Legal framework for influencers in Germany, the United Kingdom and the United States

The COVID-19 pandemic has hit the brand ambassador and influencer industry in different ways. Social media engagement is up. Screen times have increased. Advertising campaigns of brand ambassadors for organizations and influencers might have been adjusted. Self-quarantining audiences have different demands. With the strong trust from their followers, influencers on social media channels such as Facebook, Instagram or Twitter still have a power that pays off.

Our recent client alert gives an updated overview of the legal framework that applies to influencers when posting content with promotional character in Germany, the United Kingdom and the United States.

Monetary Authority of Singapore publishes a “Consultation Paper on a Proposed New Omnibus Act for the Financial Sector”

The Monetary Authority of Singapore (MAS) published a “Consultation Paper on a Proposed New Omnibus Act for the Financial Sector” (the CP) on July 21, 2020. The CP sets out proposals relating to the expansion of supervisory powers by the MAS in a range of important areas, including (among others) additional powers to take enforcement action against individuals, to apply new licensing requirements to certain types of virtual asset service provider (VASP), and to impose technology risk management (TRM) requirements. The consultation is therefore likely to receive significant attention from the financial services industry. The CP also has far-reaching implications for the overall structure of the Singapore financial services regulatory framework.

Read more about consultation in our client alert.

Interested parties must respond to the consultation by August 20, 2020. Should you wish to discuss any aspects of the consultation or require assistance with your feedback to the MAS, please reach out to any of the team below, or to your usual Reed Smith contact.

 

Reed Smith LLP is licensed to operate as a foreign law practice in Singapore under the name and style, Reed Smith Pte Ltd (hereafter collectively, “Reed Smith”). Where advice on Singapore law is required, we will refer the matter to and work with Reed Smith’s Formal Law Alliance partner in Singapore, Resource Law LLC, where necessary.

Highest German Court invalidates Section 113 of the German Telecommunications Act and abandons service providers’ obligation to grant authorities access to subscriber data

On May 27, 2020, the German Federal Constitutional Court invalidated section 113 of the German Telecommunications Act (TKG) and several accompanying federal law provisions for non-compliance with the German Constitution (case nos. 1 BvR 1873/13 and 1 BvR 2618/13). On July 17, 2020, the Federal Constitutional Court published the fully reasoned judgment as well as a press release outlining the Federal Constitutional Court’s key considerations (press release no. 61/2020 of July 17, 2020, available in German and English).

Background

Section 113 TKG enables German security authorities to request from providers of telecommunications services access to personal customer data linked to the conclusion or performance of a telecommunication services contract (Subscriber Data). Subscriber Data includes information such as a subscriber’s name, date of birth, telephone number, address, bank details, login data, or an IP-address assigned at a certain point of time. By contrast, data relating to the use of telecommunications services (so-called traffic data) is not covered by section 113 TKG. Continue Reading

U.S. Supreme Court clarifies trademark rights for “.com “ trademarks

Recently in a landmark decision, United States PTO v. Booking.com B.V. the U.S. Supreme Court clarified certain trademark rights for “.com.” There, the High Court ruled 8-1 that Booking.com, a popular online travel reservation agency, could register its company name – BOOKING.COM – as a trademark. In doing so, the Supreme Court struck down the U.S. Patent and Trademark Office’s (USPTO) “per se” rule, which rendered nearly all combinations of a generic name and a domain name extension, such as “.com,” as generic and ineligible for trademark registration. The decision was a victory for Booking.com, given that the USPTO had previously rejected the company’s four trademark applications, finding the marks to be generic. This ruling provides more opportunity to protect brands and marks through trademark protection for companies that have generic term combinations.

Read more about this judgement in our client alert.

Schrems II: It is not all bad news for international data transfers

The Court of Justice of the European Union (CJEU) handed down its judgment on a case brought by privacy rights activist, Max Schrems (C-311/18, Data Protection Commissioner v. Facebook Ireland Limited, Maximillian Schrems) (Schrems II) yesterday, July 16, 2020. The case concerned the transfer of personal data to recipients in the United States via the EU Commission standard contractual clauses (SCCs) and questioned the validity of the EU-U.S. Privacy Shield (Privacy Shield). The ruling affects not just transfers of personal data from the EU to the United States, it also applies to all transfers of personal data from the EU to countries outside the EEA.

Read more about this judgement in our client alert.

Get your Update on IT & Data Protection Law in our Newsletter (Summer 2020 Edition)

The Summer 2020 Edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released:

English version

German version

In this edition we cover the following topics:

  1. Access rights vs. data backup
  2. Cookie update: Planet49 and cookie walls
  3. Double opt-in required under GDPR
  4. Update on influencer advertisement
  5. German Supreme Court: on how company reviews and ratings are presented on review platforms
  6. ECJ: details of alternative dispute resolution entity must be provided in general terms and conditions of consumer contracts
  7. Metadata also constitutes trade secrets
  8. ECHR: blocking of entire websites violates freedom of expression

The newsletter also includes multiple recommendations for reading of publications of the European Data Protection Board and the German data protection authorities as well as on the ePrivacy Regulation and the Platform-to-Business Regulation.

We hope you enjoy reading it.

CCPA enforcement letters sent; Supervising Deputy Attorney General offers insight

Although the California Consumer Privacy Act (CCPA) went into effect on January 1, 2020, the California Attorney General (AG) was not authorized to begin enforcement until July 1, 2020.  With the pandemic and the delay in finalizing the regulations, it was unclear how or when AG enforcement would begin.  Any such confusion can be dispelled, because California’s Supervising Deputy AG, Stacey Schesser, has confirmed that initial compliance notice letters have been sent.

In a keynote presentation with the International Association of Privacy Professionals, Schesser offered an important window into the AG’s planned – and existing – enforcement efforts.  Most notably, as mentioned above, on July 1, 2020, the AG sent out initial letters to allegedly noncompliant businesses.  Although the letters themselves remain confidential, Schesser provided some insight into their substance:

  • They targeted multiple industries and business sectors.
  • They focused on businesses that operated online and were missing either key privacy disclosures or a “Do Not Sell” link (where AG thought one was necessary).
  • The targets of the letters were identified based, at least in part, on consumer complaints, including complaints made using social media.

Continue Reading

Changes coming to Singapore’s data protection law

It has been eight years since the enactment of Singapore’s comprehensive data protection law, the Personal Data Protection Act 2012 (PDPA).

On May 14, 2020, a public consultation paper and accompanying Personal Data Protection (Amendment) Bill (Amendment Bill) were published, to solicit feedback on several proposed revisions to the PDPA.

The proposed changes are significant. Key amendments include:

  1. Increased financial penalties for contraventions of the PDPA
  2. Mandatory data breach notification
  3. Revised consent framework
  4. New data portability obligation
  5. Enhanced rules on telemarketing and spam

Continue Reading

Legally blown: Reese Witherspoon and her fashion line face breach of contract and privacy class action over ‘free dress’ giveaway

Hollywood movie star Reese Witherspoon and her clothing line, Draper James, LLC, have found themselves the subjects of a public relations debacle, and now, a class action after running a promotion for teachers gone horribly wrong.

In April, Draper James ran an Instagram promotion to recognize and thank teachers for their work during the COVID-19 pandemic. The April 2, 2020 promotion post stated: “Dear Teachers: We want to say thank you. During quarantine we see you working harder than ever to educate our children. To show our gratitude, Draper James would like to give teachers a free dress.”

The Instagram post went on to provide further details of the promotion, including that to “apply”, teachers needed to fill out a form  with their name and work email addresses, a photo of their school IDs, the grade level and subjects they teach, as well as their school name and state. In exchange for providing what the teachers alleged to be “sensitive personal, employment information,” teachers thought they would receive a free dress from the brand. While the Instagram post did caveat in a parenthetical that the offer was “valid while supplies last – winners will be notified on Tuesday April 7th” the post did not disclose that only 250 teachers would receive a free dress. The lawsuit claims that the “vague illusory comment” was insufficient to place a reasonable consumer on notice that that this was a sweepstakes or that the brand would “only be making an unreasonably limited number of products available under this offer.” Continue Reading

Notice and consent requirements for security footage and biometric data collection

It is natural for businesses to be concerned about the security of their premises and to explore new technologies that can help mitigate health and safety risks related to that security. As retailers get back to business in the United States, the laws implicating biometrics and the increase in use cases for biometric technologies have caused these businesses to refocus their data collection points. One such use case that merits special attention, specifically in the context of reopening businesses after COVID-19 precautionary closures, is the information collected via security footage (also receiving attention as a result of recent protests). Our recent client alert discusses whether data collection via security footage possibly qualifies as “biometric identifiers” or “biometric information” under various state laws that implicate the topic, and whether notice and consent are necessary to collect and use that footage.

LexBlog