Washington in Review - June 7, 2019

Summertime, and the living is ... not easy if you’re trying to keep up with the slew of policy and regulatory developments happening in Washington and across the globe. With more talks of tariffs, the White House is still playing “deal or no deal” with USMCA. The House Judiciary Committee announced its large-scale antitrust investigation of big tech. Several states have recently updated their breach notification laws, and GDPR celebrates its first birthday. We cover these issues and more in this week’s edition of the WiRe. 

Want our Strategic Policy Advisory team to take a look at other topics? Let us know in the comments!

One Step Forward… Two Steps Back for USMCA, as Tariff Threat Looms 

On the heels of an agreement with Canada and Mexico to remove steel and aluminum tariffs, President Trump announced tariffs on all products entering the US from Mexico. The tariffs, effective June 10 unless Mexico does more to stem the flow of migrants traveling into the US through Mexico from Central America, will begin at 5% and increase by an additional 5 % each month until capping at 25% on October 1, 2019. The administration has yet to provide the legal basis for the tariffs, but press reports indicate that the government is relying on the International Emergency Economic Powers Act (IEEPA), which is triggered by an emergency declaration. The announcement was criticized by both Republican and Democratic lawmakers, as well as threats of retaliation by Mexico. Mexican officials are meeting with the administration to avert the tariffs, though it’s uncertain whether the two sides will reach an agreement by the deadline.

What does it mean?

• We expect these tariffs to be challenged in the courts as well as by members of Congress as several have questioned whether IEEPA gives the president the legal authority to use import restrictions or duties.
• These latest developments further complicate the path forward for the USMCA, just as the ratification process has begun in Canada, Mexico, and the US. Read previous editions of the WiRe to learn more about additional hurdles to passing the USMCA.
• Given supply-chain interconnectivity across the two economies, companies need to quickly analyze the potential impact to their bottom line. They should also strategically reassess their international operations and supply chain to weather potential negative impacts, such as rising costs, shifting trade flows, and redirected foreign investment. 
• Explore our content to examine how global trade affects your company and how our professionals can assist in managing regulatory trade risk.

Big Tech Caught in Antitrust Crosshairs of Congress, the FTC, and DOJ 

On June 3, the House Judiciary Committee announced a sweeping antitrust investigation of the nation’s largest tech companies amid concerns that their unrivaled market power is suppressing competition in digital markets. The announcement came shortly after federal antitrust regulators, the Department of Justice (DOJ) and the Federal Trade Commission (FTC) began considering a probe of tech industry giants. The bipartisan investigation will examine whether big tech companies are engaging in anti-competitive behaviors by stifling or acquiring smaller rivals, and whether they have market dominance in the industry. The committee will also assess the efficacy of current antitrust laws in regulating big tech companies to determine whether existing antitrust laws have helped foster competition. 

What does it mean?

• With Congress and federal regulators sharply focused on antitrust in the tech industry, large tech companies should expect the DoJ and FTC to more aggressively scrutinize transactions and launch investigations into potential violations. Companies operating in this industry should tread carefully with any mergers and acquisitions that stand to substantially lessen competition in the tech sector.
• If findings show current antitrust laws are ineffective and ill-suited to adequately regulate big tech companies, we could see attempts to modify federal antitrust laws.  

These Tariffs are Going to Cost You! 

The latest tariffs on Chinese goods will cost the average household more than $800 more per year, according to a newly published study from the New York Federal Reserve Board. As tariffs escalate, companies will be more likely to switch to inputs and goods manufactured elsewhere, leading to higher prices for consumers without the concurrent “benefit” of collecting tariffs on the Chinese goods, the study concludes.

What does it mean?

• Consumers will continue facing the effects of tariffs on Chinese goods, although the cost burden will be distributed across the many products they buy day-to-day.
• Companies should continue to analyze the impact of tariffs, on Chinese manufactured goods, as well as on Mexico and other countries, and continue to advocate for pro-business tariff measures on the Hill and with the federal government.

Summer Breach Season

Several states recently updated their breach notification laws, increasing the number of categories of data to which the notification requirements apply, and revising breach reporting standards.

• Arkansas’ update expands the definition of “personal information” (PI) and requires the state attorney general to be notified when a breach involves the PI of more than 1,000 individuals. The statute’s definition of PI now includes “biometric data” -- any unique biological characteristics of an individual used to identity authentication. Amendments to the Arkansas law take effect July 23, 2019.  
• Updates in New Jersey require state businesses, and state and local entities to notify state residents of any breach involving a broadened definition of PI, which includes “user name, email address, or any other account holder identifying information, in combination with any password or security question and answer” that would permit access to an online account. The amendment takes effect September 1, 2019.
• Texas is considering legislation that would require the person or entity that owns or licenses compromised data to notify the state attorney general if a breach involves the PI of 250 or more state residents. The bill awaits the governor’s signature. 
• Updates in Washington State expand the definition of PI to require notification to individuals involved in breaches when the individual’s name is accessed in combination with a number of data elements, including full date of birth, a private key that is unique to an individual and used to authenticate or sign an electronic record, and biometric data (which is defined the same as in Arkansas). The amendments take effect March 1, 2020.

What does it mean?

• Companies conducting business in these states should update their security incident response plans to ensure that their data breach notification procedures comply with the updated requirements.
• Companies should stay abreast of updates to data breach notification laws to ensure continuing compliance.

Blockchain and Shipping, a Match Made in Heaven 

Two more global shipping firms joined a blockchain initiative driven by another major shipping company and a technology firm. The blockchain solution provides for greater transparency and information for shippers and the customers that utilize them, allowing for more precise information as to where goods are stored and located and what is in each container.

What does it mean?

• The majority of the world’s shipping firms (by volume) have signed on to the blockchain initiative, marking a new change in how these businesses conduct their operations and adapt to the modern economy.
• Blockchain continues to evolve and be utilized by firms in new and innovative ways that are both more practical and readily adopted than cryptocurrency, once again proving the usefulness of distributed ledgers.

Is the Internet Free? The Senate Hears Both Sides of the Argument  

On May 21, the Senate Judiciary Committee held a hearing titled Understanding the Digital Advertising Ecosystem and the Impact of Data Privacy and Competition Policy. Senators questioned witnesses about the impact of personalized marketing on data privacy and competition, and whether effects could be addressed through federal privacy legislation or antitrust reform. The impact of emerging tech capable of greater personalization in targeted advertising, and how to give US consumers “real choices” about how their data is used, were among the key themes. Consumers have exchanged control of their information for internet services perceived as “free,” without realizing how extensively their information is shared and used for commercial purposes, witnesses said. 

What does it mean?

• Adtech and internet companies should evaluate their online privacy practices related to consent and transparency, as federal interest in the issue continues to grow, and states like Maine and California have proposed strict online consent laws. 
• Senators probed the potential of antitrust reform. Witnesses said that antitrust law doesn’t effectively protect internet consumers from data use practices of big tech, due to the pricing metric used to identify harmful effects to consumers. Impacted companies should engage in the legislative dialogue and monitor evolving consumer expectations in this area. 

As Senate Clicks on Ads, States Reply “STOP” to Online Data Collection

As the Senate considered digital advertising, states moved to pass strict internet laws that would go into effect in 2019 and 2020. The Maine legislature passed an online privacy act preventing ISPs from selling, disclosing, or using consumer browsing history and other personal data, e.g., geolocation, without consent. The CCPA regulates ISPs and big tech, but currently requires only opt-out and specific requests not to share data. Nevada’s SB-220 lets consumers opt out of the sale of personal information. Although more limited than the CCPA, the law takes effect October, 2019.

What does it mean?

• Federal legislation in this area remains under debate. However, state internet regulation is gaining traction and the Nevada bill dramatically shortens the compliance timeframe. So ISPs, telecoms and tech companies should prepare for the possibility of a patchwork of internet consent regulations. 
• Online consent rules vary, but the focus is on giving individuals real means of control. For example, Maine bans discounts in exchange for personal information. Impacted companies should assess current alternatives for consent and opt-in/opt-out capabilities.

A Brave New (Privacy) World: GDPR Celebrates First Birthday

The GDPR hit its one-year milestone on May 25. This week, the WiRe rounds up the key takeaways. Companies and privacy organizations greeted the anniversary by conveying the sense that it may take years to understand GDPR’s full impact. However, GDPR already has had unprecedented impact on privacy and international law — claiming extraterritorial jurisdiction and implementing a global principles-based framework. In practice, GDPR has forced companies to undertake risk analyses for all stages of data processing, assess cross-border transfers, and reexamine third party vendors and a wide range of other data sharing agreements. It has also led companies to decide whether to take a global approach to privacy by extending GDPR rights and protections — namely data subject requests — to all customers, or to attempt to silo EU data or even cease business with the EU. 

What does it mean?

• Domino effects? The GDPR, while criticized, has unquestionably moved the dialogue on privacy toward a focus on individual rights and principles like transparency and proportionality. Previously, purely transactional or sectored approach was taken in the US. Organizations should continue to assess their privacy practices aligned with these trends, as consumers’ expectations change with respect to their personal information. 
• US trends? On the heels of the advancement of the GDPR and CCPA, lawmakers in the US continue to examine these laws and others as they look to craft and adopt federal privacy regulation. The executive branch has been drafting privacy principles that may also impact privacy legislation. 
• It remains to be seen whether potential legislation will focus on specific sectors, such as digital advertising or AI, or take a more comprehensive approach. Companies should be attuned to either possibility in the US and develop strategies for compliance. 
• Follow the money? EU data protection authorities launched numerous investigations and began levying substantial fines for GDPR violations. But penalties have not reached full potential, and the outcome of investigations may not be realized for months or years, experts agree. 

America’s Next Top (Cybersecurity) Model for Investors  

The North American Securities Administrators Association (NASAA), an organization comprising 67 securities regulators within the US, Mexico and Canada, recently proposed a model cybersecurity rule package that would impose new information security and privacy requirements on state-registered investment advisors. Under the Investment Adviser Information Security and Privacy Rule (the “Privacy Rule”), state-registered investment advisors would be required to establish written physical and cybersecurity policies and procedures designed to safeguard clients' records and information. The goal of the proposed package is to underscore the importance of data privacy and security in financial markets. The Privacy Rule would need to be adopted by each individual state in order to become law in that jurisdiction.

What does it mean?

• The proposed rule represents a major effort by NASAA to develop cyber guidance and preparation standards for financial advisers and investment companies. However, because the Privacy Rule is only a model rule, states could ultimately adopt their own versions.
• It’s unclear how the Privacy Rule would interact with other cybersecurity requirements, such as Vermont and Colorado regulations affecting state-registered investment advisors and broker-dealers providing services in those states. Affected companies should monitor any inconsistencies amongst state regulations of investment advisers’ practices.

Battle Lines Drawn at STELA Reauthorization Hearing 

On June 4, the House Energy and Commerce Committee held a hearing on STELA reauthorization. The 2014 legislation governs carriage of broadcasters in certain areas by pay satellite TV providers. Broadcasters want the law to sunset, while satellite providers believe that the law should be renewed to avoid 800,000 subscribers from receiving network content. The committee shares jurisdiction with the Judiciary Committee for reauthorization which will expire at the end of 2019 if not renewed. Some pay TV satellite and cable operators want Congress to use reauthorization as a vehicle for rewriting the rules of the pay TV marketplace which they view as skewed towards broadcasters and content companies. 

What does it mean?

• STELA reauthorization has a small potential to rewrite the current pay-TV landscape. Current proposals by Minority Whip Steve Scalise (R-LA) and Representative Anna Eshoo (D-CA) could result in major reforms, including enforcing arbitration to end retransmission impasses and a ban on blackouts. 
• These changes would shift the balance of power in contractual negotiations between content providers and operators in favor of the operators. We believe the most likely scenario is that STELA gets a clean reauthorization with no reforms or some small changes in favor of pay TV operators.

For past issues of Washington in Review and other commentary on policy and regulatory issues impacting the Technology, Media, and Telecommunications industries, visit us on the web. 

Contributors: Jocelyn Aqua, Regina Barillas, Rosie Brinckerhoff, Jennie Cunningham, Brian Dunch, Arie Esquenazi, Haley Fine, Nick Hall, Carl Holshouser, Josh Joseph, Dan Julian, Priya Kamdar, Julie Riccio, Rachel Roschelle, David Sapin, and Lenora Zimmerman.

 

 

For past issues of Washington in Review and other commentary on policy and regulatory issues impacting the Technology, Media, and Telecommunications industries, visit us on the web. 

Contributors: Jocelyn Aqua, Regina Barillas, Rosie Brinckerhoff, Jennie Cunningham, Brian Dunch, Arie Esquenazi, Haley Fine, Nick Hall, Carl Holshouser, Josh Joseph, Dan Julian, Priya Kamdar, Julie Riccio, Rachel Roschelle, David Sapin, and Lenora Zimmerman.