This Week’s Techlaw News Round-Up

October 13, 2023

UK law

ASA publishes final report on information gathered during IPP Pilot

The ASA has published a final report on its Intermediary and Platform Principles (IPP) Pilot. The Pilot was devised to help explore whether and, if so, how the UK advertising self-regulatory system might evolve to bring greater transparency and broader accountability to the ASA’s work online. It centred around six key Principles, which reflect how platforms and intermediaries have, over many years, voluntarily engaged and cooperated with the ASA to help uphold the UK Non-broadcast Advertising Code. It also sought to develop new working relationships between the ASA and other platforms and intermediary companies. The ASA’s findings demonstrate that the participating companies implemented the Principles that applied to their services. By doing so, they demonstrably supported the ASA to raise awareness of the advertising rules and, as relevant, to remove ads online that were persistently non-compliant. The report assesses the measures and provides examples of good practice. It also reports on areas for ongoing consideration. The report will be reviewed to see if gaps exist in the ASA’s ability to secure advertisers’ compliance with the CAP Code online, and how this can effectively be addressed by working with the participating companies and other online intermediary businesses.

CMA seeks views on Vodafone’s merger with rival network Three

The CMA seeks comments about the impact that the merger between Vodafone and Three could have on competition in the UK, in advance of launching a formal investigation once it has received the information it needs from the merging companies. Vodafone UK (which is owned by Vodafone Group pls) and Three UK (which is owned by CK Hutchison Holdings Limited) are major providers of mobile telecommunication services in the UK. Further opportunities to submit views will be provided once the CMA begins its formal Phase 1 investigation. The CMA will consult Ofcom as the sector regulator.

EU law

MEPs adopt rules to protect consumers concluding remote financial services contracts

The European Parliament has formally endorsed the new proposed Directive on financial services contracts concluded at a distance. It revises the current legal framework given rapid technological developments in the financial services market. The law aims to improve consumer protection online and provide legal clarity to traders. The Directive covers all financial services which are not covered by specific sectoral legislation will be covered by these rules. The new rules include an effective right of withdrawal and a right to pre-contractual information. When traders contact consumers by phone, the commercial purpose of the call needs to be disclosed at the start and the consumer needs to be notified if the call is being recorded. Consumers will have a right to receive adequate explanations from traders before signing (free of charge) and to request human intervention when using fully automated online interfaces (e.g. chatbots). The text includes a ban on dark patterns: financial services providers will be prohibited from deceiving or “nudging” consumers into making choices that may be against their interest via their website designs, for example by presenting choices in a non-neutral manner. Once Council formally adopts the text, the Directive will be published in the EU Official Journal and enter into force 20 days later. Member states will then have 24 months to transpose the rules into national law and another six months to apply them.

CJEU says that use of app to validate COVID certificate involves processing personal data

The Court of Justice of the European Union has issued its ruling in RK v Ministerstvo zdravotnictv√≠ Case C-659/22. It decided if the GDPR applies to an app which checked the authenticity of an individual’s COVID-19 vaccination, test and recovery certificate. The Czech Republic’s Ministry of Health issued the app aimed at promoting safe movement during the COVID-19 pandemic. The Czech court’s doubted if the simple conversion via the app of a machine-readable barcode on the EU Digital COVID Certificate to a human readable format (setting out basic identifying data and “valid” / “invalid”) and display operation of those data on a mobile telephone, was “processing” under Article 4(2). The Czech courts thought that this did not involve any risk of misuse of the personal information or affect the right of protection of that information, on the grounds that the app did not send the data displayed on screen anywhere else. Therefore, they referred the case to the CJEU. The CJEU found the app scanned the QR code on the EU Digital COVID Certificate and converted personal data from the code into a format readable by the person conducting the verification check. The conversion occurred automatically via the app, enabling the operator to consult the personal data displayed onscreen and decide if the COVID status of the data subject being scanned complied with the certificate validation rules. The CJEU ruled that the concept of “processing” personal data under Article 4(2) of the GDPR including using an app issued by an EU member state to verify if an EU Digital COVID Certificate was valid.

European Commission publishes template for compliance report under the Digital Markets Act

The European Commission has published the template for the compliance report that designated gatekeepers will need to submit under the Digital Markets Act. The compliance reports must include in a detailed and transparent manner all relevant information needed by the Commission to assess the effective compliance of designated gatekeepers with the DMA. They must cover all core platform services listed in the relevant designation decision. Designated gatekeepers will need to submit compliance reports within six months from designation and update them at least once per year. The gatekeepers designated on 6 September 2023 will need to submit the first reports by 7 March 2024. The Commission will then publish a non-confidential summary of each compliance report.

European Commission publishes outcome of consultation on future of EU electronic communications sector

The European Commission has published the results of its consultation on the future of electronic communications and its infrastructure. The Commission says three key issues arose from the consultation. Firstly, new technologies will have a significant impact on the electronic communications sector. This will include network visualisation, edge cloud, artificial intelligence and open networks which will require innovation and efficient investment. Secondly, the Commissions says that a more harmonised approach to spectrum management, removal of obstacles such as sectoral regulation and a unified regulatory approach would unlock larger market potential evolution and leverage the EU single market. Thirdly, it says that EU connectivity infrastructure needs to be more secure and future-proof.