Europol on spear phishing, caller line ID consultation, online gambling report and more in this week’s round-up of techlaw news from the past week not covered separately on the site
Data Protection Act 2018 (Commencement No 3) Regulations 2019 made
The Data Protection Act 2018 (Commencement No. 3) Regulations 2019 SI 2019/1434 have been made. These regulations are the third commencement regulations made under the Data Protection Act 2018. They bring into force paragraphs 211 and 227 of Schedule 19 to the Act on 2 December 2019, immediately after the provisions brought into force by the Children and Social Work Act 2017 (Commencement No. 6 and Saving Provision) Regulations 2019 SI 2019/1436.
Europol issues strategic report on spear phishing
Europol’s European Cybercrime Centre (EC3) has published a strategic report on spear phishing, reflecting the views of both law enforcement and private industry on one of the most prevalent cyber threats currently affecting organisations across the EU. Spear phishing is the practice of targeting specific individuals within an organisation or business to distribute malware or extract sensitive information. It is the number one attack vector and enabler for the vast majority of cybercrimes. The report highlights the role of spear phishing and defines the main modi operandi that criminals use to deceive the target (among others, emails coming from trusted accounts, malicious attachments or links to fraudulent websites). It also collects conclusions and recommendations for organisations on how to effectively combat this threat on a technical, educational, as well as operational level –enforcing security policies, implementing artificial intelligence and a raising public awareness on the topic. At the same time, the report highlights some of the challenges related to information-sharing and the investigation of spear phishing attacks. It highlights that a collaboration effort with law enforcement and the private sector should be done collectively.
Gambling Related Harm APPG issues report on online gambling
Following an inquiry, the Gambling Related Harm All-Party Parliamentary Group has issued a report calling for stake and deposits limits to be introduced on online gambling products. The report raises concerns about the lack of action from the UK government and the Gambling Commission to effectively address the harms caused by the online gambling sector. This inaction has allowed the industry to continue to prey on vulnerable gamblers. The report also highlights the disparity in content controls and stake and deposit limits between online and offline games. It notes that the government has accepted the principle that harm can be reduced by reducing staking levels and it is clear that stake and deposit limits are needed in the online world to limit harm. The cross-party group argues that there is no justification for having slot machine style games online with staking levels above £2, in line with land based venues. The report further notes that the Gambling Commission is looking at other aspects of regulation but has made no mention of stake and prizes online. The report goes as far to raises concerns that the Gambling Commission is not fit for purpose. The group calls on online gambling operators to sign its ‘Charter for Regulatory Reform’, to signal their intention and support for the policy proposals and recommendations in the report.
Network and Information Systems (Amendment etc) (EU Exit) (No 2) Regulations 2019 made
The Network and Information Systems (Amendment etc) (EU Exit) (No 2) Regulations 2019 SI 2019/1444 been made. They are made under the European Union (Withdrawal) Act 2018 to address failures of retained EU law to operate effectively and other deficiencies. The Regulations make amendments in the field of cyber security. Part 1 amends the Network and Information Systems Regulations 2018 (SI 2018/506) (the NIS Regulations), which implement Directive (EU) 2016/1148 (the NIS Directive). Part 1 also revokes Regulation (EU) 2019/881 on ENISA. The changes are necessary to enable the Information Commissioner to regulate digital services providers within scope of the NIS Directive based outside the UK but offering services within the UK, and to require those providers to comply with the NIS Regulations. The ENISA Regulation is being revoked because it establishes and confers functions upon the European Union Agency for Network and Information Security, which is an EU body. Finally, Part 2 amends the Network and Information Systems (Amendment etc.) (EU Exit) Regulations 2019 (SI 2019/653) to correct a drafting error.
Ofcom consults on caller line identification guidelines
Ofcom has launched a consultation on caller line identification guidelines. The CLI guidelines aim to help phone companies comply with regulatory requirements that information carried with a call, and the numbers displayed to people receiving them, must be valid, can be dialled and uniquely identify the caller. All calls, as a minimum, must have what is known as a ‘network number’, which identifies the origin of the call. Traditionally, geographic numbers, beginning 01 or 02, have been used as network numbers. But, in recent years, some calls have begun to use other types of numbers, particularly where these calls originate from VoIP platforms. Ofcom proposes to further clarify that any valid number can be used as a network number, provided it does not breach Ofcom’s numbering plan restrictions, and it does not connect to a premium rate service or revenue-sharing number that generates an excessive or unexpected call charge. Phone providers must also continue to provide accurate caller location information to the emergency services. The consultation ends on 6 December 2019.
Ofcom consults on reclaiming unfair universal service costs
Ofcom is proposing funding regulations to compensate providers for universal services.
A universal service obligation guaranteeing a decent level of home phone services has been in place since 2003. In March 2018 the UK government introduced legislation for a broadband universal service obligation, to give homes and businesses the right to request a decent and affordable broadband connection. It now falls to Ofcom to implement that broadband universal service obligation. In early 2019 it appointed BT and KCOM to deliver broadband universal service obligation connections and services, and set the conditions that will apply to them. From 20 March 2020, people can start making requests for these services. As the universal service providers, BT and KCOM are entitled to be compensated for any costs that it would not be appropriate for them to cover. In the consultation, Ofcom proposes the rules and procedures these providers should follow to make a claim for any unfair costs involved in providing a universal service. These procedures would apply to the broadband universal service obligation, but also to any other universal service obligations. The consultation ends on 7 January 2020.
The Wireless Telegraphy (Mobile Repeater) (Exemption) (Amendment) Regulations 2019 made
The Wireless Telegraphy (Mobile Repeater) (Exemption) (Amendment) Regulations 2019 SI 2019/1450 have been made. They amend regulation 2 of the Wireless Telegraphy (Mobile Repeater) (Exemption) Regulations 2018 SI 2018/399. Regulations 3 and 4 of the 2019 regulations exempt from the requirement to be licensed under section 8(1) of the Wireless Telegraphy Act 2006 the establishment, installation and use of a wireless telegraphy station or apparatus known as a “mobile repeater device” which complies with certain technical specifications and conditions set out in interface requirements published by Ofcom. As a result, additional devices now benefit from the exemption from the requirement to be licensed under section 8(1) of the 2006 Act. Ofcom has made a statement explaining the regulations. It says that accessing mobile networks from a vehicle can be troublesome for some consumers, particularly where they are travelling at the edge of mobile network coverage. If the mobile signal is already weak outdoors and must then penetrate through the glass and bodywork of the vehicle, once inside, it may fall below a usable level. In-vehicle mobile phone repeaters, also known as signal boosters and signal enhancers, can help to mitigate the loss of the mobile signal through the car’s bodywork. Ofcom has decided to change the technical parameters allowed for licence exempt in-vehicle low gain mobile phone repeaters.