This Week’s Techlaw News Round-Up

September 15, 2023

UK law

Social media platforms required to tackle animal cruelty under amendments to Online Safety Bill

The Department for Science, Innovation and Technology and the Department for Environment, Food & Rural Affairs have tabled an amendment to the Online Safety Bill. The amendment states that social media platforms will be required to remove content encouraging or facilitating animal cruelty. Any platforms that fail to do so could be fined up to £18m or 10% of their global annual revenue. The amendments also provide that section 4(1) (unnecessary suffering) of the Animal Welfare Act 2006 will be classified as a priority offence in the Bill.

Ofcom consults on proposed amendments to Electronic Communications Code

Ofcom is consulting on amendments to its Code of Practice and template notices that relate to the Electronic Communications Code, following changes to the ECC. The ECC is designed to facilitate the installation and maintenance of an electronic communications network, conferring rights which result in simplified planning procedures. The UK government has recently made changes to the ECC, through the Telecommunications Infrastructure (Leasehold Property) Act 2021 and the Product Security and Telecommunications Infrastructure Act 2022, to support the rollout of modern high-capacity networks in a way that balances the interests of landowners, telecoms operators and the public. Due to these changes, Ofcom is proposing various updates to its Code of Practice regarding agreements for access to private land under the Electronic Communications Code and its template notices for operators and landowners. The consultation on the Code of Practice ends on 7 November 2023, and the consultation on template notices ends on 10 October 2023. 

ICO publishes guidance for employers on processing workers’ health data

The ICO has published guidance on health data. This guidance is aimed at employers to help them understand their data protection obligations under the UK GDPR and DPA 2018 when handling the health information of the people who work for them. The guidance has two main parts. The first section contains an overview of how data protection law applies to the processing of workers’ health information. It looks at the data protection principles and the basics for compliance, with links to further detailed guidance. The second part considers some of the most common types of employment practices where organisations process workers’ health information. The guidance aims to help provide greater regulatory certainty; protect workers’ data protection rights; and help employers to build trust with workers.

ICO issues toolkit for data sharing with law enforcement agencies

The Information Commissioners Office has published an online toolkit which is aimed at organisations and businesses needing to deal with requests from law enforcement bodies to provide access to personal data. It is designed to assist those who have a basic knowledge or awareness of data protection. The toolkit takes organisations through the relevant considerations and helps them make a decision about when and how they can share the requested data. The toolkit also generates a report at the end, which assists with documenting decisions and justifications.

NCSC and Information Commissioner sign Memorandum of Understanding

The National Cyber Security Centre and the ICO have signed a joint Memorandum of Understanding that sets out how both organisations will cooperate. The MoU recognises that whilst both organisations have distinct responsibilities, there are opportunities to align work on some shared issues and deconflict on others. These include cooperation on the development of cyber security standards and guidance as well as influencing improvements in the cyber security of organisations regulated by the Information Commissioner’s Office. The MoU reaffirms that the NCSC will never pass information shared with it in confidence by an organisation to the ICO without having first sought the consent of that organisation.

Former social services council employee fined for unlawfully accessing sensitive personal data

A former family intervention officer at St Helens Borough Council has been sentenced for unlawfully accessing social services records. The defendant was prosecuted for viewing records on the council’s case management system between 17 January 2019 and 17 October 2019 without having a business need to do so. An internal council audit found the defendant unlawfully looked at the records of 145 people whilst employed in the social services department. She resigned from the council before disciplinary proceedings commenced. She then appeared before Wigan and Leigh Magistrates Court on 11 September 2023 and pleaded guilty to one offence of unlawfully obtaining personal data, in breach of s170(1) of the Data Protection Act 2018. She was fined £92, ordered to pay court costs of £385 and a victim surcharge of £32.

European law

European Court of Human Rights rules on “right to be forgotten”

The case of Hurbain v Belgium concerned the civil judgment against Mr Hurbain, publisher of the newspaper Le Soir, ordering him to anonymise, on grounds of the “right to be forgotten”, an article in the digital archives mentioning the full name of the driver responsible for a fatal road-traffic accident in 1994. The Court noted that the national courts had taken account in a coherent manner of the nature and seriousness of the facts in the article in question, the fact that the article had no topical, historical or scientific interest, and the fact that the driver was not well known. In addition, they had attached importance to the serious harm suffered by the driver because of the continued online availability of the article with unrestricted access, which effectively created a “virtual criminal record”, especially in view of the length of time since the original publication of the article. Furthermore, after reviewing the measures that might be considered to balance the rights at stake, a review whose scope had been consistent with the procedural standards applicable in Belgium, they had held that the anonymisation of the article did not impose an excessive and impracticable burden on the applicant, while constituting the most effective means of protecting the driver’s privacy. Accordingly, and regard being had to the States’ margin of appreciation, the Court found that the national courts had carefully balanced the rights at stake in accordance with the requirements of the Convention on Human Rights, such that the interference with the right guaranteed by Article 10 of the Convention on account of the anonymisation of the electronic version of the article on the website of the newspaper Le Soir had been limited to what was strictly necessary. Therefore, in this context it was necessary in a democratic society and proportionate.