EU cyber-sanctions regime, World Economic Forum blockchain deployment toolkit, Law Commission analysis, European Parliament e-commerce report, EDPB opinions and annual report and Ofcom news in this week’s round-up of techlaw news from the past week.
Council of the EU extends cyber sanctions regime until 18 May 2021
The Council has adopted a decision extending until 18 May 2021 the restrictive measures framework against cyber-attacks which threaten the EU or its member states. The Council has established a framework which allows the EU to impose targeted restrictive measures to deter and respond to cyber-attacks which constitute an external threat to the EU or its member states, including cyber-attacks against third States or international organisations where restricted measures are considered necessary to achieve the objectives of the Common Foreign and Security Policy (CFSP). Cyber-attacks falling within scope are those which have significant impact and which: originate or are carried out from outside the EU or use infrastructure outside the EU or are carried out by persons or entities established or operating outside the EU or are carried out with the support of person or entities operating outside the EU. Attempted cyber-attacks with a potentially significant effect are also covered. More specifically, the framework allows the EU for the first time to impose sanctions on persons or entities that are responsible for cyber-attacks or attempted cyber-attacks, who provide financial, technical or material support for such attacks or who are involved in other ways. Sanctions may also be imposed on persons or entities associated with them. Restrictive measures include a ban on persons travelling to the EU, and an asset freeze on persons and entities. In addition, EU persons and entities are forbidden from making funds available to those listed.
World Economic Forum issues blockchain deployment toolkit
The World Economic Forum has issued a Redesigning Trust toolkit, designed to guide organisations through the development and deployment of a new blockchain solution. It provides tools, resources, and know-how to organisations undertaking blockchain projects. It was developed through lessons from, and analysis of, real projects, with the aim of helping organisations embed best practices and avoid possible obstacles in deployment of distributed ledger technology. It covers issues such as trustworthy verification of digital identities, protecting data, cybersecurity and interoperability.
Law Commissions publish analysis of responses on automated vehicles consultation
The Law Commission of England and Wales and the Scottish Law Commission have published their analysis of responses to their second consultation paper on automated vehicles. The consultation focused on Highly Automated Road Passenger Services (HARPS), which use self-driving vehicles capable of carrying only passengers or travelling empty with no human driver on board. Key policies that attracted support included: adopting national licensing for operators of HARPS, covering cars as well as larger vehicles such as buses, and all types of fare structures under the same system; flexible regulation that encourages innovation; and regulating accessibility of HARPS to ensure they meet the needs of disabled and older people. Views were divided on who should administer the operator licensing scheme, whether it should be a new agency or an existing agency such as Traffic Commissioners, and what powers local authorities need to manage HARPS. Although there was general agreement that digital traffic regulation orders would help enormously, other key policies like road pricing, parking charges and quantity controls generated mixed views. The Law Commissions will publish a third consultation paper later in 2020 bringing together material from the consultation on licensing HARPS, as well as returning to safety assurance, legal responsibility (civil and criminal) and access to automated vehicle data. The input to the third consultation will lead to the Law Commissions’ final report with recommendations for legislation in 2021.
European Parliament issues overview of legal framework for e-commerce in the internal market
The European Parliament has issued an overview of the legal framework for e-commerce in the internal market, considering the state of play, remaining obstacles to the free movement of digital services and ways to improve the current situation. It discusses the existing legislative framework of the Digital Single Market as well as the technology-driven changes of market and economy that have taken place over the last twenty years. The analysis identifies areas that are likely to respond positively to legislative intervention.
EDPB holds 28th plenary session and issues annual report
The European Data Protection Board has held its 28th plenary session. The EDPB adopted its opinion on the draft Standard Contractual Clauses for controller-processor contracts submitted to the Board by the Slovenian Supervisory Authority. In the opinion, the Board makes several recommendations that need to be taken into account so that the draft SCCs are considered as Standard Contractual Clauses. If all recommendations are implemented, the Slovenian SA will be able to adopt the draft agreement as Standard Contractual Clauses under Article 28(8) GDPR. The EDPB will also publish a register containing decisions taken by national supervisory authorities following the One-Stop-Shop cooperation procedure (Article 60 GDPR) on its website. In addition, the EDPB has published its annual report highlighting its activities over the past year and setting out its objectives for 2020. These include include providing guidance on data controllers and processors, data subject rights and the concept of legitimate interest. The EDPB will also carry out more work on advanced technologies, including AI, blockchain, connected vehicles, and digital assistants.
Ofcom agrees to notification period changes for new Openreach offers
Ofcom has agreed to a request from Openreach to waive some of its notification requirements for new offers, in response to the coronavirus situation. Openreach has proposed two new offers to its wholesale customers, which include changes to its terms, conditions and prices. These offers have been developed in response to the challenges businesses are dealing with because of the coronavirus. The offers involve: allowing customers purchasing its EAD100 and EAD1000 ethernet products to pause the start of their service for up to 90 days, deferring connection and rental charges; and providing rebates to customers purchasing Single Order Generic Ethernet Access products for a part of the installation service that Openreach may not be able to provide in the current situation. Openreach is usually required to give prior notice for such changes, but has asked Ofcom for consent to waive that notice period for these offers. This will allow its customers to benefit from the new offers as quickly as possible.
Ofcom publishes further consultation on award of the 700 MHz and 3.6-3.8 GHz spectrum bands
Ofcom has published a statement and further consultation on the award of the 700 MHz and 3.6-3.8 GHz spectrum bands. In a previous statement of 13 March 2020 it referred to modelling derived from use of a “single user throughput” model (the “SUT Model”). A stakeholder has raised concerns that they did not have the opportunity to comment on the reference to the SUT Model in advance of publication of our statement. As a result, Ofcom has now published an update note, which sets out the context for the use of the SUT Model. The further consultation ends on 12 June 2020. Ofcom will review the position set out in its previous statement in light of any comments it receives and and will publish its conclusions.