PROJECTS

The story around the American Innovation and Choice Online Act

If you follow the political development in the USA in recent years, you can see a deep split in the political landscape between the Republicans on the one and the Democrats on the other hand. It seems almost impossible to imagine how these two parties, which are fighting each other on all levels, could pass a united law. In the last week of January 2022, the U.S. Senate Judiciary Subcommittee passed the American Innovation and Choice Online Act bill by a majority of 16 to 9, with votes from both the Democrats and Republicans.

This bill is one of several legislative initiatives which wants the U.S. Congress to limit the power of dominant IT companies. These legislative measures were triggered by an investigation by the U.S. House of Representatives into the business practices of so-called “gatekeepers” and their impact on competition.

What is the regulatory content of the American Innovation and Choice Online Act?

This legislative initiative specifies that companies above a certain size may no longer give preferential treatment to their own offerings, e.g., competitors may not be arbitrarily denied access to trading platforms. It is also to be prohibited to use non-public data that accumulates when using their services, for example, to launch a similar product on the market and then favor it over others in search results or recommendations.

Intense Lobby-battle until the end

Many small IT companies urged the members of parliament to adopt the law. For example, search engine operator DuckDuckGo, browser manufacturer Brave and the anonymization project TOR had pointed out in an open letter that the large Internet corporations were using their gatekeeper status in the market to the disadvantage of open competition, consumer interests and to block innovation.

With immense effort from the lobby departments of the large companies concerned, they tried to the very end to make the vote fail.

Google, for example, argues that the law would endanger the technological leadership of the USA, as well as the security and the privacy of its users.

Amazon warns of collateral damage that would affect small and medium-sized businesses, as well as consumers.

Apple CEO Tim Cook, on the other hand, is said to have personally picked up the phone to lobby lawmakers. None of this has had any effect. Despite serious misgivings, Californian senators, who are traditionally hostile to legal intervention in Silicon Valley, voted in favor of the law. Five Republicans also joined the bipartisan initiative.

The end of unlimited opportunities for Internet corporations?

The four big tech companies: Google, Amazon, Facebook and Apple have been able to profit from a largely unregulated landscape in recent decades. The political realization that drastic changes in the law are urgently needed in view of the considerable dangers to free competition, consumer protection interests and the safeguarding of innovations seems to be slowly maturing here. This is also and especially necessary to ensure that the respective state sovereignty against these international monopolies does not deteriorate any further.

In this context, the almost simultaneous legislative initiative of the EU on the European Digital Markets Act (Digital Services Act), which contains similar regulations, should also be mentioned. More on this in my next Shout-Out.

CDU/CSU and SPD argue about implementation of EU directive

At least since Edward Snowden’s spectacular revelations about the NSA’s spying practices, everyone knows what a whistleblower is.

Whistleblower usually accept a very high personal risk and repressions in order to point out significant abuses and violations of rights within their field of activity to make them public.

This usually results in termination of the respective employment without notice. This has also always been confirmed as permissible by the labor courts due to the lack of mutual trust between employer and employee, which is necessary for any employment relationship – and which is precisely what is made clear by the whistleblowing to third parties or the public.

On the other hand, there is a considerable public and social interest in ensuring that violations of the law are made public, punished and prosecuted, also and especially in companies.

This does not happen if the employee always has to expect termination or other repression.

The EU Directive on the protection of persons who report violations of Union law of 23.10. 2019.

The so-called Whistle-blower-Directive provides the protection of persons who report violations of Union law in certain areas – for example, when it comes to public procurement, financial services, product safety, transport safety, environmental protection, food, public health, consumer and data protection.

This directive would actually have to be implemented by the German government by December 17th, 2021, as part of its obligations under the EU agreements. In addition, the Committee of Ministers of the Council of Europe had already established principles for national regulations on whistle-blower protection in 2014. The United Nations Convention against Corruption, which Germany ratified in 2014, also calls on member states to take appropriate measures.

International pressure is therefore high. Effective protection for Whistle-blower should be standard practice!

Where is the problem for the disagreement between CDU/CSU and SPD?

The main point of disagreement between these parties is whether Whistle-blower should only be protected when it comes to violations of EU law or also when it comes to violations of German law.

The SPD wants to disclose violations of both European and German law. “Because otherwise, anyone who reports a violation of European data protection regulations would be protected, but anyone who points out bribe payments, tax evasion or violations of German environmental or occupational safety regulations would not be protected. “

However, the CDU/CSU would like to grant whistle-blower protection only for violations of EU law, because otherwise the requirements of the EU directive would be implemented in an excessive manner.

Particularly in the current pandemic situation, many companies are struggling for their existence and should not have any additional obstacles put in their way by further administrative burden and regulations.

It is doubtful whether a legal regulation will be passed in this legislative period, although this would logically lead to violation of contract proceedings by the EU against the Federal Republic of Germany.

Whistle-blower could also refer directly to the EU directive

However, if the implementation period expires without a corresponding law, employees could also directly rely on the EU Directive.

If, for example, the employee is terminated after receiving a tip, he or she could refer to the EU directive as a protective law – and the termination could be unlawful.

Most recently, for example, the case of a female employee caused a stir with a video from the canteen of the Tönnies slaughterhouse showing people sitting close together at lunch – in the middle of the corona pandemic.

The woman defended herself against her summary dismissal at the Bielefeld District Court, where a settlement was finally reached. In the future, courts may be more likely to rule in favour of Whistle-blower – especially since they must interpret German law in a way that implements EU law as effectively as possible.

What does that actually mean and what is it all about?

The Diem Association, formerly Libra, co-founded by Facebook, is pursuing the mission of developing an Internet of money. A global currency and financial infrastructure for billions of people. The European Central Bank and the Bank of China are also looking at introducing a digital currency to complement cash.

This development raises a host of legal questions. What is money? When is money a currency? Is digital money compatible with Union law as an alternative currency to euro cash?

What is money?

In the advanced civilizations of Asia, coinage made of gold, silver or copper was already being used as a means of payment long before Christ, before the introduction of paper money detached the value of money from its intrinsic value. With the further spread of paper money, a banking system emerged in Germany in which cash as book money was increasingly dematerialized. This led to the development of a cashless payment system. Current developments are now aimed at further increasing digitization and internationalization of the monetary system. Blockchain technology promises to enable faster payments at low fees and thus represents a new level of innovation in the monetary system.

In economic terms, money is an asset that serves as a medium of exchange, a unit of account and a store of value, whereby money is always a means of payment, but means of payment do not always necessarily have to be money.

When is money a currency?

In the abstract, a currency is the monetary system of one or more states, and in concrete terms it is a means of payment recognized by the state and determined by law. Against this background, it becomes clear that bitcoin, for example, is neither money nor currency, since there is already no central issuer. Only if the European Central Bank were to introduce a blockchain-based central bank money – such as an e-euro – would one have money in the legal sense and could represent an additional design form of a currency.

Is digital money compatible with Union law as an alternative currency to euro cash?

The future of payments

Under this definition, the development of private blockchain-based means of payment – such as Facebook’s planned Diem – would not strictly speaking be a currency in the legal sense. However, it has the potential to trigger profound changes in payments. These blockchain-based payment methods are very different in detail. The respective requirements in terms of different scopes and purposes of use differ significantly. For example, Facebook requires a Facebook account to use Diem, which significantly limits its use.

The European Parliament and Council Regulation “on Markets in Cryptoassets, and amending Directive (EU) 2019/1937” published in September 2020 describes a digital finance strategy, legislative proposals on cryptoassets and digital resilience for a competitive EU financial sector. The purpose of this is to ensure that interpretive authority is settled vis-à-vis both regulators and market developments as to how these new means of payment should be classified and valued. This can provide consumers with access to innovative financial products while ensuring consumer protection and financial stability. The regulation addresses issuers of cryptocurrencies, utility tokens, stablecoins as well as e-money tokens. Reference is made to providers such as PayPal or the European Payments Initiative of 16 major European banks, which aim to further develop cashless, digital payments.

Conclusion:

The future of money faces an extremely dynamic development that could usher in a turning point in the history of money. In my opinion, it would certainly be advisable for policymakers and the general public to approach these new developments with an open mind and not to block innovations here prematurely due to national egoisms. The future of money has only just begun.

Excessive monitoring and performance checks of employees due to the use of products from U.S. IT corporations are increasingly leading to unlawful restrictions on employee rights and violations of applicable data protection regulations in Germany as well.

While Microsoft responded early to concerns about questionable functions in Office 365, authorities objected to Amazon’s use of certain software. Microsoft had added an additional analysis function called “Workspace Analytics” to its “Microsoft 365” software package in an update. This made it possible to calculate a productivity score for individual employees. This value includes, for example, information on how many e-mails or messenger messages the individual employees send each day or how often they save files in the Microsoft Cloud or share these data with external persons. Also technical details, such as the use of slower conventional hard disks instead of the faster SSD. Data on the length of time webcams are activated during video conferences is also recorded here.
However, Microsoft backed down and improved the update accordingly after data protectors intervened. The Productivity Score will then only be available in summarized form at company level, so that it will no longer be possible to draw direct conclusions about individual employees.
Amazon’s reaction, however, is different. The data protection commissioner of Lower Saxony has expressly prohibited Amazon from using controversial monitoring and performance control software.
With the help of the software, every scanning process that employees perform when storing or removing products is automatically transferred to the foremen’s devices and displayed there. This enables them to monitor each individual work step in real time and, for example, to recognize directly if an employee briefly interrupts his usual work rhythm. This comprehensive data is also used to create detailed employee profiles. Amazon sees no problem at all in the use of the performance monitoring software and will not accept the authority’s decision.

In my opinion, this legal opinion does not correspond to the fundamental legal templates of the GDPR. A data protection impact assessment required when using this software according to Art. 35 GDPR would certainly confirm this. After all, the necessity and proportionality of the use of this software in relation to the purpose, the risks to the rights and freedoms of the data subjects must be assessed. This software is thus tantamount to total surveillance, which certainly contradicts the fundamental idea of Article 1 of the German constitutional Law, and thus an essential aspect of the core of the fundamental right to informational self-determination.

On December 9, 2020, the EU Commission intends to announce a series of new planned competition and antitrust regulations to improve the control of technology groups, particularly the major Internet platforms.

In a report published on November 19, 2020, the EU Court of Auditors also urges the improvement of corresponding EU regulations. In particular, the report criticizes the fact that two antitrust proceedings against Internet platforms already exist under current law, but that enforcement here leaves much to be desired.

Although the EU Commission has opened antitrust proceedings against Google, these have been still pending before the European Court of Justice for more than three years without a decision.

Already a few weeks ago, the contents of the planned new EU regulations – the so-called Digital Services Act – were leaked, so I would like to give you a short list of the intended regulations in the following

1. Exclusive use of data

Large online platforms could be banned under the EU Digital Services Act from using collected User Data if it is not made available to smaller platforms. The activities of so-called “gatekeeper” platforms such as Google, Amazon and Facebook will be discussed in particular. These large corporations have a disproportionately high degree of economic power and control over the online world and can therefore participate in deciding “at the gate” who may enter the market.

According to the new regulation, gatekeepers are only allowed to use data

• which is produced on the platform itself

• or which are generated and collected on other services of the donors

for their own commercial purposes if it is also made available to other commercial users.

2. Rankings

Furthermore, online search engines are to be prohibited from displaying their own services preferentially and in an exposed position. This regulation represents a considerable tightening of the previous EU regulation from July 2019. In this regulation, search engines were only obliged to make it clear and transparent if they give preference to their own products and services.

3. Freedom of choice and Pre-installation

Equally, e-commerce giants will be prohibited in the future from restricting the ability of business users to offer the same goods and services to consumers under different conditions through other online intermediary services. It will also be prohibited for large companies to pre-install only their own apps on hardware systems. It must also be possible for consumers to uninstall applications that have already been pre-installed by the manufacturer.

4. Einführung einer sogenannten „Grauen Liste“

Furthermore, the EU Commission intends to introduce a so-called “grey list” of activities that the executive considers unfair and which may therefore require increased supervision by a competent authority in the future. According to this list, the platform giants are not allowed to prevent third parties from accessing essential information about customers and are instructed not to collect personal data beyond what is necessary to provide their services.

It ultimately remains to be seen in what concrete form the EU Commission will now present these regulations in December 2020. However, it can certainly be expected that intensive lobbying by the major Internet groups, as has already happened several times in the past, will result in some changes and public discussion before the final adoption. It remains – as so often in life – thus further exciting.

In its latest decision the European Court of Justice declares the Privacy-Shield-Agreement to be ineffective. Essentially, it justifies this on the basis of US security laws, which grant the authorities extensive access to data of EU citizens without significant restrictions and without judicial control being possible.

At the same time, the European Court of Justice also decided on the standard data protection clauses by which a data importer in a third country gives a contractual assurance to a European company that data transmitted to it will be processed in accordance with EU data protection standards.

In principle, these standards should continue to apply, as long as the laws of the destination country allow the data recipient to comply with these data protection clauses. Since companies in the USA are legally obliged to make their data available to state authorities on a large scale, the European data protection authorities are obliged to suspend or prohibit the transfer of data based on these data protection clauses in such countries.

This has a major practical impact on the international exchange of data!

Data transfers to the USA are now in breach of data protection laws if they are made exclusively on the basis of a Privacy Shield certification. This covers not only transfers to contract processors, i.e. Cloud Service Providers, but also those within a group or to business partners for whom at least part of the data processing is performed in the USA.

The use of software tools where at least part of the data processing takes place in the USA as well as the internal data flows to US Group companies have to be checked.

The European Court of Justice indicates that this is not an adequate level of protection in the USA due to the uncontrolled monitoring powers of the security authorities.

The only data that remains allowed is that which is necessary for the performance of a contract or for the implementation of pre-contractual measures with the person concerned. Communication with American customers or hotel bookings in the USA are still allowed.

Equally not directly affected is the use of US service providers if the service is provided entirely in European data centers. This is now the case with large hosting and cloud providers (e.g. Amazon Cloud) from the USA, for example, as they have server locations in Europe.

In practice, therefore, the only way forward for the time being is to use standard data protection clauses which ensure a certain degree of legal certainty. In addition, however, there is certainly still a great deal of uncertainty regarding the additional examination of the level of data protection in the country of the data recipient, which is still necessary.

It therefore remains to be seen how other data protection authorities in Germany and the EU position themselves on the question of the legally compliant use of standard contractual clauses for data transfers to the USA. A renewed attempt to establish a follow-up regulation to the Privacy Shield would be a conceivable option.

However, this agreement would have to include significant restrictions of the American security laws and an expansion of the legal protection options for EU citizens. This does not seem very promising. The USA will not change its security laws because of EU data protection concerns!

As a result, in practice, there is no choice but to await further action from the European Commission and recommendations from data protection authorities. Announcements to this effect have already been made by both the European Commission and the European Data Protection Committee (EDSA). So, unfortunately, as so often we have to wait and see…

Again, and again we read or hear: “The ECJ has decided” or “[…] the ECJ has today in its decision strengthened the rights of consumers in the EU” or something similar.

The questions that come to mind are in such a case:

• What legal effect does the decision have for me as a citizen of the FRG or any other member state?
• Must all courts in the Eu-states now base their decisions on this verdict?
• What function and legal effects do ECJ rulings actually have?

For this purpose, let us first consider the original competences of the ECJ?

1. The ECJ is responsible within the EU for all findings of EU treaty violations by Member States.
   This means that the ECJ makes legally binding decisions on whether a state has violated EU treaties. For instance, in the case of the ancillary copyright law for press publishers introduced by the Federal Republic of Germany into its Copyright Act legislation.
   For example: In this case, the FRG violated EU treaty law with the consequence that these rules of the German Copyright Act legislation are invalid! (If a matter is to be regulated by an EU directive – as here – then a member state cannot simply make its own national regulation!)
   
   
2. The ECJ is also responsible for the questions whether a state has violated the human rights of an EU citizen as laid down in the EU Human Rights Convention by its actions. Here, too, a judgment of the ECJ immediately leads to the ineffectiveness of the member state’s actions or its applied regulations!
   For example: The FRG had to change its custody regulations after the father of an illegitimate child, who paid alimony and insisted on his right of contact filed his case at the ECJ. According to the legal situation at that time, the mother could prohibit him the right of contact in principle. The father had lost before all German courts, including the German Constitutional Court. Or the case of the law student from Vienna named Schremp , who saw his EU human rights affected by the practice at the time – based on the Safe Harbor Agreement – of exchanging personal data between the EU and the USA. In this case, the decision of the ECJ led to the immediate invalidity of the Safe Harbor Agreement and therefore to the immediate illegality of the entire exchange of data between the USA and Europe.

But what happens now in cases where national supreme courts, such as the Federal Supreme Courts, appeal to the ECJ?

This only happens in cases where the decision of the national court has to be based on the interpretation of a standard which has originated in an EU directive. Here there is a declared political will to ensure uniform legal practice in Europe in the interpretation of EU directives. How does this happen now? Well, if the ECJ has to decide a case involving a corresponding standard, it makes a so-called referral order to the ECJ with questions on the interpretation of the standard.

This court examines the questions presented in the light of expert opinions and answers them in the form of a decision.

This is now the decision of the ECJ, of which we read in the media!

This decision goes back to the national court, which now has two options:

• It agrees with the opinion of the ECJ and decides its case on the basis of this interpretation.

Or

• It does not agree with the interpretation and decides otherwise.

The result is that the ECJ is not legally binding in relation to the national courts, as the highest instance at the EU level.

The autonomy of the national courts is not affected, so that this also applies here: Only in the constellations mentioned in 1. and 2. does the ECJ have binding effects and powers in relation to the Member States and their citizens. In all other legal matters, the national autonomy and independence of the courts remains.

In my seminars on copyright law I have come across this question again and again in the recent months. The occasion was the discussion about the new EU Copyright Directive, which was decided on in the summer of 2019 with a lot of excitement in public.

Keywords were upload – filter and direct liability of platform operators for copyright violations by their users.

The Main focus of the directive is the Europe-wide introduction of ancillary copyright for press publishers and the establishment of direct liability of the platform operators. Both are already applicable law in the FRG.

But what legal binding effect does an EU directive have?

It is important to know that an EU directive comes into being in the so-called TRILOG procedure at EU level, i.e. with the participation of the three institutions of the EU:

1. The EU Council, i.e. the assembly of the heads of governments of the EU Member States. This also convenes at ministerial level. The EU Council is the political leadership of the EU and the principle of unanimity applies. This is also the reason why the EU cannot take any political decisions currently, because I almost no political question unanimity can be reached.
2. The EU Parliament, which is larger than any national parliament and directly elected.
3. The EU Commission as the administrative arm of the EU, which is basically responsible for ensuring uniform economic conditions in the EU and has been given extensive powers in this regard.

So how does the TRILOG procedure typically work?

The EU Council decides that in one area, e.g. data retention, it makes sense to install a uniform Europe-wide regulation. The Council then instructs the EU Commission to prepare a corresponding directive.

The EU Commission then develops the proposal for an EU directive with the participation and consultation of the associations and lobbyists concerned and then submits it to the EU Parliament for the first vote.

In the EU Parliament, this blueprint is then supplemented, amended and expanded and, after the conclusion of the parliamentary discussion, is put to the first vote.

This version is then submitted to the EU Council for final examination. The Council can make deletions and amendments and must then vote again.

The version modified in this way is then put back to the EU Parliament for the 2nd vote. The EU Parliament must then vote, without being able to change the content of the directive in any way.

If this vote is positive, then it is finally there the final EU directive!

What does that mean for us now?

According to the EU Agreements, this directive is now not directly applicable in the Member States as binding law, but merely triggers the obligation of the Member States to incorporate this directive into their respective national law.

This means that each state must now start its national legislative procedure and incorporate the directive into its national law, e.g. the Copyright Act. Unfortunately, there is no guarantee that this will actually be implemented! The EU can only impose penalties if a state does not implement the directive within a period of 3 – 5 years.

No EU head of state risks political problems “at home” just to implement an EU directive. It should not surprise us that especially the FRG does not implement all EU – directives into national law!

So, in the result you have to state that an EU – directive will never be directly legally binding for a citizen of a member state!

Disclaimer: All of the following Statements are based on the German Law.

Over and over again you can see in job advertisements or during the preparation for a job interview that the company advertising the job points out that they unfortunately cannot cover the costs for the job interview. This raises the question: How do I as an applicant deal with this situation? There is hardly any other legal question on which the German courts are as unanimous as on this question.

According to § 670 BGB the inviting company has to cover the costs!

Why?

Well, of course § 670 BGB does not say anything directly about the costs of introduction but § 670 BGB says:

If, for the purpose of executing an order for the principal, which is solely in the interest of the principal and the agent hasn´t been explicitly ordered to do so , the agent incurs expenses which he may consider necessary under the circumstances, the principal  is obliged to pay compensation.

This means that if someone does something for someone else, without a specific order, he must be refunded the expenses made. The only condition is that the transaction is carried out exclusively or at least predominantly in the interest of the other (the principal) and that the person carrying out the transaction has not acted only in his own interest.

Here is a typical example for §670 BGB: Your neighbour goes to the Caribbean for diving and is also not reachable by telephone. Then a pipe burst occurs in his apartment. As a responsible neighbour you take care and hire a plumber and you also have other expenses. As you are the contractual partner of the plumber, you also have to pay him. But don’t worry according to § 670 BGB you only have to wait until your neighbour is back from his holiday safely and then he has to give you a refund of all costs. Regardless of whether he wants to or not. These expenses are only in his interest and not in your own.

Now back to the topic. This is exactly how the courts assess the interests at a job interview. The courts are of the opinion that it is in the exclusive or at least predominant interest of the inviting company to improve its business processes with qualified employees and therefore ultimately increase its profit.
But Caution: If I am informed before the journey to the interview that the costs will not be covered and I go to the interview anyway as an applicant, then this is a legally valid waiver of my claim under § 670BGB.

PRACTICE TIP:

1. the question of costs should never be asked by the applicant during the preparation for the interview, but simply lay out the costs and drive to the interview.
2. only when the final refusal comes, these costs are then claimed.
3. claims arising from § 670 BGB will only become statute-barred after 3 years. So, time enough!

Now my personal point of view: I can’t understand why companies with high staff turnover or filling simple mini-jobs are charging applicants with these costs for an interview. For companies these costs are a marginal expense. However, these costs are a heavy burden for the individual applicant who is in an economic emergency situation, as he may need a new job or want to develop further. He may have to go through several interviews and these costs always represent a much higher proportion of his available income than for the inviting company.