This Week’s Techlaw News Round-Up

February 7, 2020

ASA and CMA publish updated guidance on influencer advertising

The Advertising Standards Authority and the Competition and Markets Authority have published their updated guidance on influencer marketing. It provides that the CMA can take action in relation to any influencer advertising for which payment is received. If a brand exercises editorial control over the influencer posts, the ASA can take action. The regulators take a wide view of the meaning of “payment” and “editorial control”. The ASA will always regulate affiliate marketing.  As a minimum,  influencers and affiliates should include an obvious label, such as “ad”. Such a label must be shown before people click/engage, it must be prominent enough for people to notice it, and suitable for the channel. It also needs to be clear on all devices such as mobiles and apps. Where the brand has editorial control, the posts must also comply with the UK Code of Non-broadcast Advertising and Direct & Promotional Marketing generally and responsibility for compliance rests with the brand.

Automated Facial Recognition Technology (Moratorium and Review) Bill receives first reading

The Automated Facial Recognition Technology (Moratorium and Review) Bill received its first reading in the House of Lords on 4 February. It would prohibit the use of automated facial recognition technology in public places and to provide for a review of its use. Second reading is yet to be scheduled.

ENISA issues reports on cybersecurity standards

The European Union Cybersecurity Agency has issued two reports. The first covers Standardisation in support of the Cybersecurity Certification and the second on Standards Supporting Certification. The first document presents the value of the cybersecurity standardisation efforts for certification, the roles and responsibilities of Standards Developing Organisations in this context, and discusses how standardisation can support efficiently the process of certification schemes creation by following a step by step methodology. It proposes a set of recommendations for the Standards Developing Organisations and the prospective authors of certification schemes. The second report explores five distinct areas, which have frameworks, schemes or standards that can potentially be evolved to EU candidate cybersecurity certification schemes. The five areas are Internet of Things, cloud infrastructure and services, threat intelligence in the financial sector, electronic health records in the healthcare and qualified trust services. The study considers the standards currently available and identifies existing gaps. It further proposes how these gaps can be addressed, especially by standardisation bodies, and how the available standards could potentially be adapted to form the basis of future candidate EU cybersecurity certification schemes.

European Commission fines NBCUniversal EUR14.3 million for restricting sales of film merchandise products

The European Commission has fined several companies belonging to Comcast Corporation, including NBCUniversal LLC €14 327 000 for restricting traders from selling licensed merchandise within the EEA to territories and customers beyond those allocated to them. These restrictions concerned merchandise products featuring the Minions, Jurassic World and other images and characters from NBCUniversal’s films. In particular, NBCUniversal imposed a number of direct measures restricting online sales, such as clauses prohibiting all online sales, clauses prohibiting out-of-territory online sales or clauses only allowing online sales on the websites of specific retailers. The Commission concluded that NBCUniversal partitioned the Single Market and prevented licensees in Europe from selling products cross-border and across customer groups, to the ultimate detriment of European consumers. For the fine, the Commission took into account, in particular, the value of sales relating to the infringement, the seriousness of the infringement and its duration, as well as the fact that NBCUniversal cooperated with the Commission during the investigation.

European Commission publishes work programme for 2020

The European Commission has published its work programme for 2020. It is the first work programme for the new Commission which took office in November 2019 and the first following the UK’s departure from the EU. Tech lawyers will be particularly interested in the Commission’s aim to create a Europe fit for the digital age. Initiatives include a new European data strategy, a white paper on AI, new Digital Services Act to reinforce the single market for digital services, various initiatives to improve cybersecurity, new Industrial Strategy for Europe that supports the ecological and digital transition and upholds fair competition, proposals to improve labour conditions for digital workers and an updated digital education plan. Annex 1 also mentions having common chargers for mobile devices and reviewing the Roaming Regulation. The Commission also intends to review existing legislation such as, for example, designs law. There are also pending proposals such as the e-privacy regulation.

Forensic Science Regulator and Biometrics Strategy Bill

The Forensic Science Regulator and Biometrics Strategy Bill has received its first reading in the House of Commons and is due to receive its second reading on 24 April 2020. It is to make provision for the appointment of the Forensic Science Regulator; to make provision about the Regulator and about the regulation of forensic science; to require the Secretary of State to publish an annual strategy on biometric technologies; to enable the Secretary of State to limit the use of such technologies when that is recommended in the strategy; and for connected purposes.

NCSC publishes design guidelines for high assurance products

The National Cyber Security Centre has published design guidelines for high assurance products. The guidance recommends approaches to the design, development, and security assessment of products (and systems) capable of resisting elevated threats. It contains a set of principles that can be used to set high level security objectives, which in turn can be used to guide design decisions and development processes. The guidance is aimed at organisations that are at risk from these elevated threats, or those seeking to develop products and systems capable of resisting these threats, specifically buyers of these products (or independent assessors), to help them gain confidence that a product is capable of resisting elevated threats and developers of product and systems that are intended to protect against elevated threats.

UK government currently has no plans to implement Digital Copyright Directive

The UK government has indicated in a written answer that it currently has no plans to implement the Digital Copyright Directive in the UK. It said that the deadline for implementing the EU Copyright Directive is 7 June 2021. The UK left the EU on 31 January 2020 and the transition period ends on 31 December 2020. The government has committed not to extend the transition period. Therefore, the UK will not be required to implement the Directive, and the government has no plans to do so. Any future changes to the UK copyright framework will be considered as part of the usual domestic policy process.

Also published this week