DCMS announces new Telecoms Security Bill, ICO guidance on collecting customer information, ICO fine for spam texts and more in this week’s round-up of techlaw news from the past week.
DCMS announces new Telecoms Security Bill and Diversification Strategy for UK
The government has announced that it will bring forward a Telecoms Security Bill and is appointing a Taskforce for telecoms. In addition, it will publish its Telecoms Diversification Strategy which aims to address a market failure where mobile companies are limited to using just three major suppliers in their telecoms networks. This restricts choice and poses a risk for the security and resilience of the UK’s future digital networks. The Telecoms Diversification Task Force will provide independent expert advice to the government as it works towards diversifying the network so that telecoms companies do not have to use high-risk vendors like Huawei or rely on individual vendors to supply equipment in their networks. This follows the government’s commitment, informed by advice from the National Cyber Security Centre, to ban the use of new Huawei 5G equipment from the end of this year, and remove all existing Huawei kit from 5G networks by 2027. The forthcoming Telecoms Security Bill will turn these commitments into law after being introduced this autumn and will give new powers to the government to control the presence of high risk equipment suppliers, and to Ofcom to drive up security standards.
ICO publishes guidance for collecting customer information
The Information Commissioner’s Office has published data protection guidance for organisations mandated to collect customer and visitor information. The UK government has made it mandatory for businesses in various sectors in England to collect customer information for the test and trace programme. The Scottish and Welsh governments have also mandated certain organisations to ask for customer and visitor information. The ICO says that this does not need to be complicated and is advising organisations to follow five steps. Organisations must only ask people for the specific information that has been set out in government guidance; they should be clear, open and honest with people about what is being done with their personal information and keep people’s data secure. Organisations should not use open log books, and should ensure their customers’ personal information is kept private; they should not use the personal information collected for contact tracing for other purposes, such as direct marketing, profiling or data analytics; and should erase or dispose of the personal information collected after 21 days. Organisations do not have to ask people for their information if individuals are using a contact tracing app to check into venues. Organisations should not make the use of contact tracing apps mandatory, and should give people options to give their details for contact tracing purposes. It is worth noting that the Irish DPC has issued similar guidance.
ICO fines company sending nuisance texts during pandemic
The Information Commissioner’s Office has fined Digital Growth Experts Limited £60,000 for sending thousands of nuisance marketing texts. DGEL sent the texts, of which 16,190 were received, promoting a hand sanitising product that it claimed to be “effective against coronavirus”. The messages were sent to people who had not consented to receive them. DGEL obtained data scraped from an online marketplace account belonging to its director, as well as obtaining data from social media advertisements which purported to offer free samples and then automatically opted individuals in to receiving direct marketing. Finally, it obtained data from expressions of interest in eBay offers on the director’s account page. The ICO said that DGEL had provided unclear and inconsistent responses to its inquiries, and was unable to provide sufficient evidence that it had the consent required by the Privacy and Electronic Communications Regulations 2003 SI 2003/2426. The ICO has also issued DGEL with an enforcement notice ordering it to comply with the Privacy and Electronic Communications Regulations 2003 within 30 days of receipt of the notice.
European Commission proposes Regulation for the European High Performance Computing Joint Undertaking
The European Commission has proposed a new Regulation for the European High Performance Computing Joint Undertaking to maintain and advance Europe's leading role in supercomputing and quantum computing. Its aims are to support research and innovation activities for new supercomputing technologies, systems and products, as well as foster the necessary skills to use the infrastructure and form the basis for a world-class ecosystem in Europe. The proposal would enable an investment of €8 billion in the next generation of supercomputers which includes exascale supercomputers that will perform more than one billion billion (1018) operations per second; quantum computers and hybrid computers, combining elements of quantum and classical computing, that will be able to perform operations that no supercomputer is currently capable of doing.
European Commission report makes recommendations for transition towards driverless mobility
The European Commission has published a report by an independent group of experts on Ethics of Connected and Automated Vehicles (CAVs). It says that a number of technical, regulatory and societal challenges must be addressed before CAVs can be safely deployed. The report considers questions such as who should be responsible if there is a collision when there is no human driver; how ethical and responsible data sharing by CAVs can be ensured; and whether pedestrians and cyclists are more at risk with CAVs in traffic. The report contains 20 recommendations covering dilemma situations, the creation of a culture of responsibility, and the promotion of data, algorithm and AI literacy.
European Parliament sets up new committee on AI
The European Parliament has set up a new Committee on Artificial Intelligence in a Digital Age. It will analyse the future impact of artificial intelligence in the digital age on the EU economy, in particular on skills, employment, financial technology, education, health, transport, tourism, agriculture, the environment, defence, industry, energy and e-government.
European Parliamentary Research Service issues report on disruption by technology
The European Parliamentary Research Service has issued a report on disruption by technology. It covers the themes of rapid and dramatic change, disruption by technology and converging disruptions. A key section of the report deals with disrupting laws and regulations, focusing on how technological disruption challenges the enactment and implementation of laws and regulations. The current debate on EU rules in areas such as AI, IoT and fintech has prompted reflection on the efficacy of current legal and regulatory frameworks and the exploration of new approaches to define and implement EU rules to govern emerging technologies.
European Parliament issues report on the impact of algorithms for online content filtering or moderation
The European Parliament has issued a report on the impact of algorithms for online content filtering or moderation. The study was commissioned by the European Parliament’s Policy Department for Citizens’ Rights and Constitutional Affairs at the JURI Committee’s request. It introduces automated filtering as an aspect of moderation of use-generated materials. It presents the filtering technologies that are currently deployed to address different kinds of media, such as text, images, or videos. Among other things, the report discusses the main critical issues under the current legal framework and makes proposals for regulation in the context of a future EU Digital Services Act.