telecommunications

On 19 March 2026, Advocate-General Capeta issued an opinion in the case of Elisa Eesti AS v Estonian Government Security Committee (C-354/24). This case concerned, among other things, whether a 2022 order from the Estonian Government for Elisa Eesti AS—a 5G network operator—to remove Huawei components from its network for national security reasons was subject to EU law, constituted a lawful restriction on the right to offer an electronic communications network, and amounted to a “deprivation of property” requiring compensation. AG Capeta concluded that the relevant Estonian regime was within scope of EU law—specifically the European Electronic Communications Code (“EECC”)—even though that regime allowed for the imposition of orders on electronic communications network (“ECN”) providers for national security reasons. She also concluded that the requirement to obtain prior authorization from the Estonian government for use of network equipment constituted a restriction on the freedom to provide an ECN, but that this could be justified on national security grounds if the decision was based on a genuine risk assessment that meets the requirements for proportionality under EU law. She stated that this determination should be left to the referring court. Finally, she concluded that the Estonian Government’s order did not amount to a “deprivation” of property for which compensation would be required, as it was instead a mere “restriction” on the use of property. Below, we describe these non-binding conclusions in more detail. The Court’s final ruling in this case will have significant implications for the European Commission’s proposed revisions to the EU Cybersecurity Act, which as drafted would—among other things—allow the Commission to require ECN providers to remove and cease using components from designated high-risk jurisdictions in their networks. See our prior blog post on the proposal for a revised Cybersecurity Act here. Continue Reading CJEU Advocate-General indicates that communications network operators can lawfully be required to remove Chinese components, and that compensation is not required

In late December 2023, the Federal Communications Commission (“FCC”) published a Report and Order (“Order”) expanding the scope of the data breach notification rules (“Rules”) applicable to telecommunications carriers and interconnected VoIP (“iVoIP”) providers.  The Order makes several notable changes to the prior rules, including broadening the definitions of a reportable “breach” and “covered data,” requiring covered entities to notify the FCC in addition to federal law enforcement of breaches, and modifying certain customer notification requirements.  The Rules are expected to become effective sometime in 2024, after they are reviewed by the Office of Management and Budget and the FCC’s Wireline Competition Bureau (“Bureau”) announces the effective dates by subsequent public notice.Continue Reading The FCC Expands Scope of Data Breach Notification Rules

This quarterly update summarizes key legislative and regulatory developments in the fourth quarter of 2022 related to Artificial Intelligence (“AI”), the Internet of Things (“IoT”), connected and autonomous vehicles (“CAVs”), and data privacy and cybersecurity.Continue Reading U.S. AI, IoT, CAV, and Privacy Legislative Update – Fourth Quarter 2022

Last week, the Ninth Circuit ruled in Lemmon v. Snap, Inc., No. 20-55295 (May 4 2021), that 47 U.S.C. § 230 (“Section 230”) did not bar a claim of negligent product design against Snap, Inc., reversing and remanding a lower court ruling.
Continue Reading Ninth Circuit Denies Section 230 Defense in Products Liability Case

On February 10, 2020, Germany’s Federal Commissioner for Data Protection and Freedom of Information (BfDI) launched its first public consultation procedure.  The consultation invites comments on a position paper of the BfDI which addresses the anonymization of personal data under the General Data Protection Regulation (GDPR), with a particular
Continue Reading German Federal Commissioner for Data Protection and Freedom of Information Launches Public Consultation on Anonymization

On November 3, Judge Vince Chhabria of the U.S. District Court of the Northern District of California held that federal law does not bar the California Public Utilities Commission (CPUC) from requiring telecommunications companies to hand over, under an adequate protective order, confidential subscriber data to The Utility Reform Network (TURN) as part of an investigation into state market competitiveness.

However, Judge Chhabria also rejected a motion for summary judgment filed by CPUC and TURN because it has not yet been demonstrated that the proposed protective order would, in fact, adequately protect the companies from competitive harm.  Because such protection is a necessary predicate to avoiding a conflict with FCC regulations, Judge Chhabria reasoned, the adequacy of the protective order must be determined before CPUC can force companies to turn over such sensitive data.
Continue Reading California Judge Upholds CPUC Order to Share Confidential Subscriber Data, But Subject to Adequate Protective Order

Last week, the FCC issued two TCPA rulings that shed further light on whether and under what circumstances an individual can provide “prior express consent”—or convey such consent—for another in the context of automated or prerecorded informational calls or text messages to mobile phones.  One of these rulings came in response to a Petition for Declaratory Ruling filed by the Cargo Airline Association (CAA), and the other came in response to a Petition for Declaratory Ruling filed by GroupMe, Inc./Skype Communications S.A.R.L. (GroupMe).  Coincidentally, the Eleventh Circuit issued its own opinion last week in Osorio v. State Farm Bank that touched on a similar issue.  A summary of each can be found after the jump.Continue Reading FCC and 11th Circuit Address “Prior Express Consent” by a Third Party Under the TCPA

Yesterday, the Federal Communications Commission’s (FCC’s) Enforcement Bureau issued a reminder that annual CPNI certifications for calendar year 2013 must be filed with the FCC by March 1, 2014.

The FCC requires telecommunications service providers (including paging providers, commercial mobile radio services providers, and calling card providers) and interconnected VoIP

Continue Reading Annual FCC CPNI Certification Due by March 1

By Maria-Martina Yalamova & Mark Young

On 12 December 2013, the Advocate General (“AG”) to the Court of Justice of the European Union (the “CJEU”), Mr Cruz Villalón, gave an opinion that the EU’s Data Retention Directive 2006/24/EC (the “Directive”) violates the fundamental right to privacy in the EU.  His reason, in short, is that the Directive mandates the blanket retention of citizens’ traffic and location data by telecom companies, but fails to establish rules on minimum guarantees regarding access to and use of such data.  

This is not the first time the lawfulness of the Directive has been challenged.  Originally introduced to help fight serious crime and terrorism, the Directive quickly became one of the most controversial pieces of European legislation.  In 2011, the European Commission identified in its evaluation report several flaws, such as a lack of clear guidance on what constitutes “serious crime” and on the purposes for which data can be retained and accessed.  The European Data Protection Supervisor (EDPS) (see 2011 opinion here), the Article 29 Working Party (see 2010 report here and 2006 Opinion here), and civil rights groups have also publically expressed doubts about the lawfulness of the data retention measures.  In addition, the constitutional courts of Germany, the Czech Republic and Romania have ruled that national laws implementing the Directive are unconstitutional as they violate the right to privacy. 

Continue Reading Advocate General finds the EU’s Data Retention Directive Incompatible with the Fundamental Right to Privacy

In light of growing concerns over cybersecurity and evolving technology and operational practices, Ofcom (the independent regulator and competition authority for the UK communications industries) is seeking views on whether its existing guidance on network security should be revised.  Interested parties have until 21 February 2014 to respond.   Depending on

Continue Reading Updating Ofcom’s Guidance on Network Security – New Consultation