current legal systems to the inevitable transformation caused by blockchain, and find a proper way to use smart contracts in everyday life. Since one of the main goals of the European Union is to harmonise laws of its Member States, this also entails discovering solutions suitable for the whole community.5 As the ‘problem’ is a fairly new one, not much has been achieved yet in this area and that is exactly why the topic of blockchain and its influence on the law has to be researched and further elaborated on.6

5 Consolidated Version of the Treaty on the Functioning of the European Union [2007] OJ C326 (TFEU), art 114.

Novemberbo.best.vwh.neeech/CDROM/Literature/LOTwinterschool2006/sza<www.fon.hum.uva.nl/rob/Courses/InformationInSpt/smart_contracts_2.html>accessed152021

6 Aaheree Mukherjee, ‘Smart Contracts Another Feather in UNCITRAL’s Cap’ [2018] Cornell International Law Journal 2018 <https://cornellilj.org/2018/02/08/smart contracts another feather in uncitrals cap/> accessed 15 December 2021

4 Nick Szabo, ‘Smart Contracts: Building Blocks for Digital Markets’ (Fon Hum UvA, 1996)

Have you ever wondered how the legal world would look like if contracts were to self execute themselves without a need for an entrusted third party? Even though the concept seems abstract and rather unreal for now, it might actually become a part of people’s everyday lives. That is due to the development of a blockchain technology. This relatively new system, used for storing and transposing data, has already influenced the financial world in a significant way but has also a great potential to change the legal one as well.1

42 Introduction

In order to write this paper a doctrinal research method will be used. The information presented in this paper is mostly based on secondary sources and only little facts are based on primary ones. This is because the concept of smart contracts has not been yet established in law and little regulation can be noticed in the area of blockchain.7 Most focus will be given to understanding the topic and provide a description of its implications as this remains crucial for answering the research question.

7 Josias N Dewey, Global Legal Insights: Blockchain & Cryptocurrency Regulation (3rd edn, Global Legal Group 2021) 6.

1.2. Advantages of Smart Contracts

The reason why researchers even bother to create these ‘sophisticated’ definitions and attempt to understand the concept is because it can bring significant benefits to the legal playing field. The main advantages of the blockchain technology, on which smart contracts are based, concern their self executory and decentralised nature, transparency and other features.16 However, in addition to this, there are some other aspects which make smart contracts particularly interesting and maybe even superior to traditional agreements. Firstly, they might become more suitable for achieving the main goals of the contract itself, such as satisfying the conditions of it or fulfilling one’s obligations, so the actual enforcement.17 Secondly, the need for an intermediary becomes irrelevant, as one of the key characteristics of those transactions is that they execute themselves18 . In relation to this, there are also economic benefits stemming from the mere fact that no lawyer or third party is needed for the correct realisation of the contract.19 Moreover, DLT governed transactions provide a higher degree of

9 European Central Bank, ‘Virtual Currency Schemes A Further Analysis’ (2015) European Central Bank Eurosystem Report Series 33 <www.ecb.europa.eu/pub/pdf/other/virtualcurrencyschemesen.pdf>accessed18November2021.

12 Fabian Schär, Katrin Schuler and Tobias Wagner, ‘Blockchain Vending Machine: A Smart Contract Based Peer to Peer Marketplace for Physical Goods’ (2022) Proceedings of the 55th Hawaii International Conference on System Sciences 2 4 accessedmuenchen.de/101733/1/MPRA_paper_101733.pdf<https://mpra.ub.uni>7May2022.

13 Catchlove (n 3) 6.

14 Szabo (n 4).

Tom Lyons and others, ‘Legal and Regulatory Framework of Blockchains and Smart Contracts: Thematic Report 2019’ (2019) EU Blockchain Observatory and Forum Report Series 22 32 ts/report_legal_v1.0.pdf<www.eublockchainforum.eu/sites/default/files/repor>accessed19January2022

In order to describe in more detail how smart contracts work and how can they benefit the current legal reality, one has to understand the mechanism of the blockchain technology first. This is due to the fact that smart contracts work on the basis of this system and are executed by it.8

Lin W Cong and Zhiguo He, ‘Blockchain Disruption and Smart Contracts’ (2018) National Bureau of Economic Research Working Paper Series no 24399 9 <www.nber.org/papers/w24399> 10 June 2022.

19 De Caria (n 1) 19 36.

8 Catchlove (n 3) 2 3.

When it comes to smart contracts, there is no single definition to be provided as the concept is not that well established yet and the consensus about one particular definition has not been reached so far. 13 However, there are great similarities between different understandings of what smart contracts are. One of them is given by Nick Szabo, a cryptographer who specialises in this field and remains one of the

1. Smart Contracts

One of the many definitions of blockchain has been provided by the European Central Bank in 2015, in the so called ‘Virtual Currency Schemes.’9 It describes blockchain as ‘the book of records (the ledger) of all transactions, grouped in blocks, made with a virtual currency scheme.’10 This also explains why blockchain is often called a Distributed Ledger Technology (‘DLT’). It is based on a system of ledgers which keeps every copy of every transaction ever made.11 The DLT is often compared to the system of a vending machine which automatically responds to a request of a person who inserted the required sum of money inside. The transaction happens immediately and both parties are satisfied with their gains.12

15 Catchlove (n 3) 6.

most crucial figures in the research concerning DLT and innovations connected to it, such as smart contracts.14 According to him smart contracts are ‘a set of promises, specified in a digital form, including protocols within which the parties perform their promises ’ They can appear in different forms and be enforced through various means; thus, they might be fully codified, be a codified version of a contract as we know it in a traditional form or, further complex yet, a mix of both.15

10 De Caria (n 1) 19 36.

Joshua S Gans, ‘The Fine Print In Smart Contracts’ (2019) National Bureau of Economic Research Working Paper Series no 25443 2 3 <www.nber.org/papers/w25443> accessed 11 June 2022.

11 Daniel Burgwinkel, Blockchain Technology: Einführung für Business und IT Manager (De Gruyter Oldenbourg 2017) 9.

1.1. Definition of Smart Contracts

Barışcan Kunduracilar, ‘Comparison of Smart Contracts with the Notary System’ (Master thesis, Tilburg University 2019) 7 <http://arno.uvt.nl/show.cgi?fid=149368> accessed 10 June 2022

21 Michèle Finck, ‘Grundlagen und Technologie von Smart Contracts’ in Martin Fries and Boris P Paal (eds), Smart Contracts (Mohr Siebeck GmbH and CoKG 2019) 1 12.

1.3. Differences between Smart and Traditional Contracts

certainty because there is simply less room for mistakes or ambiguous terms in a programming language. This does not mean that in court remedies are not available when a mistake somehow happens as the parties can still seek possible solutions to their dispute.20

Catchlove (n 3) 15.

Larry A DiMatteo, Michel Cannarsa and Cristina Poncibò, ‘Smart Contracts and Contract Law’ in Larry A DiMatteo, Michel Cannarsa and Cristina Poncibò (eds), The Cambridge Handbook of Smart Contracts, Blockchain Technology and Digital Platforms (Cambridge University Press 2019) 3 18.

Imran Bashir, Mastering Blockchain: Distributed Ledger Technology, Decentralization, and Smart Contracts Explained (2nd edn, Packt Publishing 2018) 13ff, 35 and 594.

Mateja Durovic and André Janssen, ‘Formation of Smart Contracts under Contract Law’ in Larry A DiMatteo, Michel Cannarsa and Cristina Poncibò (eds), The Cambridge Handbook of Smart Contracts, Blockchain Technology and Digital Platforms (Cambridge University Press 2019) 61ff.

Theredevelopment.aredifferent

1.4. Drawbacks of Smart Contracts

23 Valentina Gatteschi, Fabrizio Lamberti and Claudio Demartini, ‘Technology of Smart Contracts’ in Larry A DiMatteo, Michel Cannarsa and Cristina Poncibò (eds), The Cambridge Handbook of Smart Contracts, Blockchain Technology and Digital Platforms (Cambridge University Press 2019) 37 58.

Despite the numerous benefits that are capable of changing the reality of contracting, smart contracts remain problematic for today’s standards and definitely impose challenges for the current systems of law.27 The first issue to be seen is the lack of typical formal requirements which are common to legal systems.28 For example, in many jurisdictions, contracts have to be made in writing, in a language understandable for parties, or/and be approved by a notary. With regards to smart contracts, the language is quite extraordinary and not legally accepted yet, not to mention the notarisation requirement, a rather useless tool for smart contracts.29 Secondly, contract law has strict signing demands which ensure the ‘meeting of the minds ’ This creates a number of

De Caria (n 1) 19 36.

out to be acting in bad faith or if his or her intentions are so unclear that an actual lawyer is needed to assess the validity of the agreement.22 Moreover, sometimes contracts should not be binding because of duress or undue influence, which is not that uncommon regardless of how the agreement was reached. Also, due to the simple reason that smart contracts operate in the programming world, one error suffices for there to be a wrong performance and unwanted results.23 However, smart contracts, even though different in form, are still agreements in the same sense as the traditional ones and remain being governed by the same principles of law.24 To reach an agreement parties need to conduct the negotiation process first, which, if successful, leads to consensus.25 The mere fact that the transaction happens in the virtual world does not change anything with regards to fulfilling one’s obligations.26

approaches towards this issue and one of them is that smart contracts cannot replace the traditional form of agreements. The main reason for this is that contract law serves a purpose of dealing with issues arising around contracting, so the possible undesired outcomes and breaches. This seems to be irrelevant for DLT technology where contracts are self executory and the breach cannot, in fact, happen, providing that the transaction was executed in a correct manner.21 This, however, does not change the fact that there remain other concerns when it comes to smart contracting. Problems may still arise when one of the parties to contract turns

When becoming aware of the foregoing discussion, one might even ask why do we still use traditional contracts at all if there is a better, more trustworthy way in which to create agreements. Answering this question requires first understanding how smart contracts are different to the traditional ones and if it even makes sense to compare the two. Further, one has to think about what it would mean for the legal community to have these forms of transactions in daily life, questioning then whether the current laws in place are even capable of dealing with such a novel contractual

De Filippi and Wright (n 2) 72 88.

30 Jonathan Herpy, ‘Smart Contracts and the Law: What You Need To Know’ (Forbes, 17 May 2022) know/?sh=78fa1b533d0303/17/smart<www.forbes.com/sites/forbesbusinesscouncil/2022/contractsandthelawwhatyouneedto>accessed13June2022.

.pdf<https://arxiv.org/ftp/arxiv/papers/1710/1710.06372>accessed12June2022. 32 Lyons and others (n 16) 34.

Yet, harmonisation in fields such as blockchain is not an easy task. Laws of individual EU Member States continue to differ from one another and some aspects regarding contracting are well established in their traditions. This is particularly difficult as the matter concerns not only harmonisation of contracts as such, but takes a step further by adding a strong technological context to it. This might be a reason why so little has been achieved so far in the area of smart contracts, by the European Union. Most undertakings contain frameworks, research or more general ideas to be conducted in the future but almost nothing has been actually

2.2. The Road Ahead: EU Regulatory Actions for Further Development of Smart Contracts

additional issues as there have to exist similar, digital signatures, which would serve the same goal.30 Next, the immutability of smart contracts can also become an issue as whenever there would arise a need to change something in the contract, it would simply be not possible.31 Additionally, since blockchain technology operates in a virtual world, it would not be suitable to deal with smart contracts under a certain national law only. Thus, there should be a more supranational system for smart contracts as this is the only way people can really benefit from it.32

2. The Regulatory Framework: Solutions & Challenges to an Increased Usage of Smart Contracts

Evidently, there is a need to create legal solutions common to larger groups of countries, so that the system works best and gives out most of the added benefits and returns to the globalised world. This task could be handled, for example, by the European Union, who has powers to enact legal binding documents and can harmonise laws of all of its Member States, at least when it comes to the internal market creation. 33

One of the steps taken by the European Union towards deepening cooperation in the field of blockchain technology and smart contract, was launching of the ‘EU Blockchain Observatory and Forum’ by the European Commission in early 2018.34 It has as its main goals the development of blockchain technology, the promotion of the key European actors contributing to this development and establishing a strong position of the Union as a global leader in this technology. From the information presented about the EU Blockchain Observatory and Forum in the press release or on its official website, it is clear that the Community’s approach towards DLT is to take most advantage of what it offers to the world and enhance cooperation in that area The website also provides information about the European Commission’s funding of the blockchain projects. As for the year 2020, as has been concluded by the Commission, 340 million euros will be spent on research programmes relating to blockchain innovation. This, again, is mostly blockchain oriented, given little to no attention is given to smart contracting and goals to be met in this field. One could clearly notice that the Commission’s initiative mostly concerns financial aspects of DLT technology and implications it has on the internal market. Nevertheless, there are a few publications, called ‘thematic reports’, related to smart contracts, which can be found on the EU Blockchain Observatory and Forum’s official website. These reports are meant to provide a more in depth analysis

31 Maher Alharby and Aad van Moorsel, ‘Blockchain Based Smart Contracts: A Systematic Mapping Study’ (2017) Cornell University arXiv

accomplished law creating wise. Moreover, most attention is given to blockchain and economic aspects to it, rather than to smart contracts and their impact on law. Nevertheless, there are a few initiatives of the European Union which are worth mentioning, as they might contribute to some greater developments in the future.

TFEU (n 5), art 114 Commission, ‘European Commission launches the EU Blockchain Observatory and Forum’ (Commission, 1 February 2018) <https://ec.europa.eu/commission/presscorner/detail/en/IP_18_521>accessed11December2021

2.1. The Road to EU Regulatory Harmonisation

Firstly, the document emphasises the need to create simple but usable definitions, common for the Union’s States’ regulators, as this would help in creating a shared legal framework and policy. Secondly, the report underlines the importance of communicating legal interpretations of blockchain and smart contracts as broadly as possible, to the public. This implies that authorities should promote DLT technology so the greater amount of people can become aware of its existence and advantages. Thirdly, the European Union Blockchain Observatory and Forum recommends choosing a correct way to legalise smart contracts by deciding on the method to regulate them. This is crucial for the effective enforcement, as well as for legal certainty, which enable successful smart contracting. In addition to that, it is also concluded that laws concerning DLT contracts and interpretations of them should be harmonised throughout Europe as the technology is international by its nature and connecting it to a certain legal system would diminish the benefits it offers. Another recommendation of the Blockchain Observatory and Forum is to help policy makers in better understanding of the blockchain technology so that they can also perform better while regulating it. Furthermore, it is advised

importance.This

‘Legal and regulatory framework of blockchains and smart contracts’ gives an explanation of what are smart contracts but also describes benefits and downsides of this innovation. Most importantly, however, the report contains recommendations for the future, by enumerating possible solutions to most pressing problems, arising from the use of smart contracts Thus, this paragraph will be based solely on this report, as it is a valuable source of information about European Union’s ideas for the future of blockchain based agreements.36

Another step towards development of smart contracts is the European Parliament’s Resolution of 3 October 2018 on distributed ledger technologies and blockchains.40 Despite the fact that Parliament’s resolutions are not legally binding upon Member States or institutions of the European Union, they nevertheless prove interest and existence of an ongoing debate with regards to a specific matter 41 Thus, the European Parliament’s Resolution on DLT and blockchains is an evidence that smart contracts are being discussed on the level of highest institutions which intent to highlight the topic and underline its

Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, (General Data Protection Regulation) OJ 2016 L119/1 (GDPR).

36 Lyons and others (n 16).

to set priorities with regards to resolving different issues around smart contracts.37 The report clearly states that matters concerning digital assets, blockchain and General Data Protection Regulation are the most pressing ones what seems to be a rather bad news for the development of legal frameworks for smart contracts.38 Nevertheless, in its final recommendations, the EU Blockchain Observatory and Forum underlines the need to monitor ongoing developments, encourage self regulation or even to make use of blockchain technology as a helpful regulatory tool. These simple but effective ideas could enable the use of smart contracts in the distant future. Thus, it is important that the EU Observatory and Forum continues with their work so that these goals are achieved and other, more advanced proposals can be introduced.39

35 ibid.

European Parliament, ‘Resolution on Distributed Ledger Technologies and Blockchains: Building Trust with Disintermediation’ (2017/2272(RSP))

39 Lyons and others (n 16) 33 35.

and information about current blockchain development and different themes to it. One of such reports concern the topic of smart contracts.35

document, enacted in line with the Rules of Procedure of the European Parliament, describes the numerous benefits of introducing blockchain and other, connected to it technologies, into the legal structure of the European Union.42 It stresses the need to promote blockchain technology as it notices its undeniable positive effects in everyday life problems. Most profound aspects of it seem to be data protection, transparency and decentralisation. The Resolution contains three paragraphs about

European Parliament, ‘Rules of Procedure of the European Parliament’ (EP, 31 January 2020), rule 132 <www.europarl.europa.eu/doceo/document/RULES920200203RULE132_EN.html>accessed15December2021. ibid.

37 ibid 33 35.

To conclude the foregoing paragraph, the European Parliament Resolution on DLT and blockchains includes three sections connected to smart contracts which only describe basic actions and recommendations. However, considering how little is being done in this area of law and technology, it can be still perceived as a sign of hope that, in the nearest future, the matter will be taken up again and deliberated

Theon.last

initiative to be discussed in this paper is the creation of the European Blockchain

smart contracts and these mostly concern the legal certainty issue stemming from the innovation Article 36 provides an indication that smart contracts are an important element of the blockchain technology which can play a significant role in creating a decentralised system of legal agreements. It also mentions that the assessment of potential implications and risks has to be conducted in order to fully explore this phenomenon.

The next aspect, brought up in the Parliament’s document, is the validity of digital cryptographic signature. Signing a contract remains one of the most important parts of the whole contracting process as it makes the transaction legal, certain and possible to perform. Therefore, until this issue is solved, legal certainty cannot be achieved with regards to smart contracts, thus, making them useless and unattractive for prospective users. The last article of the Resolution describes actions which the Commission should undertake in order to promote development of the technology by way of cooperation with various international organisations related to the issue at hand. Moreover, it is advised to analyse the existing legal frameworks of the Member States, as this would help in assessing both, possibilities and barriers, with regards to DLT based contracts. The need of cooperation and mutual recognition is mentioned as well, as it further enhances legal certainty.43

43 European Parliament, ‘Resolution on Distributed Ledger Technologies and Blockchains: Building Trust with Disintermediation’ (2017/2272(RSP)).

44 DIGIBYTE, ‘European Countries Join Blockchain Partnership’ (DIGIBYTE, 10 April 2018) strategy.ec.europa.eu/en/news/european<https://digital countries join blockchain Partnership. The declaration was signed in April 2018 by 21 Member States which are supposed to cooperate in establishing of a European Blockchain Services Infrastructure, which for the purpose of this paper will be further called the ‘EBSI.’ The main goal is to develop a trusted system which would help with resolving issues connected to privacy, cybersecurity, compliance with EU law and other. The Partnership aims at making blockchain accessible and useful for public as well as for private actors by providing a trusted environment for its development. As can be noticed, not much is being said about the smart contracts. This is because the most attention is, again, given to the impact of DLT on financial services, business matters and crypto currencies.44 Nevertheless, there is a glimmer of hope that smart contracts will not remain completely overlooked. The European Blockchain Partnership has in its agenda the creation of a regulatory sandbox which would enable testing of innovative developments such as blockchain. The idea does not only entail extended cooperation with the European Commission but also includes smart contracts as one of the topics to be brought up and researched on. The sandbox is planned for years 2021/2022, thus it can hardly be said that anything has been done so far. Nonetheless, if successful, the initiative can contribute to knowledge extension about smart contracts and implications of it.45

3. Conclusion

To conclude, smart contracts remain a relatively new field of law which, as of today, has not been established in the European legislation. Despite many ideas about this concept, it is generally established that these contracts are based on DLT, which stores every transaction that has ever been made and ensures its immutability as well as transparency. Most achievements in this area focus on how to make the best use of blockchain technology and only sometimes include the topic of smart contracts and Isards018,services%2C%20with%20the%20highest%20standpartnership#:~:text=On%2010th%20of%20April%202>accessed15December2021;Commission,‘WhatEBSI?’( Commission, 19 January 2020) <https://ec.europa.eu/digital blocks/wikis/display/EBSI/What+is+ebsibuilding> accessed 17 February 2022.

45 Lyons and others (n 16).

Overall, however, only a little part of these undertakings is dedicated to smart contracts. Most attention is given to economic advantages of using blockchain and crypto currencies and little has been done in the area of smart contracts. Taking into account the numerous benefits they imply, such as: anonymity, self executing nature and no need for intermediaries, much more should be done. Most importantly, it will only be possible to fully appreciate this innovation when the troublesome aspects are overcome and legal certainty is achieved. Thus, when answering the research question ‘Can the potential of smart contracts be used within the European Union’s borders?’ one would struggle to elaborate on the second part. Simply stated, not much has been undertaken so far and, as for today, the legal status of smart contracts remains unknown. This can still be changed if the European Union sticks to its goals and countries start cooperate. Smart contracts could actually become a part of everyday life and benefit the legal world who knows? Perhaps, in 5 years from now, private individuals will forget altogether about requiring a lawyer in order to execute their contracts.

their implications. The most prominent step towards legislation or at least some guidelines when it comes to smart contracts is the establishment of the European Blockchain Partnership and launching European Union Blockchain Observatory and Forum The former’s focus is mainly on cooperation between the European states in the field of DLT and creating an enabling environment that would make the use of blockchain easier. The latter, on the other hand, has as its main goals the enhancement of the benefits of this innovation, highlighting the key developments as well as promoting further progress. Smart contracts were also mentioned in the European Union Parliament’s resolution on Distributed Ledger Technology and blockchains, where the key goals and recommendations are mentioned.

Article 5 Pirates of the Internet: Non-Fungible Tokens & Copyright Law Challenges

by Marcel Martinussen

Marcel Martinussen is a European Law School L.L.B. candidate at Maastricht University and a local native of Southern Limburg. His academic interests center around topics of EU administrative law. In addition, Marcel also enjoys extending his research focus to legal questions where technological innovation and the legal world intersect. The present article was inspired by his attendance of a guest lecture given by Dr Antoni Rubi-Puig of the Universitat Pompeu Fabra on the legal implications of NFTs for artists today.

1 Lawrence J Trautman, ‘Virtual Art and Non Fungible Tokens’ (2021) 50 Hofstra Law Review 361, 365.

3 Sheila Bsteh and Filip Vermeylen, ‘From Painting to Pixel: Understanding NFT Artworks’ (Master thesis, Rotterdam Erasmus Universiteit 2021) 1

4 Nick Statt, ‘Elon Musk produced a techno track about NFTs he’s selling as an NFT’ (The Verge, 15 March 2021) <www.theverge.com/2021/3/15/22332455/elonmusknftsongsalecryptobitcoinmusicvideoteslatechnoking>accessed22April2022;LucasMatney,‘MarkCubanandCoinbasebackEternal,anNFT

6 Bsteh and Vermeylen (n 3) 7

With the advent of cryptocurrencies, blockchains and non fungible tokens (NFT), the world is becoming more and more digital. The art world is illustrative of this since it is slowly moving into the digital world, proven by the record sale of a digital artwork by Beeple called ‘Everydays: The First 5000 Days’ for the staggering amount of $69.3 million in a Christie’s auction as an NFT.1 Simply put, an NFT is similar to other things that hold a value such as a painting or a ten Euro bill. However, it is a completely digital asset, like the Bitcoin, and that brings some challenges with it.2 This digital nature is also the key to its uniqueness.3 The non fungible token is an increasingly more popular part of our society, as evidenced by its promotion by multiple high profile figures such as Mark Cuban, Elon Musk and Twitter founder Jack Dorsey.4 NFTs can be minted out of physical and digital artwork but they are sometimes minted without the artist’s permission. An example of this is seen in the listing of an NFT, made from the debut album of Jay Z, by a producer called Damon Dash. He worked at the record label Roc A Fella where the album was initially put together but was merely a minority shareholder of the business and not the copyright holder of the album. A judge in the US District Court for the Southern District of New York subsequently issued a temporary restraining order to stop the sale of Dash’s NFT.5

In order to grasp the main themes explored by this piece, it is paramount to understand what an NFT is and how it works. The main characteristics of an NFT can be found in its name: ‘token’ and ‘non fungible.’ A token is a digital representation of a value/utility such as a good or a service. On its own, the token doesn’t have value, but it represents, for instance, stakes, tolls or ownership rights that do.7 Subsequently, fungibility refers to the ability to interchange certain tokens for each other. For instance, one ten euro bill can be interchanged for another ten euro bill or even two five euro bills. A

7 Andrei Dragos Popescu, ‘Non Fungible Tokens (NFT) Innovation Beyond the Craze’ (2021) 66 IBEM 26.

The legal question this descriptive piece aims to elaborate on is: ‘how could minting an NFT without authorisation constitute a copyright infringement in European Union legislation compared to the United States of America?’ With the expansion of the art world into the area of new technologies and concepts, it serves to elaborate on

5 Andres Guadamuz ‘The Treachery of Images: Non Fungible Tokens and Copyright’ (2021) 16(12) Journal of Intellectual Property Law and Practice 1367, 1384; cf Roc A Fella Records Inc v Damon Dash [2021] (Case 1:21 cv 05411) (District Court, SD New York)

The discussion starts with a brief explanation into NFTs and then moves onto the main topic of copyright and NFTs. That topic is separated into infringements jurisdiction analysis and platform actions. In the second part, an analysis of the European and USA legal frameworks are performed. Closing this article is a concluding part that looks back at the introduction.

the borders of this new area. 6 Questions surrounding tokenisation of art and digital property, the rise of crypto art and the artist’s copyright form the basis of this article. Since the topic of NFTs is rather new, ‘copyright’ is investigated as a broad legal principle. However, this contribution does venture into an analysis under the copyright laws of the European Union and United States of America. The EU legal system is chosen to show the European approach to innovative challenges such as NFTs. The American legal system is chosen since it stands at the centre of the trade of non fungible tokens and, therefore, plays a substantial role in the regulation of this sector.

1. The NFTs

marketplace for trading Twitch streamer clips’ (Techcrunch, 28 September 2021) <https://tcrn.ch/3ifvcKE> accessed 17 April 2022; Logan Kugler, ‘Non Fungible Tokens and the Future of Art’ (2021) 64 Communications of the ACM 19.

2 An P Doan and others, ‘NFTs: Key US Legal Considerations for an Emerging Asset Class’ (2021) 38(4) Journal of Taxation of Investments 64.

52 Introduction

non fungible token is unique and therefore not interchangeable with another NFT of the same type.8

2.1. Possible Copyright Infringements by NFTs

9 ibid 1002

13 Guadamuz (n 5) 3.

Qin Wang and others, ‘Non Fungible Token (NFT): Overview, Evaluation, Opportunities and Challenges’ [2021] Cornell University arXiv 1 <https://arxiv.org/abs/2105.07447> accessed 18 April 2022

The underlying digital realm on which the NFT is created and is attached, is the ‘blockchain.’ A blockchain, or also called a decentralised ledger, is an encrypted, distributed and shared digital database that serves as a permanent record of transactions verified by the consensus of an unrelated group of people.12It can be seen as a registry of transactions, such as a balance book of a cash register in a store. However, the validity of each transaction is verified by a vast number of separate computers rather than by the buyer and the seller in the real world.13 Without this verification, the transaction in the aforementioned cash register would be non existent.14 The blockchain which is most relevant for crypto art and NFTs is Ethereum.15 This chain operates using smart contracts which aim to speed up, verify or execute digital negotiations while enabling unfamiliar parties to conduct fair exchanges with each other.16 Contrary to the massive monetary values represented by NFT artwork, the legal value of an NFT is subject to debate. The placement of the NFT on the blockchain stands at the core of the perceived copyright issues.

Since an NFT does not grant transfer the copyright to the underlying asset, the holdership refers to only the digital metadata of that asset. This exposes a weakness in the supposed authenticity of an NFT because an artist could remint the non fungible token with other metadata while the NFT owner has no legal right over the actual artwork.17

Another possibility is a person minting an NFT from a work in public domain after it has lost protection. Under certain conditions, a reproduction of a piece of work can still be subject to copyright protection. To do this for physical art, the minter needs to get access to digital metadata of that physical piece. This is not as hard as it seems since museums are offering digital reproductions of famous artworks online. If the creator of the NFT accessed the artwork

11 Jozefien Vanherpe, ‘Non Fungible Tokens and Copyright: Crypto Buyer Beware ’ (CiTiP KUL, 29 June 2021) <www.law.kuleuven.be/citip/blog/non fungible tokens and copyright crypto buyer beware/> accessed 07 April 2022

Vanherpe (n 11) 2. Carroll (n 8) 998 Adarsh Vjayakumaran, ‘NFTs and Copyright Quandary’ (2021) 12 Journal of Intellectual Property, Information Technology and Electronic Commerce Law 402, 413 Trautman (n 1) 69 Herian and others (n 10) 2; Jonathan Bailey, ‘NFTs and Copyright’ (Plagiarism Today, 16 March 2021) <www.plagiarismtoday.com/2021/03/16/nfts and copyright/> accessed 14 April 2022

14 Trautman (n 1) 48

ibid 4

At its core, an NFT is a digital authenticity certificate which is stored on a blockchain and represents ownership of unique items. Moreover, a record of its ownership history is always available, which is verified by the blockchain and ensures that there is only one owner.9 Furthermore, the NFT allows the representation of physical assets in the digital realm.10 Making the NFT, either from a pre existing digital file or a physical asset, is called minting. Any minter of an NFT can pretend to own the item in question, putting questions with the legitimacy of an NFT.11

12 Trautman (n 1) 46

Robert Herian and others, ‘NFT Legal Token Classification’ (2021) EU Blockchain Observatory & Forum Working Paper Series 2

Minting an NFT of artwork can relate to copyright in many various forms 18 It is evidenced that there is copyright piracy occurring on the digital marketplaces.19 With this piracy in mind, it serves to investigate some ways NFT’s are minted. Firstly, the person who mints the NFT is also the right holder of the copyright and is therefore directly connected to the underlying artwork. In this case, there is no problem regarding copyright An NFT could be a great partner in this situation because it could serve as a new revenue stream for an artist.20 Moreover, it can also keep track of the copyright of the underlying artwork by using the NFT as a proof of ownership.21

Rebecca Carroll, ‘NFTs: The Latest Technology Challenging Copyright Law’s Relevance Within a Decentralized System’ (2022) 32(4) Fordham Intellectual Property, Media and Entertainment Law Journal 993.

2. Copyright & NFTs

26 Guadamuz (n 5) 19

25 Doan and others (n 2) 64

30 cf [1988] RPC 403

22 Vanherpe (n 11) 3.

23 Lionel Bently and Brad Sherma, Intellectual Property Law (Oxford University Press 2014) 194.

27 Vanherpe (n 11) 2

digital realm. 29 Putting art in a new format has happened before, as evident from the English case J & S Davis v Wright in which it was held that using an instruction for making a dental impression tray does not mean that the resulting imprint is a copyright infringement.30 The final type of use is when an NFT is to be considered as a communication to the public, as defined under the . This is when a piece is enacted for copyright holders to have more control over their works in digital spaces.31 This refers to the copyright holder’s right to communicate works to the public 32 If the NFT used copyrighted work and linked to an infringing copy, it is a form of communication to the public and therefore a copyright infringement. However, finding the link to the copy is difficult since links are becoming increasingly erroneous. Moreover, a link can be hidden in the metadata or smart contract of the NFT and can therefore be hard to retrieve without advanced technical knowledge.33 This raises the question that if the link is difficult to find, can it still be viewed as communicating to ‘the public’?

24 Guadamuz (n 5) 18

where there was use made of an authorised digital copy, the code of the NFT becomes separate from the digital file it came from.27 Using an unauthorised copy means that the source material is already corrupted. However, if there is no traceable link to the corrupted copy on which the NFT is based, there is no connection between the two. If an NFT is an adaption of the original work it must originate from the original work and, for instance, translate into a different art form or language.28 Even though an NFT is not an artistical rendition per se, it can be argued that it translates the artwork into the

Thirdly, an NFT is minted without consent of the right holder. For an infringement to take place, several points must be assessed 23 Initially, did the infringer assume one of the exclusive rights of the author as his own without authorisation? Subsequently, is there a causal link between the original and the ‘fake’? Lastly, is the entirety of the work or just a part of the work copied?24 It is difficult to negate a causal link between an NFT and its underlying physical artwork since the NFT is based on the digital version of it. Whether the work has been copied partly or in its entirety depends on the type of non fungible token. A token that is completely the same as the original could be seen as a blatant copyright infringement whereas a code only NFT is evidently harder to assess.25 This would mean that the copyright of an asset also extends to its digital derivatives. Assessing lastly, whether there is an exclusive right infringement by the unauthorised minting depends how the NFT is perceived under law. 26 Unauthorised minting can mean that the NFT is a tokenised version of the work rather than a reproduction of the work. Minting the latter as a reproduction of an entire artwork easily qualifies as an infringementHowever,

28 CDPA s 21(3)(a)(i)

he is using in a legal way, there is no problem regarding the legality of said non fungible token.22

To conclude this sub section, copyright as a general concept does balance peculiarly with the NFT as a means of expression and as a means to copy pre existing art. From this part, it is crucial to note that the technical nature of the NFT does greatly impact its ability to transfer intellectual property rights such as copyright. The key in assessing the likelihood of a copyright infringement lies in the source of the NFT, the use of the NFT and the proximity of the NFT to the original artwork. The key difference between physical assets, such as a painting, and the NFT when it comes to copyright is that a copy of a painting will never be completely the same as the original where a NFT can be.34 Guadamuz (n 5) 21. Christina Angelopoulos, ‘Communication to the Public and Accessory Copyright Infringement’ (2017) 80(2) The Cambridge Law Journal 227 33 Guadamuz (n 5) 24 Matt Goldman, ‘Non Fungible Tokens: Copyright Implications in the Wild West of Blockchain Technology’ (AEJ, 4 May 2021) 4 <https://larc.cardozo.yu.edu/cgi/viewcontent.cgi?article=1280&context=aeljblog>accessed8March2022

29 Guadamuz (n 5) 20.

48 Balázs Bodó and others, ‘The rise of NFTs: These Aren’t the Droids You’re Looking For’ (2022) 44(5) European IP review 265, 275 282.

2.2.1. The European Union’s Approach to Copyright Protection with NFTs

37 Júlia Alves Coutinho, ‘The interrelation between NFTs and Copyright’ (Inventa, 1 July 2021) <https://inventa.com/en/news/article/652/theinterrelationbetweennftsandcopyright>accessed 3 March 2022

36 Bernt Hugenholtz and João Pedro Quintais, ‘Copyright and Artificial Creation: Does EU Copyright Law Protect AI Assisted Output?’ (2021) 52(9) IIC 1190, 1194

If one considers both the regulatory framework and case law thus, it becomes evident that concrete definitions for where this set of rights start and stop are not to be found within said framework.

45 Hugenholtz and Quintais (n 36) 1193; Case C 145/10 Painer [2013] ECLI:EU:C:2013:138

35 Commission, 'The EU Copyright Legislation' (Commission, 7 June 2022) legislationstrategy.ec.europa.eu/en/policies/copyright<https://digital>accessed1February2022

EU copyright law is mostly harmonised by the copyright regulatory framework, consisting of two regulations and eleven directives.35 The framework mainly refers to protection of four types of copyrighted assets: databases, photographs, visual art and computer programmes.36 This means that the European framework is highly relying on the Member States themselves. There were hopes to regulate non fungible tokens in a more direct and suitable manner into EU law.37 However, the Council chose to not incorporate NFTs into its draft of the Market in Crypto Assets Regulation (MiCA) which is a regulation set up to incorporate and regulate novel markets such as crypto assets which were not covered in previous financial regulations 38 The reason was that the NFT is not necessarily a virtual asset in the same way as a Bitcoin and therefore requires a case by case assessment 39 If it had been part of MiCA, the market for non fungible tokens would have potentially become more regulated by implementing thorough obligations for the crypto assets services providers.40 This would lead to a more stable market and means to sanction abuse of NFTs.

2.2. Analysis of Jurisdiction

41 Berne Convention for the Protection of Literary and Artistic Works (adopted 14 July 1967, entered into force 29 January 1970) 828 UNTS 221 (Berne Convention), art 2.

39 Philip Lee, ‘EU Crypto Regulation Update April 2022: EU Bitcoin Ban Shelved and MiCA Moves Forward’ (Lexology, 19 April 2022) <www.lexology.com/library/detail.aspx?g=3cb536e364d746cb8c2e3d3f9df6e05d>accessed2May2022

40 Sas (n 38); Ioanna Lapatoura, ‘Copyright & NFTs of Digital Artworks’ (IPKitten, 23 March 2021)

38 Martin Sas, ‘NFTs excluded from MICA: A freeport for crypto pirates?’ (CiTiP KUL, 19 April 2022) <https://lirias.kuleuven.be/retrieve/661221> accessed 26 April 2022; Commission, ‘Proposal for a Regulation of the European Parliament and of the Council on Markets in Crypto assets, and amending Directive (EU) 2019/1937’ COM (2020) 593 final (MiCA).

47 Florian Idelberger and Péter Mezei, ‘Non fungible tokens’ (2022) 11(2) Internet Policy Review 6

Therefore, in adjudicating the overall meaning of a ‘work’, the CJEU consistently used the definition as under the Berne Convention.41 The usage of the Berne Convention is also found in the Term Directive. 42 The actual implementation for copyright and digital assets relies on CJEU jurisprudence. Established in Infopaq, a definition for a ‘work’ comes forward.43 Namely, the author’s own intellectual creation.44 This sparks a notion of originality by a human actor.45 This view is affirmed in cases Cofemel and Levola Hengelo, in which it is held that ‘the subject matter concerned must be original in the sense that it is the author’s own intellectual creation. 46 This originality requirement is rather broad and encompasses pixel art. 47 Regarding the placement of NFTs in this sphere, the underlying asset qualifies as an original work, as in line with the above description. This means for a non fungible token that the copyright isn’t transferred to the token from the original unless stipulated in an agreement.48 This means that only when an NFT minter is the copyright holder of an asset, they can mint it (or it is already part of the public domain, in which case there is no pre existing copyright.) NFTs aren’t exclusively made

<https://ipkitten.blogspot.com/2021/03/guest post copyright nfts of digital.html> accessed 4 March 2022

42 Directive 2011/77/EU of the European Parliament and of the Council of 27 September 2011 amending Directive 2006/116/EC on the term of protection of copyright and certain related rights [2011] OJ L265/1 (Term Directive), art 1.

43 Case C 302/10 Infopac International [2012] ECLI:EU:C:2012:16. 44 ibid.

46 Case C 683/17 Cofemel [2019] ECLI:EU:C:2019:721, para 3; Case C 310/17 Levola Hengelo [2018] ECLI:EU:C:2018:899.

49 Hugenholtz and Quintais (n 36) 1194; Joined Cases C 403 and 429/08 Football Association Premier League and Others [2011] ECLI:EU:C:2011:631.

58 Noh and others (n 54) 332

53 Katya Fisher, ‘Once Upon a Time in NFT: Blockchain, Copyright and the Right of First Sale Doctrine’ (2019) 37 Cardozo Arts & Ent. LJ 629, 634

the extent of the harmonisation efforts under EU law, it is obvious that national legal systems carry the brunt of the meaning in what copyright entails, as is seen in this part. Because all European Member States have signed the Berne Convention, 50 there is a large degree of similarity between the European States. This also serves as basis of the CJEU’s legal decisions. There is an overarching notion that non fungible tokens are, due to their separate ambiguous status under property law, not carriers of copyright. Therefore, an NFT owner in Europe finds that his tokens are most likely original versions infringements are governed on the national level

52 ibid, s 102.

2.2.2. The American Approach to Copyright Protection with NFTs

60 cf CA, s 107

limited protection under copyright law.53 However, this does not mean that this copyright protection transfers when the ownership of the NFT changes. This does not take away that artists’ works are left unprotected from legal risks due to the ambiguity of smart contracts and rights allocation. This leads to a great number of misunderstandings and confusion when it comes to the sale of an NFT. Determining what is and is not part of an NFT when it is transferred can give clarity to what further purposes the NFT can be utilised for.54

Niki Shadoan, ‘The NFT Copyright Conundrum’ (ONE37pm, 13 September 2021) <www.one37pm.com/nft/nft copyright conundrum> accessed 2 April 2022.

The basis for United States copyright law is found in the 1976 Copyright Act (CA) and attached jurisprudence. 51 The extension of protection of digital assets is provided under section 102 CA: as stated that ‘original works of authorship fixed in any tangible medium of expression […] from which they can be perceived, reproduced, or otherwise communicated, either directly with or with the aid of a machine of a device.’52 This means that the underlying code for the non fungible token enjoys a

Simon Frankel and Billie Mandelbaum, ‘What Copyright Lawyers Need to Know About NFTs’ (Bloomberg Law, 16 July 2021) <https://news.bloomberglaw.com/ip law/what copyright lawyers need to know about nfts> accessed 5 March 2022

51 Copyright Act 1976 (CA)

54 Megan E Noh and others, ‘GM! Time to Wake Up and Address Copyright and Other Legal Issues Impacting Visual Art NFTs’ (2022) 45(3) Columbia Journal of Law & the Arts 315, 331

from art such as paintings. They can also entail parts of a sporting event. In Premier League, the CJEU ruled against the grant of copyright when it came to sporting events since they do not fall under the meaning of ‘work.’49 At first glance, this would mean that NFTs, such as the ones found by NBA Allstars, do not enjoy EU copyright protection, making them free for Notwithstandingtokenisation.

The exact caveat of an NFT is that it manages to transfer ownership rights of it without affecting the actual underlying file. The economic appeal comes from the link between the token and the underlying asset through a smart contract. 55 The right of first sale, as under section 106(3) CA, could prima facie be a basis for rights protection under the 1976 CA. It states that the owner of a copyright has the exclusive rights to distribute copies of the copyrighted work to the public by sale or other transfer of ownership However, the above mentioned technological nature of the non fungible token prevents it to qualify in the ‘copy’ requirement as in the view of Disney Enterprises. 56 This is because the underlying asset of the NFT is not being reproduced, it is being tokenised.57 If assumed that a non fungible token is protected in its entirety under US Copyright provisions, issues regarding lending and sharing of said token arise.58 Fair use could be a vehicle for an NFT artist to use the tokenise existing art in a way that doesn’t infringe on copyright.59 Originating from common law, fair use is part of codified US law as section 107 CA.60 Under this provision, an NFT would be free of copyright issues provided it keeps track of the nature of the work, the amount of the

50 Berne Convention for the Protection of Literary and Artistic Works (adopted 14 July 1967, entered into force 29 January 1970) 828 UNTS 221 (Berne Convention).

Frankel and Mandelbaum (n 55)

Disney Enterprises Inc v Redbox Automated Retail [2018] (Case CV 17 08655 DDP) (District Court, CD California).

Alexandra Fuchs, ‘NFTs and Copyright Law’ (JDSupra, 10 February 2022) <www.jdsupra.com/legalnews/nfts and copyright law 7361836/> accessed 1 April 2022.

cf Folsom v Marsh, 9. F.Cas. 342.

The NFT is becoming a mainstream tool for investors and artists to buy, sell and generate capital and make art. With all the perks of the non fungible tokens, come some contradictions regarding the copyright protection. For cases where NFTs have been minted outside the knowledge of the owner of the underlying asset, there is a clear infringement of copyright due to the traceable links in the metadata. However, the case is harder to argue for NFTs with

2.3. NFT Platforms

65 Bianca Lessard, ‘NFTs, Minting and Copyright: What You Should Know As An Artist’ (Renno&Co, 20 December 2021) <www.rennoco.com/post/nfts minting and copyright what you should know as an artist> accessed 2 April 2022

As seen above, the American approach regarding the copyright protection of non fungible tokens mainly follows the line of already pre existing rules for conventional artwork.62 It considers the original artist of the minted art to be the copyright holder. This copyright usually does not pass to the right holder of the NFT since such a NFT is only a token of the underlying asset, as is a copy or reprint of a painting or book.63 This is rather contrary to public perception which can cause legal proceedings regarding the contractual obligations whether to include the NFT.64 With a fair use or public domain exemption, token owners and minters will be able to do more with their NFTs with regards to the display of a certain asset.65 However, this raises questions with regards to economic viability due to international differences about the scope of fair use

original used in the ‘new’, a non commercial purpose and no effect on the market value of the original.61

Due to their role as controlling partner in the transfer of NFTs, it is important to discuss the position of the NFT platforms. These are positioned between NFT maker and buyers and act as digital marketplaces where tokens are sold and where NFTs can be minted. These are for NFTs similar to what auction houses and curators are for conventional art pieces.66 These websites act as a virtual shop window for the sale of NFTs. Several arguments can be made that could be liable for infringement. 67 To combat unauthorised NFTs, for whatever reason their lack of authorisation fits within the scope of copyright law, platforms resort to automatic Digital Millennium Copyright Act (DMCA) takedowns.68 Since the NFT market finds itself in a conservative area regarding

3. Conclusion

69 Carroll (n 8) 999; Cheong Ghil Kim ‘A Study on Technology to Counter Copyright Infringement According to NFT Transaction Types’ (2021) 20(4) Journal of the Semiconductor & Display Technology 187, 189. Guadamuz (n 5) 26 Fisher (n 53) 631. Bsteh and Vermeylen (n 3) 7 Trautman (n 1) 46 Dinusha Mendis, ‘Copyright and NFTs: New Wine in Old Bottles?’ (World Intellectual Property Review, 24 November 2021) 3 <www.worldipreview.com/article/copyright and nfts new wine in old bottles> accessed 5 March 2022

DMCA complaints, takedowns almost always result in the removal of the NFT from the platform.69 However, the DMCA is only able to exert its sanctioning powers when it comes to US registered platforms.70 Furthermore, an NFT platform not only uses regulatory bodies to protect the legal interests of buyers and sellers. Many platforms have set up requirements for users to prevent abuse of copyrighted material.71 This resulted in the platforms having various Terms of Use, License Agreements, and similar contracts with users of their platforms. Most disputes regarding the authenticity of NFTs are picked up by these platforms However, with the NFT market projected to grow, the copyright issues are projected to rise too.72 Furthermore, the assumed role of the platforms has more and more become regulatory which seems to go against the very foundation of what the blockchain was set up to do: ‘[…] enabling a consensus of unrelated people on the occurrence of an individual transaction without the need of a controlling authority.’73 Although, even this is debatable, since there have been cases where the whole NFT community got together to return scammed objects with moderate success.74

68 Henry Lydiate, ‘Get Minted’ [2022] Art Monthly 45

62 Doan and others (n 2) 68.

64 Fisher (n 53) 634

67 Guadamuz (n 5) 25.

66 Bsteh and Vermeylen (n 3) 3

By excluding the NFT from MiCA, the European Union has missed a chance to clarify solutions to the unique challenges which can arise in relation to the NFT and to take the protection of copyright of the NFT to the overarching European evel. This results in a fallback on CJEU case law and national legal systems. This can be problematic since the market of NFTs spans over the entire Union and as such, there could be issues of legal protection on national levels in individual Member States. However, since the MiCA Regulation is still in the legislative process, there is still room for hope. In the United States, simple, pre existing rules are applied as if the copyright issue relates to a physical asset which is effective in most cases. The digital nature of the NFT does pose problems sometimes as is prevalent in Roc a fella Records when there is unauthorised minting. Looking at both jurisdictions, there exists a notion that NFTs are vastly separate from the underlying asset. This means that, prima facie, there is also no transfer of copyright. However, unauthorised use of an underlying asset that is then turned into an NFT is a rather ambiguous area. Clarity on the general legal framework around the copyright on minted NFTs from original art pieces is much welcomed to protect the hard work of artists.

no connections to the original work in the shape of a hyperlink or an easily traceable connection in the metadata. This is evident from the hypothetical analysis of placing NFTs as a ‘communication to the public.’ Even under this analysis, it becomes a matter of debate whether an unauthorised minting is an infringement of copyright. To mitigate this, platforms have been busy with imposing terms and conditions to their users in cases where infringement is obvious. A lack of legal clarity on the matter makes answering questions surrounding this topic difficult, added onto by the fact that the owner of an NFT does not automatically own the underlying asset. Even though non fungible token artwork and copyright disputes have thus far been handled mostly on a platform level, the expectation is that larger disputes will arise since the market for NFT is projected to grow.

Article 6

by Sina Abel

Sina Abel is a German Saudi-Arabian second-year LL.B. candidate at the European Law School of Maastricht University. Due to her multi-cultural background, Sina has different interests in various fields of law and is currently assisting as a research intern at the Maastricht European Private Law Institute (MEPLI). In the future, Sina intends to continue pursuing her legal career in intellectual property law and medical law, the two fields which interest her most and which served as her primary inspiration for the present article.

Artificial Intelligence in Healthcare: The EU Regulatory Framework & the In-/Efficiency of Existing Liability Mechanisms

Due to the scarcity of mechanisms that can be used, it becomes more difficult for those who have suffered damage to receive compensation for the damage incurred within the EU. Despite many countries within the EU, as well as EU institutions, recognising this problem, no EU legislation regulates liability arising from the use of AI in healthcare. It is important to note that AI is composed of two entities, the doctor and the machine, the allocation of liability cannot solely be put on the doctor or the machine.3 This is because different mechanisms place liability on different actors. Furthermore, it is difficult to merely hold one actor accountable.

3 Mariana Alpalhão Goncalves, ‘Liability Arising from the Use of Artificial Intelligence for the Purposes of Medical Diagnosis and Choice of Treatment: Who Should Be Held Liable in the Event of Damage to Health?’ (Master thesis, Tilburg University 2018) <http://arno.uvt.nl/show.cgi?fid=146408> accessed 5 April 2022.

acknowledged in 2004 by the European Commission where a need to expand the scope of eHealth with regards to liability was identified. Looking at the Civil Law Rules on Robotics, a resolution developed by the European Parliament with recommendations to the

62 Introduction

2 European Parliament, ‘Resolution of 16th February 2017 with Recommendations to the Commission on Civil Law Rules on Robotics’ (2015/2103(INL))

Initially, thus, AI was introduced in the EU healthcare sector so as to tackle a shortage of qualified employees as well as rising budget constraints.1 There are many benefits to this new development to name but a few: cost effectiveness and a more accurate diagnosis, as well as improved surgeries with greater quality and precision Nevertheless, several problems have arisen as a result of this development. One issue which stands out, and which will be the focus of this article, is the liability and ethical dimensions of using robotics and AI in healthcare. More specifically, who should be held responsible when robots cause surgical mistakes or when a misdiagnosis is given, or an incorrect treatment plan is recommended to a patient? Further yet, which legislative mechanisms will be most effective in tackling this question as the usage of AI in medicine

Commission, it states that new liability rules are vital concerning the use of robotics in healthcare.2 The resolution tackles the problems that arise with the use of robotics and AI on a supranational level.

This paper will therefore answer the following question: Which liability mechanisms are most efficient for claiming damages for Artificial Intelligence in medicine using EU law? This will be answered by examining what EU laws have been put in place, along with potential new ones with regards to this problem. This paper will follow a combination of a socio legal and black letter approach which involves the use of both primary and secondary sources. Applicable Directives, Regulations and Resolutions will be assessed; EU Recommendations will also be used for addressing future problems which could arise First, this paper will lay out the current use of AI in the EU including its benefits and examples of how it has developed in order to show how important it is. Secondly, the liability aspect will be discussed, precisely fault based liability, vicarious liability, and product liability, as well as EU recommendations that tackle AI specifically

In this day and age, Artificial Intelligence (‘AI’), digital technology and advanced production have become an indispensable part of daily life. Many user devices have now integrated elements of AI, a development made possible by the latter’s continued improvement and progress A representative example of such progress is ‘Siri’, an AI run voice assistant implemented in all Apple devices. In turn, and quite foreseeably, various industries have started to incorporate the use of AI in the supply of their services and, whilst this phenomenon has mostly occurred in the tech industry, to date it has also gradually been seen increasingly present in the healthcare sector of the European Union (‘EU’)

1 Zrinjka Dolic and others, ‘Robotics in Healthcare: A Solution or Problem?’ (2019) European Parliament Policy Department for Economic, Scientific and Quality of Life Policies: Workshop Proceedings Series PE638/391, 7.

Thisprogresses?issuewasfirst

1.1.1. Benefits for Prospective Patients

6 Sanaz Cordes, ‘5 Benefits of Using AI in Healthcare’ (Worldwide Technology, 14 July 2021) <www.wwt.com/article/5 benefits of using ai in healthcare> accessed 7 September 2021

5 MedTech Europe, ‘Artificial Intelligence in MedTech: Delivering on the Promise of Better Healthcare in Europe’ (2019) MedTech Europe Position Paper Series content/uploads/2019/11/MTE_Nov19_AI<www.medtecheurope.org/wp in MedTech Delivering on the Promise of Better Healthcare in Europe.pdf> accessed 4 April 2022.

7 HIMSS, ‘Artificial Intelligence (AI)’ eHealth Trendbarometer (HIMSS Analytics, 22 October 2019) <www.himssanalytics.org/europe/ehealthbarometer/ehealthtrendbarometeraiuse european healthcare> accessed 13 April 2022.

8 Kyle Wiggers, ‘AI in Healthcare Creates Unique Data Challenges’ (Venture Beat, 1 February 2021) <https://venturebeat.com/2021/02/01/ai in health care creates unique data challenges/> accessed 19 March 2022.

1.1.2. Benefits vis à vis Healthcare Professionals

the majority of healthcare users, a minority experience treatment failure. This has a negative emotional and physical toll on patients, because they undergo extensive and at times, overly invasive testing so as to explore new options and effective treatments. By having more personalised treatments, AI creates a more accurate patient profile, increasing medical exactitude and success of diagnostic/prognostic trends 8 An example of how patient profiling has become more accurate and useful over time is the now universally recognised understanding of the different blood type groups, each requiring different blood type transfusions for their effectiveness. While the latter may seem uncomplicated now, it was not always as straightforward In that context, thus, today the healthcare community is working towards achieving greater diagnostic accuracy through the use of personal DNA structures’ understanding and knowledge a goal towards which the medical usage of AI will surely play a central role. If successful, this could mark a turning point in the medical history of diagnosis as we know it In turn, novel legal questions of safety vis à vis benefits for patients of such AI usage will arise.

1. The Use of Artificial Intelligence (AI) in Medicine

As aforementioned, the use of AI has benefits for both patients and healthcare professionals. Healthcare professionals can dedicate their time on more complex and urgent cases. Less urgent cases would need less time to be handled with the help of AI, therefore reducing the workload pressure on healthcare professionals. It can diagnose cancer, indicate severe abnormalities, and help radiologists prioritise life threatening cases, thus improving overall efficiency Those who work in radiology (reading X rays to find a diagnosis and treatment

Healthcare systems in the EU are under pressure due to an increase in costs, prevalence of chronic illnesses, a shortage of qualified employees and, more recently, to the COVID 19 pandemic. With these issues accumulating, a solution needed to be found which leads to the initial reason behind the use of AI within the healthcare system. 4 AI can be extremely beneficial for both patients and healthcare professionals in different ways While for patients the preeminent advantage is the quality of treatments, job efficiency would be the benefit for healthcare professionals 5

Moreoverrates.,

AI also aids the development of more personalised treatments and therapy, for instance, of physiology and drug therapy.7 Current treatments are generic and, while they may work for

1.1. The Benefits of AI Usage in the EU Health Sector

Prospective patients enjoying medical AI usage would benefit greatly in the sense that AI can significantly improve early stage detection of diseases, including mental and chronic illnesses, as well as the latter’s prognosis.6 In fact, AI can detect the risk of someone developing a disease, for example of developing a cancer that has been passed on genetically. Once the disease is detected, AI can also actively reduce its risk factor and even feasibly avoid it. This also allows patients to begin treatment at an early stage before the illness has progressed, which increases the chances of treatment success and reduces morbidity (complications in a disease) as well as mortality

4 Dolic and others (n 1).

12 Cordes (n 6).

Aprileffectivelyitalit.org/12090/20210303071916/https:/ec.europa.eu/dig<https://wayback.archivesinglemarket/en/news/usingaifastanddiagnosecovid19hospitals>accessed172022.

Since the COVID 19 pandemic, the desperate need to develop a vaccination against the virus quickly was highly influenced by AI technologies.17 European BioNTech companies (who delivered the Pfizer vaccine) were heavily reliant on the use of AI to develop a vaccination before the others. AI was also used to help research the virus itself which made it easier to develop a vaccine. 18 Not only was it used in the instance of diagnosis and treatment for the Coronavirus but also in relation to having a digital certificate. This has developed in Europe as well as globally, where the requirement has emerged for individuals to present a QR code that

14 Jane Thoning Callesen ‘New Danish Centre for AI and Health’ (SDU, 1 November 2021)

11 Dolic and others (n 1).

AI also broadens the research aspect of medicine to a high extent 10 A substantial amount of research needs to be done concerning the administration of medication and especially regarding the reduction of the side effects that come with it. For example, the use of drug therapy for those suffering from mental illnesses such as Depression, Schizophrenia and ADHD is in need of being explored and improved. As AI can assess an immense amount of data, its application in the medical field could enable the research for such illnesses to expand significantly. Understanding exactly what these illnesses entail can lead to new and more suitable treatments with higher efficacy and fewer side effects. AI has had a great deal of influence within this realm, specifically, the testing stage of drug therapy.

10 ibid.

15 Carla Ragnhild Kruse and others, ‘Artificial Intelligence in Danish Healthcare’ (2020) 182(6) Ugeskr Laeger 3.

physiological and physical state of the patient during surgery. If there was a change in the patient’s state during the procedure, the surgeon will be aware of it, reducing the risk of serious complications and death.12 This shows the theoretical advantages of using AI in medicine which further demonstrates the importance of the development of AI.

17 Commission, ‘Being Smart About Our Health: How Artificial Intelligence Can Help Transform Europe’s Health Sector’ (EU Science HUB, 3 February 2021) <https://joint research centre.ec.europa.eu/jrc news/being smart about our health how artificial intelligence can help transform europes health sector 2021 02 03_en> accessed 9 April 2022.

Denmark is considered one of the most advanced countries in the EU regarding the use of AI from the perspective of software vendors.13 This puts Denmark in a unique position compared to other EU countries. On the 1st of November of 2021, Denmark opened their first centre for clinical AI.14 By collecting and storing data, it improves the analysis of patients by making it more accurate which can help in terms of prognosis.15 It is now a requirement in Denmark that all COVID 19 patients have a CXR (X ray imaging for the chest).16

16 Hayit Greenspan and others, ‘Position Paper on COVID 19 Imaging and AI: From the Clinical Needs and Technological Challenges to Initial AI Solutions at the Lab and National Level towards a New Era for AI in Healthcare’ (2020) 66 Medical Image Analysis 1.

18 Commission, ‘Shaping Europe’s Digital Future: Using AI to Fast and Effectively Diagnose COVID 19 in Hospitals’ (Wayback Archive, 3 March 2021)

plan) have extremely long working hours and are sometimes asked to examine a patient more than once, which becomes costly.9

1.2. Examples of Practical Applications of AI Usage in EU Healthcare

Moreover, one of the most acknowledged uses of AI in healthcare is AI assisted and robotic surgeries. Surgeries, on their own, already exposes the patient to a lot of risks, resulting from the fact that most of them are seen as an invasive form of treatment. Going under anaesthesia, whether it be local, regional, or general, is a risk on its own on top of the risk of complications that may occur during the surgery itself. In the EU, around 52% of the costs of surgeries were a result of complications in 2019.11 The improvements, as a result of robotic surgery, involve better quality of surgery and allow more precise and intricate movements to be made. This would also decrease the risk of complications during surgeries. Additionally, AI could also give information on the

9 HIMSS (n 7).

27intelligens<www.sdu.dk/en/nyheder/aktuelt_fra_sdu/kunstigskalforbedresundhedsvaesenet>accessedNovember2021

13 HIMSS (n 7).

19 Goncalves (n 3).

standard for medical malpractice to be identified is as follows: when the conduct of a medical

2.1. Medical Malpractice & AI Usage: The Legal Framework

Novemberd<www.expertinstitute.com/resources/insights/standarcaremedicalmalpracticeneedknow/>accessed182021.

Cees Van Dam, European Tort Law (2nd edn, Oxford University Press 2013) 136

2. AI Usage & Liability in the EU Health Sector: Regulatory Mechanisms for Balancing Innovation & Safety

Previously, if a patient suffered damage or harm, the agent who was responsible could easily be identified. Now, with the use of AI, there is more than one entity that could potentially be held liable. Due to the fact that AI is relatively new, it is self evident that the current legal framework does not fit into current or future problems that could occur regarding liability. This is because AI has not gained the acceptance necessary to pass legislation that deals with liability arising from its use. The next section of this paper will discuss how liability was previously dealt with and assess the current legal framework concerning AI in

medicineThe

shows their vaccination status, before entering closed places.

Once liability has been established, the different remedies are then evaluated. This, on the other hand, is dealt with by the MS in their national systems. Compensatory damages are usually the remedy that is utilised in healthcare However, depending on the type of liability claim, it can be punitive as well. Within compensatory damages are two types of losses, pecuniary loss (economic) and non pecuniary loss which relates to pain and suffering as well as grief.22 Pecuniary losses are almost always covered whereas non pecuniary losses are more difficult to claim There are 5 main types of

By presenting the benefits of the use of AI and how it has developed, this paper displays how important it has become in recent years. On the one hand, enough space must be given for this innovation to develop and receive acceptance as it is relatively new and comes with a lot of benefits. Nevertheless, it is just as vital that citizens of the EU can hold someone liable when complications arise, and liability comes into play That being said, as the use of AI in medicine increases, so too, do the legal problems deriving from it in particular, legal questions on the application and proven effectiveness of the existing liability mechanisms.19

practitioner, whether that be a doctor or a healthcare professional, is below the standard of duty of care of a reasonable person with the same level of skill and experience.20 This standard is present in most MS in the EU, such as in Germany and France. It is important to note that medical liability falls under fault based liability. There are four requirements that most legal systems have where the claimant must prove for the defendant to be held liable; the existence of a duty of care, there was a failure to comply with this duty of care, damage suffered by the claimant, and a causal link between the damage suffered and the failure to comply with the duty of care. These are the basic conditions for established fault liability within the EU.21 However, some jurisdictions have additional requirements and also analyse this type of claim differently.

This standard requirement can no longer be used with the use of AI as it is difficult to prove. The first two requirements involving a duty of care and a failure to comply are the ones that are most difficult to prove when an AI software was used for diagnosis or treatments. Cases that are more definite in terms of liability include: where the AI software was not regularly updated or where the practitioner did not inform the patient that an AI software was being used.

22 Tatjana Evas, ‘Civil Liability Regime for Artificial Intelligence: European Added Value Assessment’ (2020) European Parliamentary Research Service Briefing PE 654.178 129ff dfD/2020/654178/EPRS_STU(2020)654178<www.europarl.europa.eu/RegData/etudes/STU_EN.p>accessed9October2021.

20 Anjelica Cappellino, ‘The Standard of Care for Medical Malpractice: What You Need to Know’ (Expert Institute, 27 August 2021)

software or not. Therefore, fault liability is not an ideal mechanism that can be used for patients who are claiming damages.

The main question that should be asked is whether a doctor should be held liable for any error that occurred using AI. A committee was elected by the House of Lords in the Parliament of the UK to evaluate the risks of AI and the impact it may have on society in general. Acknowledging the fact that the UK is no longer in the EU, this committee was elected in 2017 and therefore will be used as an example that can be applied. 23 Many courts agree that liability should not be put on the doctor in cases where an AI machine was used Be that as it may, this causes the problem that doctors are exempted from facing any liability at all.24 Furthermore, this raises another issue where once AI has significantly advanced in the medical field and the use of it becomes normalised, doctors may be held liable if they choose to make their own decisions about a patient rather than following the AI tools’ suggestion.25

Healthcare institutions owe a duty of care to supply suitable machines and instruments. Therefore, liability could occur if there were malfunctions in the AI software/machine. If the claimant can prove that it was under the responsibility of the hospital to supply faultless machines, then this could trigger liability for the institution. The problem with this is that medical institutions may be hesitant to supply any form of AI if the use of this liability mechanism would increase. Generally, companies that make such software and machines might be reluctant to sell them or perhaps even develop them further.30 This thus could potentially have a negative impact upon Research, Development & Innovation (‘RDI’). An alternative and more viable solution hence will be sought out in the following sub section. ibid ibid Evas (n 22). Van Dam (n 21) 300 Alberto Galasso and Hong Luo, ‘Punishing Robots: Issues in the Economics of Tort Liability and Innovation in Artificial Intelligence’ in Ajay Agrawal, Joshua Gans and Avi Goldfarb (eds), The Economics of AI: An Agenda (University of Chicago Press, 2019)

2.2. Fault Liability: An Inefficient Mechanism for AI Medical Malpractice

Orian Dheu, ‘EU Report on AI, New Technologies and Liability: Key Take Aways & Limitations’ (KU Leuven, 2020) <www.law.kuleuven.be/citip/blog/eu report on ai new technologies and liability key take aways and limitations/> accessed 9 June 2022.

Artificial Intelligence Committee, ‘AI in the UK: Ready, Willing and Able?’ (UKParliament, 16 April 2017) lect/ldai/100/10002.htm<https://publications.parliament.uk/pa/ld201719/ldse>accessed3June2022.

2.3. The Case for Vicarious Liability: An Unconvincing Solution vis-à-vis RDI

25 Goncalves (n 3).

Other entities could potentially be held liable such as healthcare institutions, under vicarious liability 28 This sub section will focus on employers’ liability, which falls under vicarious liability. There are a minimum of three conditions that should be met in most legal systems for a claim to merely be considered under vicarious liability, nevertheless, different Member States may have additional requirements. The requirements are as follows: a tort has been committed by an employee, an employee employer relationship is present, and the tort occurred within the course of employment.29

Despite all the different opinions courts in the Member States and authors have given, in relation to the allocation of liability, there is still no clear outcome on whether or not a doctor should be held liable. There are some AI machines that require humans to intervene and therefore do not replace a practitioner’s judgment.26 In cases as such, it is argued that liability should be held to the doctor as it is not essential to broaden the liability to the company/manufacturer of the machine.27 However, naturally, many disagree stating that liability in this case should be put on the machine. It is difficult to find a clear distinction between whether a doctor had a duty of care to follow the suggestions of an AI

liability, the suitability of which, in relation to AI, will be evaluated in the following: Fault liability, Vicarious liability and Product liability.

The main source that will be used to discuss product liability will be the Product Liability Directive (‘PLD’).31 This EU Directive is used for defective products and contains provisions about liability. Though while it may seem applicable to AI, the problems that arise with the use of this Directive will be shown.Pursuant

2.4. Product Liability: The More Viable Alternative Mechanism

to article 1 PLD a manufacturer is liable for a defective product. Concerning AI, this is difficult to prove. Those who have suffered harm undoubtedly must be compensated for, however, may find it difficult to prove that this claim is the best course of action. Moreover, it is difficult to obtain sufficient evidence to build a case under this Directive. 32 The definition of defective is enshrined in article 6 PLD stating that a defective product does not provide what a reasonable person can expect when using it and contains specificities with regards to what aspects of this product may be taken into consideration.33

31 Council Directive 85/374 EEC on the approximation of law, regulations and administrative provisions of the Member States concerning liability for defective products [1985] OJ L210

35 Commission and Directorate General for Justice and Consumers, Liability for Artificial Intelligence and Other

Emerging Digital Technologies (EU Publications Office 2019) 5. Evas (n 22). ibid. ibid. Commission and Directorate General for Justice and Consumers (n 35) 19 and 62. Evas (n 22). Commission (n 32).

3. Drawn Recommendations & Legislative Outlook

33 Evas (n 22).

34 ibid.

32 Commission, White Paper on Artificial Intelligence: A European Approach to Excellence and Trust (White Paper, 2020).

In assessing the scope of the Directive in relation to AI, the first problem that arises is the definition of ‘product’ located in article 2 PLD. The Directive does not specify whether this includes both tangibles and intangibles. This gives rise to the question of whether AI fits within the scope of this Directive or not. Furthermore, one of the main issues when using this Directive is if a software is considered a product or a service.34 Secondly, the notion of defect is unclear and is mainly concerned with safety.35 The burden of proof is another core issue as it is difficult to provide evidence.36 Moreover, the type of damages available are not harmonised such as pecuniary losses (specifically, pure economic loss).37 Lastly, the scope of the producer is also

One of the exceptions where liability can be avoided is the clause that entails the knowledge of the product was at a level where the defect could have been discovered. Considering AI is recently developed and has not reached acceptance within the medical field to a high extent, it can be expected that should a problem regarding liability arise, this clause would be frequently used.38

This sub section will draw recommendations based on the overview of the state of EU legislative play explored in the previous sections. The basic scope of liability with respect to AI must be taken on an EU level rather than nationally by the Member States as one of the fundamental ideas behind the EU is harmonisation. In general, the Law of Tort within the EU is not harmonised. When looking at the civil codes of the Member States, it shows that there is no liability mechanism that can be enforced when damage occurs as a result of a product similar to AI.39 If the EU can form the basic requirements through existing Directives or new ones, this incentivises the Member States to tackle the problem of the lack of liability mechanisms on a national level. 40 It is also vital the EU legislation put in place for AI is applied and transformed properly into national legislation

One key issue for the future is to develop the scope of the application of AI, meaning it should be addressed in legislation.41 While the EC has taken the steps in order to define AI, this definition must be

unclear regarding AI. While article 3 clearly states what is meant by producer, this may not be the most reasonable entity to hold liable. There should be an option of joint liability.

Artificial Intelligence, irrespective of the EU industry and sectors in which it is used, will only become more prevalent in the following years to come. While now it is considered a rather novel innovation and has yet to be accepted, this status quo is unlikely to remain for long. The overarching benefits explored in the present article that have come with the use of AI within the EU healthcare system speak to its importance in the development of digital technology as well as pioneering medicine. These benefits consist of the following: cost effectiveness in light of hiring fewer healthcare workers, a definite diagnosis leading to a refined and tailored treatment plan for patients with the use of genetic structure, designating additional time and effort to high risk cases and accordingly less time and effort to low risk cases, and lastly, allowing a fundamental aspect to medicine, namely research, to expand enormously.

The EC states that AI applications are considered high risk if it meets two cumulative conditions The first of these is that the application of AI is used in a sector that is already considered high risk irrespective of AI. For example, the police industry is considered high risk while academia is not 44 Healthcare can be considered part of this sector The second condition is that the use of AI in its context can also be considered a significant amount of risk.45 For example, robotic surgeries contain a higher risk level than a recommended diagnosis. As this paper focuses on the EU, recommendations given by the EC carries a great deal of weight.

43 Commission and Directorate General for Justice and Consumers (n 35).

productThe

professionals and EU society at large. Nevertheless, it is equally vital that victims who have suffered harm as a result of AI are appropriately enabled by new regulatory mechanisms to claim damages and hold someone accountable. Recounted throughout this paper were the existing liability mechanisms Firstly, fault liability, which allocates liability to the doctor and the requirement of fault that caused the damage must be proven. Secondly, employers’ liability, where liability is triggered in the absence of personal fault under vicarious liability. Therein, liability is allocated to an institution responsible for the conduct of the doctor. Lastly, the preferred alternative by this piece is that of product liability i.e., a mechanism assigning liability to the producer of the defective

research question this paper aimed to answer thus was: what is the most efficient mechanism that can be used to allocate liability within the EU for AI in the healthcare system? In simple terms, after assessing the various regulatory mechanisms the EU and MS have to offer, this paper finds that product liability is the most efficient way to claim damages. This is because it contains the basic requirements to allocate liability and has already been codified on a supranational level. Nonetheless, the EU has yet to pass a resolution to expand the Product Liability Directive to allow access for the use of AI. The reports given by the EC as well as the EP have undeniably increased over time and have therefore put more pressure on the EU for harmonising AI liability on a supranational level but also compelled the Member States to potentially include it in their national systems. However, the use of AI is rapidly increasing, and the EU has a duty to undertake the issue of liability for AI just as quickly.

Commission (n 32). ibid.

For these reasons, allowing AI to prosper is of great practical significance to patients,

42 Evas (n 22).

4. Conclusion

flexible enough to allow for further technological innovations in the future.42 Additionally, the EC set up a group in 2018 in order to assess the current liability regime concerning AI and whether the current scheme is suitable for the rise of technical innovations.43

Article 7

How Can the EU Facilitate the Integration of Tokenised Real Estate Assets into the Land Registry Systems within the EU?

by Maximilian Tipp-McKnight

Maximilian Tipp-McKnight is an L.L.M. candidate at Maastricht University specialised in Corporate and Commercial Law. He is an intern at the Maastricht European Private Law Institute (MEPLI) since January 2020 and, in 2021, he graduated from the European Law School L.L.B. at Maastricht University. Previously, he worked on a product liability research contribution published by the European Commission and was an editor for the ELSA Maastricht Law Review. Maximilian represented Maastricht University as an oralist in the 29th Willem C Vis International Commercial Arbitration Moot, and his research has mainly focused on European and International Private Law.

1. Distributed Ledger Technology & Blockchain

<https://medium.com/cryptoeconomics australia/the blockchain economy a beginners guide to institutional cryptoeconomics 64bf2f2beec4> accessed 10 October 2021. 3 ibid. 4 ibid. 5 ibid. 6 ibid.

Blockchain is a digital, decentralised, distributed ledger which consists of data structured by rules allowing ledgers to confirm ownership. It is a record of transactions that is maintained across several computers connected on a peer to peer network. Traditional land registries map who owns what and whether their land is subject to any caveats or encumbrances. Ledgers confirm identity and status; recording who has rights and obligations such as who has the authority to access what bank account. At their most fundamental level, ledgers map economic and social relationships.5

This article conducts a literature review and uses the doctrinal legal research method to analyse the recent developments in laws relating to DLT and how they could comply with EU law. As this is a

This article will be focusing on blockchain, a type of Distributed Ledger Technology (‘DLT’), and more specifically the tokenisation of real estate assets using blockchain It will answer the question: How can the European Union (‘EU’) facilitate the integration of tokenised real estate assets into the land registry systems within the EU? To do so, this contribution examines the mechanisms available to tokenise real estate asset ownership and how this could fit into the EU property law framework. In the current real estate technology world, tokenisation is a term with two meanings: it can be used to mean the fractionalisation of property rights; and it can refer to the digital representation of asset ownership. In this piece the term refers to both interpretations

newly developed technology there is very little legislation in place, therefore most of the research will focus on academic literature and theoretical applications of these technologies to different legal systems.Why is this research relevant? One could argue that the Fourth Industrial Revolution has already commenced. Blockchain and associated technological changes are likely to disrupt current economic conditions. No one knows how the blockchain revolution will unfold.4 It is important to already look at potential legislative solutions so that the law is not left behind by this technological development.

72 Introduction

2 Chris Berg, Sinclair Davidson, and Jason Potts, ‘The Blockchain Economy: A Beginner’s Guide to Institutional Cryptoeconomics’ (Cryptoeconomics Australia,

The rapid development of new technologies in the last few years has created a new virtual world which engages with the real world Blockchain technology has been described as disruptive to the traditional legal system in the sense that traditional private law is not thought to be sufficient in this new data driven world.1 It is common to compare the invention of blockchain with the invention of the internet which has revolutionised the way we interact and do business by facilitating quicker and more efficient communication and exchange. However, a better comparison to make would be between blockchain and the invention, in the 14th century, of the mechanical clock and time, which brought exact measurement and temporal control into every activity 2 Mechanical time opened up entirely new categories of economic organisation that had until then been not just impossible, but unimaginable.3

A digitised ledger is only as reliable as the organisation that maintains it. Blockchain solves this problem as the blockchain is a distributed ledger that does not rely on a trusted central authority to maintain and validate the ledger.6 Instead the blockchain is maintained by independent nodes (normally computers) connected to the blockchain which verify and store the blockchain independently.

27 September 2017)

1 Sjef van Erp, ‘Land Registration and “Disruptive” (or “Trustworthy”?) Technologies: Tokenisation of Immovable Property’ in Anabel Fraga, Elena Ioriatti and Sjef van Erp (eds), The IMOLA II Project The European Land Register Document (ELRD): A Common Semantic Model for Land Registers Interconnection (European Land Registry Association 2019) 157.

11 ibid. Berg, Davidson, and Potts (n 2). ibid.

10 ibid.

There are three main types of tokens on Blockchain. Firstly, there are coloured coins which require users to burn some coins and publish a transaction by applying some variety of built in protocol scripts. Burning coins is a method of spending the coins to complete a transaction which causes the coins to be used up and cease to exist. In the transaction the user inserts some data that marks and distinguishes the coins from the cryptocurrency, e.g., Redcoins could represent property rights. Such tokens are an overlaid technology, which means the blockchain protocol did not initially have dedicated elements of token technology. Members of the Redcoin community can then use custom software that recognises the embedded data on the marked coins, to trade these tokens.14

8 Konashevych (n 7) 31 33.

7 Oleksii Konashevych, ‘General Concept of Real Estate Tokenization on Blockchain’ (2020) 9 European Property Law Journal 21, 31 33; see also Satoshi Nakamoto, ‘Bitcoin: A Peer to Peer Electronic Cash System’ [2008] Bitcoin White Paper 9 <https://bitcoin.org/bitcoin.pdf> accessed 9 May 2022

To understand how tokens on a blockchain work it is important to distinguish between possession and ownership. Possession of a banknote token indicates ownership. In the nineteenth century,

This is why it is called a distributed ledger. In DLT, a token is a record in the ledger owned by the user via the mechanism of public key cryptography. The token is distinguished from cryptocurrency. Even though tokens and cryptocurrency have a mechanism of ownership via the user’s private key, the difference lies in the way they are created. Coins such as Bitcoin are created as the result of the competition of independent nodes in the network which use a mathematical protocol and the first node to solve the mathematical problem is rewarded with Bitcoin. 7 A node in the bitcoin network is a computer running the bitcoin software Running the software maintains the blockchain, this costs time and energy, therefore, they get rewarded with bitcoin

Tokens can be arbitrarily created by any user, and the fact of the creation does not depend on the network’s consensus. Nevertheless, the consensus plays a crucial role in maintaining the ledger, where such tokens are stored. 8 Malta was among the first countries to define the notion of a token in their legislation. According to the Malta Virtual Financial Assets Act, 2018, a virtual token is a digital record that has no use, value or application outside of the DLT platform on which it was issued and may only be redeemed for funds directly by the issuer of such DLT asset.9 Lichtenstein also defined a token in their Lichtenstein Blockchain Act, 2019, as a set of information on a Trusted Technology (‘TT’) System, such as DLT, which represents claims or rights of memberships against a person, rights to property or other rights; and is assigned to one or more TT Identifiers (addresses).10 Tokens have been defined by academics as ‘cryptographically secured coupons which embody a bundle of rights and obligations.’11

16 Smart contracts are machine code that exists in the form of algorithms that are written in a programming language. They do not contain any human language so are not comparable to ‘normal’ contracts. See Konashevych (n 7) 47 48.

9 ibid.

the possessor (bearer) of a banknote had a right to draw on the issuing bank the value of the note. These banknotes were direct liabilities for the issuing bank and were recorded on the bank’s ledgers 12 In our era, fiat currencies cannot be returned to the central bank for gold, but the relationship principle remains. The value of the bill is dependent on a social consensus about the stability of the currency and government that issued it. A token is a call option on a relationship in a ledger and if trust in that relationship collapses so does the value of the token 13

Secondly, name value storage is another form of overlaid technology. The insertion of data in the blockchain is provided in the form of a key value record. The entry is a container where the user inserts their key, which must be unique within the database and a value, which is their data or message that is attached to the key.15 Thirdly, there are tokens based on smart contracts. Smart contracts are executable software code that the user inserts in the blockchain via a cryptocurrency transaction.16 Tokens are created by deploying a smart contract. The number of tokens, conditions, and features are defined in the smart

14 Konashevych (n 7) 33 34. ibid.

3. Blockchain Interoperability (Cross Chain Technology)

Real estate tokenisation is a broad term and can take several forms. It might refer to representing shares in a real estate investment trust with tokens; or using a token to represent debt secured against a single property; or dividing a single property into 100,000

Cross Chain Technology (‘CCT’) is an emerging technology that seeks to allow transmission of value and information between different blockchain networks.23 Most blockchain networks operate in isolated ecosystems. The inability of different blockchains to communicate with each other could lead to problems down the line such as multiple blockchains registering the same property right. CCT allows different blockchains to communicate with one another without the help of intermediaries.24 Ripple is a blockchain project exploring cross chain transactions. Ripple is trying to make it possible for people and entities to exchange various digital assets across different blockchains.25 Multi chain frameworks act as open environments, which blockchains can plug into and become part of a standardised ecosystem to share information.26 The EU could set up a multi chain framework to facilitate the integration of tokenised assets.

Andrew Baum, ‘Tokenisation The Future of Real Estate Investment?’ (2020) The Future of Real Estate Initiative of Saïd Business School in University of Oxford Paper Series 31 01/tokeni<www.sbs.ox.ac.uk/sites/default/files/2020sation.pdf>accessed5October2021.

Diego Geroni, ‘Blockchain Interoperability: Why Is Cross Chain Technology Important?’ (101 Blockchains, 13 August 2021) interoperability/><https://101blockchains.com/blockchainaccessed11October2021. 24 ibid. 25 ibid. 26 ibid. Sjef van Erp, ‘European Property Law: Competence, Integration, and Effectiveness’ in Ronit Levine Schnur (ed), Measuring the Effectiveness of Real Estate Regulation: Interdisciplinary Perspectives (Springer International Publishing 2020) 206 <https://doi.org/10.1007/978 3

contract and cannot be arbitrarily changed on the run due to the immutability of the ledger. Smart contract based tokens have the same mechanism of ownership via public key cryptography, and therefore, can be an object of economic relationships.17

In Ethereum, Ether coins are used to pay for ‘gas’ to run a transaction with a smart contract. See Konashevych (n 7) 31.

Tokens, which are designed as units of account, can represent fractional property rights.18 This means that a house could be split between ten persons who each own one token. In this case a token entitles the owner to ten per cent of the house. A token is an object of ownership and a carrier of information on property rights. Users create tokens and transfer them within the blockchain via the mechanism of public key cryptography. A token is attached to a user’s address (public key) and only the relevant private key can be applied to sign a transaction. Tokens are transferred, updated, or deleted via blockchain transactions. Tokens are distinguished from cryptocurrency, as the main purpose of the latter is to be used as fees for transactions and ‘gas’ 19 to run smart contracts.20 Tokens in blockchain represent two types of information: who owns it (to which address is it recorded) and the chain of transactions. Because blockchain is public, immutable, and chronological, the history of transactions is natively available in the ledger, creating a traceable sequence of transactions Fractional ownership is possible via decimal units of account and/or multi signature schemes.21

18 ibid 36

20 Konashevych (n 7) 37.

4. EU Competence: Can the EU Regulate This Field?

2. The Tokenisation of Real Estate Assets

The fundamental structure of the EU and how it operates is contained in its treaties: The Treaty on European Union (‘TEU’) and the Treaty on the Functioning of the European Union (‘TFEU’).27 EU

tokens. All these approaches to real estate tokenisation are commonly referred to as the digitalisation of assets. Tokens can be classified as security tokens giving access to ownership, utility tokens providing access to use, or hybrids giving access to both.22

21 ibid 37 38.

17 Konashevych (n 7) 34.

law is an autonomous legal order. In the Van Gend en Loos and Costa v E.N.E.L judgements,28 it was established that EU Law has precedence over national law29 and both treaty provisions and secondary legislation that are sufficiently clear and precise will have direct effect in the laws of the Member States (‘MSs’) 30 The EU’s law making results in either harmonisation or unification of the law. Harmonisation happens after a Directive has been implemented in the law of the MSs. The latter have the freedom to decide how to implement these rules as long as the end result is as the directive states. Unification happens when the laws of the MSs are being replaced by rules in a regulation. No national implementation is needed for a regulation to apply.31 Within the EU, property law is for the most part governed by the laws of the MSs. The EU only has limited competences to legislate, and if it legislates in the field of property law, MSs try to limit this by invoking article 345 TFEU.32 Article 345 states that the treaties shall in no way prejudice the rules in MSs governing the system of property ownership. The Court of Justice of the European Union (‘CJEU’) has indicated that although in the absence of EU legislation, MSs are free to give shape to their systems of property law, they must do so in the context of the rules governing the EU internal market. 33 In the Essent case, 34 the CJEU decided that the decision to privatise or nationalise enterprises was to be solely decided by the MSs, but that did not exclude the duty to act in conformity with the four freedoms.

One can argue that the EU should have the competence to legislate in the area of real estate tokenisation, as facilitating cross border real estate transactions within the internal market would fall under the ambit of article 114 TFEU. In the Tobacco Advertising case, 38 it was established that article 95 of the Treaty establishing the European Community, now article 114 TFEU,39 can only be used as a legislative basis if the measure has as its object the significant improvement of the conditions for the establishment and functioning of the internal market.

31 van Erp (n 27) 206 208.

28 Case C 26/62 Van Gend & Loos v The Netherlands [1963] ECR 1; Case C 6/64 Costa v ENEL [1964] ECR 595.

Caroline S Rupp, ‘What’s New in European Property Law? An Overview of Publications in 2015/2016’ (2017) 6(1) European Property Law Journal 87, 92. van Erp (n 27) 209. ibid 208.

030 35622 4_11> accessed 18 October 2021; Consolidated Version of the Treaty on European Union [2008] OJ C115/13 (TEU); Consolidated Version of the Treaty on the Functioning of the European Union [2007] OJ C326 (TFEU);

Case C 376/98 Federal Republic of Germany v European Parliament and Council of the European Union [2000] ECLI:EU:C:2000:544 <https://eur accessedcontent/EN/TXT/?uri=CELEX%3A61998CJ0376lex.europa.eu/legal>1May2022.

32 ibid 206.

Article 114 is used in cases where disparity between national legal systems is creating trade barriers; EU law can then create the desired level playing field. Article 81 is the basis for unifying private international law and has been used to such a degree that not just areas relating to international civil and commercial cases are being governed by EU private international law but also international succession, matrimonial property, and registered partnership property cases.36 Article 352 TFEU provides for a residual competence and covers appropriate measures to obtain the objectives of the European treaties.37

29 EURLex, ‘Precedence of EU Law: Summary of Judgment of the Court of 15 July 1964 Flaminio Costa v ENEL’ (2021) EURLex Legislation Summaries Series no 01.06.00.00 <https://eur lex.europa.eu/legal accessedcontent/EN/TXT/?uri=LEGISSUM%3Al14548>19November2021.

EURLex, ‘Tables of Equivalences’ [2012] OJ C326/363 12:326:0363:0390:EN:PDFlex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:C:20<https://eur>accessed2May2022

See Joined Cases C 105/12, C 106/12 and C 107/12, Staat der Nederlanden v Essent and others [2013] ECLI:EU:C:2013:677

30 Bram Akkermans, ‘European Union Constitutional Property Law’ (2014) Maastricht Faculty of Law Working Paper Series No. 2014/14 22 25 <http://dx.doi.org/10.2139/ssrn.2459926> accessed 18 October 2021.

Article 345 TFEU is therefore not a blockade on the EU’s competence to regulate property law. The EU can only regulate those selected ownership issues that fall within the context of its functional regulatory competences in practice the establishment and functioning of the internal market (article 114 TFEU), and the judicial cooperation in civil matters having cross border implications (article 81 TFEU).35

Bram Akkermans, ‘Lex Rei Sitae and the EU Internal Market Towards Mutual Recognition of Property Relations’ (2018) 7(3) European Property Law Journal 246, 254.

Article 114 TFEU can be used if the aim of the measure is to prevent the emergence of future obstacles to trade. If there is no harmonisation of the rules on real estate tokenisation, then this could lead to barriers to trade in the future. If one MS recognises the property rights of token holders but another MS does not, this could discourage the cross border transfer of real estate assets. Based on the foregoing, the EU does have the competence to regulate in this area.

Hendrik D Ploeger and Bastiaan van Loenen, ‘EULIS: At the Beginning of the Road to Harmonization of Land Registry in Europe’ (2004) 12(3) European Review of Private Law

42 Sharon Smyth, ‘Value of Global Real Estate Rose 5% to $326.5 Trillion in 2020’ (CoStar, 21 September 2021) <www.costar.com/article/1116948902/value of global real estate rose 5 to 3265 trillion in 2020> accessed 22 October 2021; see also Baum (n 22) 27.

One problem that the EU framework will face is the fact that there is no general concept of ownership at EU level Instead of harmonisation of substantive law, some scholars argue that Europeanisation at the private international law could be more promising.45 The European regulatory competence for this harmonisation of private international law would be based on article 81 TFEU.46 However people would still have problems if the substantive law is not harmonised

4.2. Land Registers within the EU

4.1. Why Should the EU Regulate This Area?

40 Dan Simerman, ‘Democratizing Ownership: How The Future of Real Estate Investing Is In Tokenization’ (Nasdaq, 23 December 2020) ownership%3A<www.nasdaq.com/articles/democratizinghowthefutureofrealestate investing is in tokenization 2020> accessed 6 October 2021.

It may still be in the early stages of development, but tokenisation has been heralded as the future of real estate investing.40 The democratisation of ownership through the tokenisation of real estate assets is a hot topic as it could give retail investors an opportunity to invest in real estate, without the expensive initial investment which is a significant barrier to entry for the average investor.41 Real estate is a major asset class, representing more than €279.8 trillion globally 42 Using blockchain and tokenisation, real estate can be divided into fractional elements and opened up for investment, and asset transfer. The transactions involved in the purchase and sale of real estate hold the potential for massive simplification and cost reduction in the blockchain era. A properly constructed blockchain based system could greatly mitigate the complexity and sluggish speed of the average real estate transaction.43

As such, this article posits that the EU should be allowed to regulate the tokenisation of real estate assets to ensure the smooth functioning of the internal market. If the EU does not attempt to regulate it, then it could lead to the privatisation of

41 Johan Toll, ‘Take Real Estate Tokenization to the Next Level’ (Nasdaq, 03 August 2021) <www.nasdaq.com/articles/take real estate tokenization to the next level 2021 08 03> accessed 9 October 2021.

the field. Private companies could set up their own system which may lead to the circumvention of national land registries, which would also cause problems for the functioning of the internal market as the EU and the MSs could lose control over the transfer of real estate assets if it moves to a decentralised blockchain system that they have no control over.44

There is a lack of harmonisation within the EU when it comes to land registries. It has been argued that increased harmonisation of the land registries would facilitate cross border transactions in immovables within the EU.47 The European Commission and Council have sponsored and supported several projects to help individuals, businesses and the professionals advising them to obtain information regarding real property and to transact cross border.48 The European Land Information System (‘EULIS’) project brought the registrations of European jurisdictions together in one portal. It provided access to land and property information across Europe using the information in the computerised databases Baum (n 22) 27.

Anabel Fraga, Elena Ioriatti and Sjef van Erp, The IMOLA II Project The European Land Register Document (ELRD): A Common Semantic Model for Land Registers Interconnection (European Land Registry Association 2019) 19 <www.elra.eu/imola ii/imola ii e book/> accessed 20 October 2021.

It has already been suggested that in an ideal world (from the investors’ perspective) real estate tokenisation would avoid regulations and avoid taxes. See here ibid 55. Rupp (n 35) 92. ibid 93.

The European Land Registry Association (‘ELRA’) initiated the Interoperability Model for Land Registers (‘IMOLA’) project with EULIS.58 The original idea was that it would be beneficial for customers obtaining land registry information through the e Justice Portal to have that information presented to them in a common format. This idea was explored by ELRA’s European Land Registry Network (‘ELRN’),59 a group of land registry experts.60 Differences in national legislation and divergences inherent to the practice of land registration makes cross border exchange of information between European land registries complicated.61 The IMOLA project aimed to produce a model for standardised land registry output, connected to explanatory material in different languages, and to provide training to improve understanding of the different legal systems involved.62 The outcome of the IMOLA project is a draft of an interoperability framework. This includes an XML language63 for land registers and the development of a template for European Land Registry Documents (‘ELRDs’) to which the entering of XML data could be computerised.64 XML is a computer coding language. XML's primary function is to create formats for data that is used to encode information for documentation, database records, transactions, and many other types of data The results of the project include: a set of guidelines for the establishment of standardised access to land registry information; defining a semantic model for ELRDs and Implementing a publication engine that takes a request and formats the results in a standard predefined form.65

59 Fraga, Ioriatti and van Erp (n 48) 20 21. 60 ELRN’s aim is to provide the general public with relevant and useful information about land registration within the European Union, for more info see European Land Registry Association, ‘European Land Registry Network’ (ELRA, 2021) <www.elra.eu/european land registry network/> accessed 20 October 2021.

European Land Registry Association (n 58) 2. 65 ibid.

Fraga, Ioriatti and van Erp (n 48) 19.

58 European Land Registry Association, ‘Summary of the IMOLA Project’ (ELRA, 2021) 1 4 <www.elra.eu/wp content/uploads/2017/02/2. Summary of the IMOLA Project.pdf> accessed 19 October 2021.

49 Commission, ‘About European Land Information Service EULIS’ (Joinup/EULIS EEIG, eulis/about>/solution/european<https://joinup.ec.europa.eu/collection/egovernment2021)landinformationserviceaccessed20October2021.

European Land Registry Association (n 58) 1. 62 ibid.

52 ibid, 20.

54 ibid; see also Gabriel Bogdan Chihai, ‘The Possibility of a Common European Land Registry within the Current Legal Framework’ [2019] Universul Juridic 39.

63 For more information, see Peter Loshin, David Linthicum and Maxine Giza, ‘What Is XML (Extensible Markup Language)?’ (WhatIs, October 2021) <https://whatis.techtarget.com/definition/XMLExtensibleMarkupLanguage>accessed20October2021.

56 Chihai (n 54).

53 Ploeger and Loenen (n 47).

55 Ploeger and Loenen (n 47) 10.

The Cross Border Electronic Conveyancing (‘CROBECO’) projects facilitate cross border conveyancing by allowing notaries to prepare a deed in their own country and to then submit it electronically to a land registry in another country. As part of the project a Cross Border Conveyancing Reference Framework was developed to give the notary the tools they need to conduct transactions cross border.57

57 Fraga, Ioriatti and van Erp (n 48) 19.

of the participating land registries.49 The portal allowed property professionals to order land registry information cross border. The portal allowed the professional to place the order in their own language and pay for the information with their own currency. The EULIS portal was closed in 2017.50 The Land Registries Interconnection (‘LRI’) Project superseded EULIS.51 The aim of the project is to provide, on the European E Justice Portal, a single access point for searching and obtaining land property information from the land registers of MSs.52 The EULIS project was the first step towards a more transparent system of real estate transactions. However, it has been argued that further harmonisation is needed.53 The possibility that national land registries within the EU could be harmonised or even integrated into one European land registry or administration has been discussed.54 It has been argued that harmonisation would be insufficient, and that the EU should strive for a uniform system of land registration to promote cross border transactions. 55 It has also been argued that the implementation of a common European Land Registry from a legal point of view is not yet a viable option. 56

51 ibid.

69 Christoph U Schmid and Christian Hertel, ‘Real Property Law and Procedure in the European Union’ (European University Institute Florence/European Private Law Forum Deutsches Notarinstitut 2005) 27 47 <www.eui.eu/Documents/DepartmentsCentres/Law/

encourage this by stating that they will only recognise the property rights of the token holders if the creator of the tokens or the person tokenising the real estate assets registers it with the EU first. The consumers could drive this de facto harmonisation Since Capital owners have an interest in property rights protection,72 they will naturally want their rights to be recognised by the EU, this will then pressure the property developers into registering the tokenisation of their assets with the EU.

The ‘A’ part of the register describes the property or parcel that is the subject of the registration. The ‘B’ part of the register describes the ‘owner’ of the property. Although different legal traditions use different ways to define ownership, the person named in part B is normally the person who is entitled to deal with the title. Part B will also give notice of others who can control whether a dealing with the title can take place or to whom sale proceeds would have to be paid. It will also contain details of matters that restrain the ability of the owner freely to deal with the property. The ‘C’ part of the register contains matters that affect the title, e.g., restrictions, rights, servitudes, easements, and leases. Apart from mortgages, matters in the C part will normally remain on the register notwithstanding a change of owner.68 The fact that a property has been tokenised and registered on a blockchain could be included in part C of theHarmonisingELRD.

sense for the land registries to harmonise voluntarily their procedures and practices and that ELRA and ELRN are perfectly and uniquely placed to lead such initiatives.70

66 ibid.

67 ibid 3

72 Paul J Zak, ‘Institutions, Property Rights, and Growth’ (2002) 68 Recherches Économiques de Louvain 55.

The ELRD is a template for organising land register information at European level It is based on Judicial cooperation; ELRA considers that one of the main functions of the land register systems is to ensure the availability of information intended for legal purposes. Therefore, the main scope of the ELRD is simplifying the judicial cooperation required by EU legislation, as well as facilitating transactions of properties by means of providing information related to the legal status of the marketable properties.66 This legal information is based on a bottom up approach of the European land registry systems instead of the imposition of one model from a MS. The IMOLA approach suggests an ‘ABC’ structure of the information 67

68 Fraga, Ioriatti and van Erp (n 48) 21 22.

Instead of trying to harmonise all the land registries, the EU could implement a multichain framework in combination with an overarching system like EULIS. They could use CCT to monitor all relevant blockchains that contain EU property rights. As was shown above the EU has already started several projects that deal with the harmonisation of EU land registries and more generally aim to facilitate cross border transactions of Real estate assets. The EU could simply add onto the extensive work already carried out by ELRA. The IMOLA’s ELRD could include the fact that a real estate asset has been tokenised on a blockchain and that the owners of those tokens have a claim over that property. Since all transactions on the blockchain are chronologically stored in blocks and cannot be altered, 71 only one token holder on the blockchain would have to register the blockchain with the EU framework for the rights of all the token holders on that blockchain to be recognised.TheEUcould

71 Konashevych (n 7) 53.

the land registries across the EU would be difficult because of all the differences in the national land registry systems and property law across the EU member states. 69 Alasdair Lewis, former president of ELRA is of the opinion that it would be a massive challenge to harmonise land law across the EU. However, he believes it would make

5. Outlook & Proposed Solutions

Fraga, Ioriatti and van Erp (n 48) 22.

One question that needs to be answered is if the token holders would be granted property rights accessedLaw/RealProResearchTeaching/ResearchThemes/EuropeanPrivatepertyProject/GeneralReport.pdf>4July2022.

when their ownership of the token has been included in the EU framework. As it stands now owning a token on a blockchain would not grant you property rights over the property that has been tokenised. The token holder would only have a personal claim against the issuer of the tokens. This puts the retail investors in a difficult position. In the case of insolvency, they would be simple unsecured creditors. If their token ownership gave them a European property right, then they would be secured creditors. To incentivise people who are trading property rights on blockchain to register with the EU framework, the EU could offer them security through the fact that once the blockchain is registered, they gain property rights in the real world, and not just within the Blockchain. The feasibility of moving land registries onto a blockchain platform has been examined by academics and the consensus is that land registers are too important to be replaced by Blockchain technology which is deemed unsuitable and not fitting of the needs of the public yet.73 Therefore, instead of replacing the land registers, the EU could add on to the already existing framework that has been developed by ELRA. The EU could implement a multi chain framework, that the blockchains can plug into, as part of an overarching land registries network like EULIS. the ELRD could add a section that covers blockchains and tokenised real estate assets. In order to achieve this, the EU could bring in a Directive which requires MSs to implement a minimum standard whereby they must recognise the property rights of token holders and include the fact that a property has been tokenised on a blockchain in their respective land registries.

This article has examined the functionality of real estate asset tokenisation, the competences of the EU and has shown how the EU can facilitate the integration of tokenised assets within the land registries of EU member states. The EU has not managed to harmonise these land registries yet, but it has encouraged the process by supporting ELRA and other initiatives. 74 It has been argued that unifying

the land registries into a European Land Registry would be very difficult and is not yet a viable option.75 However, increased harmonisation could be achieved by using a multichain framework that monitors different blockchains in combination with an EU e portal that bundles information from all the land registries within the EU into one place. Using this multichain framework and allowing tokenised assets to be registered in EU Land registers would not only lead to further harmonisation but would also facilitate the integration of tokenised assets within the land registries of the EU. Chihai (n 54). ibid 45.

Jacques Vos, ‘Blockchain Based Land Registry: Panacea, Illusion or Something In Between?’ [2017] European Land Registry Annual Publication Series 26.

6. Conclusion

Section Dissertations(II) 81

Law & Tech

David Kermode is an LL.B. graduate of the European Law School programme at Maastricht University. His interests include European competition law, intellectual property law and corporate and commercial Law. David will continue his academic career at Maastricht University next year where he will pursue a Master of Laws in Globalisation and Law (LL.M.).

Market Definition in the EU Digital Sector: A Multi-Sided Problem by David Kermode

Dissertation 1

5 Robert O’Donoghue and Jorge Padilla, Law and Economics of Article 102 TFEU (3rd edn, Hart Publishing 2020) 220.

In governing the areas of antitrust, EU competition law prohibits the abuse by an undertaking, of a dominant position within the internal market or a substantial part of it insofar as it may affect trade between Member States.1 Article 102 of the Treaty on the Functioning of the European Union (TFEU) is the present day provision dealing with this prohibition in the European internal market. Formally introduced to the EU legal system in 2009 following the adoption of the Treaty of Lisbon, the formulation of this provision has undergone little change relative to its predecessor in article 86 of the Treaty of Rome. The EU possesses exclusive competence to establish the competition rules in the internal market.2 The European body charged with enforcing the antitrust rules in this area, in which the EU alone can legislate and adopt binding acts, is the European Commission.3

7 Cemal Karakas, ‘Google Antitrust Proceedings: Digital Business and Competition’ (2015) European

3 ibid, art 105(1).

9 Sean Silverthorne, ‘Interview with Andrei Hagiu: New Research Explores Multi Sided Markets’ (Harvard Business School Working Knowledge, 12 March 2006) <https://hbswk.hbs.edu/item/new research explores multi sided markets> accessed 26 January 2022.

4 For a general definition of a dominant position see: Case 27/76 United Brands Company and United Brands Continentaal BV v Commission [1978] ECR 207, para 65: ‘[…] a position of economic strength enjoyed by an undertaking which enables it to prevent effective competition being maintained on the relevant market by affording it the power to behave to an appreciable extent independently of its competitors, its customers and ultimately of its consumers.’

6 Commission, ‘Notice on the Definition of Relevant Market for the Purposes of Community Competition Law’ [1997] OJ C372/03.

Introduction

relevant market for the purposes of Community competition law (‘Commission Notice’) 6

Certain markets are posing new challenges to market definition under article 102 TFEU, however. Highly innovative, fast moving, and dynamic markets such as those found in the EU digital sector are a prime example. The challenges posed by these markets led to the European Parliament acknowledging the shortcomings of EU competition law in a July 2015 report on EU competition policy. In the report, the Parliament recognised the need for review of EU competition law, including article 102 TFEU.7 A predominant reason for this acknowledgment was the emergence of several high profile digital sector cases before the European Courts and Commission in the last 10 to 15 years. These cases prompted discussions regarding market definition and assessments of dominance.8

Consolidated Version of the Treaty on the Functioning of the European Union [2007] OJ C326 (TFEU), art 102.

One of the main reasons why market definition is such a complicated task in the EU digital sector is because of the multi sided nature of certain markets. Multi sided markets are markets in which undertakings need to get two or more distinct groups of customers who value each other's participation on board the same platform to generate any economic value.9 One such example is Amazon, the market platform which acts as an intermediary between buyers and sellers. Without the activity of both sets of customers, the platform would not work. Many criticisms of the

Parliamentary Research Service Briefing PE 565.870 7 accessed15/565870/EPRS_BRI(2015)565870_EN.pdf<www.europarl.europa.eu/RegData/etudes/BRIE/20>2January2022.

2 ibid, art 3(1)(b).

8 See for example: Intel (Case COMP/37.990) Commission Decision of 13 May 2009 [2009] (Provisional Non Confidential Version); Google Search (Shopping) (Case AT.39740) Commission Decision of 26 June 2017 [2017]; E Book MFNs and Related Matters (Amazon) (Case AT.40153) Commission Decision of 4 March 2017 [2017]; Google Android (Case AT.40099) Commission Decision of 18 July 2018 [2018] and Microsoft (Tying) (Case COMP/39.530) Commission Decision of 16 December 2009 [2009].

Occupying a dominant position is not itself contrary to article 102 TFEU.4 If dominance cannot be proven, however, no abuse can be construed regardless of the anticompetitive effects of the conduct in question.5 An important first step in assessing the dominant position of an undertaking is therefore establishing in which markets the said undertaking may occupy such a position. The Commission describes market definition as a tool to identify and define the boundaries of competition between firms in its Notice on the definition of

As the addressee of a triad of noteworthy Commission Decisions dating back as far as November 2010,10 American multinational technology company Google has emerged as a protagonist of this EU digital sector that illustrates the broader developments in this arena. The research question to be answered in this dissertation is ‘to what extent has the European Commission’s approach to defining relevant product markets for multi sided markets under article 102 TFEU changed throughout the “Google Trilogy”?’

1. The Google Trilogy: In Brief

To answer the research question, this discussion has been split into four primary sections

Commission’s approach to market definition in multi sided markets in the EU digital sector highlight the flaws of the current legal framework that often, in the eyes of analysts, produces erroneous market definitions.

Commission, ‘Antitrust: Commission Fines Google €2.42 Billion for Abusing Dominance as Search Engine

1.1. Google Shopping

each with their own sub sections. The first section presents a brief outline of the three Google Decisions to be discussed. The second section explains the Commission’s traditional methods of defining relevant product markets. Defining the relevant geographical and temporal markets has been omitted from the present discussion as this process is neither as controversial nor necessarily as meaningful as the above mentioned for the purposes of this discussion. The third section of this piece will address the Commission’s approach to multi sided markets and introduce some shortcomings of this approach in the context of the Google Trilogy. The fourth section of this dissertation considers specific issues within each Decision to illustrate wider problems with the Commission’s current approach to market definition in multi sided markets. In the interest of being concise, only illustrative examples of the major limitations of the Commission’s approach in each Decision will be analysed. This will be followed by concluding remarks.

The present dissertation will follow an analytical research methodology. The Google Trilogy refers to the triad of Commission Decisions addressed to Google from 2017 to 2021: Google Search (Shopping), Google Android and Google Search (AdSense). 11 These Decisions have been chosen as a contemporary representation of Commission treatment of EU digital sector undertakings in the sphere of market definition under article 102 TFEU. The fact that all these Decisions are addressed to the same undertaking allows for a consistent historical analysis of the Commission’s evolution in this assessment. Consulting the three Google Commission Decisions alongside noteworthy judgements of the European Courts will be of central importance in adhering to the chosen methodology. Secondary sources will be consulted as a means of identifying support for and opposition to the methods deployed by the Commission in defining the relevant markets.

10 Google Android (Case AT.40099) Commission Decision of 18 July 2018 [2018]; Google Search (Shopping) (Case AT.39740) Commission Decision of 26 June 2017 [2017] and Google Search (Adsense) (Case AT.40411) Commission Decision of 20 March 2019 [2019].

11 ibid.

In June 2017, the Commission brought its Google Shopping investigation to an end by fining Google €2.42 billion for breaching EU competition law. The Commission found that Google had abused its dominant position as a search engine by providing illegal advantages to its own comparison shopping service.12 From 2008 onwards, Google adopted a comparison shopping strategy that relied on their dominance in general internet search.13 In doing so, Google systematically awarded prominent placement to its own comparison shopping service by displaying these results first before those of competitors.14 Accordingly, Google also demoted

by Giving Illegal Advantage to Own Comparison Shopping Service’ (European Commission, 27 June 2017) il/en/IP_17_1784<https://ec.europa.eu/commission/presscorner/deta>accessed10January2022. 13 ibid. 14 ibid.

In March 2019, the Commission concluded the Google Trilogy by fining Google a further €1.49 billion for once again breaching EU competition law. This time, the Commission found that Google had abused its dominant position in the market for online search adverts by imposing several restrictive clauses in third party website contracts which prevented Google’s rivals from placing their search adverts on these websites.23 Google’s AdSense platform acts as an online search advertising medium between advertisers and website owners. It is through this platform and the actions described above that Google prohibited publishers from placing any competing search adverts on their search results pages, prevented competitors from placing their adverts in the most visible and frequently visited parts of the websites’ search results pages and controlled how attractive and clicked on competing adverts could be.24 In its Decision, the Commission found Google to occupy a dominant position in the market for online search advertising intermediation in the EEA. This finding was based on Google’s high markets shares (>85%) and high barriers to entry in the market.25

In its Decision, the Commission found Google to occupy a dominant position on the national EEA markets for general internet search. In

16 ibid.

17 Google Search (Shopping) (Case AT.39740) Commission Decision of 26 June 2017 [2017], paras 271 285.

In its Decision, the Commission found Google to occupy a dominant position in the general internet search markets in the European Economic Area (EEA). This finding was substantiated by the discovery of Google’s high market shares (>90%) and the high barriers to entry in this market. 17

20 ibid.

In July 2018, the Commission concluded its Google Android investigation by fining Google €4.34 billion for breaching EU competition law. The Commission found that Google had imposed illegal restrictions on manufacturers of Android devices and mobile network operators to strengthen its already dominant position in general internet search.18 The Commission’s main findings can be summarised in three points. Firstly, as a condition for licensing Google’s app store (the Play Store), Google required manufacturers to pre install the Google Search and browser apps. 19 Secondly, if certain large manufacturers and mobile operators exclusively pre installed the Google Search app on their devices, Google would make payments to these market actors. 20 Thirdly, Google prevented manufacturers aiming to pre install Google apps from selling their devices if they ran on non Google approved alternative versions of Android.21

For article 102 TFEU to apply, a firm must be dominant at the time at which an abuse is committed. This requires an assessment of whether an undertaking faces significant competitive ibid.

19 ibid.

Google Android (Case AT.40099) Commission Decision of 18 July 2018 [2018], paras 440 461.

2. Market Definition: General Principles

1.2. Google Android

1.3. Google AdSense

Commission, ‘Antitrust: Commission Fines Google €1.49 Billion for Abusive Practices in Online Advertising’ (European Commission, 20 March 2019) il/en/IP_19_1770<https://ec.europa.eu/commission/presscorner/deta>accessed10January2022. ibid.

15 ibid.

reaching this conclusion, the Commission pointed to high market shares (>90%) and high barriers to entry.22

Google Search (Adsense) (Case AT.40411) Commission Decision of 20 March 2019 [2019], paras 274 290.

rival comparison shopping services in its search results.15 This meant that Google’s comparison shopping services were significantly more visible to consumers than its rivals' in Google’s search results.16

18 Commission, ‘Antitrust: Commission Fines Google €4.34 Billion for Illegal Practices Regarding Android Mobile Devices to Strengthen Dominance of Google's Search Engine’ (European Commission, 18 July 2018) il/en/IP_18_4581<https://ec.europa.eu/commission/presscorner/deta>accessed10January2022.

quoted in the general principles section are important passages of past judgements issued by the CJEU and relevant paragraphs from the Commission Notice.35 In the three Google Decisions, the Commission restates some such principles. For example, all three Decisions mention the need to examine not solely the objective characteristics of the relevant services, but also the competitive conditions and structure of supply and demand on the market.36 Another universally

34 O’Donoghue and Padilla (n 5) 168.

Google Android (Case AT.40099) Commission Decision of 18 July 2018 [2018], para 212; Google Search (Shopping) (Case AT.39740) Commission Decision of 26 June 2017 [2017], para 146; Google Search (Adsense) (Case AT.40411) Commission Decision of 20 March 2019 [2019], para 112.

Decisions.Often

Moritz Lorenz, An Introduction to EU Competition Law (Cambridge University Press 2013) 274.

Commission, ‘Notice on the Definition of Relevant Market for the Purposes of Community Competition Law’ [1997] OJ C372/03, para 4.

constraints.26 To assess dominance, however, the relevant markets in which an undertaking operates must first be identified. Market definition is used to assess whether an undertaking which engages in alleged abusive practices enjoys market power. The relevant market is typically defined along product and geographic dimensions.27 Often added as a third dimension is an assessment of the temporal market. In some cases, competitive conditions in a particular market may change over time making it necessary to determine the time when the relevant market should be defined. This is particularly related to markets where supply and demand fluctuations occur depending on the time of the year.28 For example, the seasonal nature of fruit production was raised in United Brands29 although the Court defined the market narrowly and did not rely on the seasonal nature of the market in its judgment. In assessing the EU digital sector and Google as an undertaking, it is unnecessary however to account for the temporal market as there exist no such seasonal variations in the use of Google services. As the focus of this research contribution is limited to the Commission’s approach to defining relevant product markets, geographical market definition will also be omitted from the present discussion.

to the subsequent assessment of dominance. This is because an erroneous market definition may distort the assessment of dominance and potentially yield misleading results. Although exceedingly rare, Commission Decisions may be annulled owing to faulty market definition.32 The definition of the relevant market thus often has a decisive influence on the assessment of a competition case.33 It is therefore important for the Commission to correctly set the scene in this preliminary phase of the dominance assessment. On the one hand, an overly narrow definition will be under inclusive and create a situation in which anticompetitive conduct performed outside the delineation of the relevant market is left unanalysed by the Commission. On the other hand, an excessively broad definition will be over inclusive and lead to a situation in which conduct that threatens effective competition is left unanalysed by the Commission.34 Restating some general principles of market definition prior to actual market analysis has thus become something of a formality in the Commission’s article 102 TFEU

Case 27/76 United Brands Company and United Brands Continentaal BV v Commission [1978] ECR 207; Barry J Rodger and Angus MacCulloch, Competition Law and Policy in the EC and UK (4th edn, Routledge Cavendish 2009) 109.

31 Case T 62/98 Volkswagen v Commission [2000] ECR II 2707, para 230.

32 See for example Case T 691/14 Servier SAS, Servier Laboratories Ltd, and Les Laboratoires Servier SAS v Commission [2018] ECLI:EU:T:2018:922

Commission, ‘Notice on the Definition of Relevant Market for the Purposes of Community Competition Law’ [1997] OJ C372/03.

See Case 6/72 Europemballage Corporation and Continental Can v Commission [1973] ECR 215, para 32; Case 27/76 United Brands Company and United Brands Continentaal BV v Commission [1978] ECR 207, para 10; Case 31/80 L’Oreal v De Nieuwe AMCK [1980] ECR 3775, para 25; Case 62/86 AKZO Chemie BV v Commission [1991] ECR I 3359, para 51; Case 241/00 P Kish Glass & Co Ltd v Commission [2001] ECR I 7759; Case T 219/99 British Airways plc v Commission [2003] ECR II 5917, para 91.

The EU Courts have held since the 1970s that defining the relevant market is an essential preliminary step in assessing dominance. 30 The General Court has described the proper definition of the relevant market as a ‘necessary precondition for any anti competitive behaviour ’31 Defining the correct market is therefore of practical importance

O’Donoghue and Padilla (n 5) 168.

27 ibid 169.

The inclusion of these principles, which vary in each Decision, serves to outline the contentious points of market definition to be addressed by the Commission in more detail. In setting the scene, the Commission summarises the most contentious points of law to be discussed in further detail throughout the sections on market definition in their Decisions.

38 Commission, ‘Notice on the Definition of Relevant Market for the Purposes of Community Competition Law’ [1997] OJ C372/03, para 7.

The most important constraint is exerted by those consumers capable of switching their consumption to products that they perceive to be interchangeable, particularly in the event of a price rise.44 This is known as demand side substitution. When an undertaking’s customers have demand side substitutes available, the undertaking cannot profitably raise the price of its products because that would result in customers switching to products provided by other undertakings, leading to a loss of business.45 The leading role played by demand substitution is endorsed by the Commission in its Notice on market definition: ‘demand substitution constitutes the most immediate and effective

Commission, ‘Guidelines on Market Analysis and the Assessment of Significant Market Power under the European Regulatory Framework for Electronic Communications Networks and Services’ [2002] OJ C165/6, paras 35 and 49.

39 Luis Ortiz Blanco, Market Power in EU Antitrust Law (Hart Publishing 2011) 15.

40 ibid.

mentioned principle is the need to consider supply side substitutability in situations where its effects are equivalent to those of demand substitution in terms of effectiveness and immediacy.37

A relevant product market, within the meaning of the Commission Notice, comprises all those products and/or services which are regarded as interchangeable or substitutable by the consumer, by reason of the products’ characteristics, their prices and their intended use.38 Defining the relevant market requires the analysis of any available evidence regarding previous behaviour in the market and a global understanding of the mechanisms of each relevant sector.39

O’Donoghue and Padilla (n 5) 169. Ortiz (n 39) 15.

O’Donoghue and Padilla (n 5) 172. ibid.

For example, any previously available evidence of the behaviour of consumers when substituting certain products or services for others would be worthy of analysis in this regard. Behavioural indicators are useful tools for the Commission in the market definition exercise both for finding that competition has been eliminated and that a dominant position is being held. 40 The Commission recognised these behavioural factors early as being important in defining markets in the EU digital sector. In 2002, the Commission adopted Guidelines to this effect for electronic communications networks and services which included several mentions of behavioural factors.41

37 Google Search (Adsense) (Case AT.40411) Commission Decision of 20 March 2019 [2019], paras 214, 150 and 116.

2.1. The Relevant Product Market

2.2. Demand Side Substitution

As provided for in paragraph seven of the Commission Notice, however, the commanding concept in the relevant product market is that of substitutability. This concept is used to gauge the likelihood of consumers switching from one undertaking’s product to another’s in response to a price increase in the former.42 Where such a price rise would be unprofitable for an undertaking as sales are lost to rival undertakings which profit from this price rise by attracting more consumers both undertakings’ products are likely to be in the same relevant product market. This represents an exercise in identifying the real alternative sources of supply to which consumers can turn.43

Understanding the mechanics of each relevant sector has proven problematic in the EU digital sector mainly due to the multi sided nature of platform markets. The multi sided nature of markets in which Google operate for instance pose intricate and complex problems for market definition not typically encountered in more conventional markets. This will be discussed in more detail in Section 4.

The traditional approach to assessing demand side substitutability involves the application of the small, but significant, non transitory increase in price (SSNIP) test. The test operates by applying a hypothetical permanent increase in price to a product; usually the price increase will be in the range of 5 10% 49 Initially this hypothetical increase is applied to the products produced by the undertaking in question. If there is evidence that customers would switch to purchasing other products when faced with such a price increase, the original and substitute products are considered to be

disciplinary force on the suppliers of a given product, in particular in relationship to their pricing decisions.’46

A second, ancillary, constraint is created by those rival undertakings who can quickly produce and commercialise products that are demand side substitutes to those of another undertaking.52 This is known as supply side substitution and concerns the ability of undertakings to switch production in the short term without incurring large sunk costs.53 This switch in production is approached from the perspective of an undertaking that produces products which are not demand side substitutes. The undertaking can, however, rapidly enter the relevant market by cheaply and quickly switching its production plans to manufacture products that compete with those already established in the relevant

The Commission Notice makes clear that in testing for supply side substitution, it is important to take this type of substitution into account particularly insofar as its effects are equivalent to

Commission, ‘Notice on the Definition of Relevant Market for the Purposes of Community Competition Law’ [1997] OJ C372/03, para 13.

In analysing demand side substitutability, the Commission may make use of both qualitative and quantitative methods. Qualitative methods could, for example, include an examination of product characteristics and the intended use of a product by consumers, whereas quantitative methods could involve the examination of price trends and the estimation of cross elasticities using econometric methods.48

in the same market.50 This calculation is performed until there are no further products which would be considered as substitutes.51

2.3. Supply Side Substitution

Commission, Directorate General for Competition, and Secretariat General, XXIVth Report on Competition Policy of 1994 (EU Publications Office 1995), para 280; Commission, ‘Notice on the Definition of Relevant Market for the Purposes of Community Competition Law’ [1997] OJ C372/03, para 39.

47 O’Donoghue and Padilla (n 5) 172.

are taken to be part of the same relevant product market if they are supply side substitutes. A finding of supply side substitution thus expands the scope of the relevant product market. Supply side substitutability is likely to be of relevance in situations where firms produce a wide range of different qualities, or different grades of a product, that are not seen as substitutable by consumers, but which are produced on similar equipment.54

49 Commission, ‘Notice on the Definition of Relevant Market for the Purposes of Community Competition Law’ [1997] OJ C372/03, para 17. Rodger and MacCulloch (n 29) 105. ibid. O’Donoghue and Padilla (n 5) 172. ibid. ibid 174.

Consumer preferences are the driving forces behind the assessment of demand side substitutability. Whether products have similar physical characteristics is generally insignificant: consumers may regard products with dissimilar physical characteristics as substitutes, or regard as not interchangeable those products with similar physical characteristics. All products that consumers regard as close substitutes to the product or products of the undertaking whose behaviour is analysed should be part of the same relevant market since they impose a competitive constraint on the firm concerned.47

Twomarket.products

Clearstream (Clearing and Settlement) (Case COMP/38/096) Commission Decision of 4 June 2004 [2004], paras 135 137.

3.1. Defining Multi Sidedness

60 ibid, para 41.

56 Case 6/72 Europemballage Corporation and Continental Can Company Inc v Commission [1973] ECR 215.

Contrastingly, the Court of Justice upheld the Commission’s findings of separate markets for heavy vehicle tyres in Michelin I 59 The Commission considered that the two types of tyres at issue were produced through different production techniques hence rendering a switch in production from one type to the other financially undesirable. This led the Court to define separate markets as proposed by the Commission as the tyres could not be classified as supply side nor demand side substitutes.60

The importance of supply side substitutability as a secondary consideration in defining the relevant product market cannot be underestimated. In Continental Can, 56 the Court of Justice annulled the Commission’s Decision partly because it had failed to consider supply side substitution in its assessment. The Court held that the Commission’s findings of high market shares were irrelevant in the absence of evidence that competitors from other sectors of the market for light metal containers were not in a position to enter this market. 57 This rejection came down to the failure of the Commission in recognising the ‘simple adaptation’ of ‘glass and plastic containers’ that would create ‘serious counterweight’ to the product market profile.58

The willingness of the European Courts to consider supply side substitution in its own market definition process has prompted the Commission to routinely consider this factor in its analysis. Even in instances where supply side substitution is mostly

57 ibid, para 15; O’Donoghue and Padilla (n 5) 176.

ibid, upheld on appeal in Case T 301/04 Clearstream Banking AG and Clearstream International SA v Commission [2009] ECR II 3155.

O’Donoghue and Padilla (n 5) 201.

3. Multi Sided Markets and the EU Digital Sector

58 Case 6/72 Europemballage Corporation and Continental Can Company Inc v Commission [1973] ECR 215; Jorge Padilla, ‘The Role of Supply Side Substitutability in the Definition of the Relevant Market in Merger Control: A Report for DG Enterprise A/4 (European Commission)’ (2001) National Economic Research Associates Series 32; All Answers Ltd, ‘Definition of Relevant Market’ (Lawteacher.net, February 2022) <www.lawteacher.net/free law essays/general

64 Silverthorne (n 9).

irrelevant, the Commission has nonetheless conducted substantial analysis. In Microsoft, 61 the Commission found that supply side substitution played no role in expanding the relevant product market as already established through the lens of demand side substitution. However, the Commission thoroughly checked for the existence of both supply and demand side substitutability in the three markets that were identified. A similar conclusion was reached in the Clearstream Decision where the Commission found that demand side substitution was once again the determinative factor.62 Supply side substitution was nevertheless considered to be relevant in defining several security clearings markets.63

Multi sided markets are markets in which undertakings need to get two or more distinct groups of customers who value each other's participation on board the same platform in order to generate any economic value.64 In the platform search services sector, undertakings such as Google compete with rivals to, among other things, attract the most attention from users searching for online information.65 In this context, search users occupy one side of the market while advertisers and vendors occupy the other side. The key to getting both sides of the market on board here involves subsidising the user side and monetising through selling advertisements. Thus, from the user’s perspective, accessedlaw/applicationofcompetitionlaw.php?vref=1>27February2022.

Case T 201/04 Microsoft v Commission [2007] ECR II 3601.

Commission, ‘Notice on the Definition of Relevant Market for the Purposes of Community Competition Law’ [1997] OJ C372/03, para 20.

those of demand substitution in terms of effectiveness and immediacy.55

Case 322/81 NV Nederlandsche Banden Industrie Michelin v Commission [1983] ECR 3461.

68 Andres V Lerner, ‘The Economics of Network Effects and User Data in the Provision of Search, Search Advertising, and Display Ad Intermediation’ (2019)

66 Joé Lamesch, ‘Market Definition in the Google Android Case’ (Master thesis, University of Liège 2016) 5 6.

Decisional practice has shown that the Commission is inclined to apply its standard tests to cases involving multi sided markets. This presents two pressing problems that can result in a distorted market definition. These are the absence of consideration of: (i) pricing structures and levels across both sides of the multi sided market and (ii) of issues of substitution between alternative multi sided business models.73 The first issue is most visible in Google Shopping where the Commission fails to address how the relationship between the search and advertising functions determines the price charged by Google for advertisement.74 Regarding the second issue, the Commission ends its discussion on substitution by concluding that general search services and social media platforms perform different functions, meaning these markets are deemed to be unrelated.75

67 Tim Stobierski, ‘What Are Network Effects?’ (Harvard Business School Online, 12 November 2020) <https://online.hbs.edu/blog/post/what are network effects> accessed 8 May 2022.

A product or service exhibits network effects when the value of the service to a user rises with the number of other users of that service.68

group.70 Online marketplaces such as Google’s shopping services are rich in indirect network effects. These platforms bring together buyers and sellers. Thus, the greater the number and variety of sellers, the greater the value to buyers and consumer traffic will increase as a response creating more value to sellers.71 The potential competitive concern regarding network effects is that they can create a positive feedback loop where large, established undertakings become larger and smaller providers and new entrants cannot catch up and compete effectively.72

The Commission’s reluctance to consider both sides of the market has been the subject of much debate. The Commission has recognised the two sided nature of search engine services in a past Google Decision, however. In Google/DoubleClick, the Commission stated that ‘an ad network is a two sided platform serving (i) publishers (websites) that want to host advertisements, and (ii) advertisers that

Google services are generally characterised as zero price markets as no price is paid by the user to access Google’s search services.

O’Donoghue and Padilla (n 5) 203. 74 Google Search (Shopping) (Case AT.39740) Commission Decision of 26 June 2017 [2017], s 5. O’Donoghue and Padilla (n 5) 203.

Both sides of the market are interdependent. A price rise on the search side would lead to a decline of consumers on that side. Since the drop of consumers on the search side makes the platform less attractive to the advertising side, the number of participants on the advertising side would drop as well. This would again lead to a further reduction of search consumers.66 This type of interdependence is known as an indirect network effect whereby as more of one group, consumers of Google’s search function, join the platform, the other group as advertisers receive a greater value amount as more users are present on Google to view and interact with their advertisements.67 Thus, there exists a strong presence of (in)direct network effects in multi sided markets particularly in platform services.

Direct network effects refer to the situation in which members of a user group derive value from additional members of the same user group on a platform.69 Since Google has a vast number of users, the value of Google services to the individual user will be extremely high and thus appears attractive to new users. Economic theory dictates that as the number of users rise, the network becomes more valuable to each user. For example, since Google is regarded as the market leader in search services and most search users turn to Google for their service, this high usage attracts other consumers wishing to interact with search services. Indirect network effects, on the other hand, arise when members of one user group on the platform derive value from the participation of members of another user

Australian Competition and Consumer Commission Working Paper Series 7. 69 ibid 8. 70 ibid. 71 ibid. 72 ibid. 73

The Commission’s reluctance to consider the multi sided nature of markets is particularly visible in the Google Trilogy Decisions. In Google Shopping, the Commission defined separate markets for general search and comparison shopping services.82 What is omitted, however, is a discussion on the relationship and interdependency of both sides of the market: search and advertising. Thus, any consideration on how both sides of the market interact to affect pricing structure and levels is absent, resulting in a seemingly oversimplistic assessment of the relevant market. The Commission instead deploys its typical substitution analysis to reach the rather apparent conclusion that general search services and comparison shopping services are only substitutable to a limited extent with several other services including content sites, specialised search services,

78 MasterCard (Case COMP/34.579) Commission Decision of 19 December 2007 [2007], para 257; Sébastien Broos and Jorge Marcos Ramos, ‘Google, Google Shopping and Amazon: The Importance of Competing Business Models and Two sided

sided markets more so than in single sided ones.79 From this point on, any approach can be applied to multi sided market analysis insofar as it can reflect market interdependencies.80 Thus, it is an inevitability that a more calculated and tailored starting approach to multi sided market definition will eventually lead to the same conclusion: that at least some facet of the analysis will have to be performed on a case by case basis. What this means for the Commission’s current tools such as the SSNIP test is that in some situations market definition for multi sided platforms can be conducted using these traditional tools but these tools may require modification depending on the nature of the platform being assessed.81

80 Sung Yoon Yang, ‘Rethinking Modes of Market Definition for Multi Sided Platforms’ (2018) 9 International Journal of Trade, Economics and Finance 164, 168.

79 Sebastian Wismer and Arno Rasek, ‘Note on Market Definition in Multi Sided Markets’ (Directorate for Financial and Enterprise Affairs Competition Committee, OECD 2017), para 47.

want to run ads on those sites.’76 Regrettably, the Decision does not mention how the presence and extent of the two sidedness in the market was identified.77 This lack of explanation points towards the Commission treating multi sided markets as the exception to the norm, seemingly undeserving of expansiveThereasoning.Commission

77 Joyce Verhaert, ‘The Challenges Involved with the Application of Article 102 TFEU to the Market for Search Engines as Part of the New Economy and the Implications for the Google Case’ (Master thesis, KU Leuven 2013) 69.

The Antitrust Bulletin 1.

has also defined different relevant markets where two sided platforms are involved in the wider EU digital sector. Its position was clearly stated in MasterCard where it defined two relevant markets and strongly opposed the consideration that two sidedness meant defining one relevant market: ‘two sided demand does not imply the existence of one single joint product.’78 Thus, the Commission’s problem in defining multi sidedness is not one of a reluctance to acknowledge the existence of such a market characteristic, but rather a difficulty in understanding the mechanics of complex and intricate market structures that operate outside the bounds of a more conventional market analysis.It is hard to identify a standardised test that can be used to define multi sided product markets. As other multi sided markets function much differently than Google’s search platform, a standardised solution is unlikely to be developed soon. In the absence of such a test, academics have suggested that competition authorities adopt a heightened focus on the characteristics of multi sided markets that separate them from conventional single sided markets. This can then form the basis for economic analysis. Through this lens, competition authorities are required, given the analytical complexity of multi sidedness, to take a holistic approach to market circumstances in multi

76 Google/Doubleclick (Case COMP/M.4731) Commission Decision of 11 March 2008 [2008], para 20.

Intermediaries in Defining Relevant Markets’ (2017) 62

81 ibid.

82 Google Search (Shopping) (Case AT.39740) Commission Decision of 26 June 2017 [2017], s 5.

3.2. Multi Sidedness & Google

The markets in which Google is active such as those for search services, online comparison shopping and online search advertisements as part of the wider EU digital sector are all characterised by rapid innovation, network effects and multi sidedness of platforms amongst other things.91 The absence of consideration of these characteristics, particularly multi sidedness, contribute at the very least to questionable market definitions in the Google Trilogy.

It remains unclear whether the Commission’s acknowledgement of the existence of multi sided markets in Google AdSense will pave the way for any substantive consideration in future EU digital sector Decisions. It would appear as though the Commission’s approach to multi sidedness in the Google Trilogy takes a purely legal perspective with little room for consideration of how certain Google markets function in practice. This failure on the part of the Commission to fully consider the complexities of multi sided markets in its Google Decisions form the basis for dubious assessments of relevant product markets.

84 Google Android (Case AT.40099) Commission Decision of 18 July 2018 [2018], ss 8.3 8.6.

social networking sites and online search advertising platforms.83

Google Android (Case AT.40099) Commission Decision of 18 July 2018 [2018], paras 299 305.

87 Google Search (Adsense) (Case AT.40411) Commission Decision of 20 March 2019 [2019], para 121. 88 ibid. ibid, ss 6.2.1.1 and 6.2.1.2. O’Donoghue and Padilla (n 5) 204. Verhaert (n 77) 68.

In Google AdSense, the Commission defined two separate markets for general search services and online search advertising. 87 The Commission took steps to account for the multi sided nature of the markets at stake in its Decision. This is evidenced by its acceptance that general search services and online search advertising were two different but interconnected sides of an individual general search engine platform. The Commission considered online search advertising to involve the matching by search advertising platforms of user queries with relevant search ads. On the demand side of this market are internet users and advertisers. On the supply side are the operators of search advertising platforms.88 While the Commission acknowledges this interconnection, no further steps are taken to

construct any meaningful market analysis around this point. The Commission maintains that the product market for online search advertising is a distinct one based on traditional single market product substitution analysis. This is most visible in its substitution analysis of offline against online advertising and online against non online search advertising.89 The economic implications of price structures and levels across both sides of the market are left untapped.90

4. The Relevant Product Market in the Google Trilogy

85 O’Donoghue and Padilla (n 5) 204.

In Google Android, the Commission defined markets for the licensing of smart mobile device operating system (OSs), Android app stores, general search services and non OS specific mobile web browsers.84 In defining these markets separately, the Commission dismissed the argument that products in these markets could be viewed as forming part of a single market encompassing many aspects of mobile platform competition between Android and other OSs.85 Although the Commission follows a more general line of reasoning on this point, the elephant in the room is undoubtedly the fact that Android’s OS and Apple’s iOS are not deemed to be a part of the same market in the Commission’s assessment. At first glance, this is a surprising conclusion as many users would consider Android’s OS to compete with Apple’s iOS. Particularly contentious in this regard is the Commission’s conclusion that a user’s choice of app store is determined by that user’s choice of mobile device and corresponding OS.86 Contesting this conclusion forms an important part of Google’s Android appeal.

ibid, paras 163, 166, 178 and 196.

93 ibid.

In Google Shopping, the Commission defined product markets for general search services and comparison shopping services. Turning firstly to the market for general search services, the Commission claimed that this was a distinct product market for four reasons. Most important to the present discussion are the first two reasons cited by the Commission. Firstly, that the provision of general search services constitutes an economic activity. Secondly, that there is limited supply and demand side substitutability between general search services and other online services.92

The Commission’s recognition of Google’s search engine platform as a two sided platform is striking.93 In fact, the Commission concisely explains the exact workings of the two sided platform by describing how the basis for Google’s revenue on its search engine platform is the interaction between two distinct user groups: search users and advertisers. Thus, early on in its analysis, the Commission acknowledges that it is dealing with a two sided platform. The Commission considered general search services to only be substitutable to a limited extent with alternative means of discovering information such as content sites, specialised search services and social networks. This conclusion was based on the facts that: (i) general search services serve a different purpose to these other services; (ii) general search services allow users to search for content all over the web; (iii) general search services return more wide ranging results compared to specialised search services as a result of searching the entire internet; and (iv) general search services function based on an automated process called web crawling.94

The issue with the Commission’s assessment here is that it is predominantly based on qualitative evidence which raises the possibility of being partially or wholly subjective. While such an approach to a complex multi sided case might well be criticised by armchair legal pundits, it is unfair to fault the Commission alone on this point. Recent judgements handed down by the CJEU have provided the Commission with an avenue to pursue a more qualitative approach to certain situations of market definition. For example, the General Court provided in Topps96 that although the gold standard for market definition may be the SSNIP test, it is not the only method available to the Commission. Other tools may be used to define certain markets especially in cases where the SSNIP test may prove unsuitable.97 The Court also reiterated that paragraph 25 of the Commission Notice does not

4.1.

92 Google Search (Shopping) (Case AT.39740) Commission Decision of 26 June 2017 [2017], para 156.

Google Shopping

The Commission also defined a separate market for product comparison services. In its view, there is limited demand side substitutability between comparison search services and (i) search services

94 ibid, s 5.2.1.2.; O’Donoghue and Padilla (n 5) 173.

specialised in different subject matters; (ii) online search advertising platforms; (iii) online retailers; (iv) merchant platforms; and (v) offline comparison shopping tools. The Commission substantiates this claim by relying once again on the different purposes explanation as was used in defining general search services. In the Commission’s view, product comparison services provide users that are looking for information on a product with a choice of existing commercial offers available on the internet for the said product, as well as tools to sort and compare those offers. These services are perceived by users as a service dedicated to them and tailored to produce specialised search results for a product. Finally, price comparison services typically seek to refer users to third party websites where they can buy the relevant product rather than sell products directly.95 Thus, to a certain extent, the Commission suggests that product comparison services facilitate the functioning of the services which they are comparing. This begs the question of why these latter services are not assessed under a single product comparison services umbrella category.

95 Google Search (Shopping) (Case AT.39740) Commission Decision of 26 June 2017 [2017], paras 193 230.; O’Donoghue and Padilla (n 5) 173 174. 96 Case T699/14 Topps Europe Ltd v Commission [2017] ECLI:EU:T:2017:2, para 82. 97 ibid.

This passage from Topps was cited by the Commission in both Qualcomm (Predation) and Qualcomm (Exclusivity) Decisions.99 Based on the Topps judgement, the Commission decided against performing a quantitative assessment and decided to rely exclusively on qualitative evidence without conducting the SSNIP test. The issue lies not in the use of qualitative evidence, but the abandonment of a test which does not require quantitative data to be implemented.100

104 cf Andrew M Saint Laurent, Understanding Open Source & Free Software Licensing (1st edn, O’Reilly 2004) 4.

in multi sided markets an understanding of one side is insufficient for the purposes of defining a relevant product market. Thus, while it is of no use or sense to conduct an SSNIP test on the search side, it is worth considering whether a test on the other side of the platform would afford insights into the workings of the market as a whole.

O’Donoghue and Padilla (n 5) 188.

101

In the Google Shopping Decision, the Commission cites Topps and states that the performance of the SSNIP test was unnecessary since Google provides its search services for free to users.101 This begs the question of what test to use in zero price markets? The second best option for measuring demand side substitutability is thus undoubtedly qualitative evidence. Thus, if qualitative evidence is deemed as an undesirable method, either there exists a gap in the antitrust toolbox or advances in measuring subjective elements of markets and products must be made and made quickly.However,

4.2. Google Android

4.2.1. The Licensing of Smart Mobile OSs

OSs, (ii) Android app stores, (iii) the provision of general search services and, (iv) non OS specific mobile web browsers.102 The first two of these relevant product markets have been the subject of much debate in the context of multi sided markets. To avoid venturing too deep down the rabbit hole, this discussion will touch only on the first of these product markets. The Commission’s finding that the licensing of smart mobile OSs constitutes a relevant product market is an essential first step in defining the remaining markets in the Decision and contains some of the most contentious points therein.

The Commission considered four points in defining a separate relevant product market for the licensing of smart mobile OSs. One of these considerations was that non licensable smart mobile OSs do not belong to the same product market as all licensable smart mobile OSs. This conclusion is considered contentious as a key takeaway is that the Commission does not consider licensable OSs like Google’s Android and non licensable OSs, like Apple’s iOS, to be part of the same market. In this context, the Commission advanced the claim that there is limited demand side substitutability between these two OS groups as original equipment manufacturers (OEMs) are unable to acquire licenses to use non licensable OSs.103 An important clarification here is that Android is an open source software. Open source software is released under a license in which the copyright holder, in this case Google, grants users, OEMs, the rights to use, study, change, and distribute the software and its source code to anyone and for any purpose.104 Thus, OEMs are free to develop their own versions of Android whereas this is not the case for software that is not open source such as Apple’s iOS.

ibid; cf Commission, ‘Notice on the Definition of Relevant Market for the Purposes of Community Competition Law’ [1997] OJ C372/03, para 25.

require the Commission to follow a rigid hierarchy of different sources or types of evidence.98

99 Qualcomm (Exclusivity) (Case AT.40220) Commission Decision of 25 January 2018 [2018]; Qualcomm (Predation) (Case AT.39711) Commission Decision of 18 July 2019 [2019].

Google Search (Shopping) (Case AT.39740) Commission Decision of 26 June 2017 [2017], paras 243 245. 102 Google Android (Case AT.40099) Commission Decision of 18 July 2018 [2018], para 217. 103 ibid, para 239.

In Google Android, the Commission defined relevant product markets for (i) the licensing of smart mobile

100

O’Donoghue and Padilla (n 5) 174.

competitive position against Apple.110 Google’s competition with Apple in the smartphone market thus constrains Google’s behaviour and limits its market power in Android specific aftermarkets such as app stores, chargers, phone cases etc. It would appear immaterial to the market definition discussion that OEMs cannot obtain licenses to develop their own versions of Apple’s iOS. This substitutability argument from the point of view of OEMs does little to contribute to the conclusion on whether Apple and Android OSs are in the same relevant

On the one hand, this conclusion is questionable because it overlooks the key feature of the market which is competition between different ecosystems of OSs for the market.105 The limited demand side substitutability from the suppliers’ perspective is extended to users in the dominance section of the Decision. Here, the Commission mentions the significant price discrepancies between Google Android and Apple iOS devices and the substantial costs incurred by Google Android users in switching to iOS. The Commission also suggested that there is a strong presence of brand loyalty demonstrated by users of a particular OS and app developers are unlikely to halt development for Google Android and develop exclusively for iOS.106

108 Dirk Auer, ‘Making Sense of the Google Android Decision (Part 1): Four Problems with the EU Commission’s Market Definition’ (Truth on the Market, 14 November 2019) <https://truthonthemarket.com/2019/11/14/makingsenseofthegoogleandroiddecisionpart1fourproblemswiththeeucommissionsmarketdefinition/>accessed5April2022.

As in Google Shopping, qualitative evidence once again appears to be at the forefront of the Commission’s analytical approach. Implied in this approach is the total rejection of the argument that mobile platform to platform competition between Android and other OSs occurs in the same market. The Commission justified its conclusion by focusing on their different characteristics. Other subjective factors were considered such as user choices of mobile device.107 However, all this analysis eventually circles back to the same question: is it possible to infer that because their products are not substitutes from OEMs’ perspectives, Google and Android do not compete against each other. 108 Since there exists a competitive market for Android and Apple smartphones, then it is presumably somewhat immaterial that Google is the only undertaking to offer a licensable mobile operating system in contrast to Apple and Blackberry’s closed alternatives.109 In exercising its power against OEMs by, for example, degrading the quality of Android, Google would, by the same token, weaken its

O’Donoghue and Padilla (n 5) 206. 113 ibid.

the Commission approaches the substitutability of (non )licensable OSs from the perspective of OEMs precisely because the Google Android Decision aims to address the abusive practice of tying which were applied with respect to the OEMs. Thus, the question of substitution is one that needs to be posed with respect to OEMs and not in general terms of Google vs. Apple.111 Considering this approach however, one might ask whether assessing the substitutability of (non)licensable OSs predominantly from the perspective of OEMs constitutes a holistic analysis of the competitive conditions of this relevant market. Because licenses are not granted for a non licensable OS, this completely excludes OEMs from any discussion on market definition for non licensable OSs. Thus, by implication, they have no presence in that market and from their perspective there is indeed limited demand substitutability between licensable and non licensable OSs as the Commission suggests. This is trite: if a candidate market for licensable OSs is to be established, by definition non licensable products are not a substitute.112 This point thus assumes what the Commission must prove. 113

Daniel Mandrescu, ‘Lessons and Questions from Google Android Part 1 The Market Definition’ (Lexxion, 29 October 2019) <www.lexxion.eu/en/coreblogpost/lessons and questions from google android part 1 the market definition/> accessed 5 April 2022. 111 ibid.

110

However,market.

105

112

109 ibid.

106 Google Android (Case AT.40099) Commission Decision of 18 July 2018 [2018], paras 497 501.

107 ibid, para 299.

O’Donoghue and Padilla (n 5) 206.

120

However, the absence of a market participant on a market being used as a point of comparison for the initial market being investigated certainly appears to underrepresent the conditions of competition. A surely relevant question is whether the fact that OEMs cannot obtain licenses for certain OSs has any profound influence on the end user’s decision to purchase either an Apple or Android smartphone. Ultimately, it is consumers who will be affected by Google’s practices of tying at the OEM level when it comes to components of the smartphone such as downloadable app stores. Whereas OEMs only feature on markets for licensable OSs, two ever present actors are consumers, who purchase the end product, and developers who amongst other activities develop apps compatible with each OS. Unlike OEMs, consumers and developers are likely to be less concerned with the question of licensing when considering switching from one platform to another.114 Thus, the weight attributed to the perspective of OEMs, justified by the context in which the abusive conduct occurred, appears too heavy. A heightened focus on consumer and developer perspectives in the markets at stake would likely have produced a more complete understanding of the effects of licensing on each stage of production up until and including the distribution of the final product. Instead, such perspectives are only thoroughly explored in the sections on dominance and abuse in the Commission’s Decision.115

117

The glaring issue with the above observations is that at no point in the Decision does

controversial conclusion and constitutes an integral part of Google’s appeal. Both Apple and Android OSs are engaged in intense competition in respect of their OS performance, quality, and innovation through rapid and successive updates trying to outperform one another. 117 It is surely clear that the quality of the OS is one of the most important (if not the most important) aspects of quality in a smart phone So, to suggest that users would pay insufficient regard to quality differences seems surprising. 118 Equally surprising is the notion that two of the world’s largest and most profitable undertakings would be incapable of exercising a material constraint on each other in an area of direct overlap.119

119 ibid.

Google Android (Case AT.40099) Commission Decision of 18 July 2018 [2018], paras 264 266.

Based largely on the conclusion that OEMs cannot switch to non licensable OSs, the Commission decided against conducting a SSNIP test believing that it would not have produced a different outcome.120 Consequently, the Commission favoured carrying out a small but significant non transitory decrease in quality (SSNDQ) test. This test focuses on the ability of an undertaking to degrade the quality of their product yet maintain or increase profitability.121 The Commission highlights several points in this regard throughout its Decision. The Commission contends that in the event of a SSNDQ, (i) users would be unlikely to switch to non licensable OS smartphones,122 (ii) users are not sensitive to variations in the quality of their mobile OS and would not change their purchasing behaviour,123 (iii) first time buyers are less likely to react and,124 (iv) app developers are unlikely to switch to developing exclusively for iOS.125

122

116 ibid, para 243.

115 Google Android (Case AT.40099) Commission Decision of 18 July 2018 [2018], s 9.3.4.

The World Bank, ‘Approach to Market Definition in a Digital Platform Environment’ (Digital Regulation

114 Mandrescu (n 110)

118 ibid.

4.2.2. Commission Conclusions on Android OS

Google Android (Case AT.40099) Commission Decision of 18 July 2018 [2018], paras 267 and 483. 123 ibid, para 487. 124 ibid, para 549. 125 ibid, para 552.

Ultimately, the Commission concluded that iOS exercises an insufficient direct constraint on Google’s dominant position in the worldwide market for licensable OSs.116 This is a particularly

Platform, 26 August 2020) <https://digitalregulation.org/approach to market definition in a digital platform environment/> accessed 6 April 2022.

121

130

126

The Commission delivered its most recent Decision in the Google Trilogy in 2019 by addressing Google’s anticompetitive conduct pertaining to its online search advertising service. This Decision is viewed as an extension of the Google Shopping Decision as Google’s search function was at the forefront of analysis in both instances. The Commission defined markets in Google AdSense for online search advertising and online search advertising intermediation.137 Online advertising intermediaries are specialised entities that provide targeted services for a certain part of the market.138 Thus, intermediaries such as Google that have significant market power allocate advertising spaces on their platform at the request of digital publishers.

The Android Decision provides a valuable source of guidance and questions in the case of defining markets for multi sided platforms. It shows

127 Raymond Hartman and others, ‘Assessing Market Power in Regimes of Rapid Technological Change’ (1993) 2 Industrial and Corporate Change 317.

In defining a relevant market for online search advertising, the Commission considered the role of general search services in such a definition. The Commission’s approach to general search services in Google AdSense can thus be compared to that delivered in the Google Shopping Decision two years

Santiago R Balseiro and others, ‘Intermediation in Online Advertising’ in Ming Hu (ed), Sharing Economy (Springer 2019) 1.

132 ibid. 133 ibid.

earlier.In

139

128

131 Mandrescu (n 110).

O’Donoghue and Padilla (n 5) 207.

136

137

Google Search (Shopping) (Case AT.39740) Commission Decision of 26 June 2017 [2017], s 5.2.1.

O’Donoghue and Padilla (n 5) 206.

Google Android (Case AT.40099) Commission Decision of 18 July 2018 [2018], para 286.

Google Shopping, the Commission concluded that a general search engine platform is a two sided platform.139 The Commission builds upon this in Google AdSense by immediately recognising that general search services and online search advertising constitute two different but interlinked ibid. ibid. ibid.

that the Commission is willing to define a single relevant product market for a multi sided platform and can adapt its tools to zero price markets by replacing the SSNIP with the SSNDQ test.135 However, it falls short in delivering the legal and economic justification for such a switch.136

134

Google Search (Adsense) (Case AT.40411) Commission Decision of 20 March 2019 [2019], para 120.

4.3. Google AdSense

Furthermore, the Commission selected the specific qualities to be tested with reference to a Google produced survey for developers.130 One may wonder whether this is the most suitable manner to make the selection in future cases rather than making a specific survey for the purpose of the investigation.131 Also not included in the Decision is an answer to what degree of quality decrease simulates the same effect as a price increase of 5 10% (SSNIP).132 This information would be very important for future practice in determining substitutability in the absence of performing a SSNIP test. Above all, it is unclear how the SSNDQ accounts for the multi sided nature of platforms and the interdependency of demand among their various customer groups.133 In this matter too, it is unclear from the Decision how the test incorporated the multi sided character of the platforms.134

138

the Commission concretely define what a deterioration of quality is or how it should be interpreted.126 In other words, no benchmark for degradation is provided against which OSs can be compared. A widely suggested benchmark figure for the SSNDQ test hovers around 25%.127 Yet, the Commission proposes no concrete figure. This makes the Commission’s SSNDQ conclusions appear questionable and unsubstantiated. Fundamentally, the Commission disregards the point that Android is an open source licence which allows licensees to develop their own versions of Android.128 Thus, if Google sought to degrade Android, the availability of non degraded versions from non Google sources would make it pointless to do so.129

129 ibid.

135

140

148

141 ibid.

152

143 ibid, para 45.

146 ibid, para 127.

Google/Doubleclick (Case COMP/M.4731) Commission Decision of 11 March 2008 [2008].

Previously, in Google/DoubleClick, the Commission decided against indicating a preference for subdivision since from a demand side substitutability perspective, both online search and non search intermediation offer the intermediation of advertising space in the advertiser’s eyes.153 For

In Google AdSense, the Commission stands by its findings in Google/DoubleClick and further substantiates its reasoning in finding online and offline advertising not to be substitutable. The Commission suggests that online advertising is mainly used to trigger a direct consumer response whereas offline advertising is used to create brand awareness.145 Online and offline advertising also require different degrees of engagement from users.146 Beyond these justifications, the

150

As far as the substitutability of online search advertising with other forms of advertising is concerned, the Commission has addressed this issue before in another Google case: Google/DoubleClick. 142 In its 2008 Google/DoubleClick merger Decision, the Commission concluded that online advertising does not belong to the same relevant market as offline advertising which encompasses traditional forms of advertising such as placing advertisements on television, billboards, or radio. The primary reasoning for this is twofold. Firstly, online advertising is considered to be capable of reaching a more targeted audience in a more effective way.143 Secondly, the specific pricing mechanism applied to online advertising also distinguishes the two markets.144

144 ibid.

Google Search (Adsense) (Case AT.40411) Commission Decision of 20 March 2019 [2019], para 126.

147 ibid, paras 128 134.

149

Google/Doubleclick (Case COMP/M.4731) Commission Decision of 11 March 2008 [2008], para 73.

Google Ads, ‘Reach a larger or new audience with Google Display Network targeting’ (Google Ads, 24 May <2022)https://ads.google.com/intl/en_id/home/resources/reachlargernewaudiences/>accessed24May2022.

Johannes Schadt Wambach, ‘Abuse of Dominant Position in the Online World with Special Emphasis to the Definition of Relevant Markets: The Example of Google’ [2021] Prague Law Working Paper Series no 2021/I/4 13 <https://dx.doi.org/10.2139/ssrn.3795383> accessed 10 April 2022.

Julia Brockhoff and others, ‘Google/DoubleClick: The First Test for the Commission’s Non Horizontal Merger Guidelines’ [2008] Competition Policy Newsletter of the Directorate General for Competition 2, 54

Further evidence of the Commission’s evolutionary approach in detailing the multi sidedness and interdependency of tech markets is found in the Commission’s acceptance of subdivision between online search and non search advertising intermediation.148 The Commission considers search advertising to encompass mainly Google text advertisements.149 These advertisements can appear on Google results pages and across the Google network.150 Non search advertisements are taken to include Google display advertisements.151 These advertisements are shown on articles, videos, or websites that users browse.152

sides of a general search engine platform.140 The Commission goes one step further by identifying the actors on the supply and demand sides of the online search advertising market. On the demand side are internet users and advertisers, on the supply side are the operators of search advertising platforms.141

142

153

Google Ads, ‘How to Craft a Great Ad for Your Google Ads’ (Google Ads, 24 May 2022) /write<https://ads.google.com/intl/en_id/home/resourcesonlineads/>accessed24May2022.

145

Google Search (Adsense) (Case AT.40411) Commission Decision of 20 March 2019 [2019], para 121.

Commission offers several more explanations from user and advertiser perspectives.147 A fundamental observation here is that the Commission considers first, in substantial detail, the multi sided nature of the market it is defining. The attention devoted to assessing the multi sidedness of the online search advertising market eclipses that given to general search services in Google Shopping. This does not necessarily point to the inadequacy of the Commission’s analysis on this point but rather demonstrates the newfound importance of comprehensively assessing multi sidedness prior to or in conjunction with a substitutability assessment.

151 Brockhoff and others (n 149).

157

example, search advertisements may appear to users searching for a particular product whilst non search advertisements such as display advertisements are paid placements that will also target users. In Google AdSense, the Commission appears to have taken a U turn on this matter by indicating that Google was by far the strongest player in online search advertising intermediation and by implication placing both intermediation types under the same heading.154

the Google AdSense Decision appears to build upon the Commission’s observations in Google Shopping and Google/DoubleClick. A more thorough and calculated consideration of multi sidedness and the nature of narrow tech submarkets appears to produce less controversial conclusions on market definition. Whether this is attributable in large part to the simplicity of the case vis à vis that of Google Shopping and Android is a relevant question. The answer likely lies in the next Google Decision and/or the trio of appeals pending before the General Court pertaining to the Decisions discussed in this contribution.

inclusive tech undertakings such as Google.160 Dominance in one market may lead to a different assessment for markets related to the market of origin especially in the digital economy where there are many of them. 161

159 Google Search (Adsense) (Case AT.40411) Commission Decision of 20 March 2019 [2019], para 184.

156 ibid. ibid. 158 ibid.

Although from a technical perspective, AdSense functions the same way in search and display advertising, the consideration of demand and, crucially, supply side factors indicate a difference in some theoretical respects invalidating the Commission’s all encompassing categorisation of online search advertising intermediation. 155 For example, not all search intermediary providers offer a search intermediation service. From a supply side perspective, publishers that wish to sell ad inventory through their own search functions are unable to simply switch to non search intermediaries.156 From a demand side perspective, there may be the option for advertisers to place display and/or search advertising.157 However, these types of advertising are not necessarily comparable. Whereas display advertising is simply displayed on a homepage, search advertising is generated solely through a user’s search query therefore offering a greater chance of attracting the user's attention.158

5. Conclusion

160 Schadt Wambach (n 148) 14. 161 ibid.

155 Schadt Wambach (n 148) 14

Google still disputes the substance of the Commission’s market definition here as it relates to search advertisements. Google believes that the Commission erred in finding that search ads and non search ads do not compete and that directly sold ads and intermediated ads do not compete.162 This forms an important part of Google’s appeal of this Decision.Overall,

100

154 Commission, ‘Antitrust: Commission Fines Google €1.49 Billion for Abusive Practices in Online Advertising’ (European Commission, 20 March 2019) il/en/IP_19_1770<https://ec.europa.eu/commission/presscorner/deta>accessed10January2022.

To conclude, all Google related cases are by and large variations on the same matters. The fundamental issue raised in Google Shopping, Android and AdSense is whether and why it is an abuse for an integrated undertaking to favour its own activities.163 It follows from this that the credibility of the Commission’s Decisions depends heavily on market

162 Case T 334/19 Google and Alphabet v Commission [2019] OJ C255/46.

This calls for further subdivision in online intermediation. The Commission provided this in its Decision by distinguishing between intermediation sales and services perspectives thereby acknowledging the direct and indirect avenues for publishers to sell online search advertising space on their websites.159 This illustrates just how narrow the borderline of relevant market delimitation is for all

163 Pablo Ibáñez Colomo and Alfonso Lamadrid, ‘What to Make of the Fresh Charges Against Google’, (Chillin’Competition, 15 July 2016) <https://chillingcompetition.com/2016/07/15/whattomakeofthefreshchargesagainstgoogle/>accessed14April2022.

constituting a concrete solution that can be consistently and methodically applied to multi sided markets in the future.

167

101

169

AlthoughTrilogy?’

Due to the innovative and fast paced nature of the search industry, there is a need for speedy solutions to competition problems. 166 However, an antitrust case involving high tech industries might take so long that given the fast paced nature of the industry the Decision itself may become irrelevant and ineffectual at the time of issuance.167 Unfortunately, the fast paced nature of the EU digital sector conflicts with the time consuming and meticulous analysis required of the Commission to ensure a complete and accurate Decision. The nature of the EU digital sector, by analogy to the discussed example of Google, is such that the Commission is likely to be faced with many new market definition problems in the coming decade and beyond.The research question that was to be answered in this dissertation is ‘to what extent has the European Commission’s approach to defining relevant product markets for multi sided markets under article 102 TFEU changed throughout the Google

It will be difficult for the Commission to develop a consistently successful method of market definition for multi sided EU digital sector markets. As seen in Google AdSense, the departure from aspects of its reasoning issued in Google/DoubleClick, a case decided only eleven years prior, suggests that the future approach for the Commission will be largely case by case. Whether this suggests a future departure from the same fundamental competition principles and an evolution in the Commission’s approach remains to be seen. With this in mind, it is difficult to approximate any definite, concrete and consistent change in approach from Google Shopping to Android to AdSense. What can be said, however, is that the Commission is expanding its toolbox. In Google Android, the Commission departed from its use of the SSNIP test in favour of a SSNDQ test. In Google AdSense, the Commission delved deep into the multi sided nature of the advertising and search markets at stake. To what extent this expansion of ibid. Verhaert (n 77) 68. ibid.

164

165

168

definition.164 In the 12 years since the Google Search saga began, the EU digital sector has changed a great deal. Consumer habits have changed as have the behaviour and strategies of undertakings. Large market players such as Google, Amazon, Meta, and Apple are constantly branching out into new markets and innovating at a rapid pace. This is always challenging in EU competition law and even more so in dynamic industries like the EU digital sector.165

the Commission’s approach to defining relevant product markets has evolved throughout the Google Trilogy, it is still for the most part playing catch up with the highly innovative undertakings under investigation. The Commission has demonstrated its willingness to diversify its approach by using different tools from the SSNIP and SSNDQ tests to more qualitative methods. However, this diversification falls short of ibid. ibid. 166 Richard A Posner, ‘Antitrust in the New Economy’ (2001) 68 Antitrust Law Journal 925, 927 943.

The lessons to be learned about multi sided market definition from the Google Trilogy can be boiled down to the following. By placing an emphasis on product substitutability and market shares, the Commission fails to fully acknowledge the competitive conditions and dynamics of fast paced digital industries.168 The Commission’s traditional methods for defining relevant product markets are incompatible with multi sided markets. These tools, such as the SSNIP test, are designed for the definition of single sided markets and thus will not capture the effects of pricing constraints flowing from the interdependence of supply and demand on both sides of a market.169 On this example, given a hypothetical increase in price on one side of a market, the SSNIP test is incapable of analysing this increase in isolation to the effects experienced on the other side(s) of a market.

102

means and reasoning can be characterised as trial and error or methodical and calculated is unclear

The jury is out on whether the Commission can get ahead of market development as opposed to continuing its evolutionary approach on a case by case basis. Two factors will be determinative in this regard. Firstly, to what extent the proposed Digital Markets Act (DMA) might affect future Commission practice. Secondly, how future judgements of the CJEU might inform the Commission’s approach. If adopted, the DMA will ban certain practices used by large platforms acting as ‘gatekeepers’ and enable the Commission to carry out market investigations and sanction non compliant behaviour.170 Large undertakings active in the EU digital sector will undoubtedly be paying close attention to the progress of the DMA and what its adoption might mean for their future treatment.171

room/20220315IPR25504/deal on digital markets act ensuring fair competition and more choice for users> accessed 24 May 2022. 171 ibid.

As for Google, the nature of its influence and market power provides that it will be under the microscope as long as it maintains its dominant market position. This topic ought to be revisited once all three appealed Decisions have had their day before the European Courts. The Google appeals will be of importance in establishing future treatment of EU digital sector undertakings and point to the need for the Commission to have one

Google AdSense serves as the most promising of the Google Trilogy Decisions in that it attracted the least attention from a market definition perspective. There will always be noise surrounding any Google Decision of which there will undoubtedly be more to come. However, public appraisal or criticism of a Commission Decision serves as a reflection of consumer attitudes towards the Commission’s intervention in big tech. Thus, the Commission is evolving its approach to multi sided market definition, but it remains to be seen whether any identifiable and consistent approach is to emerge in the coming decade.

170 European Parliament, ‘Deal on Digital Markets Act: EU Rules to Ensure Fair Competition and More Choice for Users’ (European Parliament, 24 March 2022) <www.europarl.europa.eu/news/en/press

eye on the evolution of the Court’s jurisprudence as it seeks to develop its approach.

103

104

Dissertation 2

105

by Cristian Zubco

Amazon's Echo Voice System: A New-Age Commodity or A Corporate Eavesdropper?

Cristian Zubco is a corporate and commercial law master’s student at the University of Maastricht. He has received a bachelor’s degree in European law with a minor in business law from the University of Maastricht. His current field of study is the use of alternative dispute resolution methods in international commercial law. He is interested in all-things consumer tech, ranging from personal devices to digital platforms, videogames and sports – be it real or cyber.

In the last ten years, the rising tide of the fourth industrial revolution has laid the foundation for the rapid evolution of technological developments, which have brought commodity and time saving simplicity into our lives.1 At the same time, it marked the beginning of a slow burning devolution in respect for privacy. The trade off between comfort and privacy did not occur because of the rise of an unethical technocratic society. It occurred when data processors realised the potential financial gain from quantifying consumer’s behaviour on digital platforms.Through

Introduction

2 Nicholas Confessore, ‘Cambridge Analytica and Facebook: The Scandal and the Fallout So Far’ (NY Times, 4 April 2018) 202ge<www.nytimes.com/2018/04/04/us/politics/cambridanalyticascandalfallout.html>accessed11February2

research contribution will bring under the limelight Amazon.com Inc.’s Alexa Voice Service (AVS) and its Echo product line which have taken over European homes in the last eight years since its release In 2021 Amazon sold over 59 million Echo devices worldwide of which 15 million were sold in Europe, 5 which is a progressive increase from the 6.5 million sold in 2017.6 The increase in the number of devices sold has also led to an increase in user reported issues that raise questions regarding the integrity of AI based gadgets and the processes behind them.7 Potential breaches that have been scrutinised by researchers in the last couple of years involving the AVS, its use, and management include: sharing of user data with third parties/users,

time spent online shopping, an individual’s purchasing patterns can be analysed, and targeted ads can be created Social networks often incentivise users to post photos, post life updates, share their current location and give information about their workplace and hobbies, which can then be sold to advertisers and think tanks.2 Last but not least, through our interactions with AI systems and virtual assistants, biometric data and other private information from our surroundings can be collected The latter will be the focus of this research

ibid

Bret Kinsella, ‘Amazon Echo and Google Home European Smart Speaker Sales Approach 6.5 million Units in 2017 (Voicebot.ai, 28 February 2018) <https://voicebot.ai/2018/02/28/amazon echo google home european smart speaker sales approach 6 5 million units 2017/> accessed 16 January 2022.

AI tech start ups.3 The driving factor in the development of AI appliances and the rise of AI tech companies is the availability of financial resources. However, the actual technological advancement is fostered by the availability of raw data, i.e., human interaction.4 This is why the greatest stride has been achieved in states that have an advanced (digital) service sector, followed by healthcare, financial technologies (FinTech), and robotics. The digital service sector has nevertheless the largest market share due to the dominance of corporations such as Apple, Windows, Comcast, and Amazon and their highly diversified service portfolios. These portfolios include services ranging from physical and digital sale and delivery of goods and software to virtual assistants like Apple’s Siri, Windows’s Cortana, and Amazon’s Alexa. Such rapid growth does, however, bring with it a plethora of issues that have raised questions regarding the ethicality and legality of said devices.This

Matt Day, Giles Turner and Natalia Drozdiak, ‘Amazon Workers Are Listening to What You Tell Alexa’ (Bloomberg, 11 April 2019) <www.bloomberg.com/news/articles/2019 04 10/is anyone listening to you on alexa a global team reviews audio> accessed 15 March 2022

1 Klaus Schwab, ‘The Fourth Industrial Revolution: What It Means and How to Respond’ (World Economic Forum, 14 January 2016) <www.weforum.org/agenda/2016/01/the fourth industrial revolution what it means and how to respond/> accessed 22 February 2022.

3 Romain Lucazeau and others, ‘Artificial Intelligence Strategy for European Startups’ (Rolandberger, 2018) startups.pdf/roland_berger_ai_strategy_for_european_<www.rolandberger.com/publications/publication_pdf>accessed17February2022.

SafeAtLast, ‘Intriguing Amazon Alexa Statistics You Need to Know in 2022’ (SafeAtLast, 14 February 2022) <https://safeatlast.co/blog/amazon alexa statistics/#gref> accessed 22 February 2022.

The Development of Artificial Intelligence (AI) as Comfort for Privacy Trade-Offs

contributionIn2018

alone, the number of tech start ups which focus on AI technology has increased worldwide. Geographically, the United States is leading the ‘AI race’ with 1393 start ups, in second place come the states of the European Union with 769 companies, and in third place is China with 362

13 Danny Palmer, ‘What Is GDPR? Everything You Need to Know About the New General Data Protection Regulations’ (ZDNet, 17 May 2019) <www.zdnet.com/article/gdpr an executive guide to what you need to know/> accessed 11 January 2022.

12 GDPR, art 99(2).

Research Methodology

14 GDPR, art 4(8).

10 GDPR, art 4(2)

provide their goods and services on the territory of the EU.

The supranational law of the European Union was chosen for this research due to the fact that the GDPR is currently a cornerstone in data protection laws and serves as a model for other non EU states 9 It represents a set of rules standards and best practices that have led to positive, pro consumer changes in the policies of tech companies that

Considering the manner in which the device functions, its dependence on user data, and the possibility of abuse, this research piece will investigate: To what extent the Amazon Echo system complies with the EU standards of data collection and processing as set in the General Data Protection Regulation8 (GDPR)? To answer this research question, a doctrinal research method will be used, and the piece will be structured into four main sections, each containing several subsections. Section two will cover the value of AI in the functioning of the AVS. In section three the applicable EU framework of data collection and processing as set out in the GDPR, its recital, the preparatory materials, and ECJ caselaw will be systematised Starting with the origin and scope of the law, this chapter will slowly decode the duties of the parties involved and the rights of the consumers during the collection and processing of data. In section four a thematic analysis of the main technical issues of the Echo system will be undertaken. This is the part where the processes that can give rise to legal disputes and ethical dilemmas were considered. The closing section will tackle the actual assessment of compliance with the legal framework. Here the automated processes of the device and the human assistance on part of the processors will be juxtaposed with the contents of the first section.

1.1. Scope of the Regulation

The applicability of this regulation to the services provided and activities undertaken by tech companies can be established through the assessment of the Regulation’s scope. Substantively, article 2(1) lays down that the legislation applies to the “processing of personal data wholly or partly by automated means and to the processing other than by automated means of personal data which form part of a filing system”. The regulation defines processing as any operations performed on sets of user data. The main forms of processing include collection, recording, organisation, structuring, storage, and alteration of data.10 This processing is only relevant if it is used for the creation, use, and maintenance of a filing system a structured set of personal data which are accessible according to specific criteria.11

1. The Supranational Protection of Data by the GDPR

8 Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, (General Data Protection Regulation) OJ 2016 L119/1 (GDPR).

9 Examples of such states include but are not limited to: Japan's Act on Protection of Personal Information (2017); Nigeria’s Data Protection Regulation (2019); Switzerland's Data Protection Act/Datenschutzgesetz.

From the perspective of the temporal scope, the regulation covers any acts of processing from the date of its entry into force the 25th of May 2018.12 When it comes to the territorial reach of the GDPR, the European Commission has ensured that the regulation is both applicable in the EU and has an extraterritorial character. This was done to ensure that the EU data economy is supervised under one comprehensive framework.13 Article 3(1) of the Regulation covers the processing activities of a controller or processor that is established in the Union. Pursuant to article 4(7) of the Regulation, the controller is the natural or legal person that decides on the purpose and means or methodology of the processing of data. The processor is defined as the natural or legal person which processes the personal data on behalf of the controller.14

surveillance, and inadequate processing and storage of recorded data

11 GDPR, art 4(6)

1.2. Rules Concerning Data Collection

When it comes to the collection of data, the GDPR provides a comprehensive framework that is aimed at creating information duties, transparency requirements and duty to ensure implied consent. The reader might wonder why the framework requires implied consent in the process of collecting user data and not direct consent? Well, the main focus of the regulation is the processing of data, and all the consent requirements therein cover consent offered

aspect that should be mentioned within the confines of the GDPR’s ‘scope’ is the idea of special categories of data as their restriction defines the width of the data pool accessible to data processors. Thus, article 9(1) creates a layered mesh that prohibits the processing of personal data that “… reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation. As one can see the first part of this article embodies the protected criteria under the European Convention for the Protection of Human Rights and Fundamental Freedoms, while the second part protects a user’s identity and privacy.

Considering that the protection of identity and privacy of the user during processing is an arduous result to achieve, the GDPR has resorted to using two broad definitions for data construed out of human factors. Thus, genetic data is construed as encompassing personal data relating to the genetic

There is however a relative flipside to this ‘coin.’ Some consider that the legislator has not accounted for the all encompassing approach of information processing used in the modern data economy, which has severely blurred the lines between data that is considered as trivial and that which is more suited for a special category, such as that in article 9. Simple examples of this very fact can be found in how shopping orders and receipts can be used to deduce health data and newsletter subscriptions can show one’s political affiliation.18 However, all these concerns can be silenced by the very wording of the article. If the data can reveal in any capacity any of the aforementioned criteria or it can identify a natural person, whether it his/her private or business capacity, then the processing is prohibited It is not about what can be obtained but how it can be traced back to the user.

15 GDPR, art 4(1).

16 GDPR, art 4(13).

18 Tal Zarsky, ‘Incompatible: The GDPR in the Age of Big Data’ (2017) 47(4) Seton Hall Law Review 1.

17 GDPR, art 4(14)

While article 3(1) focuses on the origin of the company, article 3(2) revolves around the origin of the data. Thus, based on article 3(2), the regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union. Additionally, the processing activities must be related to one of the subcategories in the article. For this research contribution, the most important subcategory is (a), which covers processing activities related to the offering of goods or services to data subjects in the union. A data subject is any identified or identifiable natural person, by reference to an identifier such as a name, id number or location data, i.e., a user, or a consumer. 15 The wording of article 3(2) is what gives the GDPR its extraterritorial character, as it covers the business dealings of foreign companies.

Through these two sections of article 3, the GDPR governs both the processing of data within the EU MS and in situations where EU data is exported to third countries.Thefinal

characteristics of a natural person which give unique information about the physiology or the health of that natural person16 while biometric data includes data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow the unique identification of that natural person (e.g., facial images or digitised fingerprints).17 Relying on these definitions, it is indisputable that voice and speech are indeed personal biometric data. Considering the vast use of this type of data in the identification of individuals, through ID’s, biometrical passports, and medical records, it seems fairly clear why the legislators have restricted its processing by companies.

principle relates to the purpose of the processing and consists of two parts: limitation of the purpose and minimisation of data. Leading is the idea that the data is collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.25 This ensures that the data subject is aware that everything he/she willingly ‘feeds’ into the platform or system is being processed for a clear and specific reason which was disclosed to him/her. Following suit is the requirement of data minimisation that requires the processing of data to be limited to what is necessary in relation to the disclosed purpose and done in an adequate and relevant manner.26 This mandates that processors use the bare minimum of data and filter preliminarily what they use.

1.3. The Five Golden Rules of Data Processing

arise at the moment the controller obtains the personal data of a user. When this happens, the controller shall provide information regarding its identity, contact data and details regarding the purpose of processing, whether the processing will be done in a third country and the period of time for which the data will be stored.19 On top of this, there is a duty to inform the consumer about his/her rights, such as the right to request the obtained data, the right to request erasure and the right to withdraw consent for the entire process collection & processing. 20

22 GDPR, art 6(1)(b).

GDPR, art 5(c)

The third principle pertains to the accuracy of the processed and subsequently stored data. This means that the processed data is accurate and kept up to date. The formulation of the article shows that this is not a one time duty but requires reasonable steps to be taken to rectify or delete completely and inaccuracies or mistakes.27

The first principle entails that all the data obtained from the data subject is processed lawfully, fairly and in a transparent manner 21 In order for this process to be lawful, the processor must show that the processing is necessary for the performance of the contract between him and the user.22 At the same time, article 6(1)(a) GDPR establishes that lawfulness is also based on the consent obtained from the data subject. The burden of proof for the existence of consent,23 which was freely given, is on the processor.24 This is also the same for the duty to inform the data subject of the right to effortlessly withdraw his/her consent at any time, as per article 7(3)

21 GDPR, art 5(a)

The procedure of data processing by a company acting in the capacity of a controller and processor or a third party processor working on the behalf of a controller is regulated by article 5 of the GDPR. The article contains a comprehensive and exhaustive set

19 GDPR, arts 13(1)(a) (f) and 13(2)(a)

Finally, the transparency requirements are a tie in between the information duties and the End User License Agreements (EULA’s) offered by sales, service and software providers and consumers. They are aimed at dispelling the murky wording of the EULA’s which have in recent years become far too long, complex and infested with technicalities the average person cannot understand. Thus, article 12(1) requires that any information provided under article 13 be provided either in writing or electronic means, in a concise, transparent, intelligible, and easily accessible form, using clear and plain language, in particular for any information addressed specifically to a child.

23 GDPR, art 7(1)

20 GDPR, arts 13(2)(b) (c)

of five principles that incorporate the conditions and limitations on data processing

Storage limitation is the fourth principle and governs the format in which the data can be stored

for the processing of data, such as in articles 6(1)(a) and 7 Hence there is a lapse in the explicit consent requirements for collection. Nevertheless, it would be erroneous to assume that beyond all the duties to inform and be transparent there is no duty of asking consent. Thus, it is safe to assume that for a data processor to process the data it directly collected, it must first obtain, either implicitly or explicitly, the consent of the data Informationsubject.duties

GDPR, art 7(4) GDPR, art 5(b)

GDPR, art 5(d).

GDPR.Thesecond

_Study_Maldoff.pdf<https://iapp.org/media/pdf/resource_center/GDPR>accessed15May2022.

Gabriel Maldoff, ‘The Risk Based Approach in the GDPR: Interpretation & Implications’ (2016) IAPP Report Series

GDPR, art 22(1).

Olly Jackson, ‘EMEA: One Problem After Another’ (2018) 4(1) International Financial Law Review 1.

As we can see, the elaboration and value of the purpose of the data processing is crucial for all the principles aforementioned. Thus, the more important and the closer tied to the service or product is the purpose of the data processing the more lenient the rules are.

Having exercised the right to access the data and obtain additional information pertaining to the processing and the use, a subject can exercise an additional right to obtain a copy of all the input

GDPR, art 22(2)(c)

Katherine Strandburg, ‘Rulemaking and Inscrutable Automated Decision Tools’ (2019) 119(7) Columbia Law Review 1851 1886.

At the same time, new additions can be found, such as in section (f) information duties concerning profiling. Under the heading of profiling can be found all forms of automated processing of personal data that can divulge personal traits of a natural person and create an analysable patter which can predict preferences, health, behaviour, and movements31 in essence a forward thinking background check. Seeing the breadth of information that can be obtained, it makes sense why the subjects of this process have a right to explanation, of sorts, as to why and how the automated decision making AI functions 32 Profiling of the data user is most commonly a slippery slope in data processing as it infringes the purpose of privacy protecting laws. Thus, data subjects have an exclusive right not to be subject to profiling or any other similar automated decision making process. 33 Nevertheless, the GDPR still allows user profiling under the condition that the user explicitly offers his/her consent.34

The final requirement is primarily a security and privacy guideline. Article 5(f) compels data processors to work with the data in a manner that ensures appropriate security of the personal data and maintains the confidentiality of the user. Processors must use adequate technical or organizational measures which protect against unauthorised or unlawful processing and against accidental loss, destruction, or damage. This is an incredibly high requirement as it demands protection from personal interests of the processor, the interests of third parties and even from requests from other states further entrenching the blocking provision of article 48.

The framework of the GDPR allows users to enforce their right to access the processed data (article 15) and obtain from the processor or the controller a copy of the data that is being or has been processed (article 20). Through the right to access the data, the consumer of a good or a service can request from the controller confirmation as to whether or not personal data concerning him or her are being processed.30 In the situation that the answer is positive they can

28 GDPR, art 5(e)

and the temporal limitation for storage. Thus, the data must be “kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed”.28 The form to which the article refers, can differ be it photo, audio or written, but it must be encrypted and categorised in a way that allows retrieval and qualitative periodic reviews, as mandated in article 5(d).29

1.4. The Right to Access Data and the Right to Data Portability

further solicit this data and additional information such as: (a) purposes of the processing; (b) the categories of personal data used; (c) the recipients to whom the personal data have been or will be disclosed; (d) the envisaged period for which the personal data will be stored; (f) the right to lodge a complaint with a supervisory authority; and (h) the existence of automated decision making, including profiling. Upon further inspection, we can see that most of the information that can be requested have been previously mentioned as separate rights or even duties. The existence of this right and its subsequent informative components aims to consolidate the fact that these duties are not just a one off but are subject to consistent exercise and should not ever be discredited under a policy of ‘it was listed in the EULA’s, and the consumer should have read them.’

30 GDPR, art 15(1)

recorded by the controller this right is coined as the right to data portability, found in article 20 of the Regulation. The right is engaged upon a direct request by an individual, towards the organization involved in the collection or storage of the data, to release a copy of the personal data and personal information that concerns the data subject. The controller or the processor that holds the information shall provide this compilation in a structured, commonly used, and machine readable format. After receiving these, the consumer shall have the right to do anything he/she desires with them, including the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided. The subsequent controller that receives this data shall be come the new sole processor and shall abide by all the obligations pertaining to data processing, data storage, requirements of consent and other duties found in the Regulation.35 This can be seen as a process of data processing inheritance, where the new controller both inherits the asset and the liability carried by it.

38 Case C 131/12 Google Spain SL and Google Inc. v Agencia Española de Protección de Datos and Mario Costeja González

of this right did not come to fruition through the ardent negotiations between the European Parliament and Commission, as is the standard legislative process, but through the work of the European Court of Justice in the landmark case of Mario Costeja Gonzalez v Google Spain.36 In the questions answered in the preliminary ruling of this case, the court established that Directive 95/4637

right and obligation are formulated in strict terms, there are nonetheless exceptions to them. As stated in article 17(3), Recitals 65 and 66 and the European Commission digital note on the GDPR,39 a company/organisation must abide by the article as long as one of the following exceptions does not apply: the personal data held is needed in order to exercise the freedom of expression; there is a legal or contractual obligation to keep the data; or there are reasons of public interests, such as public health or when scientific, historical or social research is undertaken. The list of

35 GDPR, art 20(1)(a) (b).

Commission, ‘Do We Always Have to Delete Personal Data If a Person Asks?’ (Dealing with citizens, 2019) <https://ec.europa.eu/info/law/law topic/data protection/reform/rules business and organisations/ dealing citizens/do we always have delete personal data if person asks_en> accessed 14 February 2022.

contains a right of the user, and by proxy an obligation of the service provider i.e., Google, to unlink from the digital database and remove from the list of results displayed following a search, any results containing a person’s name.38 The formulation of the right by the court, in the case at hand, pertains solely to the business model of the respondent, Google, which is a tech giant managing a web engine.

[2014] ECLI:EU:C:2014:317, ss 88 and 99, points 3 and 4

1.5. Right to Be Forgotten

36 Case C 131/12 Google Spain SL and Google Inc. v Agencia Española de Protección de Datos (AEPD) and Mario Costeja González [2014] ECLI:EU:C:2014:317.

Beyond the obligations aimed at safeguarding the proper collection and use of personal data and rights ensuring the protection of privacy and protecting consent, the regulation contains a right aimed at the complete erasure of all the collected, processed, stored or pending data of a user. This is the right to be forgotten.Theexistence

37 Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data [1995] OJ L281.

The regulation in its turn has broadened the scope of this right and has generalised it to all systems that use automated data processing. Thus, in article 17 of the GDPR we can find that the data subject has the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have an equivalent obligation to erase said personal data. There are however some preconditions which must be fulfilled for the right and duty to exist. The list of exhaustive, but interpretative, grounds can be found further in the article and include: (a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; (b) the data subject withdraws consent on which the processing is based and where there is no other legal ground for the processing; (c) the data subject objects to the processing; (d) the personal data have been unlawfully

Evenprocessed.ifthe

2. The Value of AI in the Functioning of the Echo VS

To avoid ambiguities, it is essential to define what AI is, how it functions, what role machine learning plays in its function and what kind of AI Amazon Echo’s Alexa Voice Service uses. The broad characterization of AI is that of a ‘thinking’ computer system, developed ‘[…] as a replica of a restricted human cognitive process which can automatically and/or sentiently learn, plan, and produce information and speech depending on the processed input of systematised data ’41 However not all consumer grade devices can indeed use the full theoretical capabilities of AI, due increased costs and technological restrictions pertaining to the scale of use. Thus, tech developers have resorted to implement narrow AI in modern day phone programs and home devices such as Amazon’s AVS. Narrow AI complete a specialised subset of tasks within a limited data package/domain, controlled by a continuously updated algorithm written by a computer programmer, who uses as input databases containing different interactions with real humans or consumers. Thus, the system relies on a continuous stream of data synthesised from human interaction, which the device in question is not lacking considering the way the AVS system

functions voice commands. In essence the device allows users to ask questions and make requests using their voice.42 The interactions can range from questions such as ‘What is the temperature outside?’ to turning the light in the kitchen (See Figure 1)43 or making medical

in which the user is and the configurated language, the AVS interface can execute up to ten thousand commands, also known as skills. After receiving these voice commands in its application program interface (API), the Echo sends via the internet the recordings to Alexa’s cloud where it uses its speech recognition and natural language understanding to process and formulate an appropriate response. The ability of Alexa to choose the best option out of the plethora of responses available, comes as a result of a mechanism known as machine learning. This crucial process can be represented by an algorithm that accumulates, compartmentalizes, and uses the learned data from an interaction to generate a more optimal algorithm for the next time it has to perform this specific task. It ‘learns’ from the specific way it carried out a task for a particular user and creates an archetypical response for similar inquiries and interactions.

42 Amazon, ‘Alexa and Alexa Device FAQs’ (Amazon Help & Customer Service, 2022), question 1 odeId=201602230<www.amazon.com/gp/help/customer/display.html?n>accessed15May2022.

43 Alexandre Gonfalonieri, ‘How Amazon Alexa works? Your Guide to Natural Language Processing (AI)’ (TowardsDataScience, 21 November 2018) <https://towardsdatascience.com/how amazon alexa works your guide to natural language processing ai 7506004709d3> accessed 23 March 2022.

Figure 1.

41 Internet Society, ‘Artificial Intelligence & Machine Learning: Policy Paper’ (Internet Society, 18 April 2017) accessedal<www.internetsociety.org/resources/doc/2017/artificiintelligenceandmachinelearningpolicypaper/>6January2022.

Dependingappointments.onthecountry

40 Chlotia Garrison and Clovia Hamilton, ‘A Comparative Analysis of the EU GDPR to the US’s Breach Notifications’ (2019) 28(1) Information & Communications Technology Law 99.

exceptions acts as a safeguard of sorts from possible abuses from the users, in the data economy in which most businesses activate at the moment. Nevertheless, since the entry into force of this regulation the right to be forgotten has always been seen as a threat to small, medium, and even large companies that have a business model based around the collection and wholesale of data to advertisers, thinktanks, statisticians and other third parties that are dependent on the personal and personalised data of consumers around the globe. 40

3. Flaws of the Echo VS that Can Lead to a Breach

Stephen Neville, ‘Eavesmining: A Critical Audit of the Amazon Echo and Alexa Conditions of Use’ (2020) 18(3) Surveillance and Society 343 56.

44 Amazon, ‘Amazon.Com Help: Alexa Terms of Use’ (Amazon, 2022) 16customer/display.html?nodeId=201809740<www.amazon.com/gp/help/>accessedJanuary2022.

As it was elaborated above, one of the main features of the Echo device is its cloud based voice activated service, Alexa, which uses a voice input from the user that is then processed, labelled, dated and then answered or executed, either by carrying out the requested task or by playing an auto generated audio file which contains the answer 44 Prima facie, this system models the basic question and answer model that any other search engine uses, such as Google, Yahoo or Wikipedia. However, it has a major flaw

microphones on our mobile devices or personal computers, the Amazon Echo is designed to be always on, scanning the environment and listening for its wake word. The system has a keyword spotting system, known as it’s Speech Recognizer Interface, which has four states of functioning: idle, recognizing, busy, and expecting speech.45 In its idle state, the device continuously scans for an acoustic pattern similar to the basic (Alexa, Amazon, Computer) wake word or to one specifically selected by the user. 46 After the specific or acoustically similar audio input is acknowledged, the system uses the Recognize event software which then sends it to a specialised AVS server for interpretation and issuance of the correct acting directive.47 The threats of this modus operandi are twofold: the device is continuously active and recording, and data transfers can be triggered by a word which is phonetically similar to the device’s wake word.

the lack of the need to show intent or consent from the user.Unlike

The theoretical framework behind the Alexa virtual assistant paints the perfect picture for the usability and importance of the device. However, the practical implementation of this concept could pose a danger to European consumers if its functioning does not comply with the current data processing legislation in the EU the GDPR.

Terro Karppi and Yvette Granata, ‘Non Artificial Non Intelligence: Amazon’s Alexa and the Frictions of AI’ (2019) 34(4) AI & Society 867

48 Douglas Orr and Laura Sánchez, ‘Alexa, Did You Get That? Determining the Evidentiary Value of Data Stored by the Amazon® Echo’ (2018) 24(3) Digital Investigation 72 78.

3.1.1. Always On & Always Recording

46 Amazon (n 42), question 2

First, there is the fact that the device is always on, unless the user has explicitly turned it off, listening to the surrounding sounds and recording audio in the device’s temporary memory for local processing to find the wake word. 48 This consistent and persistent process of eavesdropping into the personal space of users and de facto consumers of the AVS services has been coined by data protection experts as eavesminig 49 The term derives its etymological origin from the fact that the non consensually obtained acoustic data is still subject to processing. Ambient sounds, non verbal articulation (e.g., coughing, crying), non vocal noise (e.g., movements, noisy activities such as partying, violence) are all being registered and at the very least can be extrapolated from the recordings. Furthermore, it can record the vocal biometrics of all

The following section serves to highlight the main threats and risks that the functioning of the Echo V.S. could pose to its users. These are some of the key issues that have been raised by the service’s customers, brought out into the light by investigative journalists and scrutinised by academicians in the last four years. The first issue regards the inherent design flaw that can make the Echo system record its user without his/her consent. The second issue concerns the discovery of third party contractors doing the processing work on behalf of Amazon. Lastly, this chapter will cover the latent capacity of data processing to create biometric and behavioural profiles of the data subjects.

45 Amazon, ‘Alexa Voice Service, SpeechRecognizer 2.3’ (Alexa Developer Documentation, 2022) service/speechrecognizer.htmlUS/docs/alexa/alexa<https://developer.amazon.com/envoice>accessed 11 February 2022.

3.1. Unsolicited Recording

A similar but even more high profile case concerns Sarah Huckabee Sanders, the White House press secretary during the Trump Administration, raised to the media’s attention the fact that her two year old managed to purchase toys using the Alexa home device.57 This has in turn lead to an inquiry by the US Army Cyber Institute about the possibility of using said devices as surveillance devices by hackers.58 So far, there has been no public final report on the matter but several cyber security experts, including hacktivist and Professor Jonathan Brossard59 and the accessedcom/news/national/2019/06/17/291497.htm>12March2022.

Hayley Charmaine Tice v Amazon.com Inc [2019] (Case 5:19 cv 01311) (District Court, CD California).

Anna Giaritelli, ‘Sarah Sanders warns Amazon about its Echo Device: “We Have a Problem”’ (Washington Examiner, 15 January 2018) <www.washingtonexaminer.com/sarah sanders warns amazon about its echo device we have a problem> accessed 16 February 2022.

Jessica Dawson, ‘Microtargeting as Information Warfare’ (2021) 6(1) The Cyber Defense Review 63 80.

51 Marcia Ford and William Palmer, ‘Alexa, Are You Listening to Me? An Analysis of Alexa Voice Service Network Traffic’ (2019) 23(1) Personal and Ubiquitous Computing 67

Jason Beahm and Cameron Bowman, ‘Alexa, Are You a Snitch’ [2019] AmericanBar 36, 56.

The second aspect of this issue is the possibility of the device to be awoken by phonetically or acoustically similar words which would therefore initiate a recording phase that is stored on the cloud these are also known as ‘false wakes ’53 Starting with 2016, there has been a surge in the number of reports from users which have discovered false wakes from the Echo device following a false positive input of audio data, most commonly words that are similar to the default wake word Alexa 54 i.e.. Alex, axel, etc. These improper summonses of the Alexa AI have led to recordings of conversations and ambient noises that were not intended to be recorded. In the United States, this situation has been subject to a plethora of civil lawsuits in particular for claims of wrongful surveillance, breach of privacy, collection of biometric data and unsanctioned recording of children 55 Some of the more public examples are the Hayley Charmaine Tice v Amazon.com Inc [2019] lawsuit, in which it was established that the Amazon Echo device has mistakenly awakened, recorded and purchased multiple items on the internet following the interception of a discussion between the claimant and her child about toys. 56

team at Princeton University has analysed the AVS system’s analysis of patterns and used network traffic, in laymen terms: how it recorded and sent on to the cloud the recorded data, in median households.51 In their study, they used two separate devices which were monitored and had their recordings logged during a period of twenty one days and ten days respectively. The obtained datasets show that for the 21 day Echo Dot test the logged response were 70% from home noises, in particular TV audio, while 30% were human interactions.52 In the 10 day analysis the data split 61.5% for TV audio and 38.4% was human audio. The answer to the research team’s study question was a resounding ‘yes’, the AVS does indeed record and stream to the cloud private conversations without using a wake word. The team’s research showed that the one true way a user can ensure that the device is not recording is by fully turning it off.

Jim Sams, ‘Federal Lawsuit Charges Amazon’s Alexa Violate’s Children’s Privacy’ (Claims Journal, 17 June 2019) <www.claimsjournal.

ibid

ibid 78, para 3.

53 Amazon (n 42), question 4

3.1.2. Phonetical But Not Intentional Awakening

the users in its vicinity and scan the emphasis they make, their voice intonations and speech patterns. The device can also record and interpret the internal rhythm of the household by looking for alarms, timers and saved user routines, and document all media consumption within its range, which has an audio link, such as music, film and television and video games.50 With the capacity to interpret all these details only from an audio file, it is important to acknowledge the width and breadth of the information that can be encapsulated in soundwaves, and how by digitizing it into data soundwaves allow a data processor ‘access into the data subject’s bedroom closet.’ And unfortunately, this is not an exaggeration.Aresearch

Dana M Williams, ‘Power Accrues to the Powerful: Amazon’s Market Share, Customer Surveillance, and Internet Dominance’ in Jake Alimahomed Wilson and Ellen Reese (eds), The Cost of Free Shipping: Amazon in the Global Economy (Pluto Press 2020) 35 49.

63 Sharon Profis, ‘You Can Finally Delete (Most of) Your Amazon Echo Transcripts. Here’s How’ (CNET, 3 July 2019) <www.cnet.com/home/smart home/you can finally delete most of your amazon echo transcripts heres how/> accessed 8 March 2022; Amazon (n 42), question 6 64 Neville (n 49) 343 356. Huseman (n 62), answer 1(b) 66 ibid. ibid; Orr and Sánchez (n 48) 72 78.

Isobel Hamilton, ‘Amazon Added the Ex NSA Spy Chief to Its Board’ (Business Insider, 10 September 2020) <www.businessinsider.com/edward snowden amazon hiring ex nsa chief keith alexander 2020 9> accessed 7 February 2022.

3.2.1. Processing of Data

An equally troublesome scenario arising out of the functioning of the Amazon Echo device is the mechanism of processing of private data. This is the main system that moves the cogs within Alexa’s AI conscience by aiding, adding, changing, and improving its decision making while at the same time profiling the interactions of each user for future use.

The recordings and transcripts that do not get deleted by the users, are then later on processed, and used to improve the AI system. In the world of machine learning based voice assistants, the perpetual process of analysis of language, intonations and speech patterns and recognition of voice is crucial to ensure progressive improvements.67 However, this progress should not come at the expense of the privacy of unaware customers. This lack of awareness is a recurring pattern in the data processing aspect of the AVS, as the consent for the processing is implicitly given by the user for the very fact of using the device. Even so, the agreed to ‘Amazon Echo Terms of Use’ (EUA’s) at the time of first use of the device, have been subtly and ambiguously changed, ever since its release in 2014, without a public notice to the users the only big exception being the ‘Great GDPR purge of 2018’ when all tech companies operating on European Union soil had to publicly disclose certain aspects of their devices and software.

3.2. Data Processing & Access by Third Parties

The Echo system is programmed to generate an audio recording and a text transcript after each interaction with a user, which are then stored on one of the multiple Amazon servers across the world.62 One of the possibilities and rights that a person has is to access both the recording and the transcript and to review, listen and delete by hand the files from the server. Alternatively, the system can be programmed to automatically delete all data about the user in increments of 3 and 18 months from the settings,63 which was previously only possible after a three year pause from the use of the device 64 However, not all data can or could be deleted, either because of software issues or because of internal directives that data processors have.65 One of the reasons for the impossibility to delete said data from the cloud pertains to the possible use and value to the customer that Amazon attributes to it. As explained by the current Amazon VP of Public Policy Brian Huseman, most of the data that is un erasable from the servers is personal data that could prove necessary to an Echo user in the future, such as present events, dates and schedules, medical records, messages sent

61 ibid

using the system, purchases and registered Alexa commands and shortcuts, etc. 66

Brian Huseman, ‘Brian Huseman answers to Senator Christopher Coons and the US Senate Judiciary Committee’ (2019), answer 3(c) B3%5D.pdf0Senator%20Coons__Response%20Letter__6.28.19%5<www.coons.senate.gov/imo/media/doc/Amazon%2>accessed6February2022.

3.2.2. Access to Data by Third Parties

renowned whistle blower Edward Snowden,60 consider this always on home device as a more pressing potential risk for surveillance than personal cell phones.61

This insidious practice of changing the EUA’s has reached its peak in mid 2018 when the ‘Information’ section of the ‘Amazon Echo Terms of Use’ was updated to allow customer information to be stored on servers outside the country of origin of the user. Following an investigative report by Bloomberg released in early 2019, Amazon was forced to publicly admit that even before the update in their policy, they have been hiring over 2000 full time employees, and sometimes contractors from tertiary firms, from the US, Romania, India, Costa Rica and Ukraine to manually go through the private recordings and text transcripts of the users in order to create the required

68 Day, Turner and Drozdiak (n 7).

Merrill (n 70) 7.

data sets.68 The workers and contractors work in nine hour shifts during which they listen to and review close to 1000 audio clips daily69. Some of the insider Amazon listener employees have reported that reviewers also have to process recordings from accidental activations of the device, which amount to roughly 100 recordings a day.70 During their work as listeners/processors, the employees have encountered audio clips of people singing in the shower, discussions about bank accounts and marital conflicts, all which have been recorded as a result of a false positive activation of the device. In these situations, they were instructed to mark the file as ‘critical data’ and move on to the next file, which means that the stored content was neither processed nor deleted.Unfortunately,

enabled device or ever interacted with the digital assistant. The data sent belonged to another user.73

This incident is, of course, a rare occurrence, but it proves to show the extent of data that can be obtained out of the processing of the Echo recordings and the preconditions it creates for damage to consumers if used with malicious intent.

69 ibid.

the user’s identity is not protected to an exceedingly high degree because no measure of anonymisation is undertaken and the recordings bear a user specific time and date stamp, due to the Voice History feature.71 According to Amazon higher ups, there is a prominent level of internal protection of privacy employed by the data processing facilities. Firstly, the information is encrypted and is only accessible through a multi factor authorization process to a limited number of employees. And on top of that, there are contractual precautions used to ensure the employees’ compliance and silence by making it mandatory to sign non disclosure agreements (NDA’s) 72 Nevertheless, breaches have happened, which have led to some uncomfortable discoveries. In August 2018, following the EUA’s update that was in line with the GDPR requirements, a German user requested a copy of all his personal files and recordings related to the Echo. To follow up on his request, the company sent a .zip file containing over 1700 recorded audio files and a .pdf file with the transcripts. The caveat of this situation is that the person that made the request had never had an Alexa

While the processing of data is in and of itself necessary for the well functioning of the device and in order to achieve further development in the field of AI, if it is done in an ethical and technologically secure manner, the profiling of users is not at all necessary. First and foremost, what is voice profiling? This is a feature that allows the AVS to take the acoustic voice model of the device’s users, create a biometric profile that is saved on Amazon’s cloud and later use said profile to automatically recognize the voices of everyone in the household, or that were in contact with the device for more than one time.75 Until late 2017 this was an explicitly opt in feature that required not only the consent of the consumer but also the intentional upload of an acoustic model to the cloud. The voluntary enrolment into the profiling system was, however, short lived as by 19.016<www.heise.de/downloads/18/2/5/6/5/3/9/6/ct.01018_engl.pdf>accessed15March2021.

Filip Truta, ‘Amazon Mistakenly Sends Couple’s Alexa Recordings to Stranger’ (Bitdefender, 21 December 2018) amistakenly<www.bitdefender.com/blog/hotforsecurity/amazonsendscouplesalexarecordingsstranger>ccessed15March2022.

70 Marissa Merrill, ‘An Uneasy Love Triangle Between Alexa, Your Personal Life, and Data Security: Exploring Privacy in the Digital New Age’ (2020) 71(2) Mercer Law Review 7.

73 Holger Bleich, ‘Alexa, Who Has Access to My Data?’ (Alexaleaks, 20 December 2018)

An investigative group later reviewed the files and realised that they got access to a person’s daily log for the entirety of May 2018. Through the recordings, the team identified the user’s partner, their discussions in different locations, what those locations where, where does he live, what other smart devices he has linked to Alexa (thermostat, TV, etc.), his personal contacts, his social media accounts and finally they have managed to contact the victim of the privacy breach directly.74

71 Huseman (n 62), answer 1(e)

3.3. Voice Profiling of Users & Usage of Data to Infer Choices and Behaviour

72 ibid.

3.3.1. Profiling of Users Using the Data

This, however, does not change the responsibilities that Amazon has towards its customers. The hazard of managing all this information has placed on them enhanced privacy duties by which they must abide These duties arise out of the very legislative frameworks that allowed us to make this trade off in the first place. In Europe in particular, the duties of tech companies rise out of the conventions and laws that grant us freedoms and rights, such as the European Convention of Human Rights (ECHR) and the GDPR.

56. 77 ibid.

processor.From

78 This aspect was discussed in s 3.2.2.

With the rise of the Amazon Echo device and its Alexa AI, there has been a shift in the paradigm of consumer to service provider relations, where the consumers have made a trade off between their convenience and their privacy and confidentiality. Neville (n 49) 343

November 2018 there has already been an update to the terms of service which renamed the feature as ‘Automatic Voice Recognition & Voice Profiles.’76 This revision has turned the required consent aspect on its head and has since made the process of biometric enrolment to function on an opt out basis. Despite the unexpected change, Amazon had no duty deriving from its ‘Changes to Services; Amendments’ from the ‘Amazon Echo Terms of Use’ to notify its current and future users of this clearly and explicitly. This means that at the moment, everyone within a household that owns an Echo device has his/her voice profiled as biometric data without their explicit consent. On top of that, everyone else which is not of this household, but visits frequently are or can also be a subject of this. The presence of this feature raises questions of its compatibility with the framework of the GDPR.

3.3.2. Possibility to Infer & Extrapolate Information

The functioning of the Echo is preconditioned on the collection of as much data as possible, regardless of the type and the functionality of it, because as mentioned above, redundancies can be filtered out later. This leaves Amazon servers full of a lot of crucial private data of its users that it should not have had as it was not offered consensually and purposefully to them. At the very least, the bits of information obtained can be pieced together and cross referenced to find out more about the user; a shipping address of an order can be cross referenced to the billing address of the customer’s credit card and you can find where he or she lives.77 Factor in the hours of use and location settings of the built in GPS which are by default on, and can be switched off volitionally, one can generate the time frame when one is home. Thus, the chain of information that can be inferred and pieced together about the users grows, one command at a time.

4. Assessment of Adequacy

The opening step in the determination of compliance of the Echo V.S. with the framework of the GDPR is the assessment of scope. In relation to article 2(1) and 3(2)a, the Amazon device offers both a product and a service that has as its cornerstone the automated processing of personal by means of a filing system operated by a generalised AI and partial human input. Considering the actions and extent of measures undertaken by Amazon in the process of recording, processing and maintain the data of the Echo’s users, Amazon INC. is to be seen as both the controller and recipient of private data, as per the definitions in arts. 4(7&9). This is due to the fact that the company determines the purposes and the means of the processing, and it is also the one to whom the data is disclosed after the processing. Regarding the processing itself, Amazon can in some instances function as the processor too, but at the same time an argument can be made for the fact that the company is using contractors and thus it does no processing. However, practice has shown that these contractors work in the facilities owned by Amazon Inc. and are supervised by Echo managers and chief processors.78 Thus, it is reasonable to also consider Amazon as a

a territorial perspective, Amazon falls within the scope of the regulation as a company established within the Union that undertakes processing activities as per article 3(1). In this respect we are talking about Amazon SARL, which is the European branch of the company, registered in

that the device is voice activated and upon its activation the user’s inquiry is recorded, sent to the cloud, processed and then the answer is given. Hence, every explicit request to activate the device entails an acquiescence of the fact that data is collected and consent for the collection of the data. However, an issue arises when there is no explicit request, and thus there is no consent for the collection of data.

4.1. Is Collection of Data GDPR Compliant?

further supported by the fact that the EU branch of the corporation has been subject to a 746 million euro fine, which is currently in the appeal process, issued by the Luxembourg National Commission for Data Protection (CNDP). The basis of the fine is a group complaint filed by over 10.000 citizens for infringement of the GDPR.79 Having established that the functioning and processes of the Echo VS fall within the scope of the Regulation, we can continue to the assessment of adequacy of these processes.

79 Data Privacy Manager, ‘Luxembourg DPA issues €746 Million GDPR Fine to Amazon’ (Data Privacy Manager, July 2021)

Situations of unsanctioned and non consensual collection of data can arise due to the way in which the Speech Recognizer Interface functions. In its idle and recognizing speech mode, the device is continuously listening to the ambient sounds and speech, while recording it on its local memory drive. At this stage none of the recordings make it to Amazon’s AVS servers and there is no violation as the system deletes the audio files when it detects no wake word. However, the system is not perfect. The system has been shown to react to false wakes which engaged the recording and transmitting to processing part of the device. As it was shown in the research of Princeton University, the wake words can stem from phonetically similar words as the wake word and from ambient home sounds that have the same wave frequency as the wake word. Under these conditions, the risk of activation of the device and subsequent recording of data from unaware users is high. This risk has even been acknowledged by Amazon in point 5 of its FAQ. The only available solution offered at the moment to minimize false wakes is the vigilance of the user as the device has visual cues, such as light and sound, for when it records. Besides this, Amazon can offer no other help.

Luxembourg and offering its services in many EU member states. On the other hand, exclusively as a processor, Amazon can fall within the ambit of article 3(2) as a processor of personal data of subjects who are in the Union by a controller or processor not established in the Union. This could be if the processing is undertaken by the company or its contractors within branches established outside of the EU. Regardless of the provision used, both Amazon Inc. and Amazon SARL are within the scope of the regulation.Thiscanbe

As iterated previously in the legal framework, the first step in the GDPR compliant collection of data is obtaining the consent of the user. There is no mandatory rule on express consent, thus implied consent is enough. This requirement can be found in the interpretation of articles 6(1) and 7, together with the spirit of the Regulation found in the preamble. By assessing the functioning of the Echo device, the frequently asked questions (FAQ’s) and the terms of use (ToS), it is clear that on paper Amazon receives the consent of the consumer when it starts using the device. Access to the ToS and the FAQ’s is not hindered in any way, shape or form as every device comes with a palm sized booklet which on page five instructs the user to access these documents for further information. Additionally, the setup process requires the use of a smartphone which in the account setup process requests the user to read the ToS and thus give its consent. The wording of section 1.3 of the ToS together with point 3 of the FAQ clearly state

<https://dataprivacymanager.net/luxembourg dpa issues e746 million gdpr fine to amazon/> accessed 15 February 2022.

The second aspect of data collection are information duties, owed by the collector to the data subject. Considering the duties in article 13(1), Amazon offers only information regarding its identity, contact data and details regarding the purpose of processing and only in the appropriate documents to which the user has or should have read before the use. Regarding the purpose of data processing, Amazon has a detailed schedule of purposes covering the whole collection of data and processing done by the company in its Amazon.com

80 Amazon, ‘Amazon.com Privacy Notice’ (Amazon Customer Service, 12 February 2022) <www.amazon.com/

Theprofile.last

element in the assessment of adequacy of the collection of data is checking whether the transparency requirements of article 12(1) are met. Amazon’s framework in question uses the cross reference between three main documents the ToS, the FAQ and the Privacy Notice. All three are well structured and easy to understand. The lack of complex technical words is avoided, making it intelligible for the non tech savvy The only drawbacks that could be emphasised are the lack of information regarding who will process the data and whether the data will be processed in a third country and the collective length of the documents. Amazon has opted for three medium sized documents instead

The second paragraph of article 13 contains the duty to inform the consumer of his/her rights. When it comes to the right to request the obtained data and right to request erasure of this data, section 7 and 8 of the FAQ clearly lay down the way in which the user can view, review, and personally delete the recordings and transcripts. As stated in section 7, the deletion of transcripts from the cloud is not automatic and will be retained for up to 30 days, for consumer convenience, but if the user decides so, he/she can delete them at any time. When it comes to the right to withdraw consent, the situation is ambiguous. Part one of section 11 of the FAQ states that the user can at any time restrict the transmission of the recordings to the cloud and thus stop its general processing. But when it comes to the transcript of the command, it will be sent for local processing in order to execute it this local action is still subject to the rules of the GDPR. Without this form of data collection and processing the device will not serve its purpose. Thus, in this situation, if the user wants to fully withdraw its consent it must stop using the device and delete the recordings from his/her

This is extensively covered in Question 3 of the FAQ’s, points 3.1 and 3.2 of the ToS and section 3.a of the Amazon devices ToS. These are all mandatory reading materials before using said device, which means that the user has read, acquiesced, and consented to these processes when he/she started using the device Thus, this principle is adequately respected by the data processor.

B8MHFRNJgp/help/customer/display.html?nodeId=GX7NJQ4Z>accessed15March2022. 81 Amazon (n 42), question 11

The focus in the assessment of compliancy of the data processing methodology used by the Echo’s Alexa AI is the modus operandi of the data processor and its compliance to the five golden rules of data processing found in article 5 of the regulation. The first principle is lawful, fair, and transparent processing of data. Here the necessity of the processing is assessed, considering the performance of the contract, and the existence of freely given consent from the user. As it was iterated in the data collection section, consent is indirectly given by the user the moment it subscribes itself to the ToS and starts using the device. This very consent can however be withdrawn at any moment, but the expansive functions of the device are limited due to the nature of the device 81 When it comes to the necessity in the performance of the contract, it all depends on the intended use of the device. If the user wants to use the Echo device as an automation to which all other home devices are attached to, such as lights, boiler, heating, then of course the need for processing is restricted as the device acts as an intermediary between the user and tertiary devices. But if the user wants to use the device as a personal assistant, which makes calls, appointments, and purchases then of course one must give to ‘it’ the same information you would give to a human assistant. And this second aspect of course mandates processing on the cloud.

of one incredibly long one, most likely to create an illusion of comprehensiveness. Nevertheless, the layout and accessibility of the information offered is commendable

4.2. Is Data Processing GDPR Compliant?

Privacy Notice.80 Some of the purposes are essential to the well functioning of the device such as delivery of services, troubleshoot and improve the service, communicate with the user, protect the user from fraud, and some purposes are not that vital providing recommendations and advertising.

Storage limitation is the principle that governs the file type of the data, its period of storage and its identifiability. Amazon stores Echo V.S. user data in two main file types from the moment the data is collected and transferred to the cloud. These file types are audio, in the mp.3 format, and the conversion to text of the same audio. When it comes to the amount of time that data is stored on Amazon servers, the File Retention Policy states that as a baseline the data is kept for two years, after which it is deleted.84 At the same time, the user has the right to delete all stocked data at any time or set an automated threshold after which the data will be deleted usually between 3 18 months.85 There is however a problem with the system. As admitted by the VP of Public Policy Brian Huseman, there are certain subtypes of data that are not erased off the servers or even if erased they can persist in the system.86 This is data that Amazon unilaterally considers as vital for the user and decides to keep it ‘for the convenience of the user.’ Thus, there is both a short term and long term breach of this principle. First, the data is not deleted as soon as the purpose of data processing is fulfilled, making it the user’s duty to delete the data manually. Secondly, even if the user deletes the data, there is a chance that for some abstract reason of comfort, Amazon keeps the data without the knowledge of the data subject.

In essence, the principle is fulfilled so long as the user is using the device for its intended purposes and allows the processing of data on the cloud.

The final principle in the assessment of compliance with the golden rules of data processing is the assurance of secure and confidential handling of data. This is a requirement of appropriate encryption of data during and after processing. From a security standpoint the data processing facilities use state of the art encryption protocols and software. This is all due to the fact that Amazon.INC is first and foremost a sales company and must guarantee in all services and products that possibly involve monetary transactions to abide by the Payment Card

Thefulfilled.thirdprinciple

82 Amazon (n 42), question 9

The second principle pertains to the limitation on the purpose and the amount of data processed. This principle is hard to assess in a generalised form as it all depends on the purpose for which the user interacts with the device. Regardless of these highly personalised interactions, the device is rudimentarily a reactive platform as it utilizes the processing of data to answer user’s questions, fulfil their requests, and improve the experience and Amazon’s services.82 This entails that the system is mostly reliant solely on the information given by the user. However, as the Amazon.com privacy notice states, the system also collects and processes automatic information i.e., information about consumer interaction with content and services available through Amazon Services (also known as cookies), and information from other sources i.e., updated delivery and address information from Amazon’s carriers, in case the user decides to make purchases using the device. Additionally, there is the issue of data obtained through false wakes. In these cases, the on site managers that operate the data processing facilities claim that internal regulations instruct them to mark the recording and transcript as sensitive and to be either immediately deleted or not be processed.83 However, there is no way to verify this. Thus, relying solely on the documents explicitly available to all users and the fact that most data is given explicitly and for a purpose by the user, this principle is

84 Amazon, ‘File Retention Policy’ (Amazon Customer Service, 15 March odeId=202146630#:~:text=The%20account%20holder<www.amazon.com/gp/help/customer/display.html?n2022)

Amazon (n 42), question 6 86 Huseman (n 62), answer 1(b).

%20will%20be%20deleted>=The%20account%20holder%20will%20be,all%20files%20has%20not,in%20the%20last%202%20years.&textaccessed15March2022.

83 Day, Turner and Drozdiak (n 7).

ensures that the processed output is accurate and kept up to date. This is a continuous duty which luckily is symbiotic to the way the device is functioning. If the user fully allows Echo V.S. to process data, it will be continuously kept up to date and subsequent interactions will add more and more to it. Additionally, the user can singlehandedly input new things using its web browser or smartphone device or delete the things that are outdated or irrelevant as substantiated by FAQ points 8 and 10.

It is complicated to determine whether this final principle is fulfilled because on one hand the data is not at all times confidential, but it is at all times secure. This level of security is what tips the scale of compliance in favour of the data processor due to the fact that one of the main focuses of confidentiality is to protect the identity and security of the data subject in the digital economy. Thus, a valid argument can be made that this principle is fulfilled because the protection of the user is ensured, which is the scope of the regulation.Following

88 Huseman (n 62), answer 1(e).

Whencollected.itcomes

Stemming from article 15, data subjects have primarily the right to access the data collected and processed by the data processors. Under the scope of this right, user can further request a plethora of information pertaining to the data they have provided or has been

compliance with these rights and duties will be assessed in the next section.

Industry Data Security Standards (PCI DSS).87 Now considering that the Echo device has a feature that allows voice commands for purchases, and by proxy access to the credit card of the data subject, the level of security is Unfortunately,high.

4.3. Assessment of Compliance with Other Rights & Duties

The subsequent information rights, however, are not that clear and easy to request. The purpose of the processing and the categories of data used can be easily found out reading the FAQ’s and the Privacy Notice. The parties to whom the personal data will be disclosed and the period for which the personal data will be stored, however, are not part of these documents. As the investigative work of Bloomberg reporters has shown, Amazon employs a plethora of subcontractors all around the globe, usually in states where such labour is cheap and there is enough skilled labour (i.e., Romania, India, Chile). Being sub contractors and not fulltime employee, it is not clear when and where this data is actually processed, so users can never be offered information about this. The same state of unclearness envelops the issue of the period of time for which the data is stored. Depending on the type of information it can either be stored for a couple of days or it can be stored for

87 Amazon (n 80).

to the Echo system, all data that is collected will at some point be processed. The breadth of this processing however depends on the type, usability, and the way it was collected. Even in cases of false wakes the system responds to the unrequested command but when the audio file goes to processing, the soundbite and the text transcript usually are not processed. Notwithstanding the method in which it was collected, all processed audio data can be managed using the Alexa Privacy feature in the smartphone app, which is tied to the device.89 The text transcripts can be viewed and managed in the same settings subsection, under Review Voice History.90

Amazon (n 42), question 6. Amazon (n 42), question 7

when it comes to confidentiality, Amazon has a dual approach. When the data first goes to the cloud for processing it bears a time stamp and has the user ID attached to it due to the Voice History Feature.88 This means that the moment the processing starts the audio recordings are clearly stamped with the identity of the user, which is only accessible and visible to the processor. The elevated level of security is there to make sure of this. Now on the other side of the coin, after processing the user data is already broken down to digital and technical inputs to be sent to the Alexa AI to be used in the process of ‘learning’ and improvement which was one of the main goals of the collection of this data. When the data is sent to be used and absorbed by the system it already bears no link with the user because at that point it is no longer personal data but a technical input.

the assessment of the golden rules of data processing as established in article 5 of the GDPR it is clear that four out of the five principles are fulfilled. Nevertheless, some improvements can and should be made in order to further secure the protection of European users of Echo V.S. Besides the principles in article 5, the regulation contains additional rights and duties which must be ensured during and after the processing of user data. The

The right to access the data can be considered partially fulfilled, to the extent of actual access to the data. The information rights, however, are not respected due to the fact that the information not disclosed creates the highest level of uncertainty about the handling of the processed data. Taking everything into account, it is reasonable to ascertain that this right is not respected

two years, or it can even be stored indefinitely. Finally, information duties about profiling are missing from the provided documents such as the FAQ’s and ToS As it was prefaced earlier in this article, secret profiling of users can be associated with a close case of surveillance over the user, so lack of information regarding this is troubling. At the same time, it could so be that the profiling aspect has been toned down and made optional through the feature of Voice ID and Visual ID. These features are disclosed in FAQ points 19 and 20 and in ToS sections 1.4 and 1.5. They are envisioned and described as a personalised anchor between the user and his/her interactions with the device. This entails the creation of a voice and facial scan that makes the device actively react and display items and interactions specifically tailored to the person in question. The kind of opt in features that Voice ID and Visual ID offer, are allowed under the regulation, as per article 22(2)(c), and are not seen as violations solely on the fact that the subject has consented to the creation and maintenance of this profile.

The right to data portability is an essential right after the collection and processing of data, whether it was consented to or not. In this regard, article 20 allows the user to request from the data processor all or a part of the personal data and personal information that concerns him or her. Amazon has taken this right seriously and allows users to access, download and edit, by deleting or complimenting the data, at any time after the collection. This is expansively explained in the FAQ points 5 to 8, which also guides the users through the required steps. Additionally, the data subjects can file

92 Amazon, ‘Create an Order History Report’ (Amazon Customer Service, 15 March

Consideringrights.

the implications created by the discretionary maintenance of personal data, which is not disclosed to the data subject, it is wrong to determine that Amazon fulfils then requirements set 2022) 2022.e523.html?ots=1&slotNum=0&imprToken=86bfd112<www.amazon.com/gp/help/customer/display6e1767a&nodeId=200131240>accessed15March

The final element in this assessment of adequacy pertains to the right to be forgotten. This right ensures that a data subject can at all times request the complete erasure of information pertaining to him or her from the servers and systems of the data processor. At first glance, Amazon does offer its users the possibility to delete their own data be it by hand or automatically. As it was previously elaborated there are a plethora of ways to do so. The exercise of this right, on Amazon’s part, requires no need to satisfy one of the requirements in article 17 (a d). There is however a ‘digital’ elephant in the room the official admission to the US Senate that Amazon can in certain instances unilaterally decide not to delete user data. This on its own beats the whole purpose of the possibility of users to delete their data. The ECJ case law and the formulation of the article clearly preface the fact that on the moment of request all data is deleted, there is no margin of discretion on the processor. Now add into the mix the fact that there is a possibility of false wakes that unlawfully collect, which could lead to unlawful processing. This leads to the possibility of a triple violation of the GDPR, both of primary and secondary

91 Amazon, ‘Request Your Personal Information’ (Amazon Customer Service, 15 March 2022) MBZQRWZK2/gp/help/customer/display.html?nodeId=GXPU3YP<www.amazon.com>accessed15March2022.

a Request My Data in the My History tab within the account settings91 and what concerns purchases made with the device and linked to the account, the user can request an Order History Report 92 The access to this feature is straightforward and requires just a couple of clicks. Amazon has been providing this feature since the regulation came into force in 2018 and has kept the request system just as accessible as then. On that account, the right to data portability is complied with and facilitated by Amazon. It can even be said that they made this right a feature of their product which is commendable.

pitfalls of the system and the processes behind it, we can see that everything starts with unauthorised collection of data by the Echo system. Commonly known as false wakes, these events precondition the entire structure of data collection and data processing to be in breach of the GDPR framework. In the last four years, this issue has led to lawsuits, mandatory disclosures in the ToS and FAQ’s and raise in distrust towards the device in the public eye. Fortunately, work has been done to mitigate the number of cases of these activations, but the problem has yet to be fully solved. Another issue that should be solved is the compliance with the storage limitation principle of data processing. Data that has been processed should be automatically deleted and not left to the caution of the user or the discretion of corporate policy. Improvements should also be made in the sphere of access to data and information rights. The profits made using third party subcontractors should not come at the expense of the user’s awareness of who manages their data A tie in with the storage limitation of processed data is the right to be forgotten. Users must be allowed to completely erase the data tied to their likeness especially when all the data collected and processed has a biometric trace, the voice of the data subject. The Mario Costeja Gonzalez v Google Spain case has shown the drawbacks of company policies that breach this right, and how costly for the user and the company it can prove.

To start with the strong points, the process of collection of data is based upon the consent of the data subject, which is obtained during the setting up process of the device through the use of the ToS, FAQ’s and Privacy notice Documents. The same documents satisfy the information duties, due to their comprehensive nature, and the transparency requirement, thanks to the simplistic formulation and guiding approach. When it comes to the processing of data, Amazon clearly follows four out of five of the guidelines established in article 5 of the regulation. As it stands, the data processing team behind the Echo V.S. functions in a lawful and transparent fashion, respecting the purpose and

Overall, the Amazon Echo system functions in a consumer friendly manner allowing users a general level of control over their data and customization of the functions used. There is a partial compliance with the rights and duties established by the legal framework of the data protection regulation but, the highlighted drawbacks make the system a potential danger for data subjects. They show technological flaws, such as the false wakes, which can be exploited externally or even used as a justification for surveillance internally. Another source of danger is derived from the almost comical

5. Conclusion

The facilitation of our lives through the use of AI driven devices has proved to be a real boon of the fourth industrial revolution. From automated industrial machines to personal voice assistants, the technological development has been on an exponential growth and so has been the increase of breaches of fundamental rights of privacy and confidentiality. Luckily, within the EU the legal framework of the GDPR has stepped in to regulate the data collection and processing practices of local and foreign corporations. One of such corporations is Amazon, which has released in the last eight years an entire line of devices, from e readers to voice assistants, which fall subject to the laws of the data protection regulation. This research has solely focused on the analysis of one of these devices the Amazon Echo. In particular, this contribution determined to what extent the Amazon Echo system complies with the EU standards of data collection and processing as set in the GDPR.

quantitative limitations on the data, all the while ensuring the accuracy and security of the processed output. With regards to secondary rights, only the right to data portability is respected and has been taken as far as to be turned into a key accessibility feature of the Lookingdevice.atthe

out in this article. Thus, Amazon is in breach of this right.

The research has shown that the Echo V.S. certainly has some strong points that both make it a market leader and ensures compliance with the law in those points. At the same time, in the collection, the processing and in respect to ensuring secondary rights the device has certain flaws. Flaws that rapidly have proven to be the premises for grave violation of privacy laws and data protection laws.

corporate policy of saving data that was deleted solely on the basis that the company considers it as necessary for the user. Regardless of these flaws and their causes or justifications, Amazon SARL as a company operating on the territory of the EU has a duty towards the users and obligations towards the national governments to implement changes and if they do not do so on their own volition, a court judgement will order them to develop and implement these changes.

126

Sahel Bahman is a recent LLB graduate of the European Law School Track of Maastricht University. She also teaches at Maastricht University as a student tutor; for instance, this past semester she tutored the course of Introduction to International and European Law. Sahel has a keen interest in legal questions of Law & Technology and she hopes to continue pursuing a career in the field by undertaking an Advanced LL.M. in Intellectual Property Law and Knowledge Management in the upcoming academic year.

Liability for Trespass by Drones in Germany & England

127

by Sahel Bahman

Dissertation 3

2 Gary E Marchant, The Growing Gap Between Emerging Technologies and Legal Ethical Oversight: The Pacing Problem (Springer 2011) 19 33.

6 ibid

4 Insider Intelligence, ‘Drone Technology Uses and Applications for Commercial, Industrials, and Military Drones in 2021 and the Future’ (Insider, 12 January 2021) <www.businessinsider.com/drone technology uses applications> accessed 16 December 2021.

5 Gilad David Maayan, ‘How Do AI Based Drones Work?’ (Heartbeat, 22 September 2020) <https://heartbeat.comet.ml/how ai based drones work a94f20e62695> accessed 25 September 2021.

With the development of technology, drones have rapidly evolved.4 Originally drones were manually controlled devices, however, as technology has evolved, the incorporation of artificial intelligence (‘AI’) into existing technologies has become more prominent, including in drones.5 Such drones rely on computer vision when flying in order to detect objects.6 They can collect data from their surroundings, ultimately allowing for both autonomous and assisted flights to increase efficiency and increase accessibility.7 The mishandling of these advancements can give rise to risks including the violation of privacy and trespass.8

8 Jayleen R Heft, ‘10 Risks and Misuses for Drones’ (Property Casualty 360, 2016) <www.propertycasualty360.com/2016/10/01/10 risks and misuses for drones/?slreturn=20220007034220> accessed 25 September 2021.

Introduction

3 ibid.

Thisdrones.dissertation

9 Khadkotkar (n 7).

Drones are now more commonly available to businesses and consumers. Thus, their widespread availability amplifies the risks associated with their operation.9 This is one of many issues raising questions regarding liability in case of damages. Since July 2020, the Implementing Regulation 2019/947 (‘UAS Regulation’)10 provides rules and procedures regarding the operation of drones. However, since the beginning of the COVID 19 pandemic, European Institutions have shifted their focus from dealing with AI and its development to battling the pandemic. Consequently, measures at an EU level which could aid in solving legal issues arising from drones are not completely developed.11 Therefore, in relation to EU Member States (‘MS’), national legislation is the main source of access when legal issues arise in relation to AI, specifically

12 Cees van Dam, European Tort Law (2nd edn, Oxford University Press 2013) 117.

7 Pranav Khadkotkar, ‘Artificial Intelligence in Drone Technology’ (wevolver, 15 September 2021) <www.wevolver.com/article/artificial intelligence in drone technology/> accessed 25 September 2021.

10 Commission Implementing Regulation 2019/947/EU of 24 May 2019 on the rules and procedures for the operation of unmanned aircraft [2019] OJ L152 (Implementing Regulation 2019/947).

11 OfficialBlogUnio, ‘Is the European Union’s lLgal Framework Ready for AI Enable Drone Deliveries? A Preliminary Short Assessment From the Commission Implementing Regulation 2019/947/EU to Data Protection’ (UNIO, 2020). <https://officialblogofunio.com/2020/04/23/is the european unions legal framework ready for ai enabled drone deliveries a preliminary short assessment from the commission implementing regulation 2019 947 eu to data protection/> accessed 20 October 2021.

Background & Scope

1 Robert Kormoczi, ‘What Is the Digital Age’ (Times International, 24 June 2020) <https://timesinternational.net/the digital age/#What_is_the_Digital_Age> accessed 5 October 2021.

will focus on the issue of trespass by drones. The function of trespass laws is to protect possessory interest over land.12 Within this issue, the aim of this research contribution is to conduct a comparative analysis of how private law in Germany and England deal with liability in case of trespass by drones. This piece will follow a comparative methodology to answer the research question: ‘How do the liability regimes for trespass by drones differ or coincide under English and German law?’ The scope of this dissertation extends solely to property damage,

Technology presents challenges that test the strength of legal systems in protecting society. The twenty first century is characterised by the free access to information, and the technological developments that allow for this to occur. These technological developments are changing society itself by, for example, replacing human labour with computers.1 This has challenged law in new ways, but the same age old questions remain.2 The rapid pace of technological development provides for a growing gap between such technology and the law.3

Today, the idea of drones implies advanced and high tech planes, however, in reality drones were first developed as military drones in the mid 1800s for purposes such as training, air strikes, surveillance, and target practice.16 With the development of technologies, commercial drones became more prominent and capable of collecting several forms of data, including visual, thermal, and multispectral data. This has made the use of commercial drones more prominent in several areas such as, amongst others, agriculture, chemicals, construction, and delivery.17 However, commercial drones were not the only part of this non military development. Recreational use of drones also became prominent, with private persons using quadcopters. These recreational drones do not consist of the same sophisticated technology which

personal injury will thus not be addressed. Additionally, this thesis will focus on how private law in the chosen jurisdiction’s tackles trespass conducted by drones. Omitted from the scope of this research contribution are issues which may further be dealt with under public law. It should be noted that given the fast paced, novel, and dynamic nature of drone technology development, the research contained within this dissertation may require supplementation in the short to medium term.

Research Methodology

13 Michael Salter and Julie Mason, ‘Writing Law Dissertation: An Introduction and Guide to the Conduct of Legal Research’ (Pearson Education Limited, 2007) content/uploads/2021/02/Writing<www.unibenlawpg.org/wp law dissertations

The first issue concerns trespass to land where material damage has occurred. The second issue will assess where trespass to land has occurred, but no material damage has been caused. The third and final issue will deal with trespass to land where the right to privacy has been breached The purpose of adopting such a methodology is to compare and evaluate how the two jurisdictions approach the issue of trespass by drones, which may provide insight into remedies available to a claimant and what future legislation for level five autonomy drones may look like. This is what Manderson and Mohr call ‘finding the law’ through legal research.15

1. Introducing Drones

an introduction and guide to the conduct of legal research PDFDrive .pdf> accessed 23 May 2022.

17 Flyability, ‘Commercial Drones: Industries That Use Drones, Deliverables, and Our List of the Top Models on the Market’ (Flyability, 2022) <https://www.flyability.com/commercial drones> accessed 24 January 2022.

15 Desmond Manderson and Richard Mohr, ‘From Oxymoron to Intersection: An Epidemiology of Legal Research’ (2002) 6 Law Text Culture 160

In line with the trends in legal scholarship and research, a black letter approach will be conducted to compare and evaluate the existing legislation in the respective jurisdictions. A black letter approach aims to analyse ‘the detailed rules (that) give effect to, and specify, certain underlying and more general legal principles.’13 This entails; discussing what drones are, the agents relevant to flying a drone, followed by the rules regarding trespass under each jurisdiction. Drones have a variety of uses in different contexts, which has ultimately made them difficult to legislate on.14 To encapsulate this issue, three scenarios will be discussed.

14 Lauren Grest, ‘The Drone Revolution: Can Privacy and Data Protection Legislation Keep Up with the Technology?’ (2015) 21(5) Computer and Telecommunications Law Review 120 122.

1.2. Drones: Past, Present & Future

This research contribution aims to compare the existing legislation on drone usage in two European jurisdictions: England and Germany. The rationale for choosing these two jurisdictions is that both Germany and England share some legal foundations owing to EU legislation. However, differences emerge in the more intricate aspects of drone liability rules given the differences between Common and Civil Law traditions. This makes for a comparison between the ways in which different legal traditions with some similar foundations approach and develop the same legal issue.

16 Jackie Alkobi, ‘The Evolution of Drones: From Military to Hobby & Commercial’ (Percepto, 2019) <https://percepto.co/the evolution of drones from military to hobby commercial/> accessed 24 January 2022.

Firstly, one must distinguish between a drone pilot and an operator. The two terms may be used interchangeably in practice; however, legal differences pertain.22 In the case of level four autonomy, there is only a drone operator where the drone is flying over humans or roads and there is no drone pilot. Thus, this discussion will assess placing liability on the manufacturer in such cases where liability cannot be placed on the pilots or operators. For the purposes of this dissertation, it is assumed that the manufacturer is also the drone programmer.

UK Civil Aviation Authority, ‘Register to Fly a Drone or Model Aircraft’ (CAA, 2022) <www.caa.co.uk/consumers/remotely piloted aircraft/register to fly a drone or model aircraft/m> accessed 26 January 2022.

24 ibid.

aerialnomous<www.forbes.com/sites/johnkoetsier/2021/05/29/autodronesachievemostsophisticatedlevelof3dautonomytodate/>accessed26January2022.

Palaniapan (n 22).

The development of drone technologies entails the creation of completely autonomous drones. These drones would not require a pilot or an operator. There are five levels of drone autonomy ranging from zero (no autonomy) to five (full autonomy).19 The highest level of drone autonomy to have been achieved is that of level four, high autonomy.20 This is where the drone is capable of detecting, avoiding, and navigating systems without the pilot acting. No human interaction is required during the flight as the drones are self reliant. However, a drone operator will still be required if the drone is being flown over roads or humans. Subsequently, such drones tend to be mainly used in mining or other areas which avoid the use of operators. This will differ once full autonomy, level five, is achieved. Complete autonomy (level five) has not yet been reached. Drones will be able to have full control and no human intervention is to be expected, but this has yet to be achieved.21

CloudFactory, ‘Breaking Down The Levels of Drone Autonomy’ (blog.cloudfactory, 2021) <https://blog.cloudfactory.com/levels of drone autonomy> accessed 26 January 2022.

1.2. Drones & the Law

Consolidated Version of the Treaty on the Functioning of the European Union [2007] OJ C326 (TFEU), art 288.

21 CloudFactory (n 19).

liability issue. However, for the purposes of this dissertation the focus will remain on the three aforementioned agents.

In principle the definitions are similar under both jurisdictions. In England, a drone operator has a specific definition, referring to a ‘person or organization that organizes how a drone or model aircraft is used’.23 Therefore, the operator must maintain the drones and ensure regulations are followed by those flying the drone.24 Conversely, a drone pilot refers to a person who is manually controlling the drones flight and must ensure the safety of the flight within the framework which was set by the operator. 25

20 John Koetsier, ‘Autonomous Drones Achieve Most Sophisticated Level of 3D Aerial Autonomy To Date’ (Forbes, 2021).

commercial drones require, hence being significantly cheaper.18

<www.linkedin.com/pulse/drone pilot vs operator difference dato sri ganes/> accessed 16 January 2022

This discussion will focus on recreational drones, commercial drones, and autonomous drones to the extent to which they have been developed. Relevant to these types of drones are three types of agents which will be referred to in this dissertation to assess liability, namely, a drone pilot, operator, and manufacturer. The reader should note that there are further complications which may arise in the case of liability issues such as where the manufacturer is not the one writing the algorithm. This adds a new level of complexity to the

27 Implementing Regulation 2019/947 (n 10), art 2(2).

18 Alkobi (n 16).

22 Sri Ganes Palaniapan, ‘Drone pilot vs Drone Operator Is There a Difference?’ (LinkedIn, 2019)

As an EU MS, Germany is bound by the EU’s Regulations, and thus the definitions set forth by them are directly applicable.26 The European Union Aviation Safety Agency (‘EASA’) in Regulation 2019/947, which came into force December 2020, provides that a drone operator is a legal or natural person who intends to operate with one or more drones.27 The drone operator

is one who either owns the drone or rents the drone.28 Conversely, remote pilot is defined in Regulation 2019/945 as a natural person who is responsible to safely conduct the flight of the drones, either manually or monitoring its course and able to intervene in case of drones which fly automatically.29 For example, a company which provides services with drones, is the operator whilst the individual flying the drones is the pilot.30 In accordance with the EASA, where a drone is being used for recreational purposes, then the person is both the drone operator and the pilot.

32 van Dam (n 12).

In this section English tort law will be discussed specifically tort of trespass to land and tort of negligence. Following this, English law has developed more specific rules regarding recreational and

European Union Aviation Safety Agency, ‘FAQ N.116447’ (EASA.europa.eu, 2020) <www.easa.europa.eu/faq/116447> accessed 29 January 2022.

It is unclear whether the current provisions governing drone liability will remain wholly applicable to drones which have attained a level five autonomy. An important consideration is how far removed human influence becomes as drone technologies advance and the machines themselves become more independent, rendering human intervention redundant. There is still some ambiguity as to which actor to hold liable. In the absence of drone pilots or operators, one potentially logical actor to hold liable for damage caused by drones would be the manufacturer. This is entirely speculative and more concrete proposals are likely to come about to address level five drones when the time comes.

2.1.1. Tort of Trespass to Land

Brent Skorup, ‘The Growing Legal Controversy About Drone Trespass’ (regproject, 2021) <https://regproject.org/blog/the growing legal controversy about drone trespass/> accessed 3 January 2022.

commercial drones within the Civil Aviation Act (‘CAA’) which will be assessed. Finally, product liability will be discussed to assess the liability of the manufacturer.

Commission Delegated Regulation (EU) 2019/945 of 12 March 2019 on unmanned aircraft systems and on third country operators of unmanned aircraft systems [2019] OJ L152, art 3(27).

Nicola Laver, ‘Trespass to Land’ (inbrief.co.uk) <www.inbrief.co.uk/land law/trespass/> accessed 3 January 2022.

2. Trespass with Damage Caused

2.1. England

Whether a drone entering another’s airspace is considered trespass is up for debate. Landowners own a certain amount of airspace above the land thus, a drone entering this airspace could be deemed as a tortious act. This became evident in Kelsen v Imperial Tobacco Co Ltd where the defendant put up a sign that overhung the roof of the plaintiff’s store; it was held that the lease of the land includes the airspace and using such airspace can be considered trespass. 35 Therefore, a drone flying over another’s land can be considered committing a tort. This is, however, subject to limitations. Namely where the height at which the drone is flying does not interfere with the ordinary use and enjoyment of the land then it does not constitute trespass. 36 The traditional tort of trespass to land will be discussed and applied to drones, in order to assess

In English law, trespass falls under the law of tort, meaning it is a civil wrong and not treated as a criminal offence.31 One trespasses when one has interfered with another’s land or property without justification. Such interference includes placing or removing an object or property from another’s land or remaining on the property without permission.32 In the case of drones, trespass would include, for instance, flying above residential places, or any private property.33 Other instances may include a drone being placed or landing upon another individual’s land.34

35 Kelsen v Imperial Tobacco [1957] 2 QB 334.

34 van Dam (n 12).

European Union Aviation Safety Agency, ‘Provisions applicable to both ‘open’ and ‘specific category: Regulations on UAS (drone) explained’ (EASA.europa.eu, 2021) <www.easa.europa.eu/the agency/faqs/drones uas> accessed 29 January 2022.

36 UK Civil Aviation Authority (n 23).

In summary, there are merely two requirements that must be fulfilled to establish that the tort of trespass to land has been committed, namely direct interference and voluntariness. Evidently the requirements do not have a high threshold to fulfil, and damages can be claimed.

It is unclear how the tort of negligence deals with drones, however it will be applied for the hypothetical where a drone causes damage to property. The tort of negligence may be applicable in case of improper operation of a drone which results in damage, such as property damage.43 The tort of negligence obliges one to not breach a duty of care. In order to assess duty of care, a comparison is made to the behaviour of a reasonable person in the same circumstance. Consequently, the requirements for negligence are (i) duty of care, (ii) breach of said duty, (iii) causation, and (iv) damage.44

important to note that awareness is not necessary, meaning if the act of trespass on land occurs by mistake, a tort has still been committed.41 Hence, if one is flying a drone and it happens to fly over another individuals’ property, they may still be held liable. This may occur if the pilot or the operator when making the flight path is unaware that the route has private property. The main intention of trespass to land is to protect individuals’ rights, not prevent harm. Consequently, no harm needs to be caused for a tort to have been committed. 42

Donoghue v Stevenson [1932] A.C. 562, [1932] UKHL 100, 1932 S.C. (H.L.) 31, 1932 S.L.T 317, [1932] W.N. 139. ibid

43 Vivek Sehrawat, ‘Liability Issue of Domestic Drones’ (2018) 35(1) Santa Clara High Technology Law Journal

44 van Dam (n 12) 102.

41 Eldredge (n 37).

37 Laurence H Eldredge, ‘Tort Liability to Trespassers’ (1937) 12(1) Temple Law Quarterly 32.

40 Stone v Smith [1947] Style 65.

For trespass to be established a set of requirements must be fulfilled, namely, direct interference and voluntariness.37 The requirement of direct interference does not need to be grievous interference. 38 In Gregory v Piper the defendant’s rubbish had blown over by the wind to the claimant’s land, and although this was an act of nature it was held to be sufficiently direct.39 Therefore, in the case of drones, even if a drone happens to fall into another individual’s property or is pushed by the wind to hover over another’s land, it would be sufficient to be considered direct interference. Secondly, the interference must be voluntary. In Stone v Smith, the defendant was taken to the claimant’s land against their will and thus, this was not considered voluntary.40 Hence, applying this to drones, an example would be if a Party A’s drone were to land in the street and Party B picked it up and took it onto the claimant’s land, Party B would be liable for trespass, not Party A. Therefore, if the interference has occurred against the will of the defendant, then a tort has not been committed by the

111, 126 accessed<https://core.ac.uk/download/pdf/216973908.pdf>18April2022

how English law would respond legally to infringement of rights by drones.

38 Gregory v Piper [1829] B & C 591.

Robinson v Chief Constable of West Yorkshire Police [2018] UKSC 4, [2018] AC736 26.

39 ibid.

In the Robinson case it was highlighted that where there is precedent or statutory authority providing duty of care, then these must be relied upon. 45 Robinson provides that in case of material damage to property, the Donoghue46 case may be relied upon as precedent. In case of recreational use of drones trespassing and causing damage, the neighbour principle established in Donoghue could be applied. The neighbour principle establishes that a claim may be brought if it is reasonably foreseeable that the defendant could cause personal injury or property loss to the claimant through their actions.47 The drone owner may fly the drone into a neighbour’s property and cause damage. The drone pilot is actively flying the drone, and thus, owes a duty of care to those around.

2.1.2. Tort of Negligence

42 Warren A Seavey, ‘Principles of Torts’ (1942) 56 Harv L Rev 72 73.

defendant.Itis

The neighbour principle is also applicable to commercial drones where property damage has materialised.48 However, proximity may be an issue. This is not mere physical proximity, rather regarding such close relations that the act directly affects the claimant, and the defendant ought to have known would be directly affected by such an act. 49 In this case, to draw inspiration from US Palsgraf case where damage is caused from afar, a commercial drone operator or pilot would only owe a duty to the individuals’ property that is their destination.50 Therefore, if a drone crashes at the site of its destination and causes property damage, the proximity step would be fulfilled. Conversely, if the drone had accidentally crashed in another’s property during its flight path, then no claim could be brought under the tort of negligence.

Christian Witting, Street on Torts (14th edn, Oxford University Press 2015) 36 37.

52 Robinson (n 45) para. 27.

Causation requires for the damage and the breach of the duty of care to be linked. This means that in the chain of events leading up to the damage, the breach of the duty of care was the cause of said damage. Evidently, damage is a requirement under the tort of negligence. Hence, there may be a claim brought under the tort of negligence in situations where there has been a failure to operate a drone safely, resulting in entering another’s property and causing damage to it.58

Claiming damages for liability caused by drones are regulated within the CAA 1982,59 which does not differentiate between recreational and commercial drones and clarifies who would be held liable in case of damage caused. Article 76(1) of the CAA highlights this by providing that no action can be brought in respect of trespass based on the mere fact that the aircraft was flying over the land, where this flight is reasonable. Additionally, within the provisions of article 76 CAA, it is emphasised that liability lies with the owner of the

49 Donoghue (n 49)

53 ibid.

51 Caparo Industries plc v Dickman [1990] 2 AC 605, 617.

Barrett v Enfield London Borough Council [2001] 2 AC 550 559

van Dam (n 12).

fair, just, and reasonable.54 The claimant can normally satisfy Caparo’s first step easily.55 Arguably, it is reasonably foreseeable that a drone could cause pure economic loss if it damages property vital to the functioning of, for instance, a business. The second step deals with proximity, which, in light of the aforementioned US case, may be difficult to fulfil. A duty of care would only be owed to those at the destination the drone was heading for, not to any third parties. Thus, the second step is problematic in cases of pure economic loss as establishing sufficient proximity is difficult.56 Regarding the final step, courts deal with it on a case by case basis by weighing policy factors for and against establishing a duty of care. 57 Therefore, it depends on the facts of the case whether a duty is fair, just, and reasonable to impose.

2.1.3. Recreational & Commercial Drones

The main issue with commercial drones is where they cause pure economic loss. This may occur, for example, when a commercial drone crashes into a power line causing damage. Where the power line is, for instance, municipality property, this would mean that the power company, who operate the power line, would be unable to obtain any compensation for the damage and will suffer pure economic loss to their business as they are unable to provide their service.

It is only in novel cases where the Caparo test in Caparo v. Dickman51 can be relied upon.52 Novelty is assessed based on the legally significant features of the case and the situations of earlier cases.53 There is no precedent dealing with such a situation of pure economic loss therefore, the Caparo test may apply. The three step Caparo test establishes duty of care where (i) the damage was reasonably foreseeable; (ii) there is proximity between the claimant and the defendant; and (iii) imposing the duty of care must be

Where they have failed to operate the drone safely, there will be a breach of the duty.

48 Robinson (n 45).

Caparo Industries plc (n 46).

The Civil Aviation Act 1982 (CAA 1982).

Dam (n 12), p. 105.

50 Palsgraf v Long Island Railroad Co, 162 ne 99, 59 alr 1253 (1928) (New York Court of Appeals).

UK Civil Aviation Authority (n 23).

The Air Navigation Order 2016.

The CAA is not the only legislation dealing with drones. The Air Navigation Order 2016 (‘The Order 2016’) further regulates drones and actions taken by its pilot and operators.66 Article 241 provides that one must not recklessly or negligently cause or permit a drone to endanger any property. Article 94(1) further prohibits the dropping of any article or animal from a drone which may endanger persons or property, hence, trespass of a drone also includes elements which may be dropped by the drone. Therefore, where trespass has resulted in material damage, the Order may also be relied upon alongside the CAA to claim damages.

As aforementioned, English law consists of the tort of trespass within its private law which ultimately could deal with issues which arise from a drone trespassing. However, the CAA provides more precise and direct rules in relation to drones. General torts fall under common law as they have developed through case law whilst the CAA is a form of statutory law.67 Where there are conflicts between common law and statutory law, in the UK statute will overrule common law.68 In the case of the CAA and the common law torts, there are no conflicts created therefore it is up to the victim of trespass to choose which rule to bring a claim under.

60 ibid, art 76.

Kennedys, ‘Taking Flight: The Rising Importance of Drone Insurance’ (kennedyslaw, 2021) 5 <https://kennedyslaw.com/media/2102/kennedys_droneswhitepaper.pdf>accessed29April2022

Since article 76 of the CAA places strict liability with the owner, where the case is dealing with commercial drones, liability would remain on the operator. According to the provision, such liability exists where an ‘aircraft’ has caused loss or damage to a person. There remains a lack of authority on this matter, however, there is little doubt that a drone falls within this definition.63 According to Glenn v Korean Airlines it was held that the recoverable loss or damage referred to in article 76 is only that which can be recovered under common law, hence, it includes psychiatric harm.64 This ultimately could mean that where a drone has trespassed on to land, psychiatric harm could be claimed for it possibly crashing on the property, or lack of security one may feel as a result of privacy issues which arise from drones. Therefore, material damage to the property is seemingly not a requirement for the CAA to be relied upon. According to article 76(1) of the CAA unmanned aircrafts must

drone, holding them strictly liable.60 In cases of recreational use, the drone pilot and operator would be the owner, as aforementioned, whilst in the commercial sense it seems to refer to the drone operator.61 The only exception to this lies in article 76(4) providing that where the drone has been lent out for a period exceeding fourteen days to someone other than the owner, they will be considered the owner for the purposes of article 76 CAA. European law, implemented prior to the UK leaving the EU, highlights a differentiation between commercial and recreational drones in the matter of insurance obligations meaning, commercial drones must always be insured. However, recreational drones only have this requirement when they weigh above 20kg as required by Regulation 785/200462. Hence, where there is a risk of damages occurring, such drones are insured and can thus compensate for any loss caused.

2.1.4. Product Liability

62 Regulation (EC) No. 785/2004 of the European Parliament and of the Council of 21 April 2004 on insurance requirements for carriers and aircraft operators [2004] OJ L138

van Dam (n 12) 93 94. ibid 97.

Max Archer and Peter Neenan, ‘It’s Raining Drones, Hallelujah: Liability Implication for Personal Injuries Caused by Drones’ [2021] Journal of Personal Injury Law 12 16.

stay within a reasonable height of another individuals’ property in order to not be considered a trespass to land. According to the Civil Aviation Authority, where a drone’s flight is interfering with another individuals’ ordinary use and enjoyment of land, it is considered an unreasonable height and thus, conducting trespass.65

To assess liability for damages caused by a manufacturing defect, the Consumer Production Act

Glenn and Other v Korean Airlines Company Ltd: QBD 28 March 2003.

(‘CPA’)

2.1.5. Summary

occurring. The main area where material damage is required is that of tort of negligence and product liability. Where damage has arisen from a product defect, liability may be placed upon the manufacturer under the CPA, allowing for pecuniary loss to be claimed. The CAA also deals with liability in case of trespass caused by recreational and commercial drones, placing liability upon the owner. Depending on the use of the drone, the owner may be either the pilot or the operator. In case of recreational drones, the owner tends to be both the pilot and the operator. Conversely, with commercial drones there is usually a separation between these agents, hence, the liability is placed upon the operator. Therefore, the cause of the damage impacts liability, and the claimant has autonomy in deciding which action to pursue.

69 Khadkotkar (n 7).

to article 5(1), damage includes any loss of or damage to any property, including land. However, this does not include damage to the product itself, meaning the drone, or any product which is supplied with the drone, in accordance with article 5(2). Additionally, as provided for in article 5(3), the property must be intended for private use, occupation or consumption and used by the person for such purposes. Therefore, trespass to the private property of an individual which resulted in damage to property would fall within this provision. Thus, the manufacturer would have to compensate for damage to property pursuant to article 1(2a) of the Act.

must be consulted. Defect is defined in article 3(1) as where the product is not meeting the standard of safety which a person is entitled to, including in relation to the risks of damage to property. Therefore, this is where a drone is defective and results in the drone flying into private property. This may be most relevant for commercial or autonomous drones which have the ability of being self reliant. At a level four autonomy, drones have neural networks which are fed data allowing them to navigate and detect their environment. Where the data given to the drones is incorrect or incomplete, there may be cases of trespass to land, resulting in damage to property.69 As aforementioned, commercial drones do not require an operator when they are not flying over roads or people. Hence, where the drones are used for inspection of surface mines, they may trespass on private land in case of incorrect or incomplete information fed to its neural networks, which would be in the hands of the manufacturer and dealt with through product defect

Where trespass has resulted in damage there are different torts and statutes available to the claimant to rely upon. The tort of trespass to land may be applicable to the case of drones, regardless of harm

70 Oliver Korte, ‘Liability in the Event of a Collision with a Drone’ (Lexology, 2017) 4a34<www.lexology.com/library/detail.aspx?g=f4db9ff94dafa29e7f4edbf61700>accessed27January2022.

With the use of recreational drones, the issue would be dealt with under fault liability, specifically §823(1) of the German Civil Code (‘BGB’), holding the drone pilot or operator liable.70 This provision deals with ‘a person who, intentionally or negligently, unlawfully injures the […] property […] of another’ and gives right to compensation for the damages.71 Fault liability under German law consists of five requirements, namely: (i) the violation of a codified normative rule, (ii) unlawfulness, (iii) intention or negligence, (iv) causation, (v) damage.72 As abovementioned, in the case of drones the violation of a codified normative rule

legislation.Pursuant

71 Bürgerlichen Gesetzbuches translation provided by the Langenscheidt Translation Service (BGB), art 823(1) <www.gesetze im internet.de/englisch_bgb/index.html> accessed 19 February 2022 72 van Dam (n 12) 80.

2.2. Germany

This section will discuss how German law deals with trespass resulting in damage. German law creates a distinction between recreational and commercial drones The applicable rules to each respective drone type will be discussed in relation to damage caused when trespassing. Following this, product liability will be discussed under German law to examine the manufacturers liability.

2.2.1. Recreational Drones

2.2.4. Summary

the operator’s knowledge, then the injured party is solely responsibility. However, this must have occurred without the operator’s knowledge, meaning where the operator made it possible for the injured party to make use of the aircraft, then they must compensate for the damages.78 Hence, for commercial drones, the form of liability is that of strict owner liability, holding the operator liable.

Claudia Hess, ‘Drone Regulation in Germany’ (Lexology, 37a8<2019)www.lexology.com/library/detail.aspx?g=cfc3615a45f3892ea46f0ce10865>accessed28January2022.

Luftverkehrsgesetz/German Aviation Act <www.gesetze im internet.de/luftvg/> accessed 23 May 2022.

ProdHaftG states that in case of a defective product causing damage to property, the producer of the product must compensate the injured party for the resulting damage. The provision highlights that in case of damage to property, it must be an item of property which is not the product itself (the drone in this case) and was an item intended for private use or consumption and was used as such by the owner. Therefore, only in the case of a product defect, the manufacturer is liable for damage caused. This provision also highlights that a material damage should be incurred.

BGH 21 December 1970, BGHZ 55, 153, NJW 1971, 886, VersR 1971, 418.

German legislation distinguishes between commercial and recreational drones as recreational drones are generally dealt with under the BGB whereas commercial drones are dealt with under the German Aviation Act (‘GAA’). Drones which are not used for recreational purposes are considered aircrafts as defined by §1 of the GAA 76 In accordance with §33 of the Act, when operating an aircraft if there is a damage caused then the owner of the aircraft is obliged to repair the damage, hence strict owner liability applies, and harm is a requirement for liability. It is important to note that force majeure cannot be used as a defence in such cases.77 Therefore, when operating commercial drones, liability falls upon the drone operator regardless of whether the damage was inevitable. An exception to liability is provided for in §33(2), stating that where the injured party was the one operating the drone without ibid ibid

2.2.3. Product Liability

would be that of §823(1) BGB, protecting property rights. An infringement of such a protected right would be an unlawful act unless it can be justified.73 Thus, if the first requirement is violated, the pilot has acted unlawfully by infringing on a person’s protected right under §823(1) BGB, fulfilling the second requirement. The third requirement is that of fault, requiring the defendant to have acted intentionally or negligently. Negligence is when one has acted contrary to the care required by society. 74 Therefore, in the case of drone pilots, it is expected that the care taken is to ensure that they are aware of the location which they are flying their drone. The fourth requirement is that of causation meaning there is a link between the damage caused and the act conducted. Finally, unlike under English law where no harm is required, German fault liability requires there to be some form of damage. Therefore, property must be damaged or destroyed. Where property is undamaged but cannot be used for its intended purpose, then a claim still can be brought within this provision.75

In summary, German law provides different legislation for each type of drone. There are no specific laws dealing with trespass hence, it is an issue dealt with under general liability law. In the case of recreational drones, liability is dealt with under the BGB, placing liability upon the drone pilot and operator. As

ibid.

Where material damage is caused by a manufacturing error, product liability rules are relevant. Drones must also comply with certain technical requirements laid down in article 58 Regulation 2018/1139. However, the German Product Liability Act (‘ProdHaftG’) must first be consulted, and where there is a violation of article 58 it may be used as prima facie evidence that safety is not met.§1(1)

2.2.2. Commercial Drones

establish liability, except for tort of negligence and product liability. Conversely, under German law harm is a requirement to establish liability.

English law consists of both statutory and tort rules dealing with trespass to land where damage has not materialised. As such, the tort of trespass to land will be discussed and applied to trespass by drones, followed by the statutory rules dealing with recreational and commercial drones. Finally, the Product Liability Directive will be consulted to assess whether a manufacturer can be held liable where trespass does not result in damage.

80 Case C 63/93 Duff and Others [1996] ECLI:EU:C:1996:51, para 20.

81 See s 2.1.1 for further information on the application of these requirements

3. Trespass with No Damage Caused

79 TFEU, art. 288

A difference is how legislation deals with recreational and commercial drones in the UK and Germany. English law does not require harm to

2.3. Comparison

The main point of similarity regards liability for manufacturing defects. As the UK was part of the EU, the Product Liability Directive had already been transposed into its national legislation as part of the CPA 1987. Similarly, Germany, as a current EU MS, has transposed the Directive into its national legislation as part of the ProdHaftG. A directive, although legally binding, is transposed by national authorities in the form and method they choose.79 As such, Directives do not harmonise the entire law and rather specific issues, hence differences may remain within national laws. For instance, the Product Liability Directive in article 9, leaves the allocation of non pecuniary damages to be decided by the MS’ themselves. Regardless of the possibility of such differences, overall, German and English law place liability upon the manufacturer in similar manners. Both jurisdictions allow for a claim for damages in case of damage to property, whilst also excluding damage caused to the product itself, namely the drone. Where the damage is caused by product defect, under both jurisdictions, liability may be placed upon the manufacturer.

In terms of liability both jurisdictions place it upon on the drone operator in case of commercial drones and upon the drone pilot, who is ultimately also the operator, in case of recreational drones. However, the differences arise where under English law the CAA governs both recreational and commercial drones whereas the GAA merely governs commercial drones and recreational drones are dealt with through general liability rules in §823(1) BGB. This may ensure legal certainty for individuals using drones in England as the legislation dealing with liability for damages caused by drones are presented within one legislative act.80

To establish liability under the tort of trespass to land, the two requirements are direct interference and voluntariness.81 Since harm is not a requirement to establish liability, the requirements applied are the same regardless of the lack of material damage. Intention is not a requirement thus, negligent flight or landing of a drone onto land would fall within the scope of trespass. This means a drone merely being flown over private land is likely to result in the commission of a tort.

3.1. England

3.1.1. Tort of Trespass to Land

aforementioned, in the case of recreational drones the drone pilot and operator are considered to be the same individual hence, the BGB ultimately places liability upon both. Drone operators become most relevant in the cases of commercial drones as that is where a distinction is created between a drone pilot and a drone operator. This is evident as the GAA places liability in case of damage caused by commercial drones upon the operator in accordance with §33. Thus, German law provides completely different actions for the claimant based on the purpose for which the drone is being used. Only where the damage is caused by a drone due to a product defect, the ProdHaftG applies, placing liability on the manufacturer.

3.1.2. Recreational & Commercial Drones

86 ibid, art 9.

3.1.3. Product Liability

Arguably, a recreational drone could trespass where strong wind affects the flight, or where the pilot loses sight of the drone, or where they are not aware of where another individuals’ land begins. The same could apply for commercial drones, as they are capable of navigating without a pilot acting, meaning in case of incorrect information being inputted or natural effects, such a self reliant drone may end up flying over private property.82

The CAA governs liability for trespass caused by drones and does not require harm to be caused for liability to be placed upon the owner. Consequently, the liability rules within the CAA are applicable to the case of trespass to land which does not result in material damage.83

claim non pecuniary loss based on the CPA, but this is a possibility under CAA.

Where the issue does not relate to the drone operator or pilot, it may result from a defect within the drone itself. Trespass may be committed by a drone on autonomous flight due to a programming error, or, in case of no autonomy, from problems rooted in the product itself causing a lack of control for the pilot, whereby manufacturing becomes relevant. In such a case the Consumer Protection Act 1987 (‘CPA’)84 and the transposition of the Product Liability Directive (‘PLD’),85 must be assessed. Article 2 Product Liability Directive provides that the manufacturer is liable for the damage where any damage is caused wholly or partly by a defect in a product. It must be noted that according to article 9 of the Product Liability Directive, 86 the coverage of non pecuniary loss is governed by national law. However, the CPA does not seem to refer to any non pecuniary loss in relation to property damage. Consequently, an individual may not

liability for defective products [1985] OJ L210 (Product Liability Directive).

87 Strafgesetzbuch translation provided by Prof Dr Michael Bohlander (StGB), §123 <www.gesetze im internet.de/englisch_stgb/englisch_stgb.html> accessed 26 May 2022.

83 See s 2.1.2 for further information on the requirements for liability

82 ibid.

3.1.4. Summary

84 Consumer Protection Act 1987 (CPA 1987).

3.2. Germany

85 Council Directive 85/374/EEC of 25 July 1985 on the approximation of the laws and regulations and administrative provisions of the Member States concerning

In summary, under English law, the legislation dealing with trespass regardless of whether damage is caused remains the same. When no material damage is caused by drones, liability may be directly dealt with under the traditional tort of trespass to land by applying the conditions and cases or it may also be dealt with under the CAA. Where the trespass has occurred by way of a manufacturing error, no liability can be placed upon the manufacturer on the basis of the CPA as no material damage would have taken place.

Assessing the BGB, it is evident trespass as a civil wrong is not present under German law as it is in England. Rather trespass is dealt with under property law. The only explicit reference to trespass under German law is in §123 of the German Criminal Code, which defines trespass to have been committed when there is unlawful entry to another’s land without authorisation, and where the defendant does not leave when asked to do so.87 Consequently, it must be assessed how trespass would be dealt with as a civil wrong where no damage has been caused. As such, the focus will be placed upon property law, specifically protection of possession and protection of ownership. The issue of defective products will also be assessed to portray whether one can be held liable in case of trespass without any damage.

Protection of Possession

3.2.2. Protection of Ownership

90 van Erp (n 88).

help. As it stands, the act of self help must occur without delay from the moment the unauthorised conduct occurs.92 It is unclear whether a possessor would be able to shoot down a drone in case of unauthorised interference with their property.93

Under German property law, an owner has two remedies in case of disturbance to the object of ownership but no harm being caused, namely assertion of ownership, and injunction. §985 BGB governs assertion of ownership, allowing the owner to request the return of an object where it is being held unlawfully. This is both in the case of movables and immovables. The owner is required to prove their ownership, and their claim may only be discredited if the possessor proves their right of possession in accordance with

Under German law, pursuant to §858 BGB, a person has acted unlawfully if they deprive the possessor of their possession or interfere with such possession against the will of the possessor, allowing for the possessor to defend his position. Where no harm has been caused, the rights of a possessor would be dealt with under property law. There are two types of protection of possession under property law which may be relevant to drones: (i) self help, and (ii) possessory actions.88 German law distinguishes between a direct and indirect possessor in these remedies provided, so this must first be distinguished. §854 BGB refers to a direct possessor as an individual who has acquired an object through actual control.89 Contrastingly, §868 BGB defines indirect possessor as an individual who possesses something as, for instance, a usufructuary, a pledgee, or in a similar relationship entitling or obliging them to have possession for a specific period.90 Generally, under §858 BGB, interference or trespass to a possession is prohibited when conducted without authorisation.Selfhelp

3.2.1.

BGH, 7 March 1956, NJW 1956, 787.

3 J Comp L 197. 93 van Erp (n 88) 167. 94 BGB (n 71), §§861 69.

88 Sjef van Erp and Bram Akkermans, Ius Commune Casebooks for the Common Law of Europe: Cases, Materials and Text on Property Law (Hart Publishing 2012) 115.

BGH, 14 October 1994, NJW 1995, 132.

89 BGB (n 71), §854.

91 ibid

Possessory actions refer to judicial actions which can be taken by direct and indirect possessors in case of dispossession.94 In accordance with §862(1) BGB, where the possessor is disturbed in his possession through unlawful interference, they may remedy this either through abatement of interference or an injunction. Disturbance of possession may include both material and immaterial interference,95 as well as just mere noise. 96 Thus, in case of a possessor of a plot of land, where a drone has entered this land and caused a disturbance, a claim of possessory action may be brought allowing the owner to have the flight terminated. Causing a disturbance is comparable to the act of trespass as it involves unlawful interference with one’s possession, where this possession is land. The main difference lies in the fact that disturbance of possession encapsulates a larger scope than mere trespass to land. As well as the fact that remedies provided under German law do not offer any claim for damages, rather only methods to stop the unauthorised intervention.

Andreas Rahmatian, ‘A Comparison of German Moveable Property Law and English Personal Property Law’ (2008)

is dealt with under §859 BGB. §859(3) BGB refers to the Besitzkehr which allows the possessor of a plot of land to recover said land from the dispossessor immediately after the unlawful act. Such a right applies to a direct possessor and is extended to an agent in possession under §860 BGB. Legal doctrine has also suggested this right is extended to indirect possessors too.91 When a drone enters land, the possessor could arguably recover said land if they act immediately However, a drone would not be taking over the land therefore, this remedy would not necessarily be applicable as there is no need for recovery. The possessor may be able to rely on §859(1), giving them the right to use force in order to defend themselves against unlawful interference. The question that remains unanswered by courts is the scope of self

The second available remedy, that of injunction, is governed by §1004 BGB, allowing the owner to require the disturber to remove the interference and where they fear further interference, the owner may sue for an injunction. Therefore, there are two claims which can be brought under §1004 BGB namely, the right to have the interference removed and the right to an injunction. For an injunction to be granted, the owner must prove the interference is either imminent or the occurred interference will be a repeated offence.97 German law distinguishes between a direct and indirect interferer. A direct interferer is one who interferes with another’s right of ownership through their own behaviour whereas, indirect interferer is one who is liable due to his responsibility over the object.98 Consequently, a drone pilot or operator could be considered an indirect interferer, although it may be argued the drone pilot could be a direct interferer as they directly control the drone’s flight. Additionally, interference by natural events is not covered by §1004 BGB.99 Thus, where a drone is blown over into another’s land, a claim cannot be brought by the landowner. Drone pilots and operators control the flight path of the drone and thus, a drone is flown over land because of human action. Consequently, a claim can be brought under §1004 BGB by the owner against the said indirect interferer, requiring the drone pilot or operator to stop the flight.

99 BGH, 23 April 1993, NJW 1993, 1855, BGHZ 122, 283.

§986 BGB. According to §891(1) BGB, where a person’s right has been entered into the Land Register, it is presumed the person is entitled to the right. This remedy is not relevant in situations where a drone has entered another’s land as it is mainly a right being claimed against an unlawful possessor.

3.2.4. Summary

98 ibid

100 Korte (n 70).

Product liability may be relevant to automated drones, but it can also be applied to commercial and recreational drones in case of a product defect which

has resulted in damage.100 The ProdHaftG101 is the transposition of the Product Liability Directive102, the provisions of which apply in the same manner as in English law. Where the technical requirements laid down in Regulation 2018/1139 are not fulfilled, claims for liability for manufacturing defects may be brought pursuant to the transposition of the Product Liability. §1(1) ProdHaftG provides that liability is placed upon the manufacturer where damage has been caused to property. As aforementioned, the Directive allows for national legislation to decide upon coverage of non pecuniary damages.103 Similar to England, the ProdHaftG seems to cover only pecuniary damages. The only reference to non pecuniary damage is in relation to emotional distress in case of liability for damages in the case of death as highlighted in §7(3). Therefore, in case of just trespass to land with no material damage, product liability cannot be relied upon under German law.

In summary, where a drone has entered another’s land and has caused no material harm, a claim can be brought under property law. The most relevant remedy for the possessor is a possessory action, allowing the possessor to stop the interference, or sue for an injunction. Self help is also a possible remedy; however, it is unlikely that there will be need for a possessor to take back their land once a drone enters it. Similarly, an owner of land may rely on an injunction as a remedy or merely asking the interferer to remove the disturbance. Consequently, where a drone flies into another’s land, the landowner may bring a claim against the pilot or operator as they are the party indirectly interfering.

A drone may fly into the land of an individual due to a of manufacturing error rather than the fault of a pilot or operator. In such a case, the claimant could arguably rely on product liability legislation. However, the ProdHaftG does not cover situations where no

97 van Erp (n 88) 148.

101 Product Liability Act of 15 December 1989 (Federal Law Gazette [Bundesgesetzblatt] I, 2198), last amended by

article 5 of the Act of 17 July 2017 (Federal Law Gazette [Bundesgesetzblatt] I 2421) <www.gesetze accessedinternet.de/englisch_prodhaftg/englisch_prodhaftg.htmim>26May2022. 102 Product Liability Directive (n 85) 103 ibid, art 9.

3.2.3. Product Defect

Thematerialised.impactof

108

the difference in property laws is further highlighted by the fact that English law deals with drone liability in the same manner regardless of whether harm is caused, with the exception of product liability and tort of negligence. Conversely, German law creates more differentiation. As seen in this section, where no material damage is caused, property law is consulted as opposed to the German Aviation Act and the BGB.

3.3. Comparison

damage has been caused, and thus cannot be relied upon.

4. Trespass Breaching Privacy Rights

German law provides for possessory actions in case of disturbance of possession through abatement of interference or an injunction, as highlighted in §862 BGB. Such a right to removal and injunction is also available to an owner. This may be comparable to the tort of trespass to land under English law as it provides for a remedy to the unauthorised interference with the land. However, a notable difference remains, namely the fact that the possessor cannot claim for compensation for the damages under German law.

Furthermore, §1004 BGB provides the owner the right to ward off impairment which has been caused by a third party through judicial action. This is both the removal of the interference and the right to injunction to prevent any future interreference. Indirect interference is relevant with drones in Germany, and similarly to English law, an interferer is liable only in case of human behaviour, meaning it cannot be due to a cause of nature. 105 Therefore, unauthorised interference in cases where there is no material damage is dealt with under property law, resulting in no claims for damages in Germany.

105 BGH, 23 April 1993, NJW 1993, 1855, BGHZ 122, 283. 106 van Erp (n 88) 208. 107 ibid.

4.1. England

The risks of an intrusion of privacy arise considering the height at which drones can be flown, and although an individual may not be identified from footage taken by a drone, there is a possibility they will be identifiable through contextual cues.108 Within the realm of English private law, there are no general liability regimes for invasion of privacy. Protection may be found within other specific torts such as libel, defamation, breach of confidence, and deceit.109 There is also statutory protection provided for under the Defamation Act of 1952, Protection from Harassment Act 1997, and Human Rights Act 1998 (‘HRA’). The HRA plays an important role as courts must interpret common law in light of the European Convention on Human Rights

van Dam (n 12) 188.

104 van Erp (n 88) 206.

One of the most significant differences is the fact that German law does not have a tort of trespass to land, and rather deals with trespass under property law, whereas English law has such a specific tort. Germany, as a civil law country, consists of ownership and possession rules which cause such divergences to English law, namely requiring damage to be conducted. German law differentiates between ownership and possession which ultimately gives rise to specific remedies apart from those provided by tort law. This means in the case of dispossession and disturbance of a possession; an individual may seek a specific recovery or injunctive relief.104

Hiroko Onishi, ‘Regulating Technology Private Misuse of Drones and Protection of Privacy’ (2016) 27(5) Entertainment Law Review 175 178. 109

Under English law there is no such unitary property actions and protection of property is rather dealt with under tort law by remedying it through the attribution of damages, including nominal ones.106 Hence, English law allows for the tort of trespass to land to be invoked where the defendant enters the claimants land without consent.107 Thus, contrastingly, when using tort law in Germany, damage must be caused in order to receive compensation whilst in England compensation can be obtained when damages has not

ibid

112 Campbell v MGN Ltd [2004] UKHL 22.

In cases of a repeated issue such as where a drone is repeatedly flown into another individual’s property then a claim could possibly be brought on the basis of the Protection from Harassment Act 1997.118 Although harassment is considered to be a crime under section 2, a civil remedy, namely damages, can be obtained for, among others, any financial loss resulting from the harassment as well as any anxiety caused.119 The conduct must have occurred on at least two occasions in order to fall within the scope of this statutory rule.120 Therefore, this is a statutory rule which may be relied upon by an individual to obtain damages in case of repeated offence of a drone being flown and breaching their Overall,privacy.underEnglish

120

118

X. v the United Kingdom, Commission decision of 10 December 1976. Butler (n 113) 1070.

115

113 Des Butler, ‘Drones and Invasions of Privacy: An International Comparison of Legal Responses’ (2019) 42(3) UNSW Law Journal 1039.

111 Convention for the Protection of Human Rights and Fundamental Freedoms (European Convention on Human Rights, as amended) (ECHR), art 8.

The breach of confidence was relied upon in the Campbell case, where the House of Lords did not create a tort of privacy. However, they provided that national law, breach of confidence in this case, should be interpreted in line with the ECHR. 112 Where a drone with recording capabilities enters another individuals’ land, this could be an invasion of their privacy which ultimately may fall within the scope of article 8 ECHR.113 However, the ECHR may only be invoked against a State party to it, not against an individual.114 Arguably, an action could possibly be brought on the basis of the breach of confidence in the case of drones. Individuals have a duty of confidence when they have obtained information through circumstances where it would be unfair if that information were to be disclosed to others, meaning they reasonably believed the information was confidential. 115

110

114

116

law a tort for cases of breach of privacy does not exist. From the private law perspective, the statutory rule which may be relied upon is that of the Protection from Harassment Act 1997, or the tort of breach of confidence. What is important to note is that in both these cases the drone merely entering the property and recording is not sufficient to claim damages. Under the Act of 1997 the issue must be a repeated offence. Additionally, to claim breach of confidence there must be use or disclosure of the unauthorised footage obtained, which may at least risk damage. Therefore, the breach of privacy alone is not sufficient to claim civil damages. Breach of privacy may also violate a right protected under other

There are three requirements for a successful claim of breach of confidence. These requirements are: (i) the information has a necessary degree of confidence about it, (ii) the information was obtained in a situation where it gave rise to an obligation of confidence, and (iii) there was an unauthorised use or disclosure of information, with at least a risk of damage.116 The information obtained must not already have been within the public domain in order for there to be a duty of confidence.117 In the case of drones, the first two requirements may be simpler to fulfil. A drone may be flown into an individual’s property and record without the consent or awareness of the individual. This would be in the individual’s private space, where they expect that their actions to be kept private and not disclosed to anyone. Thus, the first two requirements may be fulfillable depending on the courts leniency in determining private space. The main issues may arise

Coco v AN Clark (Engineers) Ltd. [1987] RPC 41. Faccenda Chicken Ltd v. Fowler [1987], ch 117. Butler (n 113). Protection from Harassment Act 1997 (UK), s 3(2). ibid, s 7(3).

regarding the third requirement. If the drone was recording but the information was not used to the detriment of the individual, then there could not be a claim for the breach of confidence. An example of where this may be fulfilled is in a commercial setting. A drone may have flown into the property of a business where, while recording the surroundings it was able to record confidential information regarding the business that would be to the company’s detriment when shared.

119

(‘ECHR’). 110 This is vital in relation to article 8 ECHR, as it protects an individual’s right to private life.111

117

125 Gerald Spindler and Oliver Rieckers, Tort Law in Germany (3rd edn, Wolters Kluwer 2019).

Germany, in its Aviation Act, prohibits flying over residential areas, limiting the airspace of drones which in itself provides more protection of individual’s privacy. This is because it prevents any drones with camera having access to such areas as well.122 Furthermore, operators and remote pilots must ensure they are adequately informed about and agree to comply with both EU and national rules, including those of privacy and data protection.123 Article 55 of EU Regulation 2018/1139 refers to Annex IX, which ultimately require privacy and data protection to be considered an essential requirement for the operation of a drone. Where these have failed to be considered, the operator may be held liable under the Aviation Act.124

124 cf s 2.2.2.

rules, such as, the tort of negligence, allowing for a claim to be brought.121 Therefore, privacy is protected through protecting rights associated with it.

Implementing Regulation 2019/947 (n 10), Recital 20 and art 12(2c).

§823(1) BGB is further supplemented by §823(2) BGB, which provides a duty to a person committing breaching a statute intended to protect another person. Personality rights have been protected by statute under German law, protecting individuals. An example of such a statute would be §§185 7 of the German Criminal Code which protects against libel and slander.130 Consequently, bringing a claim under §823(2) BGB would give rise to an action for damages.131 The five requirements applicable to §823(1) BGB, also apply here.132 The main difference is in the first condition where there is a violation of a codified normative rule under §823(2), requiring the identification of another protective statute that is violated. This may impact the following conditions to establish liability.133

Within the field of private law, there are not many similarities present between the two jurisdictions. Germany seems to have a more concrete liability

127

128

In private law, privacy as a personality right is dealt with under §823(1) BGB, similar to liability in case of recreational use of drones.125 Privacy would be considered as an ‘other right’ under this provision.126 The basis for this provision is mentioned alongside §§1 2 Basic Law which provide for the protection of the right to human dignity and the right to free development of one’s personality.127 These provisions are combined to ensure that violations of personality rights would have sanctions. Consequently, monetary compensation is granted through a basis in §823(1)

4.3. Comparison

ibid 132 van Dam (n 12). See s 2.2.1. for the requirements of fault liability and their application.

133

Grundgesetz für die Bundesrepublik Deutschland, translated by Professor Christian Tomuschat and others, in cooperation with the Language Service of the German Bundestag (Basic Law), arts 1 and 2 <www.gesetze im internet.de/englisch_gg/> accessed 24 April 2022.

In the case of drones with cameras, they may be recording their surroundings during a flight. Consequently, where the drone has entered another individuals’ property and continued to record, they not only violated the property right of the individual, but also the personality right. As such, a claim for compensation may be brought on the two grounds against the drone pilot and operator.

Matthias Reger, Josef Bauerdick, and Heinz Bernhardt, ‘Drones in Agriculture: Current and Future Legal Status in Germany, the EU, the USA and Japan’ (2018) 73(3) Landtechnik 62, 74.

BGB.128 Hence, the assessment of liability is the same as that conducted for recreational use of drones.129

4.2. Germany

BGH NJW 1996, 985 VI. Civil Senate (VI ZR 223/94), 12 December 1995, tr by Mr Raymond Youngs <https://law.utexas.edu/transnational/foreign law translations/german/case.php?id=729> accessed 24 April 2022.

cf s 2.2.1 for the conditions of liability under §823(1) BGB. 130 Huw Beverly Smith, Ansgar Ohly and Agnes Lucas Schloetter, Privacy, Property and Personality: Civil Law Perspective on Commercial Appropriation, (Cambridge University Press 2005) 98. 131

121 Archer (n 63)

129

126 ibid

122

123

individuals’ land. Such a comparison puts in perspective where in the legal regimes difficulty establishing liability within the jurisdiction may arise.

5. Conclusion

regime in relation to privacy. An individual who has had their privacy breached may bring a case based on fault liability rules, specifically that which is laid down in §823(1) and (2) BGB. Due to the personality rights provided for in German Basic Law, it was deemed necessary to ensure that compensation would also be provided in case of violations of such provisions. Consequently, the fault liability regime provided for in §823 was deemed applicable to such cases. Where a drone with recording capabilities flies into another’s land and continues recording, this would fall within the scope of §823 and may result in a claim for financial compensation.English

law does not have any liability mechanisms which directly deal with and protect the right of privacy by providing a civil remedy. Instead, statutory rules and other torts may be relied on. English law, as a party to the ECHR, recognises the inherent right to privacy, similarly to Germany under its Basic Law. However, the difference arises in regard to obtaining civil remedies. Whilst Germany has provided for personality rights through the BGB, under English law no tort of privacy has been created. In England an individual could claim civil remedies through tort of trespass to land in case a drone has entered their land and recorded them.134 However, the issue of their privacy being breached is more difficult to deal with.

Throughout the dissertation it is evident that points of similarity are mainly a result of EU legislation. Although the UK has left the EU, EU legislation implemented within their national law remains applicable. Under both jurisdictions material damage is required in order to hold the manufacturer liable. Despite a common legal framework created by the EU, prior to Brexit there was a lack of legislation dealing with liability issues in cases of drones. For instance, Implementing Regulation 2019/947 which provides rules regarding the operation of drones entered into force in 2020. Consequently, such rules will only be applicable in Germany and not England. Thus, the sole point of similarity between the chosen jurisdictions relates to product Differencesliability.between

The drone industry is characterised by constantly evolving technologies. The current level of drone autonomy is at level four out of five, meaning that there is still some untapped potential in both the technology in, and regulation of, the sector. As drone autonomy progresses towards level five, new drone related technological advancements and capabilities may fall outside the scope of the current legislation. This dissertation analyses current legislation available at this stage of drone development and how liability regimes within German and English law differ and coincide when dealing with drones trespassing into an

134 See s 2.1.1 for the requirement of tort of trespass to land

the jurisdictions pertain to the methods of obtaining remedies available to the claimant. On the one hand, German law creates a distinction between the type of remedy available depending on whether damage is caused by a drone trespassing. A further distinction is made within these situations. In the absence of damage, the remedies available are contingent on whether the claimant is an owner or possessor of land, whereas, in case damage has occurred, remedy availability is dependent on whether the drone is used for recreational or commercial purposes. On the other hand, English law provides a more flexible approach towards liability for trespass by drones, giving the claimant leeway to choose the most suitable remedy for them. In England, the tort of trespass and statutory rules under the CAA remain applicable regardless of whether harm was caused or the purpose the drone is used for. This gives the claimant the opportunity to choose the claim and resulting remedy most suitable to them, with the choice being broadened to include tort of negligence in case damage has occurred.

In the absence of draft proposals touching on the types of actions available to claimants who have suffered damages attributable to drones, one can only speculate about what the future might hold for drones that will attain level five autonomy. It remains to be seen whether the more general English approach or specific and categorised German approach will be best suited to provide a claim for damages caused by level five drones when this is reached. It may be the case that the technological novelty of level five drones surpasses the capacity of the current legal frameworks dealing with trespass by existing drone technologies discussed in this dissertation and an entirely new regime may need to be created.

Regarding privacy, the uniformity of German law in this field provides more legal certainty as it allows for a specific method of remedying drone trespass and privacy breaches. The privacy right provided in the Basic Law offers the possibility to claimants of obtaining civil remedies through regular liability provisions in the BGB. Conversely, English law lacks a tort of privacy, thus requiring a claim for a breach of privacy to be based on other torts and statutory rules, meaning the right of privacy is protected through remedies provided for the breach of other rights. Once again, it can be observed that the claimant may have several remedies available to them under English law whereas the same cannot be said for German law. Overall, the differences between German and English law derive from innate differences between common and civil law jurisdictions. The difference in property law has resulted in various pieces of legislation being consulted to assess liability under German law, whereas under English law it remains relatively consistent. The points of similarity are only prevalent where EU law has provided legislation. However, such similarities are unlikely to occur as legislation continues to develop since the UK left the EU.

146

Dissertation 4

by Ludovica Lacasella

147

Ludovica Lacasella is a European Law L.L.B graduate and a Corporate and Commercial Law L.L.M candidate at Maastricht University. Amongst her interests, competition law prevails. In addition, she recently discovered a deep interest in finance. She hopes to combine these two fields in her future legal career.

Anti-Trust Rules: Set by Legislators or Private Entities?

A Case Study on Apple's Dominant Position in the Distribution of Music Streaming Apps Market & the EU Response through the Digital Markets Act

Apple developed its In App Purchase (‘IAP’), through which it imposes on developers the use of its own system when it comes to customers paying for subscriptions to apps available on Apple’s App Store charging a 30% commission fee on every transaction made by means of the mandatory IAP. 5 Also, the big tech prohibits developers from advertising the existence of cheaper subscription options available on other platforms. The case of Apple v Commission that will be studied below, tackles

Imagine not having the chance to watch a tutorial on YouTube teaching you how to repair that broken household appliance which is lying broken in pieces in your cellar; or imagine not being able to follow that Facebook page showing you DIY ideas on what to gift your beloved one; or again, imagine not having the possibility of booking a stay for your holiday in just one click via Airbnb. These observations aim at showing the reader how, over the last decades, digital platforms have increasingly become part of our daily lives, and it can be undoubtedly agreed upon that this digital evolution has benefitted society in a lot of ways. As it often happens, however, benefits do not come alone. There are indeed negative consequences to this digital growth which are becoming more and more

3 Fortune, ‘Global 500’ (Fortune, 2021) <https://fortune.com/global500/> accessed 27 May 2022.

5 Apple, ‘In App Purchase’ (Apple Developer, 2022) <https://developer.apple.com/in app purchase/> accessed 27 May 2022.

4 Apple App Store Practices (music streaming) (Case AT.40437) [ongoing]

2 Katie Jones, ‘The Big Five: Largest Acquisitions by Tech Company’ (Visual Capitalist, 11 October 2019) <www.visualcapitalist.com/the big five largest acquisitions by tech company/> accessed 27 May 2022

Introduction

1 Commission, ‘Proposal for a Regulation of the European Parliament and of the Council on contestable and fair markets in the digital sector (Digital Markets Act)’ COM(2020) 842 final (DMA or Digital Markets Act); Consolidated Version of the Treaty on the Functioning of the European Union [2007] OJ C326 (TFEU), art 102.

evident.This

research contribution will focus on article 102 TFEU, which deals with conducts deemed to be abuses of dominant market positions. This article is of particular relevance when dealing with digital platforms, due to the fact that there only exist a few, but very powerful major players in such market, which arguably hold a dominant position, and which are likely to abuse it in one or another conduct during their day to day practices. At the moment, there are only ex post tools that deal with competition law related issues, namely tools that apply at the stage where a violation has already occurred. It will be shown later on in this research contribution, how the current measures in place cannot properly address some unfair practices of big techs, such as Apple’s. This realisation resulted in an urge to bring upon improvements, and, as it always happens, evolution in legislation requires its time to materialise. This essay will demonstrate in the following sections, that laws currently in place are not up to date and need to be changed, as a response to recent digital evolution. This is why the European

Commission is in the process of passing the Digital Markets Act (‘DMA’),1 a piece of legislation that would drastically change the current competition law environment and that would allow the legislators to take back the reins in showing that they are the ones setting the laws, not private companies.

In addressing the research question ‘to what extent will the proposed Digital Markets Act change the current digital platform environment when it comes to big tech undertakings abusing their dominant market position?’, this piece will analyse, in its Section 1, the case of Apple v Commission,4 relating to whether the big tech can be considered to be abusing its dominant market position. The Apple case will be used as a tool to address the fact that rules currently applicable are no longer suitable to deal with problems arising from tech giants’ practices

This study will focus on one of the major players in the digital platforms’ world: Apple. Apple Inc. is one of the ‘Big Five’ digital giants alongside Amazon, Microsoft, Google and Meta2 and nothing less than the largest information technology company by revenue.3 There are several other reasons why everyone should be (and actually is) aware of Apple’s greatness, but the aim of this contribution is not to idolise the company. This essay will rather elaborate on the alleged abuse of Apple’s dominant market position, according to article 102 TFEU.

influence, have the power to dictate the rules on the market.8 By showing what these undertakings are capable of, the reader will be provided with the necessary means to fully understand how significant and transformative the impact of the Digital Markets Act will be.9 At the end of the piece, a conclusion will be provided, in which the key arguments made in the body will be summarised, and ultimately, an answer to the research question will be given. Additionally, some specifics of the case Apple case, as well as of the Digital Markets Act, will be omitted, to ensure that this discussion does not go off track but rather focuses on answering the research question proposed. Also, for the reader to have a better understanding, it would have been optimal to elaborate on multiple cases of big techs against the Commission; however, the author will limit this essay by taking only one of these cases as an example, namely that of Apple v Commission App Store Practices (music streaming). This will be sufficient for the reader to be able follow the author’s line of reasoning and elaborate a critical thought on the topic under discussion.

11 ibid 97.

Zachary Mack, ‘Big Tech’s Problem Is Its Lack of Competition’ (The Verge, 25 June 2019), <www.theverge.com/2019/6/25/18744342/big tech competition antitrust regulation amazon apple facebook google kara swisher vergecast> accessed 27 May 2022.

Jerrold Nadler and David Cicilline, ‘Investigation of Competition in Digital Markets, Majority Staff Reports and Recommendations’ (2022) United States Subcommittee on Antitrust, Commercial and Administrative Law of the Committee on the Judiciary Majority Staff Report Series 11

6 Shona Ghosh, ‘Here’s why Spotify is declaring war on Apple and not Google’ (Business Insider NL, 13 March 2019) <www.businessinsider.nl/why spotify european competition complaint about apple not google 2019 3?international=true&r=US> accessed 27 May 2022.

Research Methodology

The methodology used in this research contribution is empirical legal research. This sort of technique can be defined as an approach which does not merely focus on the understanding or reporting of a legal text,10 but rather aims at revealing practical insights of current problems that are affecting the law in place. 11 Presently, there are five tech giants that, being so known and strong, potentially have no competitors.12 This research contribution illustrates what the rules currently in place are for them, and builds on that by identifying the flaws in the applicable procedure. The

7 Allan Jay, ‘Number of Smartphone and Mobile Phone Users Worldwide in 2022/2023: Demographics, Statistics, Predictions’ (Finances Online, 2021) <https://financesonline.com/number of smartphone users worldwide/> accessed 27 May 2022.

Meredith Broadbent, ‘The Digital Services Act, the Digital Markets Act, and the New Competition Tool: European Initiatives to Hobble US Tech Companies’ (2020) Center for Strategic & International Studies Report Series 2

the fairness of the In App Purchase, as well as the absence of competition that results from the fact that Apple doesn’t allow developers to inform iOS users about cheaper subscription options outside the App Store. Starting from that, in its Section 2, this discussion will explore in depth the newly proposed instrument aiming at regulating the ‘online world’, namely the Digital Markets Act, which, if passed, is likely to drastically change the whole environment surrounding digital markets. The reason for choosing Apple instead to another big tech undertaking lies on an important difference between Apple’s practices and its competitors in relation to how Apple deals with developers that choose to avoid the fee. While Apple does not allow the advertising of cheaper solutions for subscription inside the app, its competitors do not prevent developers from doing so. 6 Apple’s IAP system is an imposition on developers, which are left with two choices: either paying a non negotiable fee of almost a third of every earning they make from subscription of iOS users or, being altogether prevented from selling their app to the big amount of users owning an Apple device in this way losing a vast number of possible clientele.7

Thus, the two substantial sections of this research contribution, namely Section 1 and Section 2, will not only illustrate the practices currently in place to deal with an alleged abuse of dominant market position, by means of Apple’s case study The laws that are currently being drafted by the European Union’s relevant organs will also be critically analysed, and their influence on the current situation will be anticipated. The reason for this approach lies in the fact that the evolutions of the law in this sector is intrinsically interlinked with anticompetitive practices of big companies that, due to their large

Aikaterini Argyrou, ‘Making the Case for Case Studies in Empirical Legal Research’ (2017) 13(3) Utrecht Law Review 96

13 Council Regulation (EC) 1/2003 of 16 December 2002 on the implementation of the rules on competition laid down in Articles 81 and 82 of the Treaty [2003] OJ L1.

14 Commission Regulation (EC) 773/2004 of 7 April 2004 relating to the conduct of proceedings by the Commission pursuant to Articles 81 and 82 of the EC Treaty [2004] OJ L123.

1.2. Article 102 TFEU: Requirements & Application to the Case

16 Commission, ‘Antitrust: Commission Sends Statement of Objections to Apple on App Store Rules for Music Streaming Providers’ (Commission, 30 April 2021) /en/ip_21_2061<https://ec.europa.eu/commission/presscorner/detail>accessed27May2022

On 16 June 2020, the European Commission initiated an antitrust investigation into Apple’s App Store according to article 11(6) of Council Regulation 1/200313 and article 2(1) of Commission Regulation 773/200414 after Spotify, a year prior, had complained about Apple’s alleged monopoly over the distribution of music streaming apps to its consumers.15 On 30 April 2021, the Commission held a preliminary conclusion which found Apple to be in violation of antitrust laws, in particular of article 102 TFEU, which prohibits the abuse of a dominant market position.16 The reason for this finding is that, despite Apple Music being in competition with other music streaming services (such as the applicant, Spotify), the big tech undertakings imposes high commission fees upon its rivals via the App Store, and does not allow

15 Silvia Amaro and Katrina Bishop, ‘EU Says Apple’s App Store Breaks Competition Rules After Spotify Complaint’ (CNBC, 30 April 2021) <www.cnbc.com/2021/04/30/eu says apples app store breaches competition rules.html> accessed 27 May 2022

identification of flaws is followed by suggestion for possible law reforms, which have already been detected by policy makers and are currently at the approval stage. Thus, this article acknowledges the fact that the rules in place have to be modified and adapted based on the recent issues and shows the steps taken by responsible authorities to deal with this realisation. In Section 1, the ongoing case of Apple v Commission will be studied in detail, in order to gain a picture of what the current approach taken by the European Union is, when dealing with undertakings allegedly abusing their market position.

19 What Hi Fi, ‘Apple Tax Unfair to Other Streaming Services, EU Says in Spotify Triggered Lawsuit’ (What Hi Fi, 30 April 2021) <www.whathifi.com/news/apple tax unfair to other streaming services eu says in spotify triggered lawsuit> accessed 27 May 2022

The exact steps taken by the Commission to preliminarily conclude that Apple is in violation of article 102 TFEU are not available online at this point in time. Thus, this section will attempt to retrace and outline the Commission’s tread, in order make it easier for the reader to visualise the situation, in particular the requirements that need to be met in order to find a party in violation of article 102, as well as their application to the case at hand.

1. The Case of Apple v Commission: App Store Practices

1.1. Background

Upon receipt of a complaint or through the opening of an ex officio investigation or a sector inquiry, the Commission can initiate proceedings against the entity allegedly in violation of article 102 TFEU. In the case of Apple v Commission, as mentioned above, it is upon the receipt of a complaint by Spotify that an investigation into the big tech’s behaviours has been initiated. The well known music streaming app complained about (i) the Apple tax, the fee imposed by Apple on app developers, that accordingly must pay a 30% commission fee on all earnings made from subscriptions of iOS users.18 Spotify also claimed that (ii) Apple’s ban on letting developers inform customers about other ways of subscription to an app is harming competition.19

17 Margrethe Vestager, ‘Apple Is In Breach of EU Competition Law’ (Twitter, 30 April 2021) <https://twitter.com/vestager/status/1388071379094982659?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1388071379094982659%7Ctwgr%5E%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fwww.cnbc.com%2F2021%2F04%2F30%2Feusaysapplesappstorebreachescompetitionrules.html>accessed27May2022.

18 Farhad Manjoo, ‘The Apple Tax Is Rotten’ (NY Times, 26 May 2021) <www.nytimes.com/2021/05/26/opinion/apple app store fortnite lawsuit.html> accessed 27 May 2022

them to inform consumers on alternative subscription possibilities,17 in this way indirectly favouring its own services over its competitors.

24 StatcounterGS, ‘Mobile Operating System Market Share Worldwide’ (StatcounterGS, 1 July 2021) <https://gs.statcounter.com/os market share/mobile/worldwide> accessed 27 May 2022

27 Kif Leswing, ‘Apple’s “Monopoly Power” over iPhone App Distribution Gives It Outsized Profits, Antitrust Committee Says’ (CNBC, 6 October 2020)

The first step of the investigation process consists of assessing whether the undertaking is a dominant player on any given market. In order to evaluate this aspect, the Commission first defines the relevant product, temporal, and geographic market.20 In the case at hand, the product market has been found to be the market for the distribution of music streaming apps.21 As it concerns the temporal and geographic markets (i.e. the temporal and geographic area taken into account in which competition in the sale of products or services takes place), these are usually fixed unless in specific cases which provide otherwise and considered to be, accordingly, the whole year and the whole territory of the EU.22

21 Commission (n 16).

very robust, and that consequently there are high barriers to entry, as it is unlikely that a new entry will be successful on such market to a level that challenges the dominance of Apple’s iOS.28

25 Jerrold and Cicilline (n 8) 334.

Attention should also be paid to the case United Brands,29 which enshrines the significance of dominance, describing it as ‘a position of economic strength enjoyed by an undertaking which enables it to prevent effective competition on the relevant market by giving it the power to behave to an appreciable extent independently of its competitors, customers, and consumers.’30 As argued above, there are indeed insurmountable barriers for other undertakings wishing to enter this market, since Apple does not allow developers wishing to make their app available to iOS users to sell their app in any other way than through the App Store; it further strongly advises Apple users against the employing of any other platform to download apps.31

Apple: A Dominant Undertaking on the Market for the Distribution of Music Streaming Apps

In the case studied in this Section, the Commission found Apple to hold a position of dominance on the market for the distribution of music streaming apps, since the undertaking has the power to prevent effective competition on this market.32 Not only is Apple dominant on such market, in its preliminary conclusion, the Commission found that for developers, Apple’s App Store is the sole gateway to iOS users.33

1.2.1.

Commission, ‘Procedures in Article 102 Investigations’ (Commission, 2022) investigations_enpolicy.ec.europa.eu/antitrust/procedures/article<https://competition102>accessed27May2022

1.2.2. Apple in Abuse of Its Dominant Market Position

The holding of a dominant position is not per se problematic. To conclude that an undertaking is in breach of article 102 TFEU, an abuse of such <www.cnbc.com/2020/10/06/house antitrust subcommittee apple has monopoly power.html> accessed 27 May 2022 Jerrold and Cicilline (n 8) 334 Case 27/76 United Brands Company and United Brands Continentaal BV v Commission of the European Communities [1978] ECLI:EU:C:1978:22. ibid, para 65 Apple, ‘Building a Trusted Ecosystem for Millions of Apps’ (Apple, June 2021), MayEcosystem_for_Millions_of_Apps.pdf<www.apple.com/privacy/docs/Building_a_Trusted_>accessed272022 Commission (n 16). ibid.

26 StatcounterGS (n 24).

Subsequently, the Commission looks at the market share of the company, and gathers other information, such as the facility with which other undertakings can enter the market (i.e., whether there are any barriers on entry), the overall size and strength of the company and its resources.23 It is not surprising to hear that Apple has significant and durable market power. Its iOS mobile operating system is one of the two dominant mobile operating systems globally (alongside Google’s Android).24 Apple automatically installs iOS on all its mobile devices and does not authorise iOS users to make use of other mobile device manufacturers.25 Gathered data show that almost 30% of global mobile devices run on iOS.26 Apple’s market power is durable due to high switching costs, ecosystem lock in, and brand loyalty.27 From these considerations, it can be concluded that the company and its resources are

23 Commission (n 20).

22 ibid.

It could be argued that article 102(a) TFEU applies. This paragraph refers to behaviours deemed to be abuses as a consequence of ‘directly or indirectly imposing unfair purchase or selling prices or other unfair trading conditions.’ The author argues that it is the case here, since Apple indirectly (via the Apple tax) raises the costs for competing music streaming app developers, by imposing its 30% fee on earnings made by its rivals (e.g., Spotify) via the App Store, but not on its own. This self preferential treatment is wrong because of two main reasons. Firstly, it is anti competitive, as start ups wishing to enter this market are put in a disadvantageous position, having to pay such an unproportioned fee for the service provided in return by Apple, namely, assumingly, that of making the app available to iOS users via the App Store Secondly, this behaviour has a negative effect on iOS consumers, as these are being left with higher prices for their in app music subscription, due to the fact that the music streaming companies have to consider the 30% tax when proposing subscription prices, as well as less choices, since many businesses will not manage to survive these excessive conditions on the market 35

Google Search (Shopping) (Case AT.39740) Commission Decision of 26 June 2017 [2017].

41 ibid 1356

37 General Court of the European Union, ‘Press Release No 197/21’ (CJEU, 2021) 1 <https://curia.europa.eu/jcms/upload/docs/application/pdf/202111/cp210197en.pdf>accessed27May2022.

On the 27th of June 2017, the European Commission found Google in abuse of its dominant position on the market for online general search services. The reason for this finding was that the undertaking was favouring its own comparison shopping service, a specialised search service, over competing comparison shopping services.37 The Google Shopping case 38 can be compared with the case of Apple v Commission studied above when it comes to self preferential practices: whereas Google favoured its own services for shopping purposes, Apple favours its own services by forcing developers to use Apple’s IAP system, and prohibiting them to inform iOS consumers about cheaper options for subscription outside the App Store

1.2.3. A Brief Insight into the Google Shopping Case

The General Court did not catch the chance it had in the Google Shopping39 case to create a definition of a self preferencing conduct which qualifies as an abuse of dominance.40 In that case, article 102(c) was found to be applicable, which prohibits the application of ‘dissimilar conditions to equivalent transactions’,41 whereas the in the Apple v Commission the author argues for the applicability of article 102(a) or (b). Despite this, the author holds that the conducts of Apple and Google can be

There are also factors which would advocate for a violation of article 102(b) TFEU: this paragraph refers to abuses consisting of ‘limiting production, markets or technical development to the prejudice of consumers.’ The points tackled above when referring to article 102(a) TFEU can be mirrored here, to hold that (i) Apple limits the production of, for instance, other music streaming apps, which, starting with a limited capital available to them, cannot compete with the other (already integrated and powerful)

Google Search (Shopping) (Case AT.39740) Commission Decision of 26 June 2017 [2017]. ibid.

40 Elias Deutscher, ‘Google Shopping and the Quest for a Legal Test for Self Preferencing Under Article 102 TFEU’ (2021) 6(3) European Papers 1345, 1348 accessedshopping<www.europeanpapers.eu/en/europeanforum/googlequestforlegaltestforselfpreferencing>27May2022,1348.

34 Commission (n 20).

music streaming companies currently operating on the market; and that (ii) Apple’s practices limit the market, since the big tech prohibits developers to sell their app on any other platform than its own ultimately to the prejudice of the consumers that are being left higher prices and less choices One could think that the argument reasoned above holding that Apple’s practices ultimately harm consumers, is not substantiated by any evidence. To support the author’s claim, the Google Shopping case will be briefly discussed below 36

position must be found.34 Examples of practices deemed to be abuses are mentioned in subsections (a) to (d) of article 102 TFEU. More than one of these abuses could be argued to have occurred in the case that is being explored in this piece.

35 Commission (n 16).

1.2.4. Apple Makes Competitors Less Attractive

deemed similar to the extent that both fall under the notion of self preferencing practices.

In the Google Shopping42 case, the Commission reiterated that article 102 of the Treaty43 and article 54 of the EEA Agreement44 prohibit abusive practices which may cause damage to consumers directly, but also those which harm them indirectly through their impact on an effective competition structure.45 Based on this statement, the EC further maintained that Google’s conduct had the probable outcome of foreclosing competing comparison shopping services, which may have led to higher fees for merchants, higher prices for consumers, and ultimately less innovation 46 Finally, the Commission fined Google as the undertaking had be found to be distorting competition to the detriment of public interest, individual undertakings and consumers.47 Such reasoning can be mirrored in the Apple v Commission case, where the self preferential treatment of Apple can lead to less innovation due to the barriers to entry the big tech enforces, which ultimately harm consumers.

Google Search (Shopping) (Case AT.39740) Commission Decision of 26 June 2017 [2017].

43 Consolidated Version of the Treaty on European Union [2008] OJ C115/13 (TEU).

45 Google Search (Shopping) (Case AT.39740) Commission Decision of 26 June 2017 [2017], Recital 332

48 Commission (n 16)

that competition law is not designed to protect less efficient competitors.49 If the aim of competition law would have been that of protecting less efficient competitors, then the Commission would have criminalised the existence of a dominant position itself, as this creates ‘more efficient’ and ‘less efficient’ competitors. However, as seen in Section 1.2.2, the holding of a dominant position on a defined market is not problematic per se, its abuse is.50

The author wants to strengthen its claim by stating that the competitors that suffer as a result of Apple’s practices are not less attractive per se but are made less attractive by means of the imposition of the Apple tax and because they are left with no other choice than to accept such tax (when it comes to distribute their product to iOS users). Thus, despite the aim of competition law not being that of protecting less efficient consumer, in the Apple v Commission case, the element of Apple’s behaviour creating huge barriers to entry and making it very complex for competitors to survive the market (thus making competitors less efficient), shall not be overlooked.Also,

notwithstanding the fact that it is not EU competition law’s aim that of protecting ‘less efficient competitors’, it remains that a dominant undertaking, such as Apple in this case, has a special responsibility not to allow its behaviour to impair genuine, undistorted competition on the internal market.51 It does not seem that Apple is taking on this responsibility, since the imposition of the IAP alone may be thought of as an effective exclusionary mechanism which distorts competition, by means of which Apple exploits its role as App Store operator to make it harder for competitors to engage in the market, since they have to hand down a big part of their in app revenue as well as sensitive data to (one of) their major nemesis.52

44 Consolidated Version of the Agreement on the European Economic Area [2021] OJ L1

47 ibid, Recital 754.

Case 322/81 NV Nederlandsche Banden Industrie Michelin v Commission of the European Communities [1983] ECLI:EU:C:1983:313, para 57

It has been held above that Apple’s behaviour is anti competitive, as start ups wishing to enter this market are put in a disadvantageous position. 48 In relation to this statement, one might argue that the fact that Apple’s behaviour makes it challenging for young SMEs to enter the market does not play a role, given

Damien Geradin and Dimitrios Katsifis, ‘The Antitrust Case Against the Apple App Store’ (2020) TILEC Discussion Paper Series DP2020 03567 15ff

Now that it has been clarified how exactly Apple’s behaviour harms consumers, the focus will be shifted to another controversial statement the author made in Section 1.2.2. The next section will focus on whether the fact that Small Medium Enterprises (‘SMEs’) wishing to enter the market will likely be in a disadvantageous position plays any role in assessing Apple’s abuse.

Commission (n 20).

Radostina Parenti, ‘Competition Policy’ (European Parliament, October 2021) mpetition<www.europarl.europa.eu/factsheets/en/sheet/82/copolicy>accessed27May2022.

46 ibid, Recital 593.

Google Search (Shopping) (Case AT.39740) Commission Decision of 26 June 2017 [2017].

‘obliged to’ impose a 30% fee on developers and prohibit them to advertise cheaper options for subscription, then the conduct shall be justified.57

ibid.

Apple could argue that its conduct shall not be punished, as the positive effects it brought upon outweigh the negative ones. In fact, Apple could argue that protecting iOS users from viruses and making them navigate in a secure digital environment is its main aim, and if to achieve such aim Apple is

1.3.1. Possible Justification (A): The Fee Is Needed to Protect Consumers

1.3. Preliminary Ruling: Objective & Reasonable Justifications

As learnt above, Apple imposes its IAP on developers, by means of which it obliges them to use its own system for payment of app subscriptions, on which it charges a fee of 30%.55 According to the evidence gathered,56 it is likely that Apple will bring forward, as a justification for such fee, the protection of its consumers from possible malware.

Secondly, it is doubtful that Apple’s IAP system is the only way to secure a safe transaction, as there are other options provided by companies specialised in payment processing (e.g., PayPal), which are just as good, if not better in experience, functionality, and security.62

Article 102 TFEU does not allow for exemptions. However, according to article 263 TFEU, the decision adopted by the Commission is subject to legal review by the Court of Justice of the European Union.53 This means that Apple could respond to the preliminary ruling of the Commission with objective reasons justifying its behaviour. If Apple does not bring forward any justification, or the latter are not found to be objective or reasonable, the undertaking will ultimately be found to be in breach of article 102 TFEU 54

It may be interesting to add that in the Google Shopping case, 63 Google brought a similar justification to the one that has just been discussed above. The big tech relied on the allegedly pro competitive characteristics of its behaviour, stating that its self preferential conduct has ‘improved the quality of its search service and counterbalanced the exclusionary effect linked to it.’64 However, the General Court did not buy it and ruled out any objective justifications for Google’s conduct, ultimately confirming the

55 Apple (n 5). 56 Apple (n 31). 57 ibid.

Geradin and Katsifis (n 52) 29

After having established that Apple did abuse its dominant position on the market for music streaming apps and having gone through all possible controversial assumptions in reaching such conclusion, the next section will analyse what comes after concluding that an undertaking is preliminarily in violation of article 102 TFEU.

General Court of the European Union (n 37) 2.

53 Commission (n 20). 54 ibid.

Nick Statt, ‘Apple’s App Store Is Hosting Multimillion Dollar Scams, Says This iOS Developer’ (The Verge, 8 February 2021) <www.theverge.com/2021/2/8/22272849/apple app store scams ios fraud reviews ratings flicktype> accessed 27 May 2022.

Chance Miller, ‘Developer Exposes Multiple Scam Apps on the App Store, Some Bringing In Millions of Dollars In Revenue’ (9to5mac, 11 February 2021) <https://9to5mac.com/2021/02/11/app store scam apps how to spot/> accessed 27 May 2022. 59 ibid.

Two counter arguments for such justification have been identified by the author Firstly, there are reasons leading to the belief that Apple is not doing such a good job at keeping its consumers secure. Take for instance the KeyWatch scam:58 a developer made available on the market a barely performing app with a weekly subscription requirement, which the App Store showed as having plenty of ratings and reviews, deceiving iOS users into believing the app was offering a genuine service.59 These fake ratings and reviews rapidly pushed the scamming app to the top of the App Store search results, and before Apple became aware of the existence of the scam and ultimately removed it from its store, the app was continuing on scamming people for a revenue of three hundred thousand dollars a month.60 There have been several of these scams in the last years, for which Apple did not yet do anything concrete. 61

65 Mafalda Maia Braga, ‘Spotify vs. Apple: A Battle of Titans’ (Master thesis, Universidade Católica Portuguesa 2021) 102

Apple could also argue that the imposition of the fee is necessary to pay its various operating costs. However, this argument would not hold; selling apps via the App Store does not require the same kind of costs of a physical shop, such as infrastructure, personnel and storage.65 Apple’s ability to charge such an unreasonable fee is merely due to its ‘bottleneck position’, which makes other developers dependent on it to access consumers.66

DMA (n 1), art 6(1)(c). Laruche and de Streel (n 69) 547

Pierre Laruche and Alexandre de Streel, ‘The European Digital Markets Act: A Revolution Grounded on Traditions’ (2021) 12(7) Journal of European Competition Law & Practice 542, 547.

67 Broadbent (n 9) 4.

It is also worth mentioning that many of the purposes that underline the proposed Digital Markets Act derive from competition law cases that are still ongoing, where the competition authorities are still in the process of completing the files and confront the arguments of the defendants.69 The lengthy processes needed for deciding these cases and the controversial practices, which sometimes are hard to fit into the box of current competition laws, gave the EU competition authorities the impulse to work on the new competition tool that this section will scrutinise. For instance, there are multiple ongoing Apple App Store cases, of which three (Cases COMP/AT.40452, 40652 and 40716) are still in the investigation stage, and only the one studied in Section 1 of this article has progressed to a Statement of Objections. These cases have contributed to the drafting of e.g., article 6(1)(c) of the proposed act,70 which requires core platform services providers to ‘allow the installation and effective use of third party software applications.’71

2. A Transformative Change: The Digital Markets Act

2.1.2. DMA & Possible Discrimination

1.3.2. Possible Justification (B): The Fee Is Needed to Cover Operating Costs

2.1. Background

Thus, it would be hard for Apple to prove that the (i) imposition of the Apple tax and the (ii) prohibition imposed on developers to inform consumers of cheaper subscription options outside the IAP is reasonable or justified. Section 1 has provided the reader with the necessary means to understand the current environment surrounding digital markets. The next section will teleport the reader from the present to the future, in exploring an expected transformative change in competition law

2.1.1. Commission’s Realisation: A New Tool Is Needed

DMA (n 1), Recital 3

abuse of Google’s dominant position previously found by the Commission.

In the DMA Proposal, the EC argues that ‘gatekeepers’ (term which, for the purposes of this research piece, will be interchangeable with ‘tech giants’) ‘feature an ability to connect many business users with many end users through their services which, in turn, allows them to leverage their advantages.’68 The case of Apple v Commission App Store Practices (music streaming) was one of the cases which helped the European Competition authorities to recognise how currently, powerful tech giants are able to do what they deem, and that their behaviours, which distort competition, should be regulated.

The proposed DMA will not require the Commission to define a relevant market, establish dominance, and formulate a theory of harm (which can be very

Geradin and Katsifis (n 52) 7.

The European Commission is of the view that the rules currently in place have been mostly unsuccessful in addressing the systemic problems that large online platforms (‘LoPs’) allegedly bring upon.67 This realisation has taken the form of a proposed regulation: the Digital Markets Act.

legislators are taking back the reins and doing what is needed to ensure the existence of a fair digital market.

reflectionsban<https://policyreview.info/articles/news/towardsdiscriminatoryrankingsdigitalgatekeepersproposaldigital>accessed21May2022

77 DSA, ‘Digital Markets Act: The End of the Startup Runway?’ (Dutch Startup Association, 7 June 2021)

complex and lengthy in digital markets)72 : the list of “do’s” and “don’ts” proposed in the DMA would directly apply to gatekeepers providing CPS, for the mere reason that they can be defined as such.73 Targeting a specific group of undertakings because of their size and success in the European digital market instead of targeting them because of an identifiable wrongful conduct, could raise issues of discrimination.74 In fact, a bipartisan group of 30 U.S. lawmakers recently argued that the language of the proposed Digital Markets Act unfairly targets U.S. tech companies and is a de facto discrimination.75 The lawmakers then urged the U.S. President Joe Biden to push European leaders to revise the terminology used in the proposal. 76

78 DMA (n 1) 8

74 Broadbent (n 9) 18.

76 ibid.

It has been argued above that the currently used competition law tools are no longer suitable for dealing with big techs’ practices. This section will explore the reasons underlying that statement. One of the reasons for the inadequacy of current competition law derives from the fact that a gatekeeper may not have a dominant position and/or its practices may not be captured by article 102 TFEU, if there is no noticeable effect on competition within well defined markets.78

Another reason for the inadequacy of current competition laws lies in the fact that, as of now, the antitrust laws applicable in the EU are not time effective, being merely ex post. This results in players not being allowed to intervene with the rapidity that would be needed to address these behaviours, and in the conduct being sanctioned only after an infringement has occurred.79 More specifically, the Commission considers that (i) market failures resulting from barriers to entry are not necessarily attributable to an ambiguous conduct that could be investigated under current competition law;80 (ii) the unfair business practices of gatekeepers may escape EU competition law;81 (iii) certain remedial competition tools cannot adequately address the market failures related to gatekeepers;82 and (iv) the ongoing reviews of existing legislation will likely not alter the current state of things 83 It is for these 2022the_end_of_the_startup_runway<www.dutchstartupassociation.nl/digital_markets_act_>accessed18May.

75 Lauren Feiner, ‘Bipartisan Lawmakers Want Biden to Tell Europe to Stop “Unfairly” Targeting U.S. Tech Companies’ (CNBC, 23 February 2022) <www.cnbc.com/2022/02/23/lawmakers ask biden to tell eu to stop unfairly targeting us tech companies.html> accessed 27 May 2022

2.1.3. Reasons for Insufficiency of Current Competition Tools

80 Commission, ‘Impact Assessment Report accompanying the document ‘Proposal for a Regulation of the European Parliament and of the Council on contestable and fair markets in the digital sector (Digital Markets Act)’ SWD(2020) 363 final, para 120 ibid, para 121. ibid, para 122. ibid, para 123

72 Dennis Brouwer, ‘Towards a Ban of Discriminatory Rankings by Digital Gatekeepers? Reflections on the Proposal for a Digital Markets Act’ [2021] Internet Policy Review

Heiko Richter, ‘Digital Markets Act: New Rules for Tech Giants’ (Max Plank Institute for Innovation and Competition Miscellaneous’ Blog, 24 February 2022) <www.ip.mpg.de/en/research/research news/digital markets act new rules for tech giants.html> accessed 29 May 2022

Representatives of the European Commission have not yet responded to such allegations, so the author will provide her personal point of view in responding to the claims. The author holds that the DMA will not bring upon a de facto discrimination against U.S. companies to make European companies benefit. The proposed Act will rather make sure that these gigantic companies do not abuse their size and success in making European companies invisible to consumers. By means of the DMA, the EU will not ‘protect’ its European SMEs, nor favour them over U.S. companies. What the proposed Regulation will do is merely ensuring a level playing field, which currently does not exist, considering that, despite more than 10,000 companies operate in the European digital market,77 just a few of them control and indirectly regulate the market. Regulating the market should not be private companies’ task, but legislators’: that is why the EU

73 DMA (n 1), Recital 16.

The DMA proposal is directed to a number of ‘core platform services’ (CPS) which include, amongst others, online intermediation services (e.g., app stores). Providers of these CPS, according to the

92 ibid, Recital 10.

94 DMA (n 1), art 1(1) and Recital 10

proposal, can be considered to be ‘gatekeepers’ if they ‘(i) have a significant impact on the internal market, (ii) operate one or more important gateways to customers and (iii) enjoy or are expected to enjoy an entrenched and durable position in their operations ’90 The pertinent EU organs have identified several options to tackle the problematic behaviours of gatekeepers. The preferred option (Option 2) would consist of: (i) a list of CPS and a list of criteria to label providers of CPS as gatekeepers; and (ii) directly applicable obligations for gatekeepers, which can be updated after a relevant market investigation.91

2.2.2. Co-Operation between Ex Ante & Ex Post Competition Law Instruments

84 Broadbent (n 9) 2.

88 Commission (80) 279

reasons that the Commission has proposed in December 2020 the introduction of a new tool, aiming at limiting the market power held by LoPs acting as gatekeepers. If passed, the Digital Markets Act could have an impactful effect upon corporate techs and their business models which delivers digital services to 500 million Europeans.84 By means of the DMA, the Commission expects to alleviate the imbalance of power between the gatekeeping platforms and their users, to repel the claimed monopolistic trends of the former.85

By means of the Digital Markets Act, the Commission reiterates its core belief that there is a direct relationship between competition and innovation: more competition leads to more innovation.88 In fact, the proposed Act’s ultimate goal is that of ensuring once again a level playing field, in which the giants’ shadow does not entirely hide the existence of smaller players on the market.89

2.2.1. Objectives of the Proposal

86 DSA (n 77).

87 DMA (n 1) 1.

85 ibid 4.

This section will try to apply the proposed Digital Markets Act to the case of Apple v Commission studied in Section 1. The aim of this section is to show how things would differ in practice, if the Act would be

Laruche and de Streel (n 69) 545.

It is estimated that more than 10,000 companies operate in the European digital market 86 However, despite the large amount of (mostly) SMEs operating on this market, the ones with the biggest cut of the overall value generated can be counted on the fingers of one single hand. The Commission argues that, given their growing control of the digital environment, gatekeepers are seen as a threat due to their large size and access to data, and thus call for rules regulating their practices.87

91 ibid 10

93 Laruche and de Streel (n 69) 544.

The DMA Proposal sets out policy goals similar to those of traditional competition law, such as ‘contestability’,92 consisting of ensuring that markets remain open to new entrants, despite the presence of gatekeepers,93 and ‘fairness’,94 entailing absence of exploitative use of market power by the gatekeeper 95 Experts in the field have stressed that even with harsher ex ante rules coming into play, traditional antitrust enforcement on articles 101 and 102 TFEU will remain an important fallback 96 It is crucial to elucidate that the proposed ex ante new competition tool would operate together with the current competition instruments in order to avoid the risk of both under and over regulating digital gatekeepers.97

96 Digital Competition Expert Panel, ‘Unlocking Digital Competition’ (2019) Digital Competition Expert Panel Report Series PU2242 2.

97 Alfonso Lamadrid, ‘To Comment or Not to Comment on the Ex Ante Rules for Gatekeepers’ (Chillin’Competition, 6 October 2020) <https://chillingcompetition.com/2020/10/06/tocommentornottocommentontheexanterules for gatekeepers 9 other questions on the draft proposals/> accessed 27 May 2022

2.3. Application of the Proposed Act to the Apple Case

2.2. The DMA Proposal

90 ibid, art 3(1).

89 DMA (n 1) 10

Therefore, if the Act would have already been in place now, the case studied in Section 1 would likely already have been decided and archived. The practice of Apple imposing high commission fees on its rivals on the market and prohibiting them from informing consumers about alternative options for subscription would be part of Apple’s list of “don’ts”

Thus, the conclusion flowing from these considerations is that Apple is caught by the scope of the Digital Markets Act, as the other Cupertino tech giants (i.e., Microsoft, Meta, Google and Amazon) will be. An obligation that would be created by the Act, which is particularly relevant to the case analysed in Section 1 is that of prohibiting platforms such as Apple to develop self preferential practices, as for instance that of requiring developers to use Apple’s IAP system, or that of indirectly making iOS provided services cheaper (since Apple does not have to pay a 30% fee on its revenues, compared to its competitors marketing their apps on the App Store). These kinds of behaviours have already previously been identified as creating unsurmountable barriers to access the market for smaller competitors;99 however, the Digital Markets Act, if passed, would stop such uncompetitive behaviours from their origin making antitrust laws more efficient as tools to deal with recent digital practices.100

The Act is likely to pass in the first half of 2022, bringing with it time and effort saving solutions to deal with the giants of today’s digital world, and most importantly, ensuring finally once again a level playing field, so that emerging competitors do not get suppressed by an unfair market 102 This will be achieved by setting up rules of conducts that guarantee fair competition on a fair market in the digital sector 103

Firstly, it has to be established whether or not Apple provides a core platform service. Apple does provide an online intermediation service, which is a CPS, namely its App Store. The second aspect that has to be considered is whether the company is a gatekeeper, according to the meaning given to it by the proposed Act. The big tech has such an important position on the market that its App Store is considered to be the sole gateway to iOS users.98 Also, with its first device launched in 1976 and being one of the most successful companies in the world, it can be easily concluded that the company enjoys a durable position on their operations.

3. Conclusion

With the purpose of reaching an answer to the research question, in Section 1, the case of Apple v Commission has been studied, and it has been illustrated how current competition rules do not 102

101 Amaro and Bishop (n 5)

passed, when it comes to dealing with gatekeepers’ anti competitive behaviours

99 Google Search (Shopping) (Case AT.39740) Commission Decision of 26 June 2017 [2017], art 1. 100 Richter (n 79).

first Section of this discussion, a general introduction to the topic has been given. Firstly, the author has illustrated how dependent we, as consumers, are on digital platforms. Secondly, a summary of the current situation surrounding digital markets has been provided. This has been done in order to ensure that the reader has sufficient knowledge of the topic, before diving into the substantial part of the essay.

This research contribution aimed at illustrating and criticising the current digital market environment, ultimately showing how such landscape is about to be radically changed. In the introduction to this piece, the author proposed a research question, namely, ‘to what extent will the proposed Digital Markets Act change the digital platforms environment when it comes to big techs abusing their dominant market position?’ As it has been demonstrated in the sections presented in this essay, the proposed Act is expected to bring upon many significant changes and improvementsInthe

DMA (n 1) 10. 103 Commission, ‘Digital Markets Act (DMA)’ (Commission, 21 May 2022) policy/sectors/ict/dma_en<https://ec.europa.eu/competition>accessed27May2022.

integrated into the Digital Markets Act. The behaviour could then, according to the Act, be punished with a fine of up to 10% of Apple’s worldwide annual turnover.101

98 Commission (n 16).

109

Hendrik Viaene and others, ‘Digital Markets Act Now Firmly On Its Way’ (McDermott Will & Emery, 31 March 2022) <www.mwe.com/insights/digital markets act now firmly on its way > accessed 27 May 2022.

provide legislators with adequate instruments to accomplish their goal of effectively dealing with anti competitive behaviour of tech giants. Numerous businesses described how dominant players such as Apple exploit their supremacy to dictate terms to which no one would normally unconditionally agree to.104 However, the current lack of competition on the market makes market participants dependent on these powerful gatekeepers. This dependency causes the market participants economic harm but it is as of now necessary, as it is ‘the cost of doing business’, due to the lack of options.105 Yet, the big tech is not a legislator, and its role should not be that of setting rules. That is why Section 2 dives into the Digital Markets Act, a proposal for a new ex ante competition instrument which, used in combination with current ex post tools will ensure finally once again a level playing field in the digital markets’ environment.106

The considerations above deliver a final answer to the research question outlined in the Introduction. The Digital Markets Act, if passed, will re shape the digital markets environment into a fairer place for every player taking part in it, ultimately ensuring Europe is fit for the digital age.109

104 Geradin and Katsifis (n 52) 3. 105 Nadler and Cicilline (n 8) 11 106 Commission (n 103).

of benefits for consumers, which will be faced with more choices and lower prices.

Lastly, this research contribution is limited to the extent that it is based on the assumption that the Digital Markets Act will indeed pass and take the form of a Regulation. Thus, as a suggestion for further research, the author proposes a study on what the actual impact of the DMA will be, once in place It would be relevant and interesting to read how, after some time of existence of such transformative Act, the situation surrounding digital markets and tech giants evolves, and hopefully, improves itself in order to guarantee a fair environment for all participants.

107 DMA (n 1) 10. 108 Commission (80), para 279

Section 2 illustrated that, for instance, if the proposed ex ante tool would be in place by now, the case studied in Section 1 of Apple v Commission would have likely already been archived. The proposed tool will help better regulate the digital platforms environment by introducing a definite list of conducts that can be accepted on a fair market, and a list of conduct that will be outlawed from their origin.107

This proposed instrument, if passed, will be (i) time efficient, as the existing process, involving a preliminary ruling followed by the undertaking bringing upon justifications for its conduct will be skipped, if the allegedly anti competitive practice is included in the list of “don’ts ” The Act will also lead to (ii) more competition, as the removal of the barriers to entry by means of the proposed act will allow more undertakings to enter the market with their own products. This is consequently expected to lead to (iii) more innovation, because of the direct link between competition and innovation (more competition leads to more innovation, according to the Commission).108 The ultimate outcome of more competition and more innovation comes in the shape