Reaction to the Schrems II decision, .eu domain names for EEA citizens, update on Age Appropriate Code and lots more in this week’s round-up of essential techlaw news from the past week.
EU & UK reaction to the Schrems II decision
The European Commission has issued a statement on the Facebook Ireland v Schrems decision on the Privacy Shield and standard contractual clauses. It says that transatlantic data flows can continue, based on binding corporate rules or standard contractual clauses. The Commission will continue its work to ensure the continuity of safe data flows. It will do this in line with the judgment; in full respect of EU law and in line with the fundamental rights of citizens. It believes that in the globalised world of today, it is essential to have a broad toolbox for international transfers while ensuring a high level of protection for personal data. The Commission will work quickly to finalise this toolbox.
The UK government has also issued a statement on the Schrems II decision. It says that it is reviewing the details of the judgment and remains committed to supporting UK organisations on international data transfers. It intervened in the case, arguing in support of the validity of standard contractual clauses. It says “it is pleased that this important mechanism for transferring data internationally remains in place and is considering any further implications that may arise from the judgment in respect of this”.
EurID extends eligibility to hold .eu domain name to EEA citizens
EurID has announced that the European Free Trade Association has reached an agreement with the EEA to incorporate Regulation 517/2019 into the EEA agreement. The new regulation allows EEA citizens from Norway, Liechtenstein and Iceland to register .eu and its variant scripts domain names regardless of their place of residence. EU citizens were granted the same eligibility in October 2019. In extending the citizenship rule to EEA nationals, the new Regulation aims to adapt to the fast-changing domain name industry and to strengthen and expand the link with the growing Digital Single Market, focusing on European values like multilingualism, privacy protection, and security. EURid will make the necessary amendments to various documents and webpages to enable EEA citizens from Norway, Liechtenstein and Iceland to hold .eu domain names from 2 September 2020.
ICO provides update on Age Appropriate Design Code and impact assessment
Deputy Commissioner Steve Wood has provided an update on the Age Appropriate Design Code and impact assessment. The Code is close to the end of Parliamentary scrutiny process and will be used from August. It has 15 standards which reflect existing law, rather than introducing new law. It has been created as a tool to help businesses to comply with current information rights legislation and was introduced by the Data Protection Act 2018. There is a 12 month transition period and the Code comes fully into force in August 2021. The ICO will provide practical resources to help organisations to assess the changes they need to make and taking steps towards them and its guidance and support will be focused in areas by the impact assessment of the Code. Parliament set the scope of the Code so it would be broad, covering not just online services designed for children but also those services that are likely to be accessed by children. This makes quantified analysis of the costs and benefits challenging, with costs varying considerably even between small and medium enterprises. The ICO has committed to reviewing the Age Appropriate Design Code in August 2022, one year after the transition period, to understand how the code is working and whether the costs and benefits are in line with expectations. The review will allow the ICO to assess whether the support package is sufficient and to tailor any additional resources it decides to develop.
Ofcom issues call for inputs on emerging technologies and their potential impact on the communications industry
Ofcom has started a technology discovery programme to better understand the technologies being researched and developed which could affect the sectors it regulates, including broadcast, fixed, mobile and satellite communication networks and online communications sectors, including the content they carry and the devices on which they are consumed. It is interested in hearing about any emerging technologies that could change the shape of the communications industry in the coming years. It is especially interested in technologies that have the potential to achieve the following: enable the delivery of new services which are valued highly by people and businesses; broaden and deepen access to services; increase the performance of networks, improving the experience for people using them; lower barriers to entry into markets, giving people a greater choice of providers; reduce the cost of delivering services, increasing access and maximising value for customers; change the way Ofcom authorises and regulates networks and /services; assure the security and resilience of service delivery; and reduce the total environmental impact of delivering communications services and associated. It plans to publish a summary of responses to the call for input later this year and outline next steps. It also expects responses to feed into a wider programme of work. The consultation ends on 3 September 2020.
European Commission adopts guidance for national courts when handling disclosure of confidential information
The European Commission has adopted a Communication on the protection of confidential information by national courts in proceedings for the private enforcement of EU competition law. Under the Antitrust Damages Directive, national courts may receive requests for disclosure of evidence containing confidential information. The Directive obliges member states to ensure that national courts can order the disclosure of this evidence under certain conditions. At the same time, member states must ensure that national courts can protect such confidential information. The Commission’s Communication seeks to provide practical guidance to national courts in selecting effective protective measures, considering among others the specific circumstances of the case, the type of information requested, the extent of the disclosure, the parties and relationships concerned as well as any administrative burdens and cost implications. The Communication suggests a number of measures (eg redactions, confidentiality rings, use of experts, closed hearings) national courts may, depending on their procedural framework, order to protect confidential information in the context of disclosure requests throughout and after the closing of the proceedings, and it describes how and when such measures could be effective. The Communication is not binding for national courts and does not modify or bring about changes to national procedural rules.
Reforms to permitted development rights to support 5G and extend mobile coverage
The UK government has announced that it will simplify planning rules to speed up 5G rollout and improve rural mobile coverage. The reforms will allow: new masts to be built taller, subject to prior approval by the planning authority, to deliver better coverage and allow more mobile operators to place equipment on them; existing phone masts to be strengthened without prior approval, so that they can be upgraded for 5G and shared between mobile operators; building-based masts to be placed nearer to highways to support better mobile coverage of the UK’s road networks, subject to prior approval; and cabinets containing radio equipment to be deployed alongside masts, without prior approval, to support new 5G networks. Before amending the existing legislation, the government will carry out a technical consultation on the proposals, including the appropriate environmental protections and other safeguards, and the specific limits to be put on the widths and heights of phone masts. The government also expects the mobile phone industry to minimise the impact of new mobile deployment. These reforms will aid the delivery of Shared Rural Network. The four main mobile operators have committed to increase mobile phone coverage throughout the UK to 95% by the end of 2025, by investing in a network of new and existing phone masts that they would all share.
Assessment List for Trustworthy AI published
The Assessment List for Trustworthy AI has been published by the European Commission. It is a checklist for business and organisations to self-assess the trustworthiness of their AI systems under development. This aims to increase the benefits that AI yields to the economy and society as a whole. The concept of Trustworthy AI, introduced by the High-Level Expert Group on AI through the Ethics Guidelines on Trustworthy AI, is based on seven key requirements: human agency and oversight; technical robustness and safety; privacy and data governance; transparency; diversity; non-discrimination and fairness; environmental and societal well-being; and accountability. The checklist is the first instrument that translates AI principles into an accessible and dynamic checklist that developers and deployers of AI can use. It also aims to help to ensure that users benefit from AI without being exposed to unnecessary risks. The Assessment List has been revised following a pilot.
European Commission publishes responses to consultation on White Paper on Artificial Intelligence
The European Commission has published a summary report about the responses to its White Paper on AI. More than 1250 responses were received. Most responses supported the actions proposed to build an ecosystem of excellence. Respondents were concerned that using AI can breach fundamental rights or lead to discriminatory outcomes. Opinion was divided on whether new compulsory requirements should be limited to high-risk applications. For AI applications that do not qualify as ‘high-risk’, the White Paper proposes the option of a voluntary labelling scheme, in addition to applicable legislation. The majority of respondents said that they would find such scheme useful. The majority of respondents supported a revision of the existing Product Liability directive to cover particular risks engendered by certain AI applications while a significant group suggested that that national liability rules should also be adapted for all AI applications. Following an in depth analysis of the consultation results as well as a detailed impact assessment, a regulatory proposal will be presented.
Privacy regulators write open letter to video conferencing companies
The Global Privacy Assembly’s International Enforcement Cooperation Working Group has written an open letter to video teleconferencing companies. It reminds them of their obligations to comply with the law and handle information responsibly. The letter also sets out principles such as security and privacy by design to help companies to identify and address key privacy risks. The letter is addressed to all video conferencing companies but copies have been sent directly to Microsoft, Cisco, Zoom, House Party and Google. The letter is signed by authorities in Australia, Gibraltar, Hong Kong, Canada, Switzerland and the UK.
DCMS Committee issues report on impact of COVID-19 on creative sectors
The House of Commons DCMS Select Committee has issued a report on the impact of the pandemic on the creative sector. The report is of interest to tech lawyers because the Committee says that the DCMS should investigate how the market for recorded music is operating in the era of streaming to ensure that music creators are receiving a fair reward. The report also says that The Cultural Renewal Taskforce must co-ordinate cross-sector work on technological solutions for mass gatherings, ensuring the sports and entertainment sectors work together, alongside NHS Test and Trace, to develop a universal, technological solution to enable the safe return of ticket holders to events. In the immediate future, DCMS should work with HM Treasury to develop a data voucher scheme, to give those with limited access to the internet due to financial constraints the ability to access online cultural and physical activity content. The UK government and Ofcom should work with telecommunications companies to facilitate data gifting and wifi sharing. Ofcom’s work on affordability of internet connectivity should also tackle the poverty premium associated with pay-as-you-go mobile services.
Single Digital Gateway Regulation (Revocation) (EU Exit) Regulations 2020
The Single Digital Gateway Regulation (Revocation) (EU Exit) Regulations 2020 SI 2020/793 have been made. Regulation (EU) 2018/1724 establishing a single digital gateway to provide access to information, to procedures, and to assistance and problem-solving services, and amending Regulation (EU) No 1024/2012 (SDGR), is a directly applicable EU Regulation. Certain provisions of the SDGR will constitute retained EU law in accordance with section 3 of the European Union (Withdrawal) Act 2018. The purpose of the Regulations is to revoke those provisions of the SDGR that will constitute retained EU law on and after 31 December 2020, so that the UK is no longer legally bound by the SDGR once the transition period ends. To that end, the Regulations revoke those articles of the SDGR which are in force and apply immediately before 31 December 2020, and would therefore constitute retained EU law. Future obligations (eg applying from 2023) will not constitute retained EU law and so do not need to be revoked.
Ofcom issues best practice guidance treatment of vulnerable customers
Ofcom has issued best practice guidance about measures providers can take to ensure that they treat vulnerable people fairly and that they obtain an appropriate deal for their needs at a fair price. The guidance is not intended to be exhaustive and will be reviewed over time.
More developments on drones at EU level
Commission Delegated Regulation (EU) 2020/1058 of 27 April 2020 has been published in the Official Journal. It introduces the specification for C5 and C6 Unmanned Aircraft Systems and comes into force 20 days after its publication on 20 July.
Separately, EASA has published proposed standards for certification of light drones. The proposed standards, now open for public consultation, are known as Special Condition Light UAS and will be applicable to unmanned aircraft under 600 Kg operated in the specific or certified category in accordance with regulation (EU) 2019 / 947, which comes into force on December 31, 2020. Most drones currently under certification in EASA will adopt this certification basis. Detailed means of compliance will be addressed in a second phase, but, due to the expected variety of products and operational concepts, a strong link will remain with projects and EASA will continue to assess proposals from applicants. The consultation ends on 30 September 2020.
EASA has also published FAQs on European drones regulation.