Various Brexit regulations laid, DPC guidance on employer vehicle tracking, EDPB guidance and more in this week’s round-up of techlaw news from the past week.
Draft Electronic Communications and Wireless Telegraphy (Amendment) (European Electronic Communications Code and EU Exit) Regulations 2020 laid
The Regulations implement the EECC Directive (EU) 2018/1972 establishing the European Electronic Communications Code. Part 1 of Schedule 1 contains amendments of the Communications Act 2003 implementing the EECC Directive. The amendments relate to very high capacity networks; network access; end-user rights and bundled contracts; universal service obligations and social tariffs; and commitments that may be entered into by the provider of a public electronic communications network to address competition problems. Part 3 of Schedule 1 contains amendments of the Wireless Telegraphy Act 2006 implementing the EECC Directive, including amendments relating to the efficient use of the radio spectrum. Part 1 of Schedule 2 contains related amendments of subordinate legislation.
Draft Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2020 laid
The Draft Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2020 have been laid. They amend the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (SI 2019/419) which amend legislation relating to the processing of personal data, in particular in connection with the UK’s departure from the EU. In particular, they make changes following the adequacy decision made by the European Commission in relation to Japan and the decision in Schrems that the Privacy Shield decision is invalid. They also make changes relating to binding corporate rules.
Irish DPC issues guidance on employer vehicle tracking
The Irish Data Protection Commission has issued guidance on employer vehicle tracking. The DPC says that employees are entitled to a reasonable expectation of privacy in the workplace established by Article 8 of the European Convention of Human Rights and confirmed by recent case law in the European Court of Human Rights. The use of in-vehicle tracking by an employer carries a high risk of interfering with the privacy and data protection rights of the employee. The GDPR and Data Protection Act 2018 regulate how personal data may be processed. In the context of in-vehicle tracking, the DPC says that it is important to remember that location data qualifies as personal data under the GDPR any time it relates to an identifiable individual. It is therefore important to note that an employer using vehicle tracking is not just collecting data about the vehicle but also the personal data of individual employee using that vehicle, such as location data or potentially even behavioural data about the employee. So that in-vehicle tracking is lawful under the GDPR, strict requirements must be met by the employer. Vehicle tracking should not be used for the general monitoring of staff. The legitimate aim of using such technology may be to track or monitor the location of the vehicles used in an employment context, but it is important to note that employers should not regard vehicle tracking as a method to track or monitor the behaviour or the whereabouts of drivers or other staff.
EDPB adopts guidelines on concept of relevant and reasoned objection
During its 39th plenary session, the EDPB adopted guidelines on the concept of relevant and reasoned objection. The guidelines aim to contribute to a unified interpretation of the concept, which will help streamline future Article 65 GDPR procedures. Within the cooperation mechanism set out by the GDPR, the supervisory authorities have a duty to “exchange all relevant information with each other” and cooperate “in an endeavour to reach consensus”. Under Articles 60(3) and (4), the lead supervisory authority is required to submit a draft decision to the concerned supervisory authorities, which may then raise a relevant and reasoned objection within a specific timeframe. Upon receipt of a relevant and reasoned objection, the lead supervisory authority has two options. If it does not follow the relevant and reasoned objection or is of the opinion that the objection is not reasoned or relevant, it shall submit the matter to the Board within the consistency mechanism (Article 65). If the lead supervisory authority, on the contrary, follows the objection and issues the revised draft decision, the concerned authorities may express a relevant and reasoned objection on the revised draft decision within a period of two weeks. The guidelines aim to establish a common understanding of ‘relevant and reasoned’, including what should be taken into consideration when assessing whether an objection “clearly demonstrates the significance of the risks posed by the draft decision” (Article 4(24)).
Bank of England and FCA Artificial Intelligence Public Private Forum launched
The Artificial Intelligence Public-Private Forum has been launched. The purpose of the forum is to further dialogue between the public and private sectors to better understand the use and impact of AI in financial services. The forum is expected to run for one year and meet quarterly. It will focus on three areas: data; model risk management; and governance. It says that in terms of the regulatory challenges, policy thinking in this arena is also evolving rapidly. However, the existing regulatory landscape is somewhat fragmented when it comes to AI, with different pieces of regulation applying to different aspects of the AI pipeline, from data through model risk to governance. Policy must strike a balance between high-level principles and a more rules-based approach. Policy initiatives also need to be future-proofed in a fast-changing field.
Central Banks report on digital currencies
Seven central banks (including the Bank of England and the European Central Bank) and the Bank for International Settlements have published a report identifying the foundational principles necessary for any publicly available digital currencies to help central banks meet their public policy objectives. The report highlights three key principles for a digital currency: coexistence with cash and other types of money in a flexible and innovative payment system; any introduction should support wider policy objectives and do no harm to monetary and financial stability; and features should promote innovation and efficiency. The group of central banks will continue to work together on digital currencies, without prejudging any decision on whether or not to introduce digital currencies in their jurisdictions. The group has identified the core features, which must be: resilient and secure to maintain operational integrity; convenient and available at very low or no cost to end users; underpinned by appropriate standards a clear legal framework; and have an appropriate role for the private sector, as well as promoting competition and innovation. Further development requires a commitment to practical policy analysis and applied technical experimentation. While this has already started, the speed of innovation in payments and money-related technologies requires the prioritisation of collaborative experimentation. Activities will include exploring other issues, the challenges of cross-border payments, as well as continuing outreach domestically and with other central banks to foster informed dialogue on key issues.
Law Society consults on lawtech and the rule of law
Earlier this year, the Law Society conducted research about how lawtech solutions are designed, developed, used and/or procured and the related ethical considerations. All participants agreed that the design, development, procurement and use of lawtech raise ethical questions or concerns. Therefore, the Law Society is now seeking views on whether the development of lawtech principles would provide benefits (such as legal certainty and mutual understanding) to the legal services sector, lawtech developers and the UK jurisdiction. If so, it asks what those principles should cover. It also asks if there are existing principles or standards: (i) in the UK in other relevant sectors or (ii) internationally, that the UK should consider adopting. Finally, it asks if the current SRA Standards and Regulations enable effective and compliant design and procurement of lawtech. Responses are requested by 17 November 2020.
DCMS Committee examine impact of streaming on future of the music industry
The House of Commons DCMS Select Committee has launched an inquiry to examine the economic impact that music streaming is having on artists, record labels and the sustainability of the wider music industry. Streaming currently accounting for more than half of the global music industry’s revenue. The inquiry will look at the business models operated by platforms such as Spotify, Apple Music, Amazon Music and Google Play. Music streaming in the UK brings in more than £1 billion in revenue with 114 billion music streams in the last year. However, artists can be paid as little as 13% of the income generated. The Committee will also consider whether the UK government should be taking action to protect the industry from piracy in the wake of steps taken by the EU on copyright and intellectual property rights. Responses are requested by 16 November 2020.
BEREC publishes guidance notes and consultation on work programme
The Body of European Regulators for Electronic Communications (BEREC) has published its updated guidelines on Intra-EU communications. The guidance covers the scope of the regulation, price caps on intra-EU communications, alternative tariffs, changes in currencies other than the Euro, value-added services, sustainability and monitoring by national regulatory authorities. It has also published guidance for national regulatory authorities about very high capacity networks. Further, it has responded to the European Commission’s consultation on the revision of the European Commission’s access recommendations. It has also published two consultations on its work programme and on its guidance on geographical surveys of network deployments. Both consultations end on 5 November 2020.