French Parliament Takes Steps to Regulate NFT Games

October 31st, 2023 | Posted by Claude-Etienne Armingaud in Blockchain | France | Intellectual Property | IT | Legislation | Non classé - (0 Comments)

On 18 October 2023, the French National Assembly voted in favour of a law aiming to secure and regulate the digital space (“Loi visant visant à sécuriser et réguler l’espace numérique” or “SREN”), otherwise called the “Sorare Act.” This new development marks a first step towards the establishment of a regulatory framework dedicated to games integrating non-fungible tokens (NFTs) and monetisation models based on digital assets.

These new provisions are aimed at the creation of a new category of games under French law called games with monetisable digital objects (“jeux à objets numériques monétisables” or “JONUM”). This new regime will enter into force ‘on an experimental basis and for a period of three years’ from the promulgation of the law and will authorise Web3 games with monetisable digital objects (including NFTs).

The Sorare Act defines JONUMs as “game elements, which only confer on players one or more rights associated with the game, and which may be transferred, directly or indirectly, for consideration to third parties,” while excluding digital assets covered by 2° of Article L. 54-10-1 of the French Monetary and Financial Code.

France is one the first jurisdictions in the world to create a specific regime for companies using NFTs as part of their games and the objective is to provide certainty to the industry.

Please reach out to our team if you need further information on this new development. 

First publication: K&L Gates Hub, in collaboration with Lucas Nicolet-Serra

France’s Digital Influencer Regulation: Whether you like it or not, you’ll need to subscribe to those changes!

October 3rd, 2023 | Posted by Claude-Etienne Armingaud in eCommerce | France | internet | Legislation | Marketing | Non classé | Social Networks - (0 Comments)

Amidst a sudden increase in paid-for posts that went viral for dubious products and services, France has taken a significant step toward the regulation of influencer communication. The Act no. 2023-451 (Influencers Act), which came into effect on 9 June 2023, aims not only to protect consumers but also to support the influencers, in order to foster the healthy growth of this ecosystem. France is now the first European Union (EU) country to implement a thorough framework regulating commercial influence.

Background information

Digital influencers have changed the way companies can promote their products and services, from beauty and fashion to technology, notably by blurring the lines between commercial advertising and genuine consumer reviews.

Between 8 to 31 January 2023, the French Ministry of the Economy conducted a public consultation on the influencer ecosystem, to evaluate of the contemplated regulation, which received an overwhelming support from the panels.

Key provisions beating on influencers

General ban on certain communications

The following communications are explicitly banned from any influencer communication:

  • Cosmetic surgery and procedures;
  • Alternative therapeutic technics;
  • Nicotine-based products;
  • Non-domestic animal trade.
  • Certain financial services, notably as they pertain to blockchain-based services (e.g. NFT); and
  • Online gambling and betting;

With regard to the latter, the communication remains possible provided that it occurs exclusively on platforms restricted to adults over the age of 18 and subject to the usual specific disclaimer pertaining to the advertising of such services.

Mandatory labeling

The Influencers Act requires influencers to label:

  • Their promoted posts with the mention “advertisement” or “commercial collaboration” in a clear, legible and identifiable manner to avoid falling under misleading commercial practices further to Art. L. 121-3 of the French Consumer Code (“FCC”).

Influencers failing to comply with this obligation face up to 300,000 euros in fines and up to two years of imprisonment (Art. 5 Influencers Act).

  • The pictures (still or moving) they post and which have been
    • edited to enlarge or refine the general appearance or modify the appearance of the model’s face to clearly include the “Retouched images” mention; or
    • generated through artificial intelligence (AI), notably generative AI (gen AI) to clearly include a “Virtual image” disclaimer

Influencers failing to comply with this obligation face up to 4,500 euros in fines and up to one year of imprisonment (Art. 5 Influencers Act).

Drop-shipping

In case of sales of goods through a third party (so-called “drop-shipping” practices), influencers will need to abide by obligations of transparency about the identity of the supplier, pursuant to Art. L. 221-5 of the FCC and will bear the liability relating to the legality and availability of the promoted products.

Content moderation and insurance

Influencers based outside of the European Economic Area or Switzerland but directing their activities to a French audience are required to appoint a legal representative in the EU, as well as to subscribe to a dedicated insurance covering the potential damage resulting from their activities.

Key provisions bearing on platforms used by influencers

Further to the entry into force of the European Regulation no. 2022/2065 on a Single Market for Digital Services (Digital Services Act or DSA) on 25 August 2023, the Influencers A amended the Act no. 2004-575 of 21 June 2004 for trust in the digital economy (Loi pour la Confiance dans l’Économie Numérique or LCEN) increasing the burden on digital platforms, notably for such platforms which allow influencers to conduct their activities.

These platform now have the obligation to promptly remove any illegal content which would be notified through the “trusted flaggers” introduced under Art. 22 DSA.

Key provisions bearing on brands

  • The Influencers Act now mandate a written contract between the influencer and the advertised brands, or their respective representatives. This contract, which must imperatively be subject to French law, must include:
  • The identity of the parties, including their domiciliation for tax purposes;
  • The detailed nature of the influence services;
  • The financial compensation or any equivalent advantage resulting from the influence services;
  • As the case may be, any provision pertaining to intellectual property.

With regard to liability on the influence services, a joint and several liability between the brand and influencer has been implemented, rendering the brand de jure liable for any damage caused to third party.

Enforcement of the Influencers Act

Just prior to the summer holidays, the French Ministry of the Economy appointed a team of 15 agents responsible for monitoring social networks and responding to complaints.

In parallel, the French Directorate General for Consumer Affairs, Competition and Fraud Prevention (“DGCCRF”) audited fifty influencers in the first quarter of 2023, resulted in 60% of the audited influencers to be found in breach of the then-current (and pre-Influencers Act) misleading commercial practice framework.

These findings led to eighteen injunctions to cease illicit practices and sixteen criminal reports. In the following context, in July, the DGCCRF published a code of conduct for influencers and content creators in July, explaining their duties and obligations in accessible language.

Whether you are a brand considering hiring the services of influencers or an influencer yourself, the K&L Gates Luxury Product & Fashion team remains at your disposal to assist you in your compliance with the new French framework.

First publication: K&L Gates Fashion Law Watch Blog in collaboration with Camille Scarparo.

, , , ,

The Summer of AI – French Data Protection Authority Calls for Stakeholders to Exchange

August 7th, 2023 | Posted by Claude-Etienne Armingaud in Artificial Intelligence | France | IT | Legislation | Privacy - (0 Comments)

August may be perceived as the month where France shuts down for the summer. Yet, just before the summer ’23 holiday, the French Data Protection Authority (“CNIL”) published several call to action for the various players of the data ecosystems in general and in artificial intelligence (AI) in particular, following its 16 May 2023 announcement of an AI action plan:

  • Opening and re-use of publicly accessible data – The CNIL published a draft guidance on the such data usage, and all stakeholders are invited to weight in until 15 October 2023 before its finalization. While non-binding, this guidance is expected to lead the way on how the EU’s Supervisory Authority will apprehend and enforce the General Data Protection Regulation (“GDPR”) when personal data is scraped from online sources and subsequently used for subsequent purposes. This notably focuses on Art. 14 GDPR and the indirect collection of personal data and specific prior information requirements. Artificial Intelligence is explicitly mentioned by the CNIL in the draft, as such data, which feeds large-language models, “undeniably contributes to the development of the digital economy and is at the core of artificial intelligence.” Stakeholders are invited to submit their observations online through the dedicated portal.
  • Artificial Intelligence Sandbox – Following in the footsteps of its connected cameras, EdTech & eHealth initiatives, the CNIL is launching an AI sandbox call for projects, where stakeholders involved in AI in connection with public services may apply to receive dedicated assistance by the regulator to co-construct AI systems complying with data protection and privacy rules.
  • Creation of databases for Artificial Intelligence uses – Open to the broadest possible array of stakeholders (including individuals), this call for contributions notably addresses the specific issue relating to the use of publicly accessible data and aims at informing the CNIL of the various positions at play and how to balance GDPR’s requirements (information, legitimate interests, exercise of rights) with data subjects’ expectations. Stakeholders are invited to submit their observations online through the dedicated form (in French – our free translation in English is available below)- no deadline for submission has been set.
(more…)

, ,

European Parliament Adopts Negotiating Mandate on European Union’s Artificial Intelligence Act; Trilogues Begin

June 26th, 2023 | Posted by Claude-Etienne Armingaud in Artificial Intelligence | Ethics | Europe | IT | Legislation | Non classé - (0 Comments)

On 14 June 2023, the European Parliament (Parliament) plenary voted on its position on the Artificial Intelligence Act (AI Act), which was adopted by a large majority, with 499 votes in favor, 28 against, and 93 abstentions. The newly adopted text (Parliament position) will serve as the Parliament’s negotiating position during the forthcoming interinstitutional negotiations (trilogues) with the Council of the European Union (Council) and the European Commission (Commission).

The members of Parliament (MEPs) proposed several changes to the Commission’s proposal, published on 21 April 2021, including expanding the list of high-risk uses and prohibited AI practices. Specific transparency and safety provisions were also added on foundation models and generative AI systems. MEPs also introduced a definition of AI that is aligned with the definition provided by the Organisation for Economic Co-operation and Development. In addition, the text reinforces natural persons’ (or their groups’) right to file a complaint about AI systems and receive explanations of decisions based on high-risk AI systems that significantly impact their fundamental rights.

Definition

The Parliament position provides that AI, or an AI System, should refer to “a machine-based system that is designed to operate with varying levels of autonomy and that can, for explicit or implicit objectives, generate outputs such as predictions, recommendations, or decisions, that influence physical or virtual environments.” This amends the Commission’s proposal, where an AI System was solely limited to software acting for human-defined objectives and now encompasses the metaverses through the explicit inclusion of “virtual environments.”

Agreement on the final version of the definition of AI is expected to be found at the technical level during trilogue negotiations, as it does appear to be a noncontentious item.

Another notable inclusion relates to foundation models (Foundation Models) that were not yet in the public eye when the Commission’s proposal was published and were defined as a subset of AI Systemtrained on broad data at scale, is designed for generality of output, and can be adapted to a wide range of distinctive tasks.

(more…)

EU Digital Services Act: Fundamental Changes for Online Intermediaries?

November 5th, 2022 | Posted by Claude-Etienne Armingaud in Competition | eCommerce | Europe | internet | Legislation - (0 Comments)

On 27 October 2022, the Digital Services Act (DSA) was published in the EU Official Journal as Regulation (EU) 2022/2065, with the aim to fully harmonize the rules on the safety of online services and the dissemination of illegal content online. The Digital Services Act will require online intermediaries to amend their terms of service, to better handle complaints, and to increase their transparency, especially with respect to advertising.

(more…)

, , , , , ,

Regulation (EU) 2022/1925 of the European Parliament and of the Council of 14 September 2022 on contestable and fair markets in the digital sector and amending Directives (EU) 2019/1937 and (EU) 2020/1828 (Digital Markets Act) (Text with EEA relevance) [Full Text]

September 14th, 2022 | Posted by Claude-Etienne Armingaud in Competition | English | Europe | internet | IT | Legislation | Marketing | Privacy | Social Networks - (0 Comments)

Read the full text.

(more…)

, , , ,

UK: Government Publishes New Proposed Data Protection Law

July 27th, 2022 | Posted by Claude-Etienne Armingaud in English | Europe | Legislation | Privacy - (0 Comments)

The UK Government has finally published its highly anticipated Data Protection and Digital Information Bill (the Bill), marking the first significant post-Brexit change to the UK’s data protection regime. Following Brexit, the UK continued following the EU General Data Protection Regulation, incorporated into UK law as the UK GDPR, and the UK implementation of the EU ePrivacy Directive, the Privacy and Electronic Communications Regulations 2003 (PECR), also remained in force.

The Bill is only at the start of the legislative process, and it remains to be seen how it will develop if it is amended during its passage through Parliament, but early indications are that it represents more of an evolution than a revolution in the UK regime. That will come as a relief to businesses that transfer personal data from the EU to the UK, because it reduces the risk that the EU might rescind the UK’s adequacy status.

For a start, the Bill actually preserves the UK GDPR, its enabling legislation the Data Protection Act 2018, and the PECR, because it is drafted as an amending act rather than a completely new legislative instrument. This does not contribute to user-friendliness, as interpreting UK data protection requirements will require a great deal of cross-referencing across texts.

The more eye-catching proposed changes in the Bill include:

  • The inclusion of a list of “legitimate interests” that will automatically qualify as being covered by the lawful basis in UK GDPR Article 6(e).
  • Some limitations on data subject access requests, such as the possibility of refusing “vexatious or excessive” requests.
  • More exemptions from the requirement to obtain consent to cookies.
  • Much higher fees for breach of PECR.

The Bill will now progress through various Parliamentary stages over the coming months in order to become law.

First Publication: K&L Gates Cyber Law Watch in collaboration with Noirin McFadden & Keisha Phippen

France: New Requirements Concerning the Sale of Digital Goods

July 21st, 2022 | Posted by Claude-Etienne Armingaud in eCommerce | France | internet | IT | Legislation - (0 Comments)

On 29 June 2022,  Decree n° 2022-946 (the “Decree”) supplemented the regulatory framework resulting from the Ordinance n° 2021-1247 of 29 September 2021 on the legal warranty of conformity for goods, digital content and digital services (the “Ordinance”). Stakeholders have under 1 October 2022 to implement the following measures, aiming at protecting consumers of digital goods.

1. General information about the Ordinance

Implementing two 2019 European directives on certain aspects of contracts for the supply of digital content and digital services and contracts for the sale of goods (respectively Directives (EU) 2019/770 and 2019/771 dated 20 May 2019), the Ordinance aimed to foster the safety of consumers when purchasing both physical and digital goods and, to a lesser extent, to reduce the environmental impact of digital goods.

This Ordinance amended the French Consumer Code in depth, notably by expanding the legal warranty of conformity, which now covers digital products and services but is also applicable to both B2C as well as B2B contracts, when the latter are executed between professionals and non-professionals (i.e. legal entities acting outside of their direct professional activities).

(more…)

French authority falls in line with ECJ position on general retention of metadata

March 16th, 2022 | Posted by Claude-Etienne Armingaud in France | Legislation | Press | Privacy - (0 Comments)

Quoted by Global Data Review:

Claude-Étienne Armingaud, a partner at K&L Gates in Paris, said the decision would have little impact in practice.

“The new sections adopted in July 2021 are implementing specific and targeted data retention requirements which should therefore comply with both the ECJ decisions and the Constitutional Council decision of today,” he said.

“So, if anything, it’s a tardy decision that was expected and confirmation that the Government did well to anticipate this.”

Read full article here.

United Arab Emirates – Federal Decree-Law No.(45) of 2021 on Personal Data Protection

January 2nd, 2022 | Posted by Claude-Etienne Armingaud in Legislation | World - (0 Comments)

FEDERAL DECREE-LAW NO. (45) OF 2021 ON PERSONAL DATA PROTECTION

Read the full text.

(more…)