German EU Presidency publishes discussion paper on draft E-Privacy Regulation, DPC statement on Schrems II decision, OECD model rules on tax reporting obligations for online platforms, ICO statement on Lords digital technology report and more in this week’s round-up of techlaw news from the past week.
German EU Presidency issues discussion paper on draft E-Privacy Regulation
The German Presidency of the Council of the EU has issued a discussion paper about the draft E-Privacy Regulation. It says that a key step to an accord will be agreeing the rules for processing electronic communications data and protecting end-users' terminal equipment information. In addition, member states need to contribute their views about the provisions relating to vital interest and legitimate interest/statistical counting as well as protection of and requirements for access to terminal devices. Some aspects of Article 6(d) on detection of child abuse imagery, are controversial and it is planned to follow these up separately at a later time. Member states should submit their written comments by 24 July to help draft a new compromise text. A further Working Party discussion took place on 13 July.
Irish DPC issues statement on Schrems II decision
The Irish Data Protection Commission has issued a statement strongly welcoming yesterday’s judgment from the Court of Justice in the Schrems II case about the Privacy Shield and standard contractual clauses. It said “today’s judgment provides just that, firmly endorsing the substance of the concerns expressed by the DPC (and by the Irish High Court) to the effect that EU citizens do not enjoy the level of protection demanded by EU law when their data is transferred to the [US]. In that regard, while the judgment most obviously captures Facebook’s transfers of data relating to Mr Schrems, it is of course the case that its scope extends far beyond that, addressing the position of EU citizens generally. The Court also agreed with the DPC’s view that, whatever mechanism is used to transfer data to a third country, the protection afforded to EU citizens in respect of that data must be essentially equivalent to that which it enjoys within the EU”. Both the DPC and ICO have said that the judgment raises many issues which they will consider in due course.
OECD issues model rules on tax reporting obligations for online platforms
The OECD has released a new global tax reporting framework, the Model Rules for Reporting by Platform Operators with respect to Sellers in the Sharing and Gig Economy (MRDP). Under the MRDP, digital platforms must collect information about the income realised by those offering accommodation, transport and personal services through platforms and to report the information to tax authorities. With the digitalisation of the economy transactions that take place on platforms may not always be reported to tax administrations, either by third parties or by the taxpayers themselves. The platform economy also means increased access to information for tax administrations, as it brings activities previously carried out in the informal cash economy onto digital platforms. The MRDP are designed to help taxpayers comply with their tax obligations, while ensuring a level-playing field with traditional businesses, in key sectors of the sharing and gig economy. They further seek to avoid a proliferation of different and unilateral reporting regimes, allow for the use of novel technology solutions and help create a sustainable environment supporting the growth of the digital economy. The MRDP are part of a wider strategy of the OECD to address the tax challenges arising from the digitalisation of the economy and are designed to serve as a basis for further policy developments in increasing tax transparency to create a stable environment for the growth of the digital economy.
ICO comments on Lord’s Committee digital technology report
The ICO has issued a statement following the publication of the Lord’s Committee on Democracy and Digital Technology’s report ‘Digital Technology and the Resurrection of Trust’. The ICO said: “The report Lord Puttnam and his committee have published is a welcome contribution to important conversations around the role digital technology has in all of our lives. In particular, I am pleased to see an acknowledgment of how integral personal data is in this debate. Data can shape the posts and messages we see and the political advertisements we are shown. Any discussion of online harms must include consideration of the personal data processing that fuels algorithms and profiling. On the back of our investigations into the use of personal data in micro targeting of political advertising, we produced guidance on the use of data in campaigning. We continue to work with other regulators and government to find a balance between encouraging change in the online world and requiring compliance with the law.”
UK government updates Model Services Contract
The Cabinet Office and the Government Legal Department have published an updated version of the Model Services Contract. The new version reflects developments in government policy, regulation and the market. The MSC forms a set of model terms and conditions for major services contracts that are published for use by government departments and many other public sector organisations. It is suitable for use with the range of business services that government purchases and contains applicable provisions for contracts for business process outsourcing and/or IT delivery services.
EDPS publishes opinions on European Commission's strategy for data
In February 2020 the European Commission published its strategy for data as part of a wider package. The aim of the Data Strategy is to create a single European data space and thus make it easier for businesses and public authorities to access high-quality data to boost growth and create value. In its Opinion, the EDPS applauds the Commission’s commitment to ensure that European fundamental rights and values, including the right to the protection of personal data, underpin all aspects of the Data Strategy and its implementation. In particular, the EDPS appreciates the assurance that the Strategy would be developed in full compliance with the GDPR, which provides a solid basis, also by virtue of its technologically-neutral approach. The EDPS underlines that one of the objectives of the Data Strategy should be to prove the viability and sustainability of an alternative data economy model - open, fair and democratic. Unlike the current predominant business model, characterised by unprecedented concentration of data in a handful of powerful players, as well as pervasive tracking, the European data space should serve as an example of
transparency, effective accountability and proper balance between the interests of the individual data subjects and the shared interest of the society as a whole. Furthermore, the Opinion considers the background of the pandemic and reiterates the position that data protection is not the problem but part of the solution. Data and technology can play an important role in the overcoming the crisis in combination with other factors, as there is no “silver bullet” for something so complex.
European Commission publishes Q&A and other materials in relation to Online Platforms Regulations
The European Commission has published a suite of materials on the Platform to Business Regulation (EU) 2019/1150), which applied with effect from 12 July 2020. The materials include Q&As and progress reports. It will also publish guidelines on rankings soon, as well as reports on online advertising and platforms with significant market power.
Draft Online Intermediation Services for Business Users (Amendment) (EU Exit) Regulations 2020 published
The UK government has published the draft Online Intermediation Services for Business Users (Amendment) (EU Exit) Regulations 2020. The draft Regulations amend the retained version of Regulation (EU) 2019/1150 so that it functions correctly in domestic law at the end of the transition period. The amendments include: giving the Secretary of State power to choose organisations designated to bring enforcement proceedings against platforms and removing the requirement to communicate such designation to the European Commission; applying where businesses and their consumers are located within the UK rather than within the EU; imposing restrictions on when platforms may identify mediators outside the UK instead of outwith the EU; and amending references that no longer make sense in a domestic context, such as member states and the European Commission.
WIPO holds Second Session of Conversation on IP and AI and outlines next steps
The World Intellectual Property Organization has held its Second Session of the Conversation on IP and AI, and has outlined the next steps in a process designed to help clarify the most-pressing IP policy-related questions in the dynamic and fast-growing field of AI. WIPO will continue to foster dialogue by publishing on its web site all written interventions received within two weeks following the meeting’s closure and hold a Third Session of the Conversation on AI and IP at a later date in 2020. The WIPO Secretariat will also begin working on outlining preliminary considerations stemming from the many questions raised by AI for IP policy for the consideration of member states and other stakeholders. The Secretariat will also study a member state delegate’s suggestion to develop a priority list of questions on the IP-AI topic.
ICANN publishes issues paper on Digital Services Act
ICANN has published an update and analysis of the Digital Services Act (DSA) initiative launched by the EU. The DSA initiative was identified in the first of the series of the ICANN Government & Intergovernmental Organization engagement papers capturing EU policy updates as an area of potential relevance to the ICANN community and to ICANN’s technical role in the Internet ecosystem. The paper broadly explains the initiative to date and its potential impact. The paper notes the European Commission’s consultation on the DSA initiative which ends on 8 September 2020. ICANN org will submit a contribution to the consultation and encourages the community to contribute too. ICANN says it will continue to monitor the DSA initiative and will provide updates as relevant developments unfold.
CDEI issues blog post on social distancing wearables for the workplace
Social distancing wearables are devices that can be worn by a user (eg wristbands, watches) and alert wearers when they are in close proximity to another employee. The Centre for Data Ethics and Innovation has issued a blog post discussing such devices, considering issues such as their effectiveness, production and deployment, technical issues, ethical considerations, repurposing of such devices and the wider context. On the latter point, the blog post points out that social distancing wearables should be considered as part of a wider conversation around workplace surveillance, rather than as a standalone issue. As with any form of worker surveillance, there should be regular reviews of any social distancing monitoring in use to ensure that it is achieving the intended purpose.
Nominet consults on on expiring .UK domain names
Nominet has launched a new policy consultation on expiring domains. It wishes to implement a more transparent process for informing registrars and the wider public when an expired domain name will be made available for re-registration. They are also considering different methods for releasing highly desired expired domains which are contested (ie there are multiple parties seeking to register the domain name). The consultation covers two areas: the first is whether domains should be made available for re-registration throughout the day at a specific point in time, based on the time stamp for the original registration, or be released at a specified single point in time, eg 2pm every day. The second area is a very small minority of domains are intensely contested with multiple parties interested in re-registration, so the question is whether to alter the way in which Nominet release these domains. The options proposed are (1) auction model – two variations, and (2) economically controlled access to expiring domains. The consultation ends on 11 August 2020.
ICO issues statement about decision by National Police Chiefs' Council to withdraw digital consent forms
The ICO’s recent report about mobile phone extraction by police forces in England and Wales recommended that a number of measures are implemented across law enforcement in order to improve compliance with data protection law and regain some public confidence that may have been lost, including removing digital consent forms. The ICO also recommended a new code of practice to improve mobile phone extraction practices and better support police and prosecutors in their work. The ICO has now said “In our report published on 18th June, we recommended that these forms were withdrawn, and I am pleased to see that this action has been taken. People expect to understand how their personal data is being used. An approach that does not seek this engagement risks dissuading citizens from reporting crime, and victims may be deterred from assisting police”.
Ofcom consults on Hull Area Wholesale Fixed Telecoms Market Review 2021-26
Ofcom is proposing to create conditions to improve retail competition in the fixed telecoms markets in the Hull area, through its wholesale regulation of KCOM. Its strategy for fixed telecoms markets is to promote competition and investment to deliver better broadband and mobile services wherever people live or work. In the Hull area, Ofcom proposes to focus its regulation on encouraging competing providers to enter the market. Its consultation sets out its proposals for regulation of the wholesale local access and wholesale leased lines access services markets in the Hull area from April 2021. These underpin broadband, mobile and business connections. Ofcom also sets out plans to deregulate the wholesale broadband access and fixed voice markets.