Clifford Chance

Telecoms: Kenya raises minimum domestic shareholding to 30% by 2024

Since 2008, Kenya has had rules in place to enforce higher domestic equity participation in licensed telecoms companies. As of April 2021, the minimum domestic equity requirement has risen from 20% to 30%, with compliance required by 2024. Airtel Kenya, the second largest telco in the country, is one of several major players likely to be affected by the change. They will need to contemplate equity placements to local buyers or partial listing on the Nairobi Securities Exchange in order to comply with the new rules.

While there are several motivations behind the policy, it reflects in part a global change in attitude towards foreign direct investment (FDI). FDI screening regimes are emerging across Europe and beyond on national security grounds, with government approval required wherever critical national infrastructure, including telecoms, is at stake.

Telecoms: Nigeria lifts SIM card ban

Over the last four months, Nigeria suspended the sale and activation of SIM cards. This was to allow time to complete a full audit of the national subscriber registration database. The Government was concerned by the amount of pre-registered SIMs in issue, given the role these can play in facilitating criminal activities. The audit has now been completed, allowing Nigerians to resume purchase of SIM cards subject to strict new registration requirements.

Privacy: South Africa prepares for enforcement of POPIA

With the countdown to South Africa's GDPR-style Protection of Personal Information Act (POPIA) firmly underway (see last month's edition), the national regulator has made a number of moves. A draft guidance note has been published in relation to information officers, who will begin their formal registration process from 1 May. The regulator has clarified that applications to seek prior authorisation for data processing activities will not oblige responsible parties to cease their processing for now (though they will need to cease activities in the absence of authorisation by 1 July 2021, POPIA's date of application). The regulator has also issued its first notice under POPIA in relation to transborder processing of personal data in the credit sector. Seven weeks and counting…

Antitrust: The Trust-Busting Act and subcommittee hearings

In the United States, there is continued focus on antitrust, with recent proposals for new federal legislation. Senator Hawley introduced several new bills, including the Trust-Busting for the Twenty-First Century Act. Among other provisions, the Act would ban all mergers and acquisitions by companies with a market cap over $100 billion and adjust legal standards to allow agencies to break up dominant firms more easily.

Hearings have also continued with the Senate Judiciary Committee Subcommittee on Competition Policy, Antitrust, and Consumer Rights holding a hearing on app stores. Google and Apple testified and faced allegations from other companies, including Spotify, Tile, and the Match Group. For some of the disputes in this space, see our article on the European Commission challenge to Apple under 'Europe' below.

Artificial Intelligence: Federal Trade Commission to enforce fair use of AI

The Federal Trade Commission (FTC) has published a blog post announcing its intention to take enforcement action on AI (see our briefing here). While the FTC lacks a general mandate to do so, it points to multiple statutory authorities providing a basis for specific interventions, including in AI systems which are racially biased or which allow for discriminatory allocation of credit. Earlier this year, the FTC reached a settlement agreement with Everalbum on a complaint regarding racial bias in its facial recognition algorithm (see our briefing on that case here). This recent announcement suggests that further AI enforcement action is on the way, albeit within the limited remit of the existing legislation.

Beyond enforcement, the FTC post offers guidance in the form of best practice recommendations in AI. The guidance addresses issues including transparency, selection of data, and advertisement of AI capabilities. 

Antitrust in China: Record fine for Alibaba

In last month's edition, we commented that a record fine for abuse of market dominance was on the cards for Chinese ecommerce marketplace Alibaba. One month later, the fine has been issued and the record well and truly broken. We answer four key questions below.

How much? The fine came to $2.8 billion, almost triple the previous highest record of $975 million. That amounts to 4% of the company's 2019 domestic revenue.

What next? Alibaba played a straight bat in response, issuing an unreserved apology and committing to future compliance. In particular, it will reduce business costs faced by merchants and will put paid to its 'choose one of two' platform policy (discussed in our January edition).

Where's Jack? Notable in his silence is Jack Ma, Alibaba's founder. He has a history of criticising China's financial regulators, but after calling them an 'old people's club' last October he has largely withdrawn from public life. In light of these tensions, some sources suggest that he will give up his stake in Ant Group, an affiliate company of Alibaba.

Who else? The Alibaba fine is likely a sign of things to come. In late April, thirteen of China's largest tech companies were called to meetings with regulators to 'rectify prominent problems' on their platforms.

Artificial intelligence in the EU: Commission proposes new rules

On 21 April 2021, the European Commission released the long-awaited Proposal for a Regulation on artificial intelligence (AI), confirming its role and ambition as a pioneer in the regulation of tech. Here are three takeaways.

First, the legislation follows a risk-based approach around four categories of AI systems. At the top level, there are systems which use 'unacceptable' practices, including manipulation by subliminal techniques. Such practices are generally prohibited. Then come 'high-risk' AI systems. They are at the very core of the proposed Regulation, and are subject to various requirements and specific obligations. There are also specific duties for certain AI systems deemed to present more 'limited risks' but nonetheless requiring increased transparency (e.g. regarding chatbots or 'deep fakes'). The final category, 'minimal risk', refers to all other AI systems. These are currently outside the scope of the new rules.

Second, there is a focus on data and bias in high-risk AI systems. In particular, where datasets are used to train models, the Proposal requires the dataset to be relevant, representative, free of errors and complete. The strictness with which this is policed, particularly the error-free requirement, remains to be determined.

Third, GDPR is a good mental model for scope and penalties. The territorial scope is broad and will also apply to non-EU users and providers in some cases, capturing AI systems used and placed within the EU, or output used in the EU.  That would mean a 'Brussels effect' in AI regulation globally, possibly at GDPR proportions. AI vendors and users globally are therefore paying attention, as the proposal could fundamentally impact how they design, use and market AI products. Penalties may exceed GDPR levels, with fines of up to 6% of total global annual turnover (or EUR 30m, whichever the higher) in the most serious cases.

The Commission has launched an eight week public consultation on the proposal, with feedback to be shared with the Parliament and Council who are now responsible for debating and adopting the new rules. That process could take anything between 18 and 24 months, or longer, with an additional period before the rules come into effect.

Antitrust in the EU: Commission challenges Apple on App Store rules

The European Commission has launched its first offensive in its ongoing investigation of Apple's App Store rules, announcing it has presented Apple with its Statement of Objections (SO) on 30 April. The SO comes in the context of wider measures to address market practices of the Big Tech 'gatekeepers', including prospective legislative changes under the Digital Markets Act (see last month's edition).

This SO relates only to App Store rules for music streaming providers, which compete with Apple's own Apple Music, and there are two rules in particular under the microscope. The first, in the Commission's description, imposes a mandatory requirement to use Apple's in-app purchase system (IAP) to distribute paid digital content. That is, selling digital goods on the App Store for businesses like Spotify is contingent on subscription fees being funnelled through the IAP, where Apple charges a 30% commission on every transaction. The second point concerns what the Commission describes as 'anti-steering provisions', which is to say, rules preventing streaming services from informing users of alternative purchasing channels. Those alternative channels tend to be cheaper, so the Commission argues that the practice results in many Apple customers paying higher prices.

Margrethe Vestager, Executive Vice President of the European Commission, has emphasised that this case is not Spotify versus Apple. She has pointed to a wide ecosystem of music streaming services, including Deezer, SoundCloud and others, which the Commission has provisionally found to be impacted by Apple's practices.

The issue of an SO is a formal step in Commission antitrust investigations. In it, the Commission establishes a preliminary case against the recipient, identifying the practices it considers are in breach of EU antitrust rules. The recipient then has a period in which to produce a response to these preliminary charges (12 weeks in Apple's case), and may request an oral hearing. The Commission takes the ultimate decision in respect of breach of antitrust rules, and may issue fines and other penalties at the conclusion of the investigation in addition to requiring the defendant to cease their anti-competitive conduct. Decisions are then subject to appeal to the General Court of the EU, either at the instance of the defendant, or of third parties.

Data flows between EU-UK: EDPB issues opinion

The European Data Protection Board (EDPB) has issued (nonbinding) opinions on the European Commission's draft adequacy decisions regarding the protection of personal data in the UK.

The EDPB notes that as a former EU member state, the UK regime has many aspects that are 'essentially equivalent' but adds that 'the UK Government has indicated its intention to develop separate and independent policies in data protection with a possible will to diverge from EU data protection law.' It therefore invites the Commission 'to closely monitor such evolutions from the entry into force of its adequacy decisions'.  The EDPB also expressed concern about the carveout in UK laws for immigrants' data, onward transfers of EU data from the UK to third countries, the potential for backdoor access to EU personal data, and the UK's surveillance measures.

The EU-UK Trade and Cooperation Agreement (TCA) included an interim regime for data flows which expires on 30 June 2021, effectively acting as a deadline for the adoption of an adequacy decision. The last remaining hurdle for the adequacy decisions is a green light from member states. Once formally adopted, the decisions will be valid for four years and can be renewed if the level of protection in the UK continues to be considered 'adequate'.

Regulators in the UK: The Digital Markets Unit and Digital Regulation Cooperation Forum

Change is in the air among the UK tech regulators. One major shift has been the launch of the Digital Markets Unit (DMU) within the Competition and Markets Authority (CMA). The body currently exists in 'shadow form' only, with formal powers unlikely to be awarded before 2022. Once up and running however, the DMU will be able to designate digital businesses as having 'strategic market status', and impose codes of conduct on such businesses, alongside other pro-competitive powers of intervention. For more information, consult our briefing.

Meanwhile, the CMA, Ofcom and the Information Commissioner's Office have linked arms to produce a joint report on their work in digital. The regulators, together the Digital Regulation Cooperation Forum (DRCF), have indicated how they intend to collaborate on issues such as information sharing, consultation and cooperation duties, and accountability. The DRCF also lends its support for a Government mechanism to provide input on strategic priorities in digital services and platforms. 

Blockchain in the UAE: Dubai begins pilot security token offering

A UAE delegation at the World Economic Forum's Global Technology Governance Summit discussed a tokenisation pilot scheme led by the Dubai Centre for the Fourth Industrial Revolution. The pilot scheme focuses on asset tokenisation, i.e. digital tokens representing financial assets like shares, or non-financial assets like real estate. The stated (dual) purpose of the scheme is to provide financial support for SMEs and to provide a more standardised and accessible approach to funding generally. The UAE Minister of Economy has said that the pilot, and prospective wider rollout of the technology, will be a key strategic objective for the country's post-Covid recovery.