CLIENT UPDATE 2016 FEBRUARY TECHNOLOGY, MEDIA, AND TELECOMMUNICATIONS © Rajah & Tann Singapore LLP 1 Technology, Media and Telecommunications Quarterly Regional Update: A Snapshot of the Past Year & A Look Ahead Introduction As we enter into 2016, we are very excited to share with you the significant legal developments in the technology, media and telecommunications (“TMT”) sphere in the past year. This quarterly update, the first of 2016, aims to highlight the significant TMT-related legal developments in the ASEAN region, as well as in the key economies across the world. Written as a series of short, easy to digest summaries, we hope that this update will help keep you informed of important events in the past year, and set you thinking about the potential opportunities as well as the legal issues in the technology space in 2016. We will issue these short regional updates every quarter to help you and your business keep up to speed with the latest developments. ASEAN SINGAPORE Singapore to restructure its telecommunications and media regulators to meet evolving demands of increased convergence in the info-communications sector The Singapore Ministry of Communications and Information (“MCI”) announced on 18 January 2016 that the Info-communications Development Authority (“IDA”) and the Media Development Authority (“MDA”) will be restructured to form the Info-communications Media Development Authority (“IMDA”) and the Government Technology Organisation (“GTO”). The new IMDA will combine the regulatory and industry promotion functions of both the IDA and the MDA, and will include the Personal Data Protection Commission (“PDPC”). The GTO will help government agencies leverage emerging technologies, and will be responsible for the resiliency and cybersecurity needs of government infrastructure. The establishment of a converged regulator is a logical evolution that follows the examples of other converged regulators worldwide. The IMDA will now be able to provide regulatory oversight and analyse the impact of infocomm media players across the media, telecoms and IT sectors in Singapore holistically. The merger will lead to streamlining of the legislative and licensing framework governing infocomm media players. Info-communications Development Authority (IDA) to release spectrum for mobile broadband services to facilitate entry of new mobile operator On 18 February 2016, the IDA announced that it plans to release more spectrum for mobile broadband services to facilitate the entry of a fourth mobile operator in Singapore. IDA will set aside 60 MHz from the 900 MHz and 2.3GHz bands, at a lower reserve price of S$35 million, which will only be open to new CLIENT UPDATE 2016 FEBRUARY TECHNOLOGY, MEDIA, AND TELECOMMUNICATIONS © Rajah & Tann Singapore LLP 2 entrants. The spectrum rights will begin in April 2017. A spectrum allocation exercise will take place later this year. At least two new companies have indicated their interest in the auction. Interestingly, IDA also proposes to issue guidelines for wholesale negotiations between Mobile Virtual Network Operators and mobile network operators. This is a recognition of the new commercial and technical reality where such virtual operators are able to repackage wholesale services into their own products and these guidelines are aimed to promote innovative offerings for the market. Singapore’s Next Gen Network National Broadband Network provider hit with fines for failing to meet quality of service standards On 21 October 2015, IDA announced that it imposed a S$450,000 financial penalty on NetLink Trust for its failure to meet IDA’s residential and non-residential Quality of Service (“QoS”) standards. IDA regulates the performance of key services offered by operators by setting QoS standards and requiring the operators to submit periodic reports of their service quality. NetLink Trust, which operates the underlying layer of Singapore nationwide optical network. had earlier been penalised $240,000 for not meeting the non-residential QoS standards from Q2 to Q3 2013. In this instance, IDA notes that NetLink Trust did subsequently improve its internal processes and managed to clear more than 90% of the outstanding orders. However, despite the improvement, IDA still found NetLink Trust’s remaining margins of failure unacceptable. NetLink Trust is required to fully meet the QoS standards and IDA will continue to monitor NetLink Trust’s performance closely. Factors in deciding appropriate enforcement measures under the Personal Data Protection Act The Personal Data Protection Commission (“PDPC”) released its Annual Report 2014/15 on 30 October 2015. It revealed that the PDPC has received over 6,000 complaints since the Do Not Call (“DNC”) Registry was launched, and has closed 95% of complaint cases to date. The PDPC has brought two organisations to court for DNC-related offences and has issued advisory notices to more than 1,800 organisations with minor isolated breaches. In considering the appropriate enforcement measures to be pursued in each case, the PDPC has suggested that it considers factors such as the severity of the breach, the degree of isolation between incidents, the number of complaints against the organisation and its cooperation after being informed of objectionable practices. Ministry of Transport to review private car-sharing apps; LTA issues Third-Party Taxi Booking certificates of registration to Grab Taxi and Hailo Singapore On 2 October 2015, Transport Minister Khaw Boon Wan announced on his blog, Moving News, that the Ministry of Transport will review private car-sharing apps. The intention of the review is to “level the playing field” and create a “fair solution”, in consultation with taxi operators and the general public. Senior Minister of State for Transport Ng Chee Meng, who is leading the review, has three priorities – ensuring that commuters’ interests are taken care of, promoting healthy competition and levelling the playing field for taxi drivers where justified. Besides private car-sharing apps, some apps allow consumers to book taxis. On 1 December 2015, Grab Taxi and Hailo Singapore were granted certificates of registration by the Land Transport Authority to operate their third-party taxi-booking mobile apps. The certificates are valid for three years, and may be renewed. The LTA is currently processing applications from the following service providers: UberTAXI, MoobiTaxi, Karhoo, and ConnexTaxi. PAIR Taxi’s application was rejected because its fare model did not meet the fare charging conditions stipulated in the regulatory framework. MAS funds FinTech innovation The Monetary Authority of Singapore (“MAS”) has launched a new scheme for Fin Tech players on the market. The Financial Sector Technology & Innovation (“FSTI”) scheme seeks to provide S$225 million CLIENT UPDATE 2016 FEBRUARY TECHNOLOGY, MEDIA, AND TELECOMMUNICATIONS © Rajah & Tann Singapore LLP 3 over the next 5 years to support innovation initiatives in the finance industry. The MAS has stated that it seeks to focus on, amongst others, cybersecurity, efficient digital payment systems, smart surveillance systems, cloud computing and many other potential areas for innovation. The fund can be used for innovation centres set up by financial institutions for research and development purposes, institutionlevel projects as well as industry-wide projects. Prominent players on the market have already commenced liaising with the MAS for the use of the fund under the FSTI scheme. Outsourcing Guidelines from MAS and Association of Banks in Singapore On 5 September 2014, the MAS issued two consultation papers relating to the outsourcing arrangements of Financial Institutions (“FIs”). The consultation paper on a new Notice on Outsourcing and amendments to the Guidelines on Outsourcing (“MAS Notice & Guidelines”) included new obligations on FIs in relation to material outsourcing arrangements. On 26 June 2015, the Association of Banks in Singapore (“ABS”) issued its own set of guidelines on outsourcing (“ABS Guidelines”) to supplement the new requirements set by the MAS on the FIs. The ABS Guidelines require outsourced service providers working with the FIs to comply with various audit and security requirements, including a requirement to engage an established independent auditor to conduct an audit in relation to the ABS Guidelines annually. Singapore's Cyber Security Agency Singapore has set up an agency for tackling national cybersecurity issues on 1 April 2015. The new Cyber Security Agency (“CSA”) has been operating under the Prime Minister’s Office and builds on the functions previously carried out by the Singapore Infocomm Technology Security Authority. The CSA will tackle strategy and policy development in relation to the cybersecurity challenges and capabilities in Singapore, and will oversee sectors such as banking and telecommunications to enhance their response to cybersecurity threats. Since its inception, the CSA has been active in forging new partnerships to strengthen cybersecurity capabilities in Singapore with both local and foreign partners. The CSA has since signed Memoranda of Understanding with Singtel, Check Point Software Technologies and FireEye amongst others. One key area of focus is to build up sufficient training and certification opportunities to amass a pool of cybersecurity experts to assist in the field. MALAYSIA Proposed amendments to the Communications and Multimedia Act 1998 ("CMA") and the Communications and Multimedia Commission Act 1998 ("CMCA") The Minister of Communications and Multimedia announced on 8 June 2015 that there were plans to implement comprehensive amendments to the current CMA and the CMCA, especially in respect of provisions relating to administrative and enforcement actions. The amendments are expected to strengthen the two communications laws and to accommodate the drastic changes to the current “internet landscape”, bearing in mind that these laws were drafted 18 years ago. The amendments cover, amongst others, a revision of the existing role of the Malaysian Communications and Multimedia Commission, and more importantly, the imposition of stricter controls over social media users, bloggers and news portals, in light of amendments to the Sedition Act 1948 which were passed by Parliament in April 2015. As at 20 January 2016, the Ministry has submitted its proposed amendments to the Attorney-General's Chambers and is awaiting its approval. Further updates will be provided once the amendment bills are released to the public. CLIENT UPDATE 2016 FEBRUARY TECHNOLOGY, MEDIA, AND TELECOMMUNICATIONS © Rajah & Tann Singapore LLP 4 Telcos fined by Malaysian Communications and Multimedia Commission for false registration of prepaid SIM cards The Malaysian Communications and Multimedia Commission (“MCMC”) announced on 22 December 2015 that it had issued up to 50 compounds for 2015, amounting to RM2.29 million, to telecommunications service providers for registering prepaid SIM cards with false identities. The MCMC further stated that almost 90% more compounds were issued in 2015, compared with 2014. Figures released by the MCMC showed that up to nine telecommunications service providers were issued compounds with Tune Talk Sdn Bhd being fined RM350,000 followed by Digi Telecommunications Sdn Bhd (RM300,000) while other companies, including several major service providers, were fined between RM20,000 and RM130,000. Other than consumer safety and national security issues, the MCMC also stated that investigations into criminal activities have become increasingly difficult due to frequent use of false identities when registering prepaid lines, and that this was one of the primary reasons behind the imposition of such penalties on telecommunications service providers. Malaysia in active pursuit to curb online gambling In the past year, Malaysia has increased its efforts to curb online gambling due to the recognised inadequacy of Malaysian gambling laws such as the Common Gaming Houses Act 1953, Lotteries Act 1952, Pool Betting Act 1967 and the Betting Act 1953 to effectively address the increasing number of online gaming websites and the growing prevalence of online gaming culture. During the first half of 2015, the Malaysian Communications & Multimedia Commission blocked a total of 310 online gambling websites out of a total of 940 applications made by the Ministry of Domestic Trade, Cooperatives & Consumerism, the Royal Malaysian Police Force ("RMP") and the Malaysian Islamic Development Department. Raids were also actively conducted by the RMP on premises conducting online gambling activities across the country which not only resulted in seizures of equipment used for online gambling and cash, but also the detention of 112 individuals in December 2015 alone. The Attorney General’s Chambers, RMP and other governmental bodies have taken cognisance of the need to amend Malaysian gambling laws but no initiatives have been formally announced to date. Controversial National Security Council Bill 2015 passed The National Security Council Bill 2015 (“NSCB”) which was passed by Parliament on 22 December 2015 and is pending royal assent, allows for the establishment of an 8 member National Security Council ("NSC") which includes, amongst its other members, the Prime Minister, the Deputy Prime Minister, the Ministers for Defence and Home Affairs as well as the Minister for Communications & Multimedia. Heavy criticism of the NSCB is centred on the powers accorded by the NSCB to the Prime Minister to declare an area as a “security zone” in instances where the NSC advises the Prime Minister that the security of such area is seriously disturbed or threatened by any person, matter, thing or place that is likely to cause serious harm whether to people in the area, the economy or the national infrastructure of Malaysia. The issues arising out of the NSCB are many, from the wide-ranging and unprecedented powers bestowed by the NSCB upon the Prime Minister and the NSC, to the potential prevention of freedom of the press to report on non-seditious matters with impartiality via online mediums and social media. Commissioner issues minimum standards for Security, Retention, and Data Integrity of Personal Data On 23 December 2015, the Malaysian Personal Data Protection Commissioner issued the long awaited for Personal Data Protection Standards 2015 (“PDP Standards”), detailing specific measures that need to CLIENT UPDATE 2016 FEBRUARY TECHNOLOGY, MEDIA, AND TELECOMMUNICATIONS © Rajah & Tann Singapore LLP 5 be taken by data users in respect of the Security, Retention and Data Integrity principles and which bind all data users with immediate effect. Amongst the requirements of the PDP Standards are the following: (a) All staff involved in the processing of personal data need to be registered by the data user; (b) Transfer of personal data through removable media devices (e.g. USB thumb-drives) and cloud-computing services are not permitted, unless authorised in writing by the senior management of the company; (c) Any transfer of personal data through removable media devices and cloud computing services will need to be recorded; (d) Contracts must be executed between data users and parties appointed by the data user (data processors) to handle and carry out personal data processing activities. A contravention of any of the PDP Standards may attract a fine of up to RM250,000 or imprisonment for a term not exceeding 2 years or both. INDONESIA Overview of key TMT initiatives by the Indonesian Government & developments in the Indonesian TMT sphere Important initiatives have been made in Indonesia in 2015, following the Indonesian Government’s various initiatives in the telecommunications and technology sector. For instance, a number of draft regulations were circulated, most notable of which include the Draft Bill on Personal Data Protection (“PDP Bill”), relating to the protection of personal data (privacy), and the Minister of Communication and Information Regulation on Personal Data Protection in Electronic Systems (“MOCI Draft”). Another draft of particular interest is the Draft Government Regulation on ECommerce Transactions (“E-Commerce Draft”) which is currently being prepared as a cross ministry effort under the coordination of the Minister of Trade. Other than the above-mentioned draft regulations, in other news, the winners of the tender for two segments of the Palapa Ring II project were announced late last year. Separately, the Government also approved Google’s proposal to conduct a pilot test of its Project Loon in Indonesia at the start of 2016. MOCI Draft In order to implement Indonesia’s Electronic Information and Transactions law, which imposes requirements for the protection of personal data in electronic systems and transactions, the Minister of Communication and Information (“MOCI”) has prepared the MOCI Draft which sets out the following key requirements of note, namely: (a) Consent requirement for acquiring, processing, and disclosing personal data; (b) Users’ right to add, correct or renew personal data; (c) Limitation on using personal data only for its intended purposes; (d) Personal data collected from third parties must be verified by the person to whom the personal data relates; (e) Requirements for a company managing personal data to have an internal guideline for personal data; (f) Transfers of personal data abroad must be reported to the MOCI; and (g) Requirements to have a data center and recovery data center in Indonesia. The MOCI Draft is targeted to be issued within the second quarter of 2016, so watch this space for further details. CLIENT UPDATE 2016 FEBRUARY TECHNOLOGY, MEDIA, AND TELECOMMUNICATIONS © Rajah & Tann Singapore LLP 6 PDP Bill Also on the topic of personal data protection, a PDP Bill was circulated towards the end of 2015 to gain inputs from various stakeholders. If enacted, it will be Indonesia’s over-arching personal data protection framework, covering both electronic and non-electronic transactions. A number of key provisions under the PDP Bill include: (a) A new definition of personal data, as well as a new classification of sensitive personal data; (b) Provisions on CCTV usage in public areas; (c) Consent requirement to transfer personal data domestically, as well as overseas; (d) Mandatory implementation of internal guidelines to protect personal data from unlawful access; and (e) Penal sanction for any violations pertaining to data theft or falsification of personal data. It is unclear whether the PDP Bill will be enacted ahead of the MOCI Draft. Considering its nature as a bill, there has been heightened expectation of the new rules that will be in place. It is understood that government sources have indicated that the MOCI Draft will be issued before the PDP Bill. E-Commerce Draft Since the enactment of Indonesia’s new Trade Law in 2014, the Ministry of Trade (“MOT”) has prepared the implementing framework for e-commerce, which will cover: (a) E-commerce transactions procedures, covering online advertising, offer and acceptance, payment, delivery of goods, and refund policies; (b) Investment provisions (limitation on foreign investment) and taxation obligations; (c) Protection of personal data and information; (d) Licensing requirement for e-commerce businesses; (e) Requirement for e-commerce businesses to locate their data center and recovery data center in Indonesia, use of an Indonesia domain name (.co.id), and registration of their electronic systems with the MOCI; and (f) Supervisory measures by the MOT, including the black list of non-compliant e-commerce businesses. An interesting and notable feature of the e-commerce framework is the classification of foreign ecommerce businesses as local businesses by virtue of having customers in Indonesia, and hence subjecting such foreign e-commerce businesses to Indonesian law. Further, every e-commerce transaction relating to Indonesian interests shall be governed by Indonesian law, whether entered into within or outside the country. Palapa Ring Project The Palapa Ring Project was first designed 1o years ago in 2005 with the aim of building telecommunications infrastructure which will connect Sumatra, Java, Kalimantan, Nusa Tenggara, Sulawesi, and Maluku through a 36,000 kilometer fiber optic and submarine cable network. Palapa Ring I was completed in 2009, and this year Palapa Ring II is set to commence, utilising a public-private partnership business scheme. The Palapa Ring II project will cover the construction, operation and maintenance of the network which will be divided into three packages: west, central and east. The west packages will cover the construction of the network from the Riau Island Province to the Island of Natuna with a total length of 2,000 kilometers. The central packages will cover Kalimantan, Sulawesi and North Maluku with a total length of 2,700 km. Lastly, the east project will cover Nusa Tenggara Timur, Maluku, West Papua and Papua with total length of 6,300 kilometers. CLIENT UPDATE 2016 FEBRUARY TECHNOLOGY, MEDIA, AND TELECOMMUNICATIONS © Rajah & Tann Singapore LLP 7 In January 2016, the government announced winners of the tender for the west package (Mora Telematika consortium) and central package (Pandawa Lima consortium). The winner of the tender for the east package has yet to be announced. The Government approves Google Loon pilot testing in Indonesia To further boost internet access in Indonesia, at the end of 2015, the Indonesian Government approved Google’s Project Loon to fly by and conduct related pilot tests over the Indonesia archipelago from January 2016 to December 2016. The pilot testing will be carried out in collaboration with Indonesia’s three main telecommunication operators, Telkomsel, Indosat and XL. Project Loon is a network of balloons designed to provide telecommunication access to local telecommunication providers, or as a backhaul network provider, thereby allowing the local telecommunication providers to reach previously unreachable rural and remote areas. The project is particularly novel as the additional infrastructure is expected to improve and increase internet access in remote areas and by extension, the people’s welfare (studies have shown a direct correlation between the two). The agreement for the joint pilot testing is a welcome step although the success of this project will ultimately depend on the buy-in and commitment of the telecommunication operators. Indonesia plans to ramp up investment and promote its tech industry Indonesian President Joko Widodo’s goal is to make Indonesia the largest digital economy in Southeast Asia. As part of President Joko Widodo’s inaugural visit to the United States (“US”) in October 2015, he and US President Barack Obama committed to continue to develop cooperation in science, technology and innovation, in order to realise the Indonesia Digital Economy 2020 vision. Following President Joko Widodo’s visit, a delegation of high-level Indonesian ministers visited the San Francisco Bay Area and Silicon Valley, to promote stronger commercial and investment ties between Indonesia and the US. During the visit, the delegation met with technology companies such as Microsoft, Facebook, Google, Apple, and Marvell Technology Group. These companies made announcements regarding investments in Indonesian digital education, entrepreneurship, rural internet access, and application development. The delegation also met with Walt Disney International, Blackberry, Airbnb and Cisco, among others. Bank Mandiri sets up fund to boost financial technology in Indonesia In November 2015, Bank Mandiri announced that it was setting up a venture capital fund, PT Mandiri Capital Indonesia (“MCI”). Bank Mandiri provided an initial capital of Rp 350 billion (around US$25.2 million), and has committed to increasing that figure to Rp 500 billion (around US$37 million). MCI will focus on financial technology (“FinTech”) startups – MCI president director Eddi Danusaputro stated that 80% of the startups that MCI seeks will be FinTech companies. MCI is currently establishing a joint venture firm with BC Card from South Korea to handle electronic data capture (“EDC”) operations, relating to payment and settlement services. #Netflixeverywhere (almost) The Netflix global expansion blitz hit a snag on 27 January 2016 when Telkom, Indonesia’s largest internet service provider, decided to block Netflix’s service. Telkom has cited two main concerns behind this decision – Netflix’s alleged lack of a permit to operate in Indonesia, and the violent and/or sexual nature of its content. This occurred in spite of the fact that Indonesia’s Ministry of Communications and Information Technology had given Netflix a grace period till 7 February 2016 to freely enter the Indonesian market. In order to gain full access to the Indonesian market, Netflix will likely have to work out some sort of compromise with Telkom and the Indonesian government. Netflix may also potentially have to deal with a new set of regulations, due to be published by the Indonesian government in March 2016. The new CLIENT UPDATE 2016 FEBRUARY TECHNOLOGY, MEDIA, AND TELECOMMUNICATIONS © Rajah & Tann Singapore LLP 8 regulations are aimed at plugging a gap in Indonesia’s laws, which presently do not cover non-traditional internet broadcasters such as Netflix. Indonesia looks to license OTT services In July 2015, Indonesia’s Ministry of Communications and Information Technology announced plans to license and regulate the operations of Over-The-Top (“OTT”) service and content providers such as Facebook and Twitter. This licensing framework seeks to level the playing field in Indonesia for both international and domestic OTT service providers, thereby ostensibly providing the international players with a stable framework to operate within Indonesia, as well as to encourage the growth and development of more local OTT companies. The Indonesian government has also noted that the licenses could be a potentially lucrative source of tax income. THAILAND Overview of the info-communications and media regulatory landscape in Thailand in 2015 The National Broadcasting and Telecommunications Commission (“NBTC”) and the Ministry of Information and Communication Technology (“MICT”) are the primary info-communications and media regulatory bodies in Thailand. The NBTC is the independent state telecommunications regulator responsible for establishing the criteria and categories of telecommunication services, permitting and regulating the use of spectrum, and granting licenses to the telecommunications operators under the Act on the Organization to Assign Radio Frequency and to Regulate the Broadcasting and Telecommunication Services B.E. 2543 (2000) and the Telecommunication Business Act B.E. 2544 (2001). In 2015, the NBTC was mainly focused on developments in the mobile telecommunications sector, such as the auction for 4G licenses. The MICT administers and manages information and communication technology. It is also the regulatory body under the Computer Crime Act B.E. 2550 (2007). In 2015, the MICT announced that it plans to spend significant resources on driving flagship projects under the Digital Economy Policy including the development of computers and networks infrastructure project, and the amendment and update of relevant laws. Looking forward to the potential for a converged regulatory authority and future regulatory developments There have been proposals for structural change of the regulatory body. One proposed change is for the establishment of a National Digital Economy Committee, chaired by the Prime Minister, and whose objective is to coordinate the implementation of digital-economy policies between the government and state agencies. The second proposed law would restructure the current MICT and rename it the “Ministry of Digital Economy and Society”. The new Ministry would comprise five offices: the ministry office, the permanent’ secretary’s office, the digital economy office, the meteorology office, and the office of national statistics. From 2014 to 2015, the Cabinet approved in principle the following Bills to support the development of the digital economy: (i) National Digital Economy Committee Bill; (ii) Ministry of Digital Economy and Society Bill; (iii) Electronic Transactions Bill (amendment); (iv) Computer-Crimes Bill (amendment); (v) Cyber Security Bill; (vi) Personal Data Protection Bill; (vii) Digital Economy Promotion Bill; (viii) Digital Development for Economy and Society Fund Bill; (ix) Bill on the Organization to Assign Radio Frequency and to Regulate the Broadcasting and Telecommunication Services (amendment); and (x) Electronic Transactions Development Agency Bill (amendment). These Bills are either pending the consideration of the National Legislative Assembly (“NLA”) or waiting in line for the future NLA meeting agenda. At least one bill, the Personal Data Protection Bill, has been CLIENT UPDATE 2016 FEBRUARY TECHNOLOGY, MEDIA, AND TELECOMMUNICATIONS © Rajah & Tann Singapore LLP 9 withdrawn by the NLA for review and revision, upon request by the Cabinet, following heavy criticism of the bill in September 2015. An update on the 4G auction in Thailand The NBTC held the 1800MHz and 900 MHz spectrum auctions in November and December 2015 respectively. True Corporation (“TRUE”) won both the 1800MHz licence with a 39.79 billion Baht bid and the 900MHz licence with a 76.3 billion Baht bid. Advance Info Service (“AIS”) successfully bid 40.99 billion Baht for the second 1800MHz licence, and Jasmine International (“JAS”) won the second 900 MHz licence with a 75.67 billion Baht bid. The final price per MHz is estimated to be among the highest in the world for a 900MHz auction. The result surprised investors who expected Total Access Communication PCL (“DTAC”) to expand their 4G network and grab a larger share of Thailand’s mobile data market by winning the 900 MHz licence. Currently, DTAC provides 4G services on 1800MHz spectrum under a concession agreement with stateowned CAT Telecom, which will expire in 2018. The announcement of JAS as a winner raises several questions as JAS has no mobile phone user base. However, it was reported that JAS would like to set up a wireless broadband service to complement its existing fixed-line broadband service. Winning the 1800MHz licence will help AIS reduce the risk of losing market share while TRUE now has the biggest portion of bandwidth in the market. Nonetheless, investors are concerned that the winning companies' profits would be affected by the exorbitantly priced licence. The NBTC believes that 4G spectrum service will increase the economic value and development of Thailand’s businesses, including but not limited to telecommunication, transportation, hotels, and health care. Improvement of 4G spectrum service will also increase the mobile data usage in the rural areas which will decrease the gap in economic development between the urban and rural areas of Thailand. REST OF ASIA-PACIFIC AUSTRALIA Mandatory data retention under new law in Australia The Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015 (“TAA”), which came into effect on 13 October 2015, introduced a statutory obligation for Australian telecommunication service providers to retain specific metadata for a minimum period of two years. The set of metadata required to be retained under the TAA makes reference to six types of information: the identity of the subscriber to a communications service; the source of the communication; the destination of the communication; the date, time and duration of the communication; the type of the communication; and the location of the equipment used in the communication. The government has stressed that the data retained is only metadata (such as Internet Protocol (IP) address, time and location of communication, device information, etc.), and does not include the content or substance of the communication. Web-browsing history has also been specifically excluded from the TAA. Notably, over-the-top players and international companies such as Facebook, WhatsApp, Twitter, and Gmail, will not be caught under the legislation. CLIENT UPDATE 2016 FEBRUARY TECHNOLOGY, MEDIA, AND TELECOMMUNICATIONS © Rajah & Tann Singapore LLP 10 CHINA China’s new anti-terrorism law On 27 December 2015, China’s National People’s Congress Standing Committee passed a new antiterrorism law that creates a legal framework providing Chinese authorities with wide-ranging powers to compel the cooperation and assistance of technology firms in the country’s war against terrorism. The law, which came into effect on 1 January 2016, grants Chinese authorities broad powers to access and deal with data, thus raising significant concerns for all companies doing business in China with data such as data centre operators, internet service providers, and telecoms companies. For more details and analysis, please refer to our recent full Client Update, accessible at: http://eoasis.rajahtann.com/eoasis/gn/at.asp?pdf=../lu/pdf/2016-01-China-new-antiterrorism.pdf&module=LU&topic=LU000987&sec=b HONG KONG HK commences operations for its Innovation and Technology Bureau After 3 years of legislative wrangling, Hong Kong’s Innovation and Technology Bureau (“ITB”) commenced operations on 20 November 2015. The ITB, which absorbed some of the functions of the Commerce and Economic Development Bureau, seeks to promote innovation and technology in Hong Kong by developing policies to strengthen governmental support for the innovation and technology sector, thus giving one of Hong Kong’s weaker areas of industry a much needed shot in the arm. Critics of the ITB have expressed great pessimism over its potential, citing the selection of overly riskaverse and pro-Beijing personnel to head the ITB as early portents of failure. Others fear that this may be a case of too little, too late, as Hong Kong’s regional competitors have all surged ahead in the technology arena in recent years. The impact of the fledgling ITB therefore remains to be seen, and the first few policies it introduces will serve as important indicators of its potential for success. INDIA Cyber security as a basis for Indian Government’s initiatives On 5 November 2015, the Home Minister of India, Rajnath Singh, speaking at a conference on information security, noted that cybercrime in India had increased by over 70 percent in 2014. He noted that cyber security is a critical foundation for government initiatives such as Digital India, Make in India and Smart Cities. To this end, the Indian government is planning to set up an Indian Cyber Crime Coordination Centre (“I-4C”), which will help to monitor cybercrimes and work alongside law enforcement agencies to combat cybercrime. Security analysts hope that the Indian government’s continued efforts in this regard will lead to enhanced cyber security measures and standards in the near future. Telecom Regulatory Authority of India (“TRAI”) battles Facebook over its “Free Basics” service On 23 December 2015, the TRAI issued instructions to Reliance Communications, the sole telecommunications partner for Facebook in India, to temporarily stop Facebook’s “Free Basics” service. Free Basics is a Facebook initiative to provide a zero-rated, but limited internet service to users who cannot afford an internet subscription. In order for websites to be accessed via this service, the websites have to fulfill certain requirements. This has been viewed by some as a violation of the principle of network neutrality, as Free Basics would in effect only offer selected applications and services from the internet. CLIENT UPDATE 2016 FEBRUARY TECHNOLOGY, MEDIA, AND TELECOMMUNICATIONS © Rajah & Tann Singapore LLP 11 In response to the TRAI’s instructions to stop its Free Basics service, Facebook started a “Save Free Basics” campaign online, asking its users to send emails to the TRAI in support of Free Basics. TRAI and Facebook have since been engaged in a war of words, and on 8 February 2016, TRAI issued regulations on net neutrality which many view as being a decision against Facebook (please see the next story below). This episode serves to highlight the issues a regulator faces between its approach to network neutrality, and the economic and social realities on the ground, particularly in an economy with a wide range of income levels. TRAI outlaws discriminatory tariffs for internet access on basis of content On 8 February 2016, the TRAI issued regulations which prohibit telcos from charging discriminatory rates, on the basis of content, for internet services. The exceptions to this general rule apply to business intranets and for emergency services/uses. This law has immediate effect but telcos which have existing discriminatory tariff structures in place are given a 6 month grace period to remove them. The regulation is primarily a response to Facebook’s Free Basics service. While Free Basics has seemingly been prohibited by the regulation, Facebook may continue to provide the service as long as it does not discriminate on content (it can provide limited access to unlimited content for example). It remains to be seen how Facebook will react to the firm stance taken by the TRAI in its pursuit of network neutrality. While the regulations address one aspect of net neutrality, they do not provide detailed guidance on key issues such as the provision of OTT and VoIP services, where telcos in India are increasingly trying to gain a foothold into. Observers hope that the TRAI will address these issues soon in separate regulations or in explanatory notes, or at the latest when these regulations come up for renewal in two years. NEW ZEALAND New legislation addressing Harmful Digital Communications The Harmful Digital Communication Act 2015 (“HDCA”) has been passed by the NZ Parliament, introducing a range of measures to address cyberbullying and other forms of harassment and intimidation through electronic communications such as social media and texts. The HDCA makes it an offence to make digital communications that deliberately cause serious emotional distress on subjects including but not limited to race, religion, gender, and sexual orientation. If found guilty of this offence, a person may be imprisoned for a maximum of two years or fined up to AUD$50,000, and companies may be fined up to AUD$200,000. For businesses that host platforms where online content can be posted by its users, their liability for the harmful content will be limited if they comply with the process for handling complaints set out in the safe harbour provisions under the HDCA, such as notifying the author within 48 hours from the receipt of the notice of complaint. A complainant may also apply to the District Court for certain orders, including requiring an online content host to take down or disable access to a post or to provide to the court information on the identity of the author. Non-compliance with these orders can result in a fine of up to AUD$20,000. REST OF THE WORLD EU Abolition of the EU-US Safe Harbour On 6 October 2015, the Court of Justice of the European Union (“CJEU”) issued a ruling invalidating the EU-US Safe Harbour regime for trans-Atlantic transfers of personal data, primarily on the basis that personal data transferred to the US was not adequately protected from governmental access, which was CLIENT UPDATE 2016 FEBRUARY TECHNOLOGY, MEDIA, AND TELECOMMUNICATIONS © Rajah & Tann Singapore LLP 12 deemed by the CJEU to be disproportionate and largely unfettered. For more details and analysis of the CJEU’s ruling, please refer to our full Client Update, accessible here: http://eoasis.rajahtann.com/eoasis/gn/at.asp?pdf=../lu/pdf/2015-10-EU-US-SafeHarbour.pdf&module=LU&topic=LU000956&sec=b In light of the CJEU’s ruling, EU-based organisations must implement other means of effecting the transfer of personal data to the US, such as through data transfer agreements or binding corporate rules (where related entities are concerned), to ensure compliance with the EU’s Data Protection Directive. At the time of writing, it is understood that officials from the EU and the US have reached an agreement on a new data transfer arrangement. This is discussed further below. The EU-US Privacy Shield – new data sharing arrangement On 2 February 2016, the European Commission announced that it had reached an agreement with the United States on a new data sharing arrangement, termed the “EU-US Privacy Shield”, for the transfer of personal data between the US and the EU. The EU-US Privacy Shield is intended to facilitate trans-Atlantic transfers of personal data and to assuage the concerns set out by the CJEU in their judgement. In particular, it has been reported that the EU-US Privacy Shield will contain “commitments” from the US to fetter and monitor the right of their government agencies to access personal data transferred from the EU, as well as clearer procedures and avenues in which individuals from the EU whose personal data have been transferred to the US may seek redress for any grievances that they may have over the handling of their personal data in the US. Further details on the above are expected to be available imminently as the EU and the US prepare to implement the EU-US Privacy Shield. For more information on the EU-US Privacy Shield, please refer to our full Client Update, accessible here: http://eoasis.rajahtann.com/eoasis/gn/at.asp?pdf=../lu/pdf/2016-02-PrivacyShield.pdf&module=LU&topic=LU001002&sec=b Agreement reached on EU-wide cybersecurity legislation On 7 December 2015, the European Commission, European Parliament and the EU Council of Ministers (the “Council”) reached an agreement on what has been described as the “first EU-wide legislation on cybersecurity”. As set out in the current draft of the new cybersecurity directive (the “Directive”), which was introduced on 7 February 2013, the objective of the Directive is to ensure a secure and harmonised standard of network and information security among the member states. To this end, the Directive sets out certain baseline obligations relating to the prevention, handling and response to cybersecurity incidents that all member states are expected to meet. Moving forward, the final version of the Directive will need to be formally approved by the European Parliament and the Council. Once approved, EU member states will have 21 months to ratify the Directive into their domestic legislation. Informal agreement on new EU data protection law reached On 21 December 2015, it was announced that the European Parliament, the European Commission and the Council had reached an informal agreement on a new set of data protection legislation, the General Data Protection Regulations (the “GDPR”). The GDPR was first proposed on 25 January 2012 in recognition of the need for the EU’s current data protection directive, which has been in force since 13 December 1995, to be updated to better deal with the challenges engendered by the technological advances in the way personal data is used and processed CLIENT UPDATE 2016 FEBRUARY TECHNOLOGY, MEDIA, AND TELECOMMUNICATIONS © Rajah & Tann Singapore LLP 13 in today’s context, by empowering individuals with more rights over their personal data and imposing stricter obligations on organisations. Unlike the existing data protection directive, the GDPR will be uniformly applicable across all member states without the need for further ratification after a two year transition period after GDPR has been formally approved. UNITED KINGDOM Financial Conduct Authority introduces “Regulatory Sandbox” as potential testing ground for FinTech On 10 November 2015, the Financial Conduct Authority (“FCA”) announced plans to introduce a “regulatory sandbox” where companies interested in offering FinTech products or services can put their offerings through trial runs to assess the viability of their offerings in controlled, real market situations. The objective of the “regulatory sandbox”, as set out in a report to the UK Government published by the FCA, is to, inter alia, provide a platform for the FCA to assist interested companies in navigating the existing regulatory framework with a view of expediting the introduction of those FinTech offerings which have been successfully tested to the market, whilst ensuring that any relevant consumer protection related concerns are appropriately addressed. The “regulatory sandbox” is intended to be launched in the second quarter of 2016 and the FCA is presently finalizing the details of its implementation. UK Government announces collaboration with insurance sector to establish UK at the forefront of cyber risk management On 23 March 2015, the UK Government released a report setting out the increasing risks posed by cybersecurity threats and how businesses can incorporate cybersecurity insurance as an effective tool to manage such risks. The report, which was jointly released with a leading UK insurer, is part of the government’s initiative to position London at the forefront of the global cybersecurity insurance industry. To this end, it was also announced that the UK Department of Trade and Investment will collaborate with one of UK’s leading banks, Lloyd’s, to market cybersecurity insurance as one of UK’s key exports. Further, to ensure better quality in the offerings by UK based insurers, the UK Government will also collaborate with the insurance industry to create a platform for information sharing and dialogue, to enable insurers to achieve more accurate calculations of the risks posed by cybersecurity threats and to better structure their policies accordingly. UNITED STATES Newly-introduced net neutrality rules challenged in DC Circuit Court of Appeal 2015 will go down as a significant year for net neutrality developments. On 26 February 2015, the Federal Communications Commission (“FCC”) reclassified the Internet from an information service to a telecommunications service, allowing ISPs to be treated as common carriers. This gave FCC the necessary authority to enact net neutrality rules in the form of the Open Internet Order, essentially preventing ISPs from offering preferential treatment to higher-paying customers by prohibiting blocking, throttling and paid prioritization. However, on 4 December 2015, various aggrieved parties challenged the new net neutrality rules in court, claiming primarily that FCC did not have the proper authority to reclassify the Internet as a telecommunications service. This marks the third time FCC is in court for its attempts to CLIENT UPDATE 2016 FEBRUARY TECHNOLOGY, MEDIA, AND TELECOMMUNICATIONS © Rajah & Tann Singapore LLP 14 introduce net neutrality rules, and regardless of the outcome of this case, it is likely to be further appealed to the Supreme Court. Watch this space for further developments. Controversial Cybersecurity Act of 2015 comes into force On 18 December 2015, the Cybersecurity Act of 2015 was passed by Congress and signed into law by President Barack Obama, after being tacked on as part of a larger omnibus spending bill. The Cybersecurity Act essentially facilitates the sharing of information between the private sector and governmental entities, by allowing private companies and government agencies to voluntarily share cyber threat indicators or defensive measures with each other for cybersecurity purposes, and providing private companies with liability protection and antitrust exemptions for such information sharing. While the Cybersecurity Act does require private companies to remove information which they know to be personal information before sharing any data, critics argue that its provisions would not assist in combating cybersecurity threats, but would instead make it easier for both governmental authorities and private companies to spy on the public. Notwithstanding such criticism, the practical effect of the Cybersecurity Act is still unclear, as its specific procedural regulations have yet to be developed. CONCLUSION There you have it, our first combined regional TMT update. We are pleased to have put together this expansive list of updates by leveraging on the coverage and expertise from our Rajah & Tann Asia network of lawyers in the ASEAN region, and beyond. We hope you have found the various snippets here useful and thought provoking. Forging ahead into 2016, we here at Rajah & Tann Asia will strive to keep you and your business updated on the key TMT developments that take place in this region. Have a prosperous and productive year ahead. CLIENT UPDATE 2016 FEBRUARY 15 © Rajah & Tann Singapore LLP Key Contacts Rajesh Sreenivasan Head, Technology, Media & Telecommunications D (65) 6232 0751 F (65) 6428 2204 firstname.lastname@example.org Lionel Tan Partner, Technology, Media & Telecommunications D (65) 6232 0752 F (65) 6428 2119 email@example.com Kuok Yew Chen Partner Christopher & Lee Ong D (603) 2267 2699 F (603) 2273 8310 firstname.lastname@example.org Yau Yee Ming Partner Christopher & Lee Ong D (603) 2267 2669 F (603) 603 2273 8310 email@example.com Eko Basyuni Partner Assegaf Hamzah & Partners D (62) 21 2555 7802 F (62) 21 2555 7899 firstname.lastname@example.org Supawat Srirungruang Partner Rajah & Tann (Thailand) Limited D (66) 2656 1991 F (66) 2656 0833 email@example.com _________________________________________ Steve Tan Deputy Head, Technology, Media & Telecommunications D (65) 6232 0786 F (65) 6428 2216 Steve.firstname.lastname@example.org Benjamin Cheong Partner, Technology, Media & Telecommunications D (65) 6232 0738 F (65) 6428 2233 email@example.com Deepak Pillai Chandrasekaran Partner Christopher & Lee Ong D (603) 2267 2675 F (603) 2273 8310 firstname.lastname@example.org Mohd Zulkifli Intan Haryati Partner Christopher & Lee Ong D (603) 2267 2674 F (603) 2273 8310 email@example.com Zacky Zainal Husein Partner Assegaf Hamzah & Partners D (62)21 2555 7800 F (62) 21 2555 7899 firstname.lastname@example.org Saroj Jongsaritwang Partner Rajah & Tann (Thailand) Limited D (66)2656 1991 F (66) 2656 0833 email@example.com 16 © Rajah & Tann Singapore LLP For more information on issues arising in specific countries, please contact the persons above. For issues arising in a country not listed above, please feel free to contact the Singapore team in the first instance or email firstname.lastname@example.org. Please feel free to also contact Knowledge and Risk Management at eOASIS@rajahtann.com. ASEAN Economic Community Portal With the launch of the ASEAN Economic Community (“AEC”) in December 2015, businesses looking to tap the opportunities presented by the integrated markets of the AEC can now get help a click away. Rajah & Tann Asia, United Overseas Bank and RSM Chio Lim Stone Forest, have teamed up to launch “Business in ASEAN”, a portal that provides companies with a single platform that helps businesses navigate the complexities of setting up operations in ASEAN. By tapping into the professional knowledge and resources of the three organisations through this portal, small- and medium-sized enterprises across the 10-member economic grouping can equip themselves with the tools and knowhow to navigate ASEAN’s business landscape. Of particular interest to businesses is the "Ask a Question" feature of the portal which enables companies to pose questions to the three organisations which have an extensive network in the region. The portal can be accessed at http://www.businessinasean.com/. 17 © Rajah & Tann Singapore LLP Our regional presence Our regional contacts RAJAH & TANN Singapore RAJAH & TANN REPRESENTATIVE OFFICE China Rajah & Tann Singapore LLP 9 Battery Road #25-01 Straits Trading Building Singapore 049910 T +65 6535 3600 F +65 6225 9630 sg.rajahtannasia.com Rajah & Tann Singapore LLP Shanghai Representative Office Unit 1905-1906, Shui On Plaza, 333 Huai Hai Middle Road Shanghai 200021, People's Republic of China T +86 21 6120 8818 F +86 21 6120 8820 cn.rajahtannasia.com R&T SOK & HENG Cambodia RAJAH & TANN NK LEGAL Myanmar R&T Sok & Heng Law Office Vattanac Capital Office Tower, Level 17, No. 66 Preah Monivong Boulevard, Sangkat Wat Phnom Khan Daun Penh, 12202 Phnom Penh, Cambodia T +855 23 963 112 / 113 F +855 963 116 kh.rajahtannasia.com *in association with Rajah & Tann Singapore LLP Rajah & Tann NK Legal Myanmar Company Limited Myanmar Centre Tower 1, Floor 07, Unit 08, 192 Kaba Aye Pagoda Road, Bahan Township, Yangon, Myanmar T +95 9 73040763 / +95 1 657902 / +95 1 657903 F +95 1 9665537 mm.rajahtannasia.com 18 © Rajah & Tann Singapore LLP ASSEGAF HAMZAH & PARTNERS Indonesia RAJAH & TANN Thailand Assegaf Hamzah & Partners Jakarta Office Menara Rajawali 16th Floor Jalan DR. Ide Anak Agung Gde Agung Lot #5.1 Kawasan Mega Kuningan, Jakarta 12950, Indonesia T +62 21 2555 7800 F +62 21 2555 7899 www.ahp.co.id Rajah & Tann (Thailand) Limited 973 President Tower, 12th Floor, Units 12A-12F Ploenchit Road, Lumpini, Pathumwan Bangkok 10330, Thailand T +66 2 656 1991 F +66 2 656 0833 th.rajahtannasia.com RAJAH & TANN Lao PDR Surabaya Office Pakuwon Center, Superblok Tunjungan City Lantai 11, Unit 08 Jalan Embong Malang No. 1, 3, 5, Surabaya 60261, Indonesia T +62 31 5116 4550 F +62 31 5116 4560 Rajah & Tann (Laos) Sole Co., Ltd. Phonexay Village, 23 Singha Road, House Number 046/2 Unit 4, Saysettha District, Vientiane Capital, Lao PDR T +856 21 454 239 F +856 21 285 261 la.rajahtannasia.com * Assegaf Hamzah & Partners is an independent law firm in Indonesia and a member of the Rajah & Tann Asia network. CHRISTOPHER & LEE ONG Malaysia RAJAH & TANN LCT LAWYERS Vietnam Christopher & Lee Ong Level 22, Axiata Tower, No. 9 Jalan Stesen Sentral 5, Kuala Lumpur Sentral, 50470 Kuala Lumpur, Malaysia T +60 3 2273 1919 F +60 3 2273 8310 www.christopherleeong.com *in association with Rajah & Tann Singapore LLP Rajah & Tann LCT Lawyers Ho Chi Minh City Office Saigon Centre, Level 13, Unit 2&3 65 Le Loi Boulevard, District 1, HCMC, Vietnam T +84 8 3821 2382 / +84 8 3821 2673 F +84 8 3520 8206 Hanoi Office Lotte Center Hanoi - East Tower, Level 30, Unit 3003, 54 Lieu Giai St., Ba Dinh Dist., Hanoi, Vietnam T +84 4 3267 6127 F +84 4 3267 6128 www.rajahtannlct.com Rajah & Tann Singapore LLP is one of the largest full service law firms in Singapore, providing high quality advice to an impressive list of clients. We place strong emphasis on promptness, accessibility and reliability in dealing with clients. At the same time, the firm strives towards a practical yet creative approach in dealing with business and commercial problems. As the Singapore member firm of the Lex Mundi Network, we are able to offer access to excellent legal expertise in more than 100 countries. Rajah & Tann Singapore LLP is part of Rajah & Tann Asia, a network of local law firms in Singapore, Cambodia, China, Indonesia, Lao PDR, Malaysia, Myanmar, Thailand and Vietnam. Our Asian network also includes Singapore-based regional desks focused on Japan and South Asia. The contents of this Update are owned by Rajah & Tann Singapore LLP and subject to copyright protection under the laws of Singapore and, through international treaties, other countries. No part of this Update may be reproduced, licensed, sold, published, transmitted, modified, adapted, publicly displayed, broadcast (including storage in any medium by electronic means whether or not transiently for any purpose save as permitted herein) without the prior written permission of Rajah & Tann Singapore LLP. Please note also that whilst the information in this Update is correct to the best of our knowledge and belief at the time of writing, it is only intended to provide a general guide to the subject matter and should not be treated as a substitute for specific professional advice for any particular course of action as such information may not suit your specific business and operational requirements. It is to your advantage to seek legal advice for your specific situation. In this regard, you may call the lawyer you normally deal with in Rajah & Tann Singapore LLP or e-mail Knowledge & Risk Management at eOASIS@rajahtann.com. at eOASIS@rajahtann.com.