Practical considerations

On 5 January, Deloitte published a study that claimed that the number of people who bet on unregulated websites will increase if the UK Government goes ahead with its planned regulation of offshore operators. 

The Report, which Deloitte had carried out for (and which was paid by) betting giant William Hill, concluded that if the UK changes its remote licensing regime (by taxing betting operators on the basis of where bets are placed), online gamblers are likely to turn to unregulated, untaxed markets. 'Placing a 10% 'point of consumption' (POC) tax rate on remote gambling could result in up to 27% of online consumer bets being placed in unregulated markets unless effective enforcement measures are found that restrict the growth of that market', the Report read. It also claimed that if the POC tax level is set at 15% (the current tax rate for UK-based online operators), 'as many as 40% of punters could turn to unregulated markets'. Finally, the Report warned, this could result in 'the UK online betting market getting smaller because it would likely lead to smaller companies exiting the market and others cutting back on their marketing expenditure'. 

Although the Report was commissioned by William Hill and its final conclusions clearly expose a political agenda, the study does highlight some reasonable issues. Under the current Gambling Act 2005, non-UK based businesses have to be licensed in so-called 'white-listed' jurisdictions in order to offer online gambling services to UK customers. 'White listed' jurisdictions are licensing regimes recognised by the Gambling Commission.

However, since John Penrose, the Minister responsible for gambling activities in the UK, announced in July 2011 his plans to introduce a licensing regime for offshore operators, and Justine Greening, Economic Secretary to the Treasury, proclaimed she would introduce a POC tax on remote gambling transactions, they have not made any mention of how they were planning to keep unlicensed offshore operators out of the British market. However, if the current UK Government does give the green light for such a new offshore licensing regime, one that includes a POC tax, it will undoubtedly encourage UK players to try their luck on unlicensed websites. Therefore, it is about time Penrose and Greening addressed some important practical issues. Both Ministers have, so far, not spoken of any enforcement mechanisms in order to limit the ability of non-licensed offshore operators to target the British market. Other countries, such as France and Spain, have introduced effective enforcement measures, such as website blocking, prohibiting banks processing certain offshore payments, bringing criminal charges against directors of unlicensed operators and banning advertising activities. None of these measures have even been mentioned by British lawmakers.

If the UK government wants to make a serious attempt to regulate offshore players, they should start thinking about the practical considerations. Those challenges should not be taken too lightly. The extent to which a grey market emerges depends on the effectiveness of the enforcement regime. And, so far, we have not seen any proposals that deal with these issues.

Michiel Willems © 2012 CP Publishing Ltd. London, UK. Picture: gamblingkingz.com

 

Japan to meet international mobile phone standards

NTT Docomo, Japan's largest telecom operator, has announced the formation of a consortium of telecoms and banks that will coordinate the adoption of international standards for near field communication (NFC) technologies in the Japanese market. 

Alongside the domestic mobile carriers Softbank Mobile and KDDI, NTT released a statement which describes how the new conglomerate aims 'to work with mobile industry groups in Japan, including service suppliers and handset manufacturers, to incorporate compatibility...[with overseas]...standards in the Japanese mobile ecosystem.' 

in Tokyo

Mobile operators in Japan, which is ­ the world's second largest economy, have been offering mobile payment and other related phone services for years, but they use non-NFC standards, so-called Osaifu-Keitai technology. NFC technology, however, incorporates a variety of existing ISO standards. Therefore, the newly formed consortium aims to ensure compatibility with so-called Type A and B mobile standards, which are mostly being used in Europe, Australia, Africa and the USA.

Industry experts expect Japan will benefit from the NFC technology since it will create international acceptance of Japanese mobile phones and should encourage cross-border mobile payments. Following NTT, Softbank and KDDI's move, Japan Airlines announced on 2 February it will introduce NFC-based boarding passes for all its Japanese and international passengers in August. 

Michiel Willems © 2012 Cecile Park Publishing Ltd. London, UK. Top picture: Guardian.co.uk.
 

Nigeria kicks off its 'cashless Lagos' project

The Central Bank of Nigeria (CBN) has kicked off its much-talked about Cashless Lagos project, introducing limits on how much paper money can be withdrawn and imposing deposit restrictions in a bid to encourage the use of electronic and mobile payments. 

"[Cashless Lagos] is to leverage and augment a seamless cashless regime convenient for all classes, and to reduce corruption, increase foreign investors' confidence and to sustain a capital base", said Ben Ndedde, Partner at law firm Justice Forte in Lagos.

In a statement, the Central Bank of Nigeria said "it wants to drive development and modernization of our payment system in line with Nigeria's vision of being amongst the top 20 economies by the year 2020".

Ndedde thinks this should be possible: "Nigeria is very well exposed to internet services." However, he does foresee a number of issues: "Illiteracy levels are still quite high and fraudsters on the internet may pose a hacking threat by intercepting and wiring funds, as is the case globally. We are also saddled with incompetent security agencies incapable of tracking fraudulent transfers." 

Published in the January issue of EFPLP © 2012 CP Publishing Ltd, London, UK.

Interview with Alfredo Della Monica (American Express)

Following the success of the Data Protection in the Financial Services Sector conference, last October in central London, Michiel Willems spoke to one of the key speakers, Alfredo Della Monica, Counsel at American Express and responsible for the company's data protection issues in Europe, Africa and the Middle East.

Alfredo, what are the biggest challenges financial institutions are facing at the moment?

The transfer of transaction data is certainly the key issue. For example, the SWIFT case a few years ago raised the attention of all the relevant stakeholders. More broadly, the economic backdrop in many markets makes for a particularly challenging operating environment.

Financial services firms operate, increasingly, across borders and jurisdictions. Is it still possible to control which data flows where and which laws govern what information?

Certainly, it is quite difficult, but it is possible to establish appropriate controls. In my view, if you really want to manage data protection in your firm, you have to think 'what, where, how' about your data every single day.
 

What are the main practical issues the industry is facing at the moment in relation to data transfers?

The length of the binding corporate rules (BCRs) process, as well as the impracticality of the standard contractual clauses.

Can you tell us a bit more about model contracts and BCRs? What is their importance - from a data protection point of view - for the industry?

Model contracts would be the preferred solution but they are unmanageable, as you need one model contract for each transfer and one model contract for each controller/processor. That would mean millions of model contracts if you are a global company. The BCRs are therefore the only real solution, but it would be helpful if the authorities could speed up the approval process. This may encourage firms to go for this option.

When financial services business operate internationally, or globally, how should they manage the different regulatory requirements?

I believe that a strong compliance program would be enough to monitor the different regulatory requirements in all the relevant jurisdictions. And, most importantly, I would suggest setting a baseline of standard requirements, having in mind the provisions of the EU Directive as many countries in the world adopt those as standards.

Why are banks and other financial institutions regularly in the news regarding data breaches and issues with data management?

This is an issue which affects all companies entrusted with customer data, particularly in today's digital economy. That is why the proposals being drawn up by the European Commission are so important, and why the industry must work together with regulators to achieve a framework which helps consumers while also being workable for businesses.

Do you think cloud computing has added an interesting dimension to the data protection debate?

It could, but in practice it is still too early to comprehensively evaluate the implications of cloud computing.

Do you believe that the sanctions for mismanagement of data are strict enough?

The responsible management of customer data should be good business practice for all companies. Regardless of how a sanctions regime is structured, it should not be a primary motivator for organisations to act as responsible data custodians.

Many thanks for your time, Alfredo.

Thanks for the opportunity.

Michiel Willems © 2012 CP Publishing Ltd. London, UK. Picture: CP Conferences 2011.

US Court: domain registrar not liable if domains merely 'forward'

A District Court in California ruled on 10 January that a domain name registrar is not liable for 'cyber squatting' if it redirects web users from a squatted website to another site.

Two domain names, registered by Go Daddy (GD) and bearing the name of the oil company Petronas, redirected visitors to a pornographic website through GD's servers. The District Judge ruled that "the forwarding of the disputed domains does not amount to 'use' of the domain names".

Simon Bennett, Partner at Fox Williams, believes the "decision was the right one, since [GD] does not exercise editorial control over sites hosted under domain names for which it acts as registrar".

Gillian Anderson, an Associate at Pinsent Masons, also called the ruling "the correct decision", while referring to the 2011 case Microsoft Corp v Shah Civil Action. In that case a claim of 'contributory cyber squatting' was upheld. "In contrast, Petronas' claim failed because the court decided that the registrar had not directly contributed to the infringement", Anderson explains. "It remains to be seen how the Petronas decision will be applied in future cases given the opposing outcomes from Petronas and Microsoft."

Cyber squatting - the practice of registering a domain name with the intent to profit from the goodwill of a trademark belonging to someone else - is illegal under the Anti-cyber squatting Consumer Protection Act (ACPA) if it happens in bad faith and with the intent to profit.

Michiel Willems © 2012 ECLP January issue, CP Publishing Ltd. London, UK.

Radio broadcasts

Two recent items I recently did for Radio 1 in the Netherlands - in Dutch

The European premiere of the movie The Iron Lady, click HERE

Dutch Prime Minister Rutte's visit to Downing Street, click HERE

www.radio1.nl

FTC settles over use of flash cookies

The US Federal Trade Commission (FTC) has reached a settlement with advertising network ScanScout Inc. over the online advertising network's use of Flash cookies which consumers' web browser settings could not opt out of, contrary to the company's privacy policy.

ScanScout - which was acquired by Tremor Media during the process - used Flash cookies to collect consumer data for the period between April 2007 and September 2009.

Although its privacy policy stated that consumers could block the cookies by changing their browser settings, the FTC found that the Flash cookies were unaffected by users' browser settings since they were not controlled through a computer's browser, unlike HTTP cookies.

Consequently, the FTC found the practice constituted 'deceptive acts or practices in or affecting commerce' and in violation of the Federal Trade Commission Act.

"The failure to properly disclose the use of Flash cookies can result in FTC enforcement", said Dana Rosenfeld, Partner at Kelley Drye & Warren LLP.

ECLP (C) 2011, CP Publishing, London. Picture: brent.blog.com

The UIGEA, at last?

It sent shock waves through the industry. On 7 December, a jury in the US District Court of Boston found Todd Lyons guilty of illegal gambling offences under the Unlawful Internet Gambling Enforcement Act (UIGEA).

The jury was convinced Lyons ran the illegal gambling business Sports Offshore together with a number of co-defendants. Although Sports Offshore is based in Antigua, it was not licensed there and the business actively targeted and recruited customers throughout the US. Since Lyons acted as an 'on-the-ground agent' ­ collecting losses from US sports betters and shipping the proceeds back to Antigua ­ he was found guilty of 'acceptance of financial instruments for unlawful internet gambling', specifically stated under terms set out in the UIGEA. He was also convicted for racketeering under the Racketeer Influenced and Corruption Organisations Act (RICO) as well as violations of the Wire Act. 

And so it was official. The first conviction under the UIGEA ever was a fact. A historic moment? For the industry it certainly was. The conviction was hailed as a huge victory for those who oppose online gambling and the US Attorney for Massachusetts, Carmen M. Ortiz, said in a statement that the conviction of Lyons 'should serve as a message to those involved in illegal gambling schemes'. Really? This is a strong message from a government that has never convicted someone before under the UIGEA, even though the law has been in effect for more than five years. 

Lawyers and industry experts wonder what to make of this UIGEA verdict, and where to go from here. Before Lyons conviction, the Wire Act and RICO were as good as the only legal tools available to prosecute and convict persons involved in illegal gambling. 

So does this case mean a change of course? The answer is most likely no. The UIGEA conviction was merely possible because Lyons was physically collecting gambling proceeds within the United States, while practically all gambling businesses that even dare to offer their services to US customers stay well away from such practices. Money is transferred out of the country and collected in offshore jurisdictions far away, such as Barbados or Panama. 

So can we expect another UIGEA conviction soon? Probably not. Although since Black Friday it is clear that cracking down on online gambling activities in the US has become a priority for the US Department of Justice, the UIGEA's own terms limit the possibilities for prosecutors to crack down on online gambling businesses that attempt to take advantage of America's millions of poker players. 

In all likelihood, this conviction should be seen as a one-off event and prosecutors ought to celebrate the existence of the Wire Act and RICO if they wish to continue cracking down on online gambling in 2012.

Michiel Willems in WOGLR, December issue © 2011 CPP Publishing Ltd

Japan: 9 months after Fukushima

Please find below some pictures I took while on a recent visit to Japan. Although tourism is still at an all-time low, the country is slowly recovering from the earthquake, tsunami and nuclear crisis that hit the north of Japan on 11 March 2011. It was a truly impressive journey full of sushi, sake, sumo, Sony, and samurai.

 

Michiel Willems 2011 (C)

Review: My Week With Marilyn

Set in the summer of 1956, the young graduate Colin Flark dreams of finding a job in the film industry so he decides to leave the safety of his parents’ home to embark on an adventurous journey to London, not knowing where destiny is going to take him. 

Against the odds, he lands himself a job at a production house in the heart of Britain’s film industry – the Warner Bros. studios in Leavesden - and before Flark properly realises what is happening he finds himself in the presence of the legendary Sir Laurence Olivier and becomes a witness of the tense interaction between Olivier and the absolute superstar of the late ‘50s, Marilyn Monroe, during the production of the comedy ‘The Prince and the Showgirl’. 

Monroe, who is joined by her then new husband Arthur Miller, has her moments of insecurity, depression and behaviour that borders insanity, resulting in continuous production delays which deeply frustrate the ambitious Olivier. 

When Miller leaves England, Monroe's loneliness and desperate need for attention are filled by the funny, energetic Clark, who introduces Marilyn to some of the pleasures of English life. A heavenly, surreal week, in which he makes Monroe escape from the Hollywood sycophants and the pressures of being a superstar, is to follow. An affair which is encouraged by some on set, but loathed by others who secretly desire the attention of Marilyn themselves. It is the story of a genuine summer love which is bound to go wrong, without anyone really getting hurt.

Director Simon Curtis delivers an excellent performance with a sexy, appealing Michelle Williams as Monroe. Kenneth Branagh (Olivier) keeps the whole lot together, while Judi Dench acts as the moral conscience of the crew and Harry Potter’s Emma Watson is casted as a motivating extra who anxiously fancies Flark. But it is Eddie Redmayne - portraying the young, naive and slightly insecure Flark - who is amazingly strong and carries the story throughout. The convincing story, in combination with the 1950s vibe and fashion, as well as the compelling music of the time, turn this all-round production into a success. The genuine on-screen chemistry between Williams and Flark make this movie a must-see for anyone who still dares to say yes to love. - Michiel Willems

My Week With Marilyn (UK, 99 mins, drama, first released on 25 November in London)

http://myweekwithmarilynmovie.com/

picture: IMDB.com 

Controversy over Google Wallet's data security

Google's Mobile Wallet does not store personal data securely, research firm ViaForensics (VF) has said.

The security firm tested the application on a rooted handset - a mobile phone with a modified operating system in order to change the (privacy) settings - and it discovered that sensitive data is stored in SQLite databases, a serverless engine which stores data unencrypted. This includes credit card balances, limits, expiration dates, names, locations and transaction dates.

Google responded by releasing a statement: 'This report focuses on data accessed on a rooted phone, but even in this case, the secure element still protects the payment instruments, including credit card and CVV numbers.'

VF agreed Google does a 'decent job' by securely storing full credit card numbers and that a PIN is needed to authorise payments. However, VF's Report came only days after Verizon, the largest telecom provider in the US, demanded on 7 December that Google disables its Mobile Wallet application in the forthcoming edition of the latest Galaxy Nexus smartphone. Verizon cited 'security concerns' as the main reason.

Published previously in E-Finance & Payments Law & Policy, December issue. CPP. Copyrights apply. Picture: infotech.bplaced.net

Germany enters a 'historical year' as SH refuses to sign new Treaty

BERLIN - Schleswig-Holstein (SH), the German Federal State that adopted a law liberalising online gambling last September, has refused to sign the new Interstate Treaty on Gambling (ITG), approved by all the other Lander on 15 December.

Since SH's gambling law will come into effect on 1 January it is "very likely the new year will turn out to be a historical year in German gambling legislation, because the online market for sports betting, and casino games insofar as SchleswigHolstein is concerned, will be opened for the first time for private operators", said Matthias Spitzer, Attorney at Melchers Law. Much to the annoyance of the other states, SH will continue to pursue its own gambling policy "for the time being", said Barbara Ploeckl, Associate at Freshfields Bruckhaus Deringer. Spitzer adds: "There is no evidence that SH would turn back, quite the contrary." It is expected that SH will start issuing licences in January or February.

Germany's 15 other Federal States did sign the new ITG, which retains public monopolies by existing state companies. But when the new ITG will become actual law is difficult to say since the "[15] states agreed to only pass the law onto the parliaments of their states for ratification once the European Commission (EC) has given a positive comment", said Ploeckl.

It is not likely the EC will approve this ITG. The previous draft text  which hardly differs from the latest version  was fiercely rejected by the EC in July. Back then, the EC called the proposed regime 'anti-competitive' and even recommended SH's liberal law as a model for a future ITG.

Published previously in the December issue of World Online Gambling Law Report, CPP. Copyrights apply.

 

Happy New Year

Goodbye riots, Amy and the Royal Wedding. Bring on the London 2012 Olympics and the Queen's Diamond Jubilee Party in Twenty Twelve. Happy New Year.

Picture: Getty Images, Dailymail.co.uk

Too many lobbyists in Brussels?

BRUSSELS - The European Payments Council (EPC) has fiercely criticised the influence of lobbyists in Brussels, who, according to EPC Chairman Gerard Hartsink, are 'fabricating issues'.

Hartsink cited figures that suggest there are up to 30,000 lobbyists in Brussels and added: "Anyone who feels that the EU decision-making process is at fault is certainly free to challenge the EU institutions on the matter, however, they should refrain from fabricating a 'SEPA governance issue'." Hartsink stressed that the SEPA inititative is shaped in accordance with EU law and policies and that "it is not driven exclusively by the banking industry". 

EPC Board Member Javier Santamaria said: "There is no 'SEPA governance issue'. On the contrary, the debate regarding this particular initiative has been extensive and open to all interest groups at every juncture of the process."

Following a complaint, the European Commission started an anti-trust investigation in September into whether the EPC has abused its standard-setting role in the European payments and banking industry to block new entrants to the payments market.

Published previously in E-Finance & Payments Law & Policy, CPP (c) London 2011. Copyrights apply. Picture: EU
 

UK Govt to work with leading businesses on data sharing

The UK Government announced on 3 November it is teaming up with 26 banks and businesses to create a new personal identity system for making transactions and payments on the internet.

The 'Midata' initiative is hailed as 'an online replacement' of the abandoned UK national ID card scheme. The organisations involved - including Google, RBS, Lloyds, British Gas, Visa, MasterCard and the UK Cards Association - are all 'endorsing the key principle that data should be released back to consumers', according to a statement by the Department for Business, Innovation and Skills on 3 November. Regulators OFCOM, the Office of Fair Trading and the Information Commissioner's Office are also on board.

Consumer Affairs Minister Edward Davey said on 3 November that "[Midata] is the way the world is going and the UK is currently leading the charge". He also claimed that the US and the EU "are showing real interest in the programme" and Midata will deliver "economic benefits".

Others, however, are more skeptical. "It sounds great to be able to ring up my bank and ask them for a spreadsheet containing all of my transactions for the last seven years, but in practice if you think about what would have to happen to pull together the data, format it, validate the relevant security issues and then deliver it, it won't happen overnight", said Dave Birch, Consultant at Hyperion. "I'm more interested in the bank providing an open application programming interface so that my data can be 'mashed up' by other applications with my permission."

Published previously in E-Finance & Payments Law & Policy, CPP 2011 (c) London. Copyrights apply.