One Asia Lawyers Compliance News Letter (August 2021)
We published One Asia Lawyers Compliance News Letter (August 2021). To view the PDF version, please click the following link.
→One Asia Lawyers Compliance News Letter (August 2021)
One Asia Lawyers Compliance News Letter
China’s New Data Security Law
Background
On June 10, 2021, the Standing Committee of China’s National People’s Congress passed the Data Security Law (“DSL”), which will take effect on September 1, 2021. The DSL aims to control the development of the digital economy in China and to strengthen China’s national data security agenda. Together with the Cybersecurity Law of the PRC and the Personal Information Protection Law (Second Draft) of the PRC, the DSL provides for a more comprehensive data protection regime.
Scope of Application and Jurisdiction
The DSL has both domestic and extraterritorial effect. It applies to data processing activities and their security regulations within the territory of China, as well as data processing activities carried out outside of China which harm the national security, public interests, or lawful interests of any Chinese citizen or organisation.[1]
The definition of “data” which is governed by the DSL is rather broad, as it means any record of information in electronic or other form (including hardcopies). The definition of “data processing activities” includes data collection, storage, usage, processing, transmission, provision, and disclosure of data.[2]
Data Classification and Multi-level Protection Scheme
The DSL introduces a data classification system, whereby data will be categorised into groups of varying importance and levels of protection. This hierarchical classification system will be based on the level of importance to the state’s economic and social development, national security, public interest and lawful interests of individuals and organizations. The DSL stipulates that the national data security coordination mechanism will coordinate with relevant authorities to formulate regional and industry-specific “important data” catalogues, and to strengthen protection of “important data”.[3] While the concept of “important data” was first introduced by the Cybersecurity Law, the DSL also now introduces a new category of “core state data”,[4] which is subject to stricter regulation and protection.
Local Storage and Cross-border Data Transfer
The DSL distinguishes between operators of “critical information infrastructure” [5] (CII) and other non-CII operators to impose obligations related to local storage and cross-border data transfers.[6] As regards CII operators, the DSL affirms that they must follow the requirements stipulated by the Cybersecurity Law. Namely, they must locally store personal information or “important data”[7] that has been collected or produced during operation in China, as well as undergo security assessments conducted by government authorities, where transfer of such data is deemed necessary due to business requirements.[8]
For other data processing entities that are non-CII operators, the DSL stipulates that the cross-border transfer of “important data” collected or produced during operation in China must follow the rules which will be formulated by the Cyberspace Administration of China and relevant government authorities.
Export Control and Reciprocal Measures
The DSL reinforces the Export Control Law of the PRC by imposing export controls on types of data that fall within the scope of “controlled items”,[9] which relate to the protection of national security and interests, as well as the fulfilment of international obligations.[10]
The DSL also introduces a system of reciprocal countermeasures, which will reinforce China’s data sovereignty. The legislation stipulates that China may adopt reciprocal countermeasures toward any country or region that adopts discriminatory prohibitions, limitations or other similar measures against China with respect to matters such as investment or trade related to data, data development and use technology.[11]
European Commission: Drafts of Revised VBER and Vertical Guidelines Published
On 9 July 2021, the European Commission published drafts[12] of the revised Vertical Block Exemption Regulation[13] (“VBER”) and Guidelines on Vertical Restraints[14] (“Vertical Guidelines”) for public consultation.
The VBER concerns vertical agreements, which are agreements between companies that operate at different levels of the supply chain (e.g. manufacturers and distributors). It provides a safe harbour by exempting vertical agreements that meet certain conditions[15] from the prohibition on anti-competitive agreements under Article 101(1) TFEU.
The current VBER has been in force since 2010, and the proposed revisions reflect the growth of e-commerce and online platforms. Through this public consultation, the Commission seeks to gather stakeholder feedback on the proposed changes, inviting all interest parties[16] to submit their comments on the draft rules by 17 September 2021.[17]
Proposed Changes:
1.Dual Distribution
Dual distribution covers situations in which a supplier not only sells its goods or services through independent distributors, but also directly to end customers in direct competition with its independent distributors. Although previously such scenarios of dual distribution were rather limited, they have now become prevalent due to the growth of online sales, which has facilitated direct sales by suppliers, either through their own web-shops or via online marketplaces.
Currently, the VBER exempts these types of dual distribution agreements. However, the draft proposes to readjust the safe harbour, so that the exemption only applies where the parties’ combined market share in the retail market does not exceed 10%.[18] For an aggregated market share at retail level above 10% but not exceeding 30%, the draft proposes that all aspects of the vertical agreement remain exempted, except for information exchanges between the parties to the vertical agreement.[19] Whilst these changes would limit the current safe harbour, the draft also proposes to expand the scope of the dual distribution exception to include wholesalers and importers.[20]
2.Parity Obligations
Parity obligations (also referred to as most-favoured nation clauses) are obligations that require an undertaking to offer the same or better conditions to its contract party as those offered on (a) any other sales/marketing channel (e.g. other platforms) – known as “wide parity obligations”; or (b) on the company’s direct sales channel (e.g. own website(s)) – known as “narrow parity obligations”.[21]
Under the current VBER, both types of parity obligations benefit from exemption. However, the draft revised VBER removes this exemption benefit for across-platform retail parity obligations (the wide parity obligations) imposed by providers of online intermediation services.[22] By consequence, they must be assessed individually under Article 101(3) TFEU in order to benefit from exemption. As for retail and wholesale parity obligations related to direct sales channels (narrow parity obligations), these remain exempted under the draft VBER, provided that the general conditions[23] of VBER are fulfilled.
3.Active Sales Restrictions
Active sales restrictions concern limitations of the buyer’s ability to actively approach individual
customers. Under the current VBER, there are only limited exceptions by which active sales restrictions are allowed. Upon review it has been concluded that these rules related to active sales are unclear, and limit suppliers in designing their distribution systems according to their business needs.
To provide clarity, the draft revised VBER includes definitions for active sales, passive sales, as well as restriction of active or passive sales.[24] The draft also provides more flexibility by introducing the possibility of shared exclusivity, which allows a supplier to appoint more than one exclusive distributor in a particular territory or for a particular customer group.[25] In addition to this, in its aim to enhance the protection of the investment incentives of exclusive distributors, the draft introduces a right for suppliers in exclusive distribution systems[26] to oblige their buyers to pass on active sales restriction to their customers.[27] Lastly, the draft grants selective distribution systems[28] enhanced protection from sales by unauthorised distributors located within the selective distribution territory.[29]
4.Indirect Measures Restricting Online Sales
As online sales have developed into a well-functioning sales channel and therefore no longer needs special protection, the Commission proposes to relax certain rules around online sales. These relate to dual pricing (i.e. charging the same distributor a higher wholesale price for products intended to be sold online than for products to be sold offline) and to the equivalence principle (i.e. imposing criteria for online sales that are not overall equivalent to the criteria imposed on physical shops).
Firstly, the draft proposes that dual pricing no longer be qualified as a hardcore restriction.[30] This would allow suppliers to set different wholesale prices for online and offline sales by the same distributor, in so far as this is intended to incentivise or reward an appropriate level of investments and relates to the costs incurred for each channel.[31] Secondly, in the context of selective distribution systems, the criteria imposed by suppliers in relation to online sales no longer have to be overall equivalent to the criteria they impose on physical stores, due to the fact that online and offline channels are inherently different in nature.[32]
Aside from these proposed changes explained above, the drafts provide further guidance related to online platforms, including online advertising and price comparison websites. They also aim to ensure a more harmonised application of the vertical rules across the EU, and to reduce compliance costs for SMEs by simplifying and clarifying provisions. The current VBER will expire on 31 May 2022, and the new rules are planned to come into force on 1 June 2022.
[1] Article 2 of the Data Security Law
[2] Article 3 of the Data Security Law
[3] Article 21 stipulates the Data Classification and Multi-level Protection Scheme
[4] Article 21 of the Data Security Law defines “core state data” rather broadly, as data related to national security, lifeline of the national economy, important people’s livelihood and vital public interests
[5] Under Article 37 of the Cybersecurity Law, critical information infrastructures refer to infrastructure in important industries and sectors (such as public communications, information service, energy, transport, water conservancy, finance, public service, and e-government) and other critical information infrastructure that, once damaged, disabled, or subject to data disclosure, may severely threaten the national security, national economy, people’s livelihood, and public interests.
[6] Article 31 of the Data Security Law
[7] Important data catalogues are yet to be developed.
[8] Article 37 of the Cybersecurity Law
[9] Article 2 of the Export Control Law of the PRC provides the definition for “Controlled Items”, which includes technical information and other data related to those items.
[10] Article 25 of the Data Security Law contains the export control provision
[11] Article 26 of the Data Security Law
[12] Both drafts of the revised VBER and revised Vertical Guidelines, as well as the Background note accompanying the public consultation are available for download via the European Commission website:
[13] Commission Regulation (EU) No 330/2010 of 20 April 2010. This is available at: https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX%3A32010R0330
[14] The Vertical Guidelines provide guidance on how to interpret and apply the VBER and how to assess vertical agreements. This is available at: https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX:52010SC0411
[15] Currently, the required conditions for vertical agreements to benefit from the exemption are (i) the market share of each party must be below 30%, and (ii) the agreement must not contain any hardcore restrictions (e.g. price fixing)
[16] All citizens, organisations and public authorities are welcome to contribute to this consultation. You may submit a contribution via the following website: https://ec.europa.eu/competition-policy/public-consultations/2021-vber_en
[17] This date has been published by the European Commission Press Release: https://ec.europa.eu/commission/presscorner/detail/en/ip_21_3561
[18] Article 2(4) of the revised draft VBER
[19] Article 2(5) of the revised draft VBER
[20] Article 2(7) of the revised draft VBER
[21] As referred to in the Staff Working Document on Vertical Block Exemption Regulation (VBER) (SWD 2020 173 final), which was published by the European Commission. This is available for download at on the European Commission website: https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/1936-EU-competition-rules-on-vertical-agreements-evaluation_en
[22] Article 5(1)(d) of the revised draft VBER
[23] In particular, the 30% market share threshold in Article 3 of VBER
[24] Article 1(1) of the draft revised VBER provides these definitions
[25] Article 4(b) of the draft revised VBER
[26] Article 1(1)(g) of the draft revised VBER newly introduces the definition of a “exclusive distribution system” as “a distribution system where the supplier allocates a territory or customer group exclusively to itself or to one or a limited number of buyers, determined in proportion to the allocated territory or customer group in such a way as to secure a certain volume of business that preserves their investment efforts, and restricts other buyers from actively selling into the exclusive territory or to the exclusive customer group”.
[27] Article 4(b) of the draft revised VBER. Such a pass-on is possible where the customer of the buyer has entered into a distribution agreement with the supplier or with a party that was given distribution rights by the supplier.
[28] The definition of a “selective distribution system” is “a distribution system where the supplier undertakes to sell the contract goods or services, either directly or indirectly, only to distributors selected on the basis of specified criteria and where these distributors undertake not to sell such goods or services to unauthorised distributors within the territory reserved by the supplier to operate that system”. This definition remains unchanged and is provided by Article 1(1)(f) of the draft revised VBER.
[29] Article 4(c) of the draft revised VBER
[30] “Hardcore restrictions” (e.g. price fixing) remove the benefit of the block exemption, and are stipulated by Article 4 of both current and draft versions of VBER
[31] As proposed by the draft revised Vertical Guidelines, paragraph 195
[32] As proposed by the draft revised Vertical Guidelines, paragraph 221
