Clifford Chance

Central Bank Digital Currencies

Back in April, we summarised central bank digital currencies (CBDCs) in the following terms:

Money in the real economy consists of credit claims on commercial banks: your account balance is the debt owed to you by the bank. That debt is not risk-free: there is a possibility that the bank will go bust before you can realise your claim. Under a fully fledged retail CBDC model, it would be as if individuals held 'accounts' directly with a central bank, making their balance as near as possible to risk-free. 'Accounts' would be a misnomer, however, since digital currency holders would be in the same position as holders of paper banknotes, owning a direct claim on the central bank of issue. Transfers of CBDCs could also occur in real time, consigning overnight interbank settlement of credit claims (and associated risks) to the annals of history.

We have since released a new briefing on CBDCs, in which we cover differing approaches across authorities globally. The People's Bank of China is diving in with pilot CBDC programmes at selected retailers in some cities, like New World Daimaru department store in Shanghai. At the other end of the pool, the UK is dipping its toes with a CBDC Taskforce set up in April and a consultation on a Bank of England discussion paper, while the U.S. is yet to consult the public at all. The Eurozone is somewhere in the middle, with the European Central Bank (ECB) already determining key principles for the digital Euro such as convertibility at par. The ECB's Governing Council will decide on whether to open an investigation phase next month.

Non-Fungible Tokens

2021 has been the year of the non-fungible token (NFT). The acronym reached new prominence following the $69.3m sale of a digital artwork by the artist Beeple at a Christie's auction in February. Since then, NFTs have blossomed everywhere, from cat memes to Premier League titles.

So how do they work? As explained in our client briefing, when someone mints an NFT, they create a unique digital file using distributed ledger technology, corresponding to an underlying digital or physical asset. Once minted, NFTs cannot be edited or deleted, and can be viewed publicly and freely traded with verifiable security of exclusive ownership and transaction traceability. The system thus offers many of the benefits of a public register, with the further advantages of decentralisation and transparency.

For NFTs, the legal frameworks are still in their developmental stages. NFT holders usually hold no rights in relation to the underlying asset, and some jurisdictions may not even recognise the NFT as proof of title to the digital file. Any rights that are recognised are limited: the original creator of the underlying asset will retain copyright in the asset, enabling them to make and distribute additional copies even against the wishes of the NFT holder.

While few states have introduced NFT-specific regulation, recent laws governing cryptoassets generally may catch NFTs as well. In Germany, NFTs may count as cryptoassets, which are regulated financial instruments under the German Banking Act, triggering licence requirements for NFT-related services. Equally, under the UK's Money Laundering Regulations, there may be registration requirements for those who exchange or arrange the exchange of NFTs for money or other cryptoassets. China's strict rules on cryptoassets (banned for many banks and payment services) may also extend to NFTs. By contrast, they are unlikely to be caught by the United Arab Emirates' new Crypto Asset Regulations, since this addresses assets tradeable through a digital assets exchange, a rarity for NFTs as unique goods. Our client briefing offers a deep dive across twelve jurisdictions.

Cybercrimes and cybersecurity in South Africa

Last month, South Africa introduced the Cybercrimes and Cybersecurity Act (CCA). Under the new law, communications service providers and financial institutions must report cybersecurity breaches to the police within 72 hours of becoming aware of the breach. They must also preserve any information which may be of assistance in the investigation.

On the cybercrimes side, the CCA also criminalises origination or sharing of harmful content. For instance, if a South African reposts content on Facebook inciting violence, she may be committing an offence under the new legislation. The same is true of forwarding illicit messages, such as intimate images without the depicted person's consent, on private messaging services like WhatsApp. The CCA also criminalises cyber fraud, extortion, forgery and the theft of incorporeal property. Non-compliance is a criminal offence, punishable by large fines and prison sentences of up to 15 years.

Privacy in South Africa

The Protection of Personal Information Act (POPIA), South Africa's GDPR, took full effect on 1 July 2021. However, in advance of that commencement date, the Information Regulator gave notice of delayed deadlines for registration of Information Officers and for notification of activities in respect of which prior authorisation is required. See our April edition for a quick summary of POPIA, and how it shapes up in comparison with GDPR.

Digital currency in Nigeria

The Central Bank of Nigeria (CBN) is considering launching a central bank digital currency (CBDC) by the end of 2021, according to reports. Initially the model is likely to be retail only, with a view to complementing cash and streamlining remittances into the country. The CBN has already begun looking at architectural, accessibility and privacy issues in relation to the CBDC proposal.

In previous editions we have kept an eye on Nigeria's crackdown on banks dealing in cryptocurrencies. Nigeria's stance on crypto in part reflects a fear that it may lose control of its domestic currency, the Naira, which has slid by 30% to the pound since 2017. That same fear has driven young Nigerians to ditch the Naira in favour of crypto – the bank ban has not stopped Nigerians holding cryptocurrency outright, and has fuelled peer-to-peer cryptocurrency trading services, like Paxful. The CBN may well have concluded that the best way to prevent a spiral is to innovate, but only time will tell whether a CBDC will reverse the flight to crypto.

Telecoms in Nigeria

At the same time, technological advances have prompted a sweeping review of the telecoms industry by the Nigerian Communications Commission (NCC). A revised framework will be developed based upon the review and consultations with industry stakeholders.

We also reported last month on the NCC's suspension of 5G implementation, driven by public health concerns. That suspension has since been lifted, and the NCC has formed a committee to determine the conditions under which the auction of spectrum in the 3.5GHz 5G band will be conducted.

Antitrust in New York

On 7 June, the New York State Senate voted for sweeping antitrust reforms with a view to curbing Big Tech. As we report in our client briefing, some of the changes heralded by the Twenty-First Century Anti-Trust Act are controversial: for instance, evidence of pro-competitive effects will not be permitted to rebut a finding of abuse of a dominant position. That change is even more significant given the broad definitions of "abuse" and "dominant position" under the proposed Act. These provisions may oblige firms to do business with other firms if a failure to do so "unnecessarily exclude[s] or handicap[s] actual or potential competitors", establishing brand new limitations on firms' freedom to deal.

The Act also creates low reporting thresholds for pre-merger notifications in New York, addresses non-compete clauses in employment contracts, and includes monopsonies alongside existing monopolies regulation. The Act was delivered to the State Assembly, and, if passed there (in a special session convened to vote on the bill), will go on for signature by Governor Andrew Cuomo.

Antitrust in the U.S.

At a federal level, the House Judiciary Committee advanced half a dozen bills on antitrust in late June, including an act to increase filing fees on large mergers, from a maximum of $250,000 to $2,250,000, and to increase funding to the Department of Justice Antitrust Division. Other proposals include requirements for platforms to facilitate switching to third parties, prohibitions on certain acquisitions by dominant online platforms, and restrictions on platforms engaging in self-preferencing. The next step will be for the full House of Representatives to take a vote, following which successful bills will move on to the Senate. For more details, see our client briefing.

Meanwhile, Judge Boasberg recently ruled in favour of Facebook's motion to dismiss antitrust cases brought by the Federal Trade Commission (FTC) and a group of state attorneys general. The cases sought to unwind Facebook's acquisitions of WhatsApp and Instagram. The judge dismissed the FTC complaint without prejudice, citing a failure to demonstrate that Facebook has monopoly power in the personal social networking market. The FTC has until late July to re-file its complaint and provide additional facts to establish its case for a Facebook monopoly. The judge dismissed the case of the state attorneys general, who may appeal that decision.

Data in China

In last month's edition, we referred to the extraterritorial effect of China's Data Security Law (DSL), and its tiered approach to categories of data by importance. Recent developments in the drafting of the DSL have brought these two pieces together: there are restrictions on the export of 'important' China-sourced data at the request of (non-Chinese) enforcement authorities. This covers the scenario where e.g. a Chinese subsidiary is required to send China-sourced data to its non-Chinese parent company in compliance with a court order. The circumstances under which such data exports will be permitted after 1 September 2021, the DSL effective date, are yet to be defined: for now, it is clear that early consultation with competent local authorities is advisable.

Cryptocurrency in China

For several years, China has had rules in place restricting the use of cryptocurrencies. A 2017 ban prohibited banks and payment services firms from offering crypto accounts or retail trading, among other activities. Now, since late May of this year, the crackdown has been extended to other services, including exchange between cryptocurrency and fiat, or use of cryptocurrency as a means of payment and settlement. An announcement on the official website of the People's Bank of China (PBOC) in late June describes recent meetings with financial institutions, in which the PBOC urged them to enhance internal monitoring of suspected cryptocurrency trading activity. The timing of this recent intervention likely reflects growing Chinese interest in Bitcoin and other cryptocurrencies following their bull run earlier this year.

EU-UK data flows

The European Commission has formally adopted data adequacy decisions in relation to the UK, enabling data flows from the EU to the UK to continue after the temporary regime lapsed on 30 June 2021. This was the final step in what was a fairly arduous process, with the European Parliament and European Data Protection Board (EDPB) both voicing concerns about UK exemptions in the fields of national security and immigration. The Commission argued it had imposed "strong safeguards in case of future divergence" by the UK, including a sunset clause requiring the decisions to be renewed in four years' time.

EU-U.S. Trade and Technology

On the occasion of U.S. President Joe Biden's first visit to Brussels since becoming President, the EU and U.S. announced the launch of a new joint Trade and Technology Council (TTC). The TTC will meet periodically to help coordination between the two blocs on a range of issues. It will be co-chaired by EU Competition Commissioner, Margrethe Vestager; EU Trade Commissioner, Valdis Dombrovskis; U.S. Secretary of State, Antony Blinken; U.S. Secretary of Commerce, Gina Raimondo; and U.S. Trade Representative, Katherine Tai.

The TTC will set up a number of working groups, covering topics such as standards (in relation for example to AI and the Internet of Things), climate and green tech, supply chain issues including in relation to semiconductors, data governance and investment screening.

In parallel, the EU and the U.S. set up a Joint Technology Competition Policy Dialogue that will focus on developing common approaches and strengthening the cooperation on competition policy and enforcement in the tech sector.

Market tipping in Germany

If you're looking to rent or buy German property, chances are you're on one of two websites: Immowelt or ImmoScout. These real estate intermediation platforms appear to have an estimated joint market share of 85%, ImmoScout clearly being the larger of the pair. With a view to extending its lead, ImmoScout introduced its 'list first rebate' earlier this year. The idea was that real estate agents would earn a rebate if they list properties exclusively on ImmoScout for the first seven days. In response, Immowelt sought an injunction on ImmoScout's rebate, invoking a new German competition rule known as the 'tipping prohibition'.

Under this rule, a court may restrain conduct if it is carried out by a platform with superior market power, to restrict the ability of rival platforms from generating stand-alone network effects, causing a serious risk of tipping the market. In this case, the Berlin court agreed with Immowelt that the rebate fell foul of the tipping prohibition, and issued an injunction in April. As we observe in our briefing, this marks the first successful application of the rule in Germany.

The tipping prohibition signals a shift in competition policy in Europe. Traditional abuse of dominance legislation is post hoc, and often subject to lengthy time horizons. This new approach seeks to ensure that competitive markets stay competitive, by allowing intervention in markets before the dominance threshold is reached. Where market tipping is concerned, Germans have taken the view that a stitch in time saves nine.

Digital in the United Arab Emirates

Dubai has established a new regulator, covering information technology, data, smart and digital transformation, and information security. The Dubai Digital Authority will have its own enforcement and policy-development powers, alongside a more general mandate to drive the digital transformation of the government. Sheikh Mohammed bin Rashid al Maktoum, the Prime Minister of the UAE, gave the following statement: "Our goal behind the establishment of the Dubai Digital Authority is to achieve social and economic benefits … our digital economy is currently worth AED100 billion and we aim to double the contribution of the digital sector within two years."