A round-up of other techlaw news from the past two weeks not covered separately on the site
ECB publishes article on cryptoassets
The European Central Bank has published an article on cryptoassets. It discusses the crypto-asset phenomenon with a view to understanding its potential risks and enhancing its monitoring. First, it describes the characteristics of the crypto-asset phenomenon, to arrive at a clear definition of the scope of monitoring activities. Second, it identifies the primary risks of crypto-assets that warrant continuous monitoring – these risks could affect the stability and efficiency of the financial system and the economy – and outlines the linkages that could cause a risk spillover. Third, the article discusses how, and to what extent, publicly available data allow the identified monitoring needs to be met and, by providing some examples of indicators on market developments, offers insights into selected issues, such as the availability and reliability of data. Finally, it covers selected statistical initiatives that attempt to overcome outstanding challenges.
Google appeals Commission AdSense decision
Google and its parent company Alphabet have appealed against the European Commission's decision to fine Google EUR 1.49 billion. This was for abusing its market dominance in the online search advertising intermediation market by imposing restrictive clauses in contracts with third-party websites that prevented Google's competitors from placing their search adverts on these websites. It breached Article 102 of the Treaty on the Functioning of the European Union. Google and Alphabet claim that the European Commission has made an error in assessing market definition and dominance, and in its findings that Google's exclusivity and premium placement clauses and conditions for authorising equivalent ads were abusive. They have also argued that the European Commission has erred in imposing a fine and in the level of the fine.
Ofcom fines Giffgaff £1.4m for overcharging customers
Ofcom has fined the mobile company Giffgaff £1.4m, for overcharging millions of customers. The fine follows an investigation which found that an error in Giffgaff’s billing system led to around 2.6 million customers being overcharged up to a total of almost £2.9m. The fine includes a 30% reduction because Giffgaff agreed to settle the case and admitted the breach. It also recognises that, in line with good industry practice, Giffgaff reported the matter to Ofcom promptly when it realised its mistakes and took steps to fix the problem and refund customers. However, during the course of the investigation, Giffgaff failed to provide accurate information in response to two of Ofcom’s information requests. Ofcom have therefore imposed an additional penalty of £50,000 on Giffgaff.
CMA fines Casio £3.7m for illegally preventing price discounts
The CMA has fined Casio £3.7 million for breaking competition law by preventing online discounting for its digital pianos and keyboards. The CMA made a Statement of Objections in April 2019. Between 2013 and 2018, Casio broke competition law by implementing a policy designed to restrict retailer freedom to set prices online, requiring digital pianos and keyboards to be sold at or above a minimum price. Casio’s actions had included telling retailers to sell digital pianos and keyboards online at or above a certain price. It then monitored their prices and pressured retailers to modify or raise their prices online when they fell below the specified minimum price. Casio used new software that makes it easier to monitor online prices in real time and ensure widespread compliance with its pricing policy. It also meant that individual retailers had less incentive to discount for fear of being caught and potentially sanctioned. Casio’s monitoring was also helped by retailers reporting to Casio other retailers which were discounting its instruments. The fine was discounted to reflect the fact that the company admitted to the illegal behaviour and agreed to co-operate with the CMA, so shortening the CMA’s investigation.
ICO joins international signatories in raising Libra data protection concerns
The ICO has joined data protection authorities from around the world in calling for more openness about the proposed Libra digital currency and infrastructure. Representatives of the global community of data protection and privacy enforcement authorities have expressed shared concerns about the privacy risks posed by the Libra digital currency and infrastructure. The statement asks for details of how customers’ personal data will be processed in line with data protection laws. It asks for assurances that only the minimum required data will be collected, that the service will be transparent, and requests details of how data will be shared between Libra Network members.
ICO issues update on Royal Free NHS Foundation Trust
In July 2017, following reports concerning the use of Google DeepMind’s Streams application at the Royal Free NHS Foundation Trust, the ICO announced that the processing of personal data within Streams was not compliant with the then Data Protection Act 1998. The ICO has now stated that the Trust has completed the actions required, both in response to the requirements set out in the undertaking, and to meet the concerns to addressed in the audit. Greater clarity is needed and the ICO has committed to working with other bodies including the National Data Guardian and Health Research Authority, to improve guidance and support to the sector so that healthcare organisations like NHS Trusts can implement data-driven technology solutions safely and legally. Finally, ahead of the transfer of Streams from DeepMind to the new Google Health Unit, the ICO has made it clear to controllers using the Streams service that they will need to have the appropriate legal documentation in place to ensure their processing is in line with the requirements of the GDPR.
ICO publishes trust and confidence report
The ICO has published a research report on trust and confidence. The key goal of the research is to gauge public perceptions and awareness of how data is shared with and used within organisations and to monitor any change in the trust and confidence in how data is used and made available. The key findings from the research are: the perceived importance of data protection continues to increase; after the noise around the introduction of GDPR last year, there has been some stagnation; there has been notable progress in some areas eg awareness of freedom of information rights, and more progress is required on key messages about the regulator.