This Week’s Techlaw News Round-Up

October 20, 2023

UK law

CMA clears revised deal for Microsoft to buy Activision

The new deal for Microsoft to buy Activision without cloud gaming rights has been cleared after the CMA concluded it would preserve competitive prices and better services. In August this year Microsoft made a concession that would see Ubisoft, instead of Microsoft, buy Activision’s cloud gaming rights. This new deal will put the cloud streaming rights (outside the EEA) for all of Activision’s PC and console content produced over the next 15 years in the hands of a strong and independent competitor with ambitious plans to offer new ways of accessing that content. As a result of this concession, the CMA agreed to look afresh at the deal and launched a new investigation in August. The CMA has now completed that investigation and has cleared this narrower transaction. It says that the new deal will stop services for UK cloud gaming customers. It will allow Ubisoft to offer Activision’s content under any business model, including through multigame subscription services. It will also help to ensure that cloud gaming providers will be able to use non-Windows operating systems for Activision content, reducing costs and increasing efficiency. In its original investigation, the CMA found Microsoft already held a strong position in relation to cloud gaming and blocked the deal. The sale of Activision’s cloud streaming rights to Ubisoft will prevent the distribution of important, popular content – including games such as Call of Duty, Overwatch, and World of Warcraft – from coming under the control of Microsoft in relation to cloud gaming. The restructured deal substantially addressed the concerns that the CMA had following its original investigation, which concluded earlier this year. The CMA did identify limited residual concerns with the new deal, but Microsoft gave undertakings that will ensure that the terms of the sale of Activision’s rights to Ubisoft are enforceable by the CMA. The CMA consulted on these undertakings and is satisfied that this will provide the safety net needed to make sure this deal is properly implemented.

FCA fines Equifax Ltd for cyber security and outsourcing failings

The FCA has fined Equifax Ltd (Equifax) £11,164,400 for failing to manage and monitor the security of UK consumer data it had outsourced to its parent company based in the US. The breach allowed hackers to access the personal data of millions of people and exposed UK consumers to the risk of financial crime. Equifax Ltd agreed to resolve the matter and qualified for a 30% discount under the FCA’s executive settlement procedures. Were it not for this discount, the FCA would have imposed a financial penalty of £15,949,200 (before 30% discount) on Equifax Ltd. Equifax Ltd also received a 15% credit for mitigation in acknowledgement of its high level of cooperation during the investigation, the voluntary redress it offered to consumers and the global transformation programme it instituted after the incident.

Ofcom issues call for evidence on the future of TV distribution

Ofcom has said that how audiences are watching TV has continued to change, with more and more video content being watched over the internet in recent years. This has brought access to a wider range of content, but also created a more fragmented experience. This change is relevant for several of Ofcom’s regulatory duties and in particular for its focus on supporting the availability of and engagement with media. It is therefore timely to consider what internet distribution will mean over the long term for the dedicated TV platforms and services which people rely on today, and how broadband networks are evolving to meet and be resilient to this new demand. The call for evidence gives an overview of the factors that might affect the landscape for TV distribution over the next decade and beyond. Ofcom are seeking evidence from stakeholders and consumers on how they anticipate the market developing and any key questions that arise for regulators and the UK government. The call for evidence ends on 12 December 2023.

EU law

CJEU rejects challenge to EU-US Data Privacy Framework

The CJEU has rejected a challenge in Case T-553/23 R by a French member of parliament to the EU-US Privacy Framework. It said that the French MP had not shown that there was likely to be serious and irreparable harm which would justify the urgency of the requested interim measures. The MP had not specified how transfers of his personal data to the US based on the Framework would specifically cause him serious harm. He had only said how the Framework might operate in general. He had also argued that he used certain IT tools (for example, Microsoft 365 and Google) but did not provide evidence about how his using tools would lead to his personal information would be transferred to those companies and without showing how that would affect his personal information. The European Commission had argued that it was already possible to make such transfers by other transfer mechanisms. The CJEU said that if a party seeks interim measures, they must demonstrate the imminence of serious irreparable damage and merely showing that there might be a prima facie face, even if that case might be serious, does not avoid an applicant having to demonstrate urgency (other than in very limited circumstances).

European Commission sends requests for information to X and Meta under EU Digital Services Act

The European Commission has sent a formal request to X (Twitter) for information under the EU Digital Services Act. The Commission wishes to shed light on the alleged spreading of illegal content and disinformation, especially the spreading of terrorist and violent content and hate speech as well as compliance with other provisions of the EU DSA. X is required to comply due to its designation as a Very Large Online Platform. X needs to provide the requested information to the Commission services by 18 October 2023 for questions to related to the activati9on and functioning of X’s crisis response protocol and by 31 October 2023 on the rest. Based on the assessment of X’s replies, the Commission will assess the next steps. This could involve the formal opening of proceedings under Article 66 of the EU DSA. The European Commission has also formally sent Meta a request for information under the Digital Services Act (DSA). The Commission is requesting Meta to provide more information on the measures it has taken to comply with obligations related to risk assessments and mitigation measures to protect the integrity of elections and following the terrorist attacks across Israel by Hamas, in particular regarding the dissemination and amplification of illegal content and disinformation. Meta must provide the requested information to the Commission by 25 October 2023 for questions relating to the crisis response and by 8 November 2023 on the protection of the integrity of elections.

EDPS issues opinion on AI liability rules proposals

The European Data Protection Supervisor has issued an own-initiative Opinion on two proposed directives on liability for defective products and on adapting non-contractual civil liability rules to artificial intelligence.

European Commission and consumer authorities look into business practices of influencers

The European Commission and national authorities of the Consumer Protection Cooperation Network have announced that they will screen online posts to identify testimonials and endorsements that mislead consumers. The result of this social media sweep will feed into the Digital Fairness fitness check that helps assess whether new legislation is necessary to make digital markets as safe as offline markets. In addition, the European Commission has launched an Influencer Legal Hub. On this platform, influencers and content creators can find informati9on on EU legislation in the area of fair commercial practices, aimed at helping them to comply with the rules.

Commission recommends Member States to fast-track DSA governance to enhance response to illegal online content

The Commission has published a set of recommendations for member states to coordinate their response to the spread and amplification of illegal content, such as terrorist content or unlawful hate speech, before it can lead to a serious threat to public security. The aim is for member states to support the Commission in ensuring full compliance by Very Large Online Platforms and Search Engines with their new obligations under the Digital Services Act, ahead of the deadline for Member States to play their role in the enforcement of the DSA.