Techlaw News Round-Up

June 27, 2019

ICO issues EE Limited with monetary penalty of £100,000 for sending texts to customers without their consent
The ICO has issued telecoms company EE Limited with a £100,000 monetary penalty for sending over 2.5 million direct marketing messages to its customers, without their consent. The messages encouraged customers to access and use the ‘My EE’ app to manage their account as well as to upgrade their phone; a second batch of messages was sent to customers who had not engaged with the first message. During the ICO investigation EE argued that the texts were sent as service messages and so were not covered by electronic marketing laws. However, the ICO found the messages contained direct marketing.

ICO issues Metropolitan Police Service with two enforcement notices
The ICO has also issued the Metropolitan Police Service with two separate enforcement notices under the Data Protection Act 1998 and the Data Protection Act 2018. The notices relate to repeated failures to comply with individuals’ rights regarding subject access requests. The notices require the MPS to inform individuals who submitted subject access requests whether it is processing personal data concerning these individuals. The ICO has published a blog post about access to personal data from the police.

EU-wide cybersecurity rules enter into force
The European Cybersecurity Act has entered into force, setting the new mandate of ENISA, the EU Agency for Cybersecurity, and establishing the European cybersecurity certification framework. The EU has produced a factsheet on the new regulation.

Draft Small-scale Radio Multiplex and Community Digital Radio Order 2019 published
The draft Order modifies Part 2 of the Broadcasting Act 1996 to create regulatory frameworks for small-scale radio multiplex services, a new category of digital radio transmission, and for community digital sound programme services, a new category of digital radio stations.