The Week Ahead in the European Parliament – January 26, 2018

Summary

Next week is a mixed committee and political group week in the European Parliament.  Only several committee meetings are scheduled, as Members of the European Parliament (“MEPs”) will spend the majority of their time with their political group, preparing for the plenary week in Strasbourg on February  5 – 8, 2018.

On Monday, the Committee on Civil Liberties, Justice and Home Affairs (“LIBE”) will vote on a motion for a resolution regarding the situation of the rule of law and democracy in Poland, following the European Commission’s decision to trigger Article 7 of the Treaty on European Union.

On Thursday, a public hearing concerning citizens’ rights after Brexit will take place.  MEPs, national experts and activists are expected to discuss the situation following the European Council’s conclusions that sufficient progress has been made in the Brexit negotiations.

During the second half of the week, MEPs will prepare for the upcoming plenary session, scheduled for February 5 – 8, 2018 in Strasbourg.  MEPs will discuss various topics, including geo-blocking, the composition of the European Parliament, emissions trading and the human rights situation in Turkey.

Meetings and Agenda

Monday, January 29, 2018

 Committee on Economic and Monetary Affairs jointly with the Committee on Civil Liberties, Justice and Home Affairs

18:30 – 20:00

Votes (19:45 – 20:00)

  • Prevention of the use of the financial system for the purposes of money laundering or terrorist financing (COD) – Vote on the provisional agreement resulting from interinstitutional negotiations
    • Rapporteurs: Krišjānis KARIŅŠ (EPP, LV) and Judith SARGENTINI (Greens/EFA, NL)
  • Commission Delegated Regulation amending Delegated Regulation (EU) 2016/1675 supplementing Directive (EU) 2015/849 of the European Parliament and of the Council, as regards adding Sri Lanka, Trinidad and Tobago and Tunisia to the table in point I of the Annex (DEA) – Vote on a motion for a resolution (to be confirmed)

Committee on Civil Liberties, Justice and Home Affairs

15:00 – 17:30

  • High-Level Commission Expert Group on Radicalisation – discussion with Julian KING, Commissioner for the Security Union (15.00-16.00)
  • Article 29 Working Party: Privacy Shield – implementation of the General Data Protection Regulation (GDPR) – discussion with Isabelle FALQUE-PIERROTIN, Chairwoman of the Art. 29 Working Party (16.00-17.00)

Vote (17.00-17.10)

  • Situation in Poland – Commission decision to activate Article 7, paragraph 1 of the Treaty on European Union (RSP) – vote on a motion for a resolution
    • Rapporteur Claude MORAES (S&D, UK)

End of vote

  • Hearing of the candidate for the post of Europol Executive Director – discussion with Catherine DE BOLLE, selected candidate by the Council from a shortlist of candidates proposed by the Management Board (17.10-18.30)

Joint meeting with the Economic Affairs Committee (18.30-20.00)

  • Prevention of the use of the financial system for the purposes of money laundering or terrorist financing (COD) – vote on the provisional agreement resulting from interinstitutional negotiations (19.45-20.00)
    • Rapporteurs Krišjānis KARIŅŠ (EPP, LV) and Judith SARGENTINI (Greens/EFA, NL)

Tuesday, January 30, 2018

  • No meetings of note

Wednesday, January 31, 2018

  • No meetings of note

Thursday, February 1, 2018

 Committee on the Environment, Public Health and Food Safety

09:00 – 12:30

  • Exchange of views with Dr Andrea AMMON, Director of the European Centre for Disease Prevention and Control (ECDC)
  • Exchange of views with the Commission and the European Centre for Disease Prevention and Control (ECDC) on Lyme disease

Committee on Transport and Tourism

09:00 – 12:30

  • “European Rail Traffic Management System”, presentation of the European Court of Auditors’ Special Report by Ladislav BALKO (Rapporteur) and presentation on “Traffic Management System – the way forward” by the European Commission,  DG MOVE

Committee on Regional Development

09:00 – 12:30

  • Debate on the future of cohesion policy after 2020

Committee on Civil Liberties, Justice and Home Affairs

09:00 – 17:30
Joint meeting with the Foreign Affairs and Development Committees (09.00-10.30)

  • The global compact on safe, orderly and regular migration – discussion with Michele Klein SOLOMON, Director, Global Compact for Migration, Office of the Director-General of the International Organisation for Migration (IOM)

Votes (10.30-11.45)

  • Annual report on the situation of fundamental rights in the EU in 2016 (INI) – Vote on draft report
    • Rapporteur Frank ENGEL (EPP, LU)

In camera (11.45-12.30)

  • State of play of negotiations on status agreements between the EU and third countries for the purpose of actions carried out by the European Border and Coast Guard Agency on the territory of those countries – discussion with Simon Mordue, Deputy Director-General, DG HOME, European Commission

Afternoon (change of meeting room)
14.00-17.30 – Paul Henri Spaak (PHS) 3C50

  • Hearing on Citizens’ rights after Brexit – jointly with the Employment and Social Affairs, Civil Liberties, Justice and Home Affairs and Petitions Committees

China Issues New Personal Information Protection Standard

On January 2, 2018, the Standardization Administration of China (“SAC”) released the final version of the national standard on personal information protection, officially entitled GB/T 35273-2017 Information Technology – Personal Information Security Specification (GB/T 35273-2017 信息安全技术 个人信息安全规范) (hereinafter “the Standard”).  The Standard will come into effect on May 1, 2018.As highlighted in our previous coverage of drafts of the Standard (see here and here), although it is nominally a voluntary framework, the Standard effectively sets out the best practices that will be expected by regulators auditing companies and enforcing China’s existing (but typically more generally-worded) data protection rules, most notably the 2016 Cybersecurity Law.  Drafts of the Standard — even prior its finalization — have also in some cases been the basis for non-compliance remediation plans and undertakings agreed between companies and the Cyberspace Administration of China (“CAC”) following CAC audits, as we reported here.The Standard applies to “personal information controllers,” namely any private or public organization that has “the power to decide the purpose and method” of processing personal information.  This is seemingly modelled on European law’s “data controller” concept.The Standard regulates the use of “personal information” by these controllers, a term largely aligned with strict conceptualizations of “personal data” under the EU’s General Data Protection Regulation (“GDPR”).  Examples of “personal information” listed in an annex to the Standard include device hardware serial codes, IP addresses, website tracking records, and unique device identifiers, among other things.  The definition of “sensitive personal information,” however, takes a different approach to the GDPR: rather than applying only to specific types of data, the Standard takes a risk-based approach, defining “sensitive” personal information as any personal information which, if lost or misused, is capable of endangering persons or property, easily harming personal reputation and mental and physical health, or leading to discriminatory treatment.  According to the Standard, this could for example include national identification card numbers, login credentials, banking and credit details, a person’s accurate location, information on a person’s real estate holdings, and information about a minor (under 14 years old).

Similar to general principles of most data protection laws, the Standard requires transparency, specificity and fairness of processing purpose, proportionality (use and retention of only the minimum information necessary to achieve the stated purpose), security, risk assessment, and the respect of individuals’ rights to control the processing of information about them.  It also requires either consent from individuals, or reliance on a limited range of exceptions set out in the Standard, for the purpose of collection and processing of personal information.

This article looks at some of these aspects in more detail, including some of their key divergences from European data protection law, including the GDPR.  (Please note that this is not an exhaustive description of the Standard, nor is it a detailed comparison with the GDPR.)

Consent and other legal grounds for processing

The Standard lays down a basic rule that the collection of personal information and its subsequent use should be affirmatively consented to ahead of time, with further (informed) consents being required for any activity exceeding the scope of the original consent.

For sensitive personal information, the informed consent must be clear and explicit, and the information to be provided must distinguish between the “core business functions” of the products or services being provided, and “other products or services, such as those that provide additional capabilities.”  If an individual refuses to consent to the ancillary uses of their data, the collector/controller may decline to provide the additional services, but may not cease or degrade the provision of core business products and services to that individual.

Where the data relates to a minor, explicit consent must be obtained from the minor’s parent or guardian, unless the minor is at least 14 years old, in which case consent may also be obtained directly from him or her.

The Standard derogates from these consent requirements by including a number of non-consensual grounds for collecting and processing personal information.  Analogues of several of those grounds can be found in the GDPR, but others are different, for instance necessity for troubleshooting products and services, or necessity for reporting by news agencies.  Collecting information from public sources, such as news reports, also does not require prior consent.  Some of the more permissive processing grounds found in GDPR Article 6 (for non-sensitive data) are absent, such as necessity for the legitimate interests of the controller or a third party, even though the Standard’s exceptions arguably cover some of the commonly seen examples of legitimate interests, including necessity to perform a contract.

As further described below, consent is usually also required to the sharing or transferring of personal information.

The Standard also imposes a requirement akin to the GDPR’s “purpose limitation” requirement (namely, that all uses of the information, including secondary uses, should be reasonably connected with the original purpose of collection of the data, and should be reauthorized if that is not the case).  It sets aside that principle for certain research and academic purposes, provided the personal information is de-identified in public disclosures about the research.

Notice

The Standard requires the inclusion of certain information in privacy notices, including but not limited to:

  • For each business use: personal information collection and processing rules such as the collection method and frequency, place of storage, and frequency of collection;
  • If data is shared, disclosed or transferred, the types of data involved, the types of the data recipients, and rights and obligations of each party;
  • Data subject rights, and complaint handling;
  • Security principles followed, and security measures implemented;
  • Security risks that may exist after providing personal information; and
  • The controller’s “usual office location” and contact information.

The Standard does not explicitly allow such information to be omitted from notices if the individual already possesses it from other sources (e.g. from app pop-up notices, or through their regular dealings with the organization), unlike the GDPR.  Privacy notices must be delivered to individuals “one by one,” though if costs become too high or when there are significant difficulties, a public announcement is possible instead.

The Standard also requires cessation of processing to be notified to individuals, either individually or by general announcement.

Rights of individuals

The rights conferred on individuals are similar to those under the GDPR, although:

  • The Standard requires requests to be complied with in less than 30 days (or other legally-stipulated period), whereas under certain circumstances the GDPR allows further extensions;
  • The Standard includes a “straightforward account cancellation” right;
  • The erasure right appears somewhat strengthened, through omission of exceptions found in the GDPR (which for example allows refusal of erasure requests in the interests of freedom of expression and information, or scientific research), and includes significant obligations to notify third parties of the erasure (and in some cases, order them to also delete the data). On the other hand, the right can only be invoked after processing violates applicable law or an agreement with the individual.
  • The data portability right arises in a wider range of situations, but is limited to certain information, such as health, education or occupational information.

Use of vendors / processors

Before outsourcing the processing of personal information, the Standard requires controllers to conduct risk assessments and ensure that the vendor (processor) would offer adequate security; once the subcontracted processing is underway, controllers must supervise the processors, including through audits and assessments.  Processors must obtain controllers’ permission before further subcontracting the processing services.

Like the GDPR, processors must help controllers comply with data subject requests, and promptly notify controllers of security incidents.  The Standard adds broader duties to promptly notify controllers when processors are “unable to offer an adequate level of security” or after they process the information entrusted to them other than strictly in accordance with the controller’s requirements.

Data sharing

Unless the information is de-identified, prior notice and consent from individuals to the transfer or sharing of their data is required (distinct from the consent that covered the initial collection and processing of data), as is also required by China’s Cybersecurity Law.  By contrast, the GDPR does not strictly require consent to sharing of data.  However, the GDPR and the Standard both suggest that the sharing be covered by some sort of prior risk assessment and mitigation exercise.

The Standard also sets out specific record-keeping obligations regarding the sharing or transfer of personal information, and an obligation on controllers to assume a degree of responsibility for any damage caused to individuals by the transfer or sharing of their personal information.

Alternative rules apply in respect of mergers, acquisitions, reorganizations or “other kinds of change,” as well as to public disclosures of personal information.  Public disclosures of biometric information are prohibited.

As with processing grounds, exceptions to the aforementioned sharing, transfer and disclosure consent requirements apply, for instance, where the data was collected from public sources, or if the disclosure is necessary for criminal investigations.

Security and deletion

The Standard prescribes that controllers must (i) have internal procedures to grant access to personal information and authorize operations such as batch modification, copying and downloading; (ii) keep records of data processing; (iii) appoint a Chief Information Security Officer plus designated “key personnel” with leadership responsibility for information security; (iv) conduct periodic (at least annual) staff training; (v) conduct security testing before the release of products or services; and (vi) if the organization is large enough or processes information about more than 500,000 people (or expects to do so in the next 12 months), have a dedicated information security team.  Individuals with access to large amounts of sensitive personal information must be subjected to background checks.  In requiring these specific programs, the Standard is more granular than the GDPR.

Incident response

The Standard requires organizations to maintain information security incident response plans, undertake regular training and emergency drills (at least once a year), implement incident record-keeping and assessment, adhere to the CAC’s “National Network Security Incident Contingency Plan” for notification of incidents to authorities, and notify cybersecurity incidents to affected individuals.  Unlike the GDPR, no severity threshold or specific time period for reporting is expressly mentioned under the Standard.

Note that the Cybersecurity Law requires “network operators” to notify an incident to regulators and affected individuals when there has been actual or potential “leakage, damage, or loss” of personal data (Article 42).  It is not clear whether a data controller would be subject to this reporting obligation if the breach occurs within their processors’ network, nor what kind of incidents may be counted as “potential” breaches.

Periodic data protection impact assessment

Finally, the Standard requires data protection impact assessments (“DPIAs”), which are not unlike those in the GDPR, although the GDPR is less specific about how frequently they must be conducted: under the Standard, DPIAs must be repeated at least annually, as well as when (i) new legislative requirements come into effect, (ii) business models, information systems or operational environments undergo a major change, or (iii) a significant personal information security incident occurs.  The assessment reports must be “open to the public in appropriate form.”

International data transfers

The Standard states at a high level that data controllers will need to go through a security assessment if they would like to transfer personal data out of China.  More detail regarding cross-border data transfers are expected to be covered by separate regulations and standards.

Continue Reading

Ten Key Issues to Watch in Africa in 2018

 In this blog, Covington’s Africa practice  highlights ten key issues to watch in Africa in 2018.

  1. U.S. Policy: The derogatory remarks that President Trump made about Africans and Haitians, which he denies having said, create a negative image for the U.S. across the region as the year begins. Nevertheless, the administration will push forward on several fronts. Commerce Secretary, Wilbur Ross, is expected to visit Sub-Saharan Africa in the first quarter of 2018 along with members of the Presidential Advisory Committee on Doing Business in Africa (PAC-BIA), an Obama-era initiative continued under Trump. Secretary of State, Rex Tillerson, may also visit the region. As we analyze here, the Administration’s National Security Strategy focuses on combatting corruption in Africa, moving toward more reciprocal trade relationships and modernizing development finance tools. On January 17, 2018 the House passed the African Growth and Opportunity Act (AGOA) and Millennium Challenge Account (MCA) Modernization Act. The bill will provide technical assistance to help eligible partners fully utilize AGOA and, perhaps most significantly, enable the Millennium Challenge Corporation to enter into concurrent, regionally-focused compacts to promote trade among eligible partner countries. The bill is now in the Senate and will likely be passed later in the year.
  1. Anti-Corruption: Next week the African Union will meet for its 30th Summit, with the theme “Winning the Fight Against Corruption: A Sustainable Path to Africa’s Transformation.” Consistent with this focus, anti-corruption initiatives are on the rise throughout the continent. For example, Angola’s new president, João Lourenço has taken swift and decisive actions to root out nepotism and corruption. In December 2017, he changed the leadership of nine public utilities and companies, including oil and gas producer Sonangol and the diamond mining company Endiama.  The election of Cyril Ramaphosa as president of the African National Congress and the prospective state prosecution of companies involved in the sprawling “state capture” investigation are likely harbingers of a continued focus on anti-corruption enforcement in South Africa in 2018. The extraterritorial application of the Foreign Corrupt Practices Act (“FCPA”), as well as other foreign anti-corruption laws such as the U.K. Bribery Act, is well-established. The extent to which the effort of African governments to fight graft will result in an increase in FCPA enforcement activity related to the continent is something to watch over the course of the year.  Against this backdrop, corporates would be well-served to focus on developing and maintaining anti-corruption compliance programs.
  1. Project Finance: Project Finance projects in Africa are likely to increase in 2018, especially in energy/power and transport sectors. For example, spending on electricity production and distribution in Sub-Saharan Africa is expected to reach $5 billion by 2025. The Power Africa initiative launched by former President Obama, and continued by the Trump Administration, is expected to contribute significantly to increased investment in infrastructure projects. The initiative’s 150 public and private sector partners have already mobilized $14 billion in actual investment in the 85 Power Africa projects that have reached final close, which will add more than 7,000 megawatts of new power generation. Additional finance is expected from China, India, and Japan. Sub-Saharan Africa’s wealth of natural resources, particularly in the oil and gas sector, will continue to attract investors. Infrastructure spending for petroleum and natural gas extraction is expected to grow at an average annual rate of 7.1 percent between now and 2025, resulting in a total investment of $8 billion over that time period. Notably, funding models are changing in Africa, and models such as public-private partnerships (PPPs) are to become more prevalent. However, in the energy sector, the preferred model of funding remains privately financed Independent Power Producers. Larger state-owned companies in South Africa have made progress in issuing bonds to raise capital, but with South Africa’s sovereign credit rating under pressure, debt capital raising by smaller State Owned Enterprises (SOEs) may prove challenging.. The African Development Bank is expected to continue to provide a platform for bridging finance, direct loans and loan guarantees supporting infrastructure financing. Southern Africa will account for the largest share of infrastructure spend and capital project activity on the continent, and most of the activity is likely to occur in the South African energy sector. Other important investment destinations include Angola, Ghana, Nigeria, and Mozambique.
  1. South Africa: There is a palpable sense in South Africa that the country has turned a critical corner in the fight against government corruption with the election of Cyril Ramaphosa as president of the ANC. Ramaphosa’s 2018 agenda is significant: root out the corruption tied to President Zuma by prosecuting individuals and entities implicated by Guptagate, restore the reputation of the ANC as a genuine party of the people, and revive South Africa’s economy. Ramaphosa must also prepare for a decisive election in 2019 while delivering on job creation and managing the tension between market-based land reform and expropriation. An early indicator of Zuma’s fate will be whether he delivers the February 9 State of the Nation address to Parliament; the expectation is that Zuma will be forced out of office over the near-term. It’s more a question of when, not if.  Analysts will also be watching to see how Ramaphosa will revitalise the State Owned Enterprises (SOEs) and whether he will act against executives in the country’s key SOEs, who have become widely regarded as having facilitated “state capture.”   
  1. Angola: President João Lourenço continues to move forward on the reforms he initiated immediately upon assuming the presidency. The government has announced plans to tap the Eurobond market, probably by June, and it announced that it will repay contractors $5 billion of arrears by 2019. The government has also published a mid-term national development plan (2018-2022) that identifies 88 actions it will take to reform the economy. Key actions include strengthening the financial sector and assessing the vulnerability “of every and any” commercial bank. Whether the government seeks a deal with the IMF to support its reform efforts will be an important issue to watch in 2018.
  1. Zimbabwe: One of the most pressing questions facing the new government in Zimbabwe is whether it can hold “free, credible, fair and indisputable” elections, as President Emmerson Mnangagwa has promised. Mnangagwa has said electoral observers from the EU, the Commonwealth and the UN would be invited to monitor the polls, a welcome departure from Mugabe’s refusal to allow international election observers. Whether the more than 3 million Zimbabweans in diaspora will be able to vote will be important to the credibility of the elections. The success of the elections will have an important bearing on whether the international community is willing to support an economic reform package, which the government needs desperately. Finance Minister Patrick Chinamasa has announced a bold economic reform program which he hopes will lead to 4.5 percent growth in 2018; how he deals with government spending, the country’s $1.8 billion to the IMF, agricultural and civil service reforms will be key early challenges.
  1. Nigeria: With presidential elections scheduled for early 2019, political jockeying will intensify in 2018 with a prime focal point being on President Buhari’s health and whether he will stand for reelection. Elections for governorships in Ekiti (July) and Osun (September) will be important indicators of the preparedness of the Independent National Electoral Commission (INEC) to manage next year’s presidential elections. The government’s action on the enduring challenges of corruption, petroleum shortages, and unreliable access to power will continue to dominate the political debate. Economic growth is expected to accelerate to 2.5 percent (it was 1 percent last year). This growth will be spurred by improving oil prices and reforms in the financial, manufacturing, and other sectors.
  1. Kenya: Warning that “lingering political uncertainty can further undermine business confidence and stunt a robust recovery,” the World Bank has downgraded its 2018 growth forecasts for Kenya from 5.5 percent to 4.9 percent. Political turmoil during the 2017 elections caused corporations to take a cautious approach to Kenya and delay investments. Healing the ethnic divisions that divide Kenya, rooting out endemic corruption, and addressing drought that has caused food prices to spike are just a few of the challenges facing President Uhuru Kenyatta. Initiatives to foster lasting reconciliation among Kenyans and regaining the confidence of investors will be key challenges for Kenyatta in 2018.
  2. Mobile Money: Mobile money will continue to grow throughout 2018 as a significant engine of economic growth and inclusion, perhaps faster in Africa than in any other region. Currently, there are 277 million mobile money accounts and 177 million bank accounts in Africa and 30 countries have enacted mobile money enabling regulation in Sub-Saharan Africa. Since 2011, there has been a ten-fold increase in the number of mobile money agents reaching approximately 1.5 million, creating a range of opportunities for small and medium enterprises.
  3. Business and Human Rights: Companies with operations in Africa should track the following legal developments in 2018. Legislative proposals in states including Australia, Netherlands, and Hong Kong may, if passed, impose additional modern slavery and child labor reporting and due diligence obligations on relevant companies with respect to their global operations and supply chains, including on the African continent. Also, coinciding with the increased promotion of “access to remedy“—the third pillar of the UN Guiding Principles on Business and Human Rights—recent judgments in the UK and Canadian courts have seen claims allowed to proceed against UK/ Canadian headquartered companies in respect of alleged human rights offences connected to their foreign subsidiaries in Zambia and Ethiopia. Judgments on the merits are pending. Companies should consider appropriate risk mitigation strategies and measures.

This post can also be found on CovAfrica, the firm’s blog on legal, regulatory, political and economic developments in Africa.

Continue Reading

Fight Against Sexual Misconduct Bringing Regulations, Protections for Lobbyists

 As sexual abuse, assault, harassment, and other misconduct have dominated national headlines, state capitols and lobbyists have not escaped scrutiny.  Amidst a spate of allegations and member resignations, some state legislatures and ethics commissions are taking action.  While a variety of measures are being considered, including tightening gift rules, it is apparent that lobbyists and their employers in some states will face new regulations, new protections, or both.  Lobbyists and their employers should watch closely for developments, which may impose training and policy requirements or offer opportunities to report and prevent misconduct.

Illinois, one of the first states to enact a comprehensive program, adopted elements of both regulation and protection.  SB 402 requires many agencies and state officials, including legislators, to adopt sexual harassment prohibition and reporting rules; requires training for state officials and employees; requires training for lobbyists; requires lobbyists and their employers to adopt sexual harassment prohibitions and reporting rules; and adopts a scheme of reporting, investigating, and penalizing sexual harassment by lobbyists and their employers.  Lobbyists and their employers must confirm in their registration that they have adopted the required policy, agree to make it available on request to any individual, agree that any person may contact the registrant’s agent to report harassment, and recognize the state’s authority to regulate in this space.  The state has adopted emergency regulations implementing the new law.Oregon is also among those states protecting both government employees and lobbyists.  The state is expanding its regular legislative anti-harassment training on a voluntary basis to both the executive branch and lobbyists.Some states remain more focused on protecting lobbyists from harassment and coercive situations.  After reports of legislators harassing and abusing lobbyists in Minnesota, state legislators are pushing for a formal reporting system to be used by lobbyists and others, with an independent investigative body.  California is also working on this aspect of the issue, where the legislature is considering parallel efforts to protect legislative staff and lobbyists from harassment by lawmakers.

Other states have focused more on regulation.  New Mexico has offered trainings for lobbyists, and will be asking lobbyists to disclose whether they have sexual harassment policies in place and if they have attended the training.  The Secretary of State plans to push to make the training mandatory.  While Utah rejected a proposal to require anti-harassment training for lobbyists late last year, there are plans to introduce a bill on the topic in this session.

The issue has also rekindled a proposal that North Carolina and Missouri have previously rejected — whether sex between legislators and lobbyists is a “gift” regulated by state ethics laws.  Florida is now the latest state to consider the question, anticipating that, along with a contemplated sexual harassment claims panel and other changes, defining sex as a prohibited lobbyist gift will disrupt an allegedly hostile culture in Tallahassee.

What Next for Trump and Africa?

In late December, the Trump Administration released the “National Security Strategy of the United States of America.” The nearly 70 page document lays out the foreign policy priorities of the current Administration in both thematic and regional approaches. At the time of its release, the press focused on the strategy’s emphasis on Russia and China, and the proposed policies towards these “revisionist powers.” But, there was minimal coverage on what this strategy had to say about Africa.
Nevertheless, President Trump’s recent derogatory remarks about Africans and Haitians, which he denies making, has sparked a controversy that has overshadowed the strategy as it pertains to Africa. The question is whether the Trump administration will be able to pursue aspects of the National Security Strategy (NSS) as it relates to Africa in hopes of reconstituting a “respectful engagement” that is elemental to advancing U.S. interests in the region. As the Administration contemplates its next steps in Africa, it is worth considering what the NSS suggests as it relates to the key issues of trade, corruption, and development finance and the timing of its implementation.Trade

On the trade front, there is a clear theme in the strategy of “promot[ing] reciprocal economic relationships” (emphasis added) throughout the strategy. While there is no mention of how this strategy will be applied to Africa specifically, the current non-reciprocal trade framework of the African Growth and Opportunity Act (AGOA) was not designed to be permanent. It is unclear what is next when AGOA expires in 2025, but establishing a reciprocal trade framework is a logical progression and in line with the strategy’s goals. The Administration could transition to reciprocal trade agreements with individual countries and/or regional bodies that take into account capacity and socioeconomic levels by putting the eligible tariffs lines on a sliding scale and increasing the number of lines in which there would be reciprocity over time. This new framework would enhance the ability of the U.S. to compete against the various European Partnership Agreements in place throughout the continent. The strategy outlines that “fair and reciprocal trade, investments, and exchanges of knowledge…are necessary to succeed in today’s competitive geopolitical environment.” If the U.S. pursues a two-way trade platform between the U.S. and  African markets, it will surely help American companies down the road.

Importantly, the NSS discusses “economic integration” in Africa, a priority that the continent’s leaders and regional bodies have been trying to address for some time. In comparison to other regions, Africa has the lowest level of intra-regional trade, at just 18% (Europe, 69%; Asia, 52%; North America, 50%). There are efforts underway, via the Continental Free Trade Agreement (CFTA) and the Tripartite Free Trade Area (TFTA), that could bolster intra-Africa trade. A cost-effective action the Trump Administration could take to support Africa’s economic integration would be providing trade facilitation assistance to the continent’s regional bodies as they attempt to address the intra-regional trade gap.

Corruption

Combatting corruption is mentioned both thematically and in the Africa section of the strategy. The Administration asserts that tackling corruption around the world will help American companies “compete fairly in transparent business climates.” Tackling corruption in Africa would be a boon for the continent’s economies as well. Estimates put the annual global cost of bribery at around $1.5 to $2 trillion – roughly 2% of global GDP.

Opaque business environments and outsized political and corruption risks have depressed African markets’ full economic potential. Facing stiff competition from emerging markets in Latin America and South East Asia, African governments must make sure their commercial climate remains attractive.

The Administration appears willing to put some muscle behind addressing graft and supporting governments looking to counter it. The strategy states that “using our economic and diplomatic tools, the United States will continue to target corrupt foreign officials and work with countries to improve their ability to fight corruption.” Trend lines indicate that some African governments and their electorates are not only recognizing the adverse impacts of corruption, but are willing to support policies and candidates that seek to tackle it head on – Angola and South Africa are recent examples of this trend. African governments looking to counter corruption should recognize the Trump Administration’s heightened interest in this issue and solicit readily available capacity building programs housed primarily in the State Department’s Office of Anti-Crime Programs and the International Unit of the Department of Justice’s Money Laundering and Asset Recovery Section.

Development Finance

The National Security Strategy states that “the United States will modernize its development finance tools so that U.S. companies have incentives to capitalize on opportunities in developing countries.” In Congress, the Senate and the House are currently both drafting legislation to revamp the legislative authorities for development finance. “Modernize” is the latest catchphrase for consolidation.

The development finance tools of the U.S. government are dispersed across numerous agencies, including the Overseas Private Investment Corporation (OPIC), USAID’s Development Credit Authority, USAID’s enterprise funds, USTDA assistance, and other smaller, regionally-focused agencies. Streamlining these agencies and dedicating more resources to one central body appears to be a policy proposal that is gaining momentum in Washington.

This proposal could ultimately help address Africa’s infrastructure deficit. From energy access and transportation, to ICT systems and water, Africa’s infrastructure woes are hindering the continent’s economic growth. Closing Africa’s infrastructure quantity and quality gap relative to the developing world and the best performers in the world could increase growth of GDP per capita by 1.7% and 2.6%, respectively. With limited new public expenditures for these capital intensive projects, African governments are relying on alternative forms of financing. A key form of financing for this effort going forward will be development finance.

The idea of establishing a single U.S. development finance institution would benefit American foreign policy and help Africa address its infrastructure deficit. Indeed, such a development would be consistent with the strategy which states: “the United States will not be left behind as other states use investment and project finance to extend their influence.” An appropriately resourced American development finance agency could be a source of much needed financing for African infrastructure projects. With Africa being a stated regional priority for the new leadership of OPIC, the continent could see increased financing activity in the near to medium term.

There are indications that Commerce Secretary Wilbur Ross and Secretary of State Rex Tillerson will visit Africa in the coming months. A robust commercial strategy will be important if there is to be strong U.S.-Africa relations given the recent controversy.

This post can also be found on CovAfrica, the firm’s blog on legal, regulatory, political and economic developments in Africa.

The Week Ahead in the European Parliament – January 19, 2018

Summary

Next week will be very busy in the European Parliament, as it is a committee week.

On Tuesday, the Constitutional Affairs Committee (“AFCO”) will vote on the composition of the European Parliament during the 2019 – 2024 legislative term.  Members of the European Parliament (“MEPs”) will also vote on whether transnational electoral lists should be set up in the EU.  See the draft report here.

On the same day, AFCO will discuss the state of play of the Brexit negotiations with Guy Verhofstadt, the European Parliament’s Brexit coordinator, and Danuta Hübner (EPP, PL), a member of the Parliament’s Steering Group.

Also on Tuesday, the Committee on Agriculture and Rural Development (“AGRI”) will vote on a draft resolution by Norbert Erdős (EPP, HU) on prospects and challenges for the apiculture sector in the EU.  The resolution aims to protect the health of bees, enhance efforts to combat the counterfeiting of honey, as well as support beekeepers and the consumption of honey in the European Union. See the draft resolution here.

On Thursday, the Committee on Civil Liberties, Justice and Home Affairs (“LIBE”) will vote on a draft report proposing a centralised system for EU Member States to exchange conviction information on third country nationals and stateless persons. This centralised system would supplement and support the European Criminal Records Information System. See the European Commission’s proposal here, and the LIBE Committee’s draft report here.

Continue Reading

The Week Ahead in the European Parliament – January 12, 2018

Summary

Next week, there will be a plenary sitting of the European Parliament in Strasbourg, France. Several significant debates, votes and committee meetings will take place.

On Monday, Members of the European Parliament (“MEPs”) will debate draft legislation concerning energy consumption. Under the proposed directives on energy efficiency and renewables, consumption of energy would need to drop 40% from 2005 levels by 2030, and renewable energy sources would need to increase from 27% to 35%. See the proposed directives here and here.

On Tuesday, the plenary session of the European Parliament will debate the conclusions reached by EU leaders at the European Council Summit on December 14-15, 2017. Among other issues, MEPs will discuss the Brexit negotiations, defense policy, migration and the reform of the Eurozone.

On Wednesday, Prime Minister of Bulgaria Boyko Borissov will introduce the incoming EU Council Presidency priorities to MEPs, which include the digital economy, security, stability, and the connectedness of the Western Balkans.

On the same day, MEPs will debate the Future of Europe together with special guest Leo Varadkar, the Taoiseach of the Republic of Ireland. This will be the first discussion in a series between MEPs and EU leaders on the future of the EU.

Also on Wednesday, the plenary session of the European Parliament will vote on a draft regulation concerning an extension of EU export controls on cyber surveillance tools, which could be used to hack computers, bypass passwords, or even violate human rights. See the proposed regulation here.

Meetings and Agenda

Monday, January 15, 2018

Plenary session

17:00 – 21:00

Debates

  • Promotion of the use of energy from renewable sources
    • Committee: ITRE
    • Rapporteur: José BLANCO LÓPEZ (S&D)
  • Energy efficiency
    • Committee: ITRE
    • Rapporteur: Miroslav POCHE (S&D)
  • Governance of the Energy Union
    • Committee: ENVI and ITRE
    • Rapporteurs: Claude TURMES (GREENS/EFA), Michèle RIVASI (GREENS/EFA)
  • Conservation of fishery resources and protection of marine ecosystems through technical measures
    • Committee: PECH
    • Rapporteur: Linnéa ENGSTRÖM (GREENS/EFA)
  • Implementation of EU macro-regional strategies
    • Committee: REGI
    • Rapporteur: Andrea COZZOLINO (S&D)
  • International ocean governance: an agenda for the future of our oceans in the context of the 2030 Sustainable Development Goals
    • Committee: ENVI
    • Rapporteur: José Inácio FARIA (EPP)
  • Women, gender equality and climate justice
    • Committee: FEMM
    • Rapporteur: Linnéa ENGSTRÖM (GREENS/EFA)

Committee on Legal Affairs

19:00 – 19:30

  • Promotion of the use of energy from renewable sources (recast) (COD) – vote on draft opinion in letter form
    • Rapporteur: Axel VOSS (EPP, DE)

Committee on Civil Liberties, Justice and Home Affairs

19:00 – 21:30

  • Interoperability package – discussion with Julian KING, Commissioner for the Security Union (19.00-20.30)

Joint debate
20:30 – 21:30

  • Situation of non-reciprocity with certain third countries in the area of visa policy and assessment of the effectiveness of the reciprocity mechanism provided for in Article 1(4) of Council Regulation (EC) No. 539/2001 and Visa Suspension Mechanism – First Report – discussion with Matthias OEL, Director, DG HOME, European Commission

Tuesday, January 16, 2018

Plenary session

09:00 – 11:50

Debates

  • Review of the Estonian Presidency
  • Conclusions of the European Council meeting of 14 and 15 December 2017

12:00 – 14:00: Votes + explanations of votes

15:00 – 21:00
Debates

  • EU support to the Colombian peace process
  • Situation in Zimbabwe
  • Control of exports, transfer, brokering, technical assistance and transit of dual-use items
    • Committee: INTA
    • Rapporteur: Klaus BUCHNER (GREENS/EFA)
  • Trade and sustainable development chapters in EU trade agreements  

Wednesday, January 17, 2018

Plenary session

09:00 – 11:50
Key debates

  • Presentation of the programme of activities of the Bulgarian Presidency
  • Debate with Prime Minister of Ireland Leo Varadkar on the Future of Europe

12:00 – 14:00

Votes + explanation

  • Nomination of a Member of the Court of Auditors – Eva Lindström
    • Committee: CONT
    • Rapporteur: Indrek TARAND (GREENS/EFA)
  • Nomination of a Member of the Court of Auditors – Tony James Murphy
    • Committee: CONT
    • Rapporteur: Indrek TARAND (GREENS/EFA)

Debates
15:00 – 21:00

  • Composition of the European Parliament
    • Committee: AFCO
    • Rapporteurs: Danuta Maria HÜBNER (EPP), Pedro SILVA PEREIRA (S&D)
  • Jurisdiction, recognition and enforcement of decisions in matrimonial matters and matters of parental responsibility, and international child abduction
    • Committee: JURI
    • Rapporteur: Tadeusz ZWIEFKA (EPP)
  • Marrakesh Treaty: facilitating the access to published works for persons who are blind, visually impaired, or otherwise print disabled
    • Committee: JURI
    • Rapporteur: Max ANDERSSON (GREENS/EFA)
  • Fight against trafficking of women and girls for sexual and labour exploitation in the EU

Thursday, January 18, 2018 

Plenary session

09:00 – 11:50

Debates

  • Implementation of the Youth Employment Initiative in the Member States
    • Committee: EMPL
    • Rapporteur: Romana TOMC (EPP)
  • Implementation of the Professional Qualifications Directive and the need for reform in professional services
    • Committee: IMCO
    • Rapporteur: Nicola DANTI (S&D)

Votes + explanation

12:00 – 14:00

Major interpellations

15:00 – 16:00

The Foreign Agents Registration Act (“FARA”): A Guide for the Perplexed

 Eighty years ago, Congress enacted the Foreign Agents Registration Act (“FARA”), requiring “foreign agents” to register with the Attorney General. As amended over the years, it applies broadly to anyone who acts on behalf of a “foreign principal” to, among other things, influence U.S. policy or public opinion. Until recently, it was a backwater of American law—and a very still backwater at that, with just seven prosecutions over the last half century.  That is changing now. Like the once obscure Foreign Corrupt Practices Act, which prosecutors revived from hibernation a decade ago, FARA may be ready for its close-up.  
In this guide, we identify the key points and provide a detailed primer on FARA registration, highlighting the ways in which it is now relevant to a broad cast of characters, including multinational corporations.

The Foreign Agents Registration Act (“FARA”): A Guide for the Perplexed

CBP Revises Rules for Border Searches of Electronic Devices

 Last week, U.S. Customs and Border Protection (“CBP”) released a revised Directive governing searches of electronic devices at the border.  These are the first official revisions CBP has made to its guidelines and procedures for devices since its 2009 Directive.  The new Directive is intended to reflect the evolution of technology over the intervening decade, and CBP’s corresponding need to update its investigative techniques.
Notably (and as in previous CBP Directives), the new Directive does not require officials to obtain a warrant before conducting searches of travelers’ devices—even if the traveler being searched is an American—based on CBP’s position that searches and seizures at the border are exempt from the Fourth Amendment’s “probable cause” requirement.  CBP nevertheless acknowledges that its searches must still meet the Fourth Amendment’s “reasonableness” requirement, which the self-imposed restrictions contained in the Directive are meant to achieve.Key Changes

  • “Reasonable Suspicion” for Forensic Searches: The new policy distinguishes between “basic” searches and “advanced” searches. “Basic” searches involve simply reviewing the device and the information contained on it, much as an ordinary user does when he or she scrolls through information on their phone or tablet.  As in the 2009 Directive, border officials are permitted to conduct such searches without any particularized suspicion.
  • “Advanced” searches, on the other hand, involve connecting external equipment to the device in order to not only gain access to it, but also to review, copy, and analyze its contents.  Under the new Directive, these more “forensic” searches now require supervisory approval and either a national security concern or reasonable suspicion of activity in violation of laws enforced or administered by CBP.
  • Protection of Information Stored in the Cloud: The new Directive continues the policy initiated by CBP in April 2017 that prohibited officials from intentionally accessing information stored remotely. In addition, the Directive specifies that in order to avoid accessing such cloud data, officials must request that the traveler disable connectivity to any network (for example, by placing the device in airplane mode). When warranted by national security, officials can disable the device’s network connectivity themselves.
  • Additional Procedures for Privileged Information: Although the 2009 Directive contained some limitations on reviewing information protected under the attorney-client privilege, the new Directive contains additional procedures that officials must follow if they encounter such data. Officials must now ask the traveler to clarify (ideally in writing) which specific files, file types, folders, or categories of information on their device may be privileged.  Such privileged information must then be segregated by a designated “Filter Team” comprised of legal and operational representatives in order to ensure the information is handled appropriately.
  • Bypassing of Passcodes and Encryption Mechanisms: The new Directive explicitly requires travelers to “present electronic devices and the information contained therein in a condition that allows inspection of the device and its contents.” In that vein, officials may request a traveler’s assistance in unlocking their device and its applications, and may detain the device for a certain period of time if they are unable to complete their inspection because the device is passcode or encryption-protected.  Moreover, the Directive specifically states that it does not limit CBP’s ability to use external equipment or “take other reasonable measures” to make the device and its contents legible, which may mean that officials are permitted to manually bypass passcode or encryption mechanisms themselves.
  • Obtaining Technical Assistance from Non-Government Entities: Like the 2009 Directive, the new Directive permits officials, with supervisory approval, to seek technical assistance for rendering a device or the information contained on it in a condition that allows for inspection. No individualized suspicion is required. However, whereas the 2009 Directive limited the provision of such technical assistance to other “federal agencies,” the new Directive removes this limitation.  As a result, entities (such as the device’s manufacturer or an application developer) may be asked to help CBP unlock a device or its contents.

What’s Next

CBP’s searches of electronic devices have increased by nearly 60 percent since FY 2016, and they likely will continue to increase in the years to come as the use of electronic devices (and the amount of data stored on them) proliferates.

Although many have welcomed CBP’s additional, self-imposed restrictions contained in the new Directive, others believe the Directive does not go far enough.  As a result, members of Congress may continue to propose legislation that would place additional limitations on CBP’s ability to search electronic devices (particularly when the device belongs to a U.S. person), such as the Protecting Data at the Border Act introduced last year by Senator Ron Wyden (D-OR) and co-sponsored by Senator Rand Paul (R-KY).

With or without legislative action, the Directive requires that its guidelines and procedures be reviewed at least every three years.  As a result, the debate over what rules of the road should govern electronic device searches will occur much more frequently than it has in the past.

UK Government Consults on EU Cybersecurity Plans

 As we summarized last fall, the EU Commission published a new Cybersecurity Communication in September that, among other things, sets out proposals for an EU cybersecurity certification framework as part of ‎an EU “Cybersecurity Act” (see our post here and a more detailed summary here).  Just before the holidays, on December 20, 2017, the UK Government published a consultation on these proposals, which the UK Government will use‎ to help develop its position.  Key elements of the proposals that the UK Government is consulting on include:

  • Harmonizing the existing cybersecurity certification landscape to reduce costs and administrative burdens for companies by establishing a common “European Cybersecurity Certification Framework for ICT products and services.”
  • Further specifying and publishing best practices relating to incident reporting and security obligations for some digital service providers under the NIS Directive (see our reports here and ‎here).
  • Changes to the tasks and functions of ENISA, including providing ENISA with a strengthened and permanent mandate.

The UK Government also welcomes views from stakeholders on the impact of the proposals with respect to the UK’s exit from the EU.  The consultation closes on February 13, 2018.  Before then, and by January 20, 2018, the UK Government has been asked by the UK Parliament to clarify issues relating to the proposals, including on issues relating to the “Cybersecurity Act” and cybersecurity certification.

LexBlog