to the point: technology & digitalisation l April 2022

Spring is here and though we are living in difficult times, the tech industry hasn't missed a beat and once again surprised us on 1 April with exciting and ground-breaking announcements. For instance, Razer announced a full body suit that allows you to immerse yourself in the metaverse by completely syncing with your consciousness and senses.

The social media platform Reddit, on the other hand, repeated a creative social experiment from 2017.

For four days, every registered user of the platform could place a coloured pixel every five minutes on a 1000x1000 pixel (eventually expanded to 2000x2000 pixel) online canvas in the r/place subforum. Users were also able to place pixels over those placed by other users. What sounds chaotic at first turned out to be a social experiment that illustrated today's internet culture at its best. Through collaboration and coordination of various internet communities, everyone wanted to leave their mark on the limited canvas, and thus a collaborative, constantly changing work of art was created. To give you a better idea, r/place is archived here.

The canvas featured content from national murals (the German community managed to draw their flag horizontally across the entire canvas and to defend it to the end) over internet memes (for example, a functioning QR code which resolved to the music video of Never gonna give you up by Rick Astley) to highly complex artworks (such as Rembrandt's "The Nightwatch" or the poster art for STAR WARS A New Hope). On 4 April the project ended, and Reddit finally deactivated the function to place coloured pixels and only allowed white tiles to be placed, which ultimately led to the destruction of the artwork by the users themselves. An atlas explaining each element can be found here.

In conclusion, r/place did not just shed light on a lot of the psychological aspects of modern internet culture, but also raised exciting legal questions. Especially since it did not take long for the first unofficial NFTs to appear. In terms of copyright, the first question to ask is who the author of this collaborative artwork is. Although the answer will probably vary from country to country (depending on the location of the contributor), the placement of a single pixel will generally not be sufficient to establish authorship. Rather, those initiators and coordinators in the communities who were responsible for the realisation of these pixel artworks, and whom the other community members joined, will probably be regarded as authors. And since those do not have to be registered users, even Reddit itself might not have a licence to use the entire artwork. What appears certain, in any case, is that there will be a multitude of co-authors. In addition, since copyrighted material and trademarks also found their place on the canvas, this raises another series of questions, e.g. can the placement of one pixel by a user – that helped complete the copy of the protected work – constitute copyright infringement or does this fall under fair use?

Putting these questions aside, April Fools' Day is certainly a source of creativity especially in the tech industry, as it brings the internet community closer together and fuels our creative legal thinking to find new solutions. Accordingly, please enjoy our latest update on innovative and creative developments across all areas of technology and digitalisation. 

Recently, the payment service Ronin of Axie Infinity, one of the most popular NFT-based games with about 2.5m active players, fell victim to a cyberattack. Cryptocurrencies worth around EUR 540m were stolen in the process. While the developers have announced that they are working with law enforcement and forensic cryptographers to ensure that all funds are recovered or reimbursed, most of the captured currency remains in the hackers' wallet. From there, the hackers are now trying to launder the funds by transferring small amount through a cryptocurrency mixing service. These services allow the trail back to the fund's original source to be obscured by breaking the on-chain link between source and destination addresses by mixing the tainted funds in a pool with others. However, it remains to be seen whether the hackers will ultimately succeed. Because such large sums attract a lot of attention and providers of blockchain security services specialise in tracking down such stolen assets and their target destinations, it has become increasingly difficult to launder these crypto assets. Perhaps the hackers will finally give up and be persuaded to transfer the funds back, as the hackers in the Poly Coin Hack did recently.

The most important state funding agencies in Austria for start-ups are FFG and aws. Both offer mainly non-repayable grants, guarantees or low-interest bearing loans. However, aws also offers equity to start-ups through its venture capital vehicle aws Gründerfonds and its participation vehicle aws Mittelstandsfonds.
 
According to recent announcements, aws provided EUR 382m in support to start-ups in 2021 (EUR 350m in 2020) and this year its funding for start-ups is expected to increase yet again. In light of constantly evolving cyberattacks, aws recently launched the new KMU.Cybersecurity program, which aims to support digitisation projects in the field of cybersecurity. A non-repayable subsidy will cover the implementation costs of projects in the areas of IT and cybersecurity (investments in hardware and software as well as services from external providers will be supported). The maximum amount of such subsidy is EUR 20,000 per company.
 
FFG also recently announced its funding figures for 2021. It provided funding totalling EUR 78.5m to more than 1,100 start-ups. According to FFG, most of the funding was granted to start-ups from the digital technologies sector, but also to start-ups from the life sciences, energy, mobility or manufacturing sectors. For 2022 and 2023, FFG intends to significantly expand its funding activities to further boost start-up activities in Austria. This is reflected in the increase of FFG's total budget from just under EUR 700m in 2021 to over EUR 1.6bln in 2022.

The Austrian mobile phone signature (Handy-Signatur) is a qualified electronic signature within the meaning of the eIDAS regulation of the European Union. Presently, the mobile phone signature enables users to log into services such as social security accounts or FinanzOnline and, above all, to sign documents electronically. A qualified electronic signature can be used to sign legal documents and contracts, as it is equivalent to a handwritten signature. This feature is also increasingly being used in the context of notarial certifications, for example, in the case of certifications of powers of attorney via video conference. Especially for people who live abroad or travel frequently, this allows for greater efficiency and flexibility, as digital notarisation takes only a few minutes and the final document is available shortly thereafter.
 
Soon, the mobile phone signature will be replaced by the so-called ID Austria. Upon release of the full version, registered users will be able to store official documents such as passports or driving licences on their smartphones and use ID Austria as a digital ID vis-à-vis governmental entities, as well as private companies. Currently, ID Austria is still in the pilot phase, which will last until mid-2022, according to the Ministry of Digital and Economic Affairs. Existing mobile phone signatures can already be upgraded to ID Austria, albeit with limited functionality. The use of ID Austria throughout the EU is planned for 2023.

After the failure of the Diem cryptocurrency, Meta (formerly Facebook) is focusing on the development of the Metaverse and, in particular, how payments and financial services will look in this digital world.
Meta is reportedly working on new plans to introduce virtual coins, tokens and lending services in its apps. The new coin is being called "Zuck Bucks" by employees. According to initial information, this will not be based on a blockchain, but will be centrally managed by Meta and will function like an in-app token.
Apparently, the company is exploring the idea of creating "social tokens" or "reputation tokens", which could be issued as rewards for meaningful contributions, e.g. in Facebook groups. There is also talk of adding "creator coins" that could be issued to influencers on Instagram.
There are also reportedly plans to integrate the posting and sharing of NFTs on Instagram and Facebook. For example, selected group memberships could only be open to special NFT owners. Even the integration of NFT minting functions in the social networks is rumoured to be under consideration.
Additionally, there will possibly be facilitation of payments within WhatsApp and Messenger via the peer-to-peer payment system Facebook Pay and a wallet.
 
In any case, it is clear Meta is investing and researching how to quickly integrate the token and NFT business into its social platforms and the Metaverse.

Austrian rapper RAF Camora has said that he wants his fans to participate in his success.
To do so, a total of 5,555 "Future" gold record NFTs are to be launched alongside the release of his new track.
 
The NFTs will be issued as ERC-721 tokens on the Polygon blockchain and will be designed in gold record style. Each NFT will have different rarity levels and will also offer a download option to the new song "Mein Planet" as well as an additional physical gold record with numeration. The minting price is EUR 155 per token, so in total RAF Camora can potentially expect about EUR 860,000 in revenue at launch.
 
We are curious if other Austrian artists will jump on the NFT hype. In any case, it is a new opportunity to make money.

In the recent past, several innovations originating from the crypto world have found their way into the mainstream, as more and more "traditional" companies explore the possibilities and business opportunities enabled by blockchain technology. 

In April 2022, the digital asset platform Nexo announced that it will join forces with global payments giant Mastercard and e-money institution DiPocket to launch a new type of payment card.

The so-called "Nexo Card" is linked to a crypto-backed credit line provided by Nexo and allows its users to spend up to 90 % of the fiat value of their crypto holdings – without actually having to sell their assets. Instead, users employ their crypto assets as collateral to get access to dynamic credit lines. Therefore – contrary to "conventional" crypto debit cards – no crypto assets are converted into fiat currencies when spending money through the Nexo Card, which can be beneficial form a tax point of view.

According to Nexo, users will not face any kind of charges, fees or interest as long as they maintain a loan-to-value ratio below 20 % for credits up to EUR 20,000 per month. The card is said to be accepted everywhere where Mastercard is accepted, without any further action on the part of the merchant. While Mastercard provides its infrastructure and payment network, DiPocket will serve as the issuer of the card.

After a partial launch of the Nexo Card in selected European countries earlier this year – which generated "exceptional interest" according to the company – Nexo plans to add new features and offer the product internationally.

The Regional Administrative Court in Warsaw confirmed the position of the Polish Data Protection Authority (DPA) that the liability for the controller's obligations cannot be transferred to its employees and upheld the DPA's position that an employee cannot replace the controller in performing its duties. Moreover, the employee may not have adequate knowledge regarding the application of appropriate organisational or technical measures, or may implement safeguards that are inadequate and inappropriate to the scope of personal data processed. According to the controller's internal regulations, the obligation to secure the media where personal data are stored rests with their users (i.e. employees). In the DPA's opinion, such an approach is not correct. The investigation also showed that the controller violated, among other things, the principle of confidentiality and integrity of personal data by issuing an unsecured portable storage medium to probation officers for their official use and obliging them to implement the security features of the medium themselves. The DPA noted that conducting employee trainings on data security is essential but is not enough to be considered as "appropriate organisational and technical measure" serving to protect data. It is the controller's duty to provide for such relevant technical safeguards.

A US-Israeli insurance company is offering cloud failure insurance to crypto companies for the first time. The insured event occurs when cryptocurrency traders are unpredictably and involuntarily separated from the cloud. More specifically, if a crypto exchange, wallet, DeFi or platform breaks down due to the crash of a public cloud provider and thus becomes unavailable, the insured crypto company can offer its customers protection against losses.
 
It is inconsequential that the exorbitant returns on cryptocurrencies in some cases are based specifically on the fact that there is a high risk of loss. A major risk factor that is not within the sphere of influence of the crypto companies could thus be covered by such insurance. This could also result in more conservative investors being attracted to the crypto market. It will remain to be seen whether such default insurance will be demanded by traders as a "mandatory seal of approval" for crypto companies.

On 22 April, the European Parliament and EU Member States announced they could swiftly reach a political agreement on the proposed Digital Services Act (DSA). Together with the Digital Markets Act (DMA), the introduction of the DSA will shake-up e-commerce rules. Like the GDPR, both the DSA and the DMA have extra-EU territorial effect, and so will try to also cover non-EU businesses providing scope services within the EU. While there are still some formal steps to take, once adopted, the DSA will be directly applicable across the EU. But similarly to the GDPR, it will only apply 15 months after entry into force or from 1 January 2024, whichever is later. This buys us time to examine the DSA piece by piece and provide you with some more detailed content. Stay tuned!

The EU and India announced plans to launch a joint trade and technology council in an effort to increase cooperation between the countries. The establishment of the council aims to allow the partners to tackle challenges of cooperation in the fields of trade, technology and security, and thus deepen the partnership between the EU and India. The Trade and Technology Council will provide the necessary structure and impact to execute political decisions, coordinate technical work, ensure implementation and follow-up in areas that are important for the progress of the economies.

On 14 March 2022 the European Parliament (EP) adopted its negotiating position on the Regulation on Markets in Crypto Assets (MiCA). MiCA is a comprehensive effort to harmonise regulatory requirements and provide legal certainty for the issuance and servicing of certain crypto assets across the EU. In the run-up to the parliamentary vote, there was a great deal of concern among market participants in respect of proposed language that would have banned activities related to Proof-of-Work (PoW) based digital currencies (such as Bitcoin) due to their high energy consumption. MEPs voted, however, against this ban on PoW and other environmentally unsustainable consensus mechanisms marking a relief for the European crypto industry. Still, MEPs acknowledged the high carbon footprint of PoW consensus mechanisms and, therefore, asked the European Commission (EC) to work on a legislative proposal by 1 January 2025 that would include all crypto asset mining activities in the green taxonomy system. After adoption by the EP, the MiCA draft is now shifting to a "trilogue", a formal round of negotiations between the EC, Council and EP.