National Cyber Security Centre advice on mobile phones, CMA fines guitar manufacturer for online pricing, EDPS latest newsletter and more in this week’s round up of techlaw news plus links to our more in depth reports
Advocate General gives opinion that car rental companies do not communicate works to public
Advocate General Szpunar has given an opinion in the case of C-753/18 Stim and Sami. The AG considered that car rental companies are not “users” that communicate works to the public under Article 3(1) of the InfoDoc Directive 2001/29/EC and Article 8(2) of the Rental Rights Directive 2006/115/EC. Car rental companies merely provide cars, equipped with radio receivers, that have already been pre-installed by the respective car manufacturers. The only communication to the public that takes place is made by radio broadcasters.
CMA fines guitar maker £4.5m for preventing online price discounts
The Competition and Markets Authority has issued a decision finding that Fender Musical Instruments Europe Limited infringed competition law by engaging in resale price maintenance with regards to its online pricing. The CMA imposed a fine of around £4.5 million. The fine is the largest imposed in the UK for resale price maintenance. This follows the CMA’s fine of £3.7 million imposed on Casio for similar behaviour in relation to the online pricing of digital pianos and keyboards.
Digital Economy Act 2017 (Commencement of Part 3) Bill receives first reading
The Digital Economy Act 2017 (Commencement of Part 3) Bill has received its first reading in the House of Lords. The date for second reading is yet to be decided. The Bill, which is a private members bill, seeks to bring into force the remaining sections of Part 3 (online pornography) of the Digital Economy Act 2017.
EDPS issues newsletter with highlights of 2019
The European Data Protection Supervisor has published its latest newsletter in which it looks back at 2019 and highlights challenges for 2020. The newsletter covers developments such as guidance on contact lists, risk assessments and how to decide when they are necessary, data protection aspects of proposed rules on non-performing loans (those loans which are unlikely to be repaid), preventing the dissemination of terrorist content online, the European Travel Information and Authorisation System and the EDPS’s submissions to the European Court of Justice on data retention.
ICO call for views on the processing of personal data relating to criminal convictions
The ICO is conducting a survey to find out if gaps exist in controllers’ awareness and understanding of the data protection requirements for processing such data. Organisations may process personal data relating to criminal convictions and offences, or related security measures for many reasons. For example, to safeguard vulnerable individuals or children, assess people’s suitability for employment, or assess whether a person can access services such as housing or insurance. The processing of such data is governed by a complex legislative framework. The survey ends on 28 February 2020.
ICO publishes blog post on adtech
Simon McDougall, ICO Executive Director of Technology and Innovation, has written a blog post on adtech. He says that the adtech real time bidding industry is complex, involving thousands of companies in the UK alone. There is a significant lack of transparency due to the nature of the supply chain and the role different actors play. The Internet Advertising Bureau UK has agreed a range of principles that align with the ICO’s concerns, and is developing its own guidance for organisations on security, data minimisation, and data retention, as well as UK-focused guidance on the content taxonomy. Separately, Google will remove content categories, and improve its process for auditing counterparties. It has also recently proposed improvements to its Chrome browser, including phasing out support for third party cookies within the next two years. If these measures are fully implemented they will improve the handling of personal data within the adtech industry. However, the ICO will continue to investigate real time bidding. While it is too soon to speculate on the outcome of that investigation, given the ICO’s understanding of the lack of maturity in some parts of this industry, it anticipates it may be necessary to take formal regulatory action and will continue to progress its work on that basis.
NCSC publishes guidance on choosing mobile phone devices
The NCSC has published guidance on how to choose mobile phone devices and ensure their security. Securing mobile devices is an essential part of guarding an organisation against a variety of threats, many of which herald from the internet. The NCSC guidance covers four main areas: getting ready, ie selecting and procuring devices, policies and settings, managing deployed devices; and infrastructure. The guidance is aimed primarily at business users, with a focus on those deploying or managing large IT estates. However, the advice is useful for all users, and all operating systems. The NCSC also publishes case studies about where it has advised organisations on deployment.
Ofcom publishes statement on assessing fairness in consumer communications markets
Ofcom has issued a statement on ensuring fairness for customers. Ensuring fairness for customers is a continuing priority for Ofcom and it has a programme of work to encourage providers to put fairness at the heart of their businesses. Ofcom wants people to be treated fairly by their provider and to get a good deal. Ofcom’s fairness framework explains how it is likely to assess fairness concerns when they arise and the kinds of problems that might prompt it to take action. In June 2019, Ofcom issued a discussion paper that outlined its proposed approach to assessing fairness concerns. The statement summarises the main points that were raised in response to the discussion paper, gives Ofcom’s response to those comments and sets out a final framework.
Other news published this week