UK law
Digital Government (Disclosure of Information) (Identity Verification Service) Regulations 2024 made
The Digital Government (Disclosure of Information) (Identity Verification Service) Regulations 2024 (SI 2024/64) were made on 18 January 2024, and are scheduled to come into force on 8 February 2024. The purpose of the Regulations is to expressly allow specified public authorities to check and share government-held personal data to make it easier for individuals to prove their identity when seeking to access public services digitally.
Bar Council issues guidance on AI
The Bar Council has issued new guidance for barristers navigating the growing use of ChatGPT, and other generative AI and large language model systems (LLMs). It concludes that there is nothing inherently improper about using reliable AI tools for augmenting legal services, but they must be properly understood by the individual practitioner and used responsibly. The guidance, available on the Bar Council ethics and practice hub, sets out the key risks with LLMs: anthropomorphism; hallucinations; information disorder; bias in data training; and mistakes and confidential data training. It explores the considerations for practitioners when using LLM systems: due to possible hallucinations and biases, it is important for barristers to verify the output of LLM software and maintain proper procedures for checking generative output; “black box syndrome”– LLMs should not be a substitute for the exercise of professional judgment, quality legal analysis and the expertise that clients, courts and society expect from barristers; barristers should be extremely vigilant not to share with an LLM system any legally privileged or confidential information; barristers should critically assess whether content generated by LLMs might violate intellectual property rights and be careful not to use words which may breach trademarks. It is important to keep abreast of relevant Civil Procedure Rules, which in the future may implement rules/practice directions on the use of LLMs, for example, requiring parties to disclose when they have used generative AI in the preparation of materials.
Circular published about new offences under Online Safety Act
The UK government has published a circular to inform the police and other relevant public authorities of certain provisions of the Online Safety Act, in particular new criminal offences. There are offences relating to the new requirement to report Child Sexual Exploitation and Abuse (CSEA) content to the National Crime Agency (NCA) in section 69 of the Act – this offence is not yet in force. There are also offences in Part 7 of the Act, which relate to Ofcom’s enforcement powers – these came into force on 10 January 2024; and offences in Part 10 of the Act (the communications offences) – these came into force on 31 January 2024.
Guidance published on upcoming connectable product security regime
The Department for Science, Innovation and Technology has published updated guidance on the UK Product Security and Telecommunications Infrastructure (Product Security) regime for connectable product security, which comes into effect on 29 April 2024. Manufacturers of UK consumer connectable products will be required to ensure that their products meet the relevant minimum security requirements. The guidance sets out how businesses should comply with the regime, such as who is subject to the duties under the regime, duties of relevant parties, security requirements and enforcement. In addition, the Office for Product Safety & Standards (OPSS) has updated its guidance. It explains the enforcement powers that are available to the OPSS when addressing non-compliance with the legislation. These relate to the service of a compliance, stop or recall notice, the imposition of monetary penalties, and application for a forfeiture order.
UK Voluntary Code of Good Practice on Transparency in Music Streaming published
The Intellectual Property Office has published the UK Code of Good Practice on Transparency in Music Streaming. The voluntary code has been developed and agreed by 12 music industry bodies representing music creators, record labels, publishers, digital service providers, distributors and collecting societies. It is part of the commitment made by the government in response to the recommendations of the Culture, Media and Sport Select Committee’s Inquiry into Music Streaming. The IPO will have oversight of the Code and its implementation and will convene meetings of signatory organisations every six months to consider how the Code is working, with a formal review of the Code in 2026. It sets out agreed standards of good practice, forming part of a shared ambition across the music industry to build greater trust in music-maker contracts, streaming licensing deals, royalty payments, usage data, audit rights, and communication to music creators. This is part of the process to help improve creators’ understanding of how their music is licensed, administered and used, helping build confidence and clarity that they are being paid correctly when their music is played via streaming services.
EU law
EDPB launches website auditing tool to analyse legal compliance
The EDPB has launched a website auditing tool that can be used to analyse if websites comply with the law. The tool was developed in the context of the EDPB Support Pool of Experts and can be used by both legal and technical auditors at data protection authorities, as well as by controllers and processors who wish to test their own websites. The new tool allows preparing, carrying out and evaluating audits directly in the tool by a simple visit to the website in question. The tool is also compatible with other tools, such as the EDPS website evidence collector, and allows auditors to import and evaluate the results of audits carried out on those tools. Finally, the tool can generate reports. While several website auditing tools already exist, these usually require technical expertise. Therefore, the EDPB decided to develop a solution that would be easy to use to facilitate enforcement by national regulators and compliance checks by controllers. A second version with new features is planned for later this year.
