EDPS Schrems II strategy, ICO fine for claims management company, COVID committee inquiry on digitalisation and more in this week’s round-up of techlaw news from the past week.
Strategy published by EDPS for EU institutions to comply with “Schrems II” ruling
The European Data Protection Supervisor has issued a strategic document aiming to monitor compliance of European institutions, bodies, offices and agencies with the Schrems II ruling in relation to transfers of personal data to third countries, especially the US. The goal is that ongoing and future international transfers are carried out in accordance with EU data protection law. The EDPS says that the ruling has far-reaching consequences on all legal tools used to transfer personal data from the EEA to any third country, including transfers between public authorities. While the strategy aims to bring all transfers into compliance with the ruling in the medium term, the EDPS has identified two priorities to address in the short-term: ongoing controller to processor contracts and/or processor to sub-processor contracts involving transfers of data to third countries, with a particular emphasis on those carried out to the US. It is in this context that the EDPS has developed an action plan to streamline compliance and enforcement measures, distinguishing between short-term and medium-term compliance actions. As the strategy continues to be implemented, the EDPS strongly encourages EU institutions to avoid transfers of personal data to the US for new processing operations or new contracts with service providers.
ICO fines claims management company fined £250,000 for making millions of nuisance calls
The ICO has fined a claims management company £250,000 after it broke regulation 21A of the Privacy and Electronic Communications Regulations 2003 SI 2003/246. The ICO found that over a six month period, the company made 15.1 million calls in relation to claims management services such as mis-sold PPI. All of the calls, of which 1.1 million connected, were made to people who had not consented to receive them. People complained to the ICO about the persistent calls they were receiving multiple times a day. A number noted the aggressive and rude nature of the callers and highlighted the distress it was causing them. During the ICO’s investigation, the company was unable to provide evidence of consent for the majority of calls it made. Where it did provide evidence, for data that it had purchased in the previous 30 days, the consent was found to have not been freely given, specific or informed. The company also argued that it was not aware of its responsibilities under the law. The law banning unsolicited calls for direct marketing purposes in relation to claims management services came into force on 8 September 2018.
CJEU holds that an emailing of a copyright work to court is not a communication to the public
The CJEU has ruled in BY v CX (Case C-637/19) that there was no communication or distribution to the public under the Copyright Directive (2001/29/EC) where a party to proceedings emailed a court copyrighted material as evidence. The question had arisen in the context of Swedish judicial proceedings where CX sent, as evidence, an email to the court with a copy of a web page including a photograph. BY argued that this infringed their copyright in the photograph. The court considered the case law and said that because the photograph was sent electronically, it was a "communication to the public" rather than a "distribution to the public". However, the meaning of "public" in this context meant an indeterminate number of potential recipients, and implied moreover, a fairly large number of people. It said that a communication such as that at issue in the main proceedings must be regarded as referring to a clearly defined and closed group of persons holding public service functions within a court, and not to an indeterminate number of potential recipients. In those circumstances, it must be held that the transmission by electronic means of a protected work to a court, as evidence in legal proceedings between individuals, could not be regarded as a ‘communication to the public’ under meaning of Article 3(1) of the Copyright Directive.
Ofcom issues statement on implementation of the new European Electronic Communications Code
Ofcom is putting in place a package of measures that protect broadband, mobile, pay TV and landline customers. The changes implement the EEEC. In July 2020, the UK government set out in July how it will reflect these changes in UK law, and confirmed that Ofcom should implement the customer protections in full. Ofcom will ban mobile providers from selling ‘locked’ devices. It also plans to make broadband switching easier and more reliable, with changes coming into force in December 2022. A consumer’s new broadband provider will lead the switch and offer a seamless switching experience. This is regardless of whether they are moving across different fixed networks or between providers that use the same fixed network, but connect customers using different technologies. Any loss of service that occurs during a switch must not be longer than one working day and providers must compensate customers if things go wrong. Ofcom will also ban notice period charges beyond the switch date for residential customers switching their fixed services. Ofcom will also require better contract information and stronger rights to exit as well as ensuring disabled customers have equivalent access to information about their communications services. Any customer who needs accessible formats to be used because of their disabilities will be able to request communications be sent in a format that meets their needs (such as in braille). This includes any communications about their service (except for marketing materials), such as price changes or payment reminders. This will come into force in December 2021.
European Commission consults on inception impact assessment
The European Commission has published its inception impact assessment of policy options for a potential revision of the Vertical Agreements Block Exemption Regulation 330/2010, which will expire on 31 May 2022. The Regulation exempts agreements between different levels of the same supply chain from the EU’s competition rules. Following the growth in digital commerce, the initiative aims to revise the rules to provide up-to-date guidance and cater for business needs in accordance with competition rules. The aim is to have revised rules in place for when the current rules expire. The consultation on the impact assessment ends on 20 November 2020. In the course of next year, the Commission will also publish a draft of the revised rules for comments.
Gambling Commission consults on stronger protections for consumers when gambling online
The Gambling Commission has issued a consultation and call for evidence on reducing harm to consumers online. It says that although remote gambling operators have the capability to identify customers who may be at risk of harm from gambling, it has evidence that they are not doing enough. As a result it is consulting on stricter requirements, as it wants minimum standards implemented consistently across the industry. Gambling operators should act if thy know that a consumer is vulnerable and they should carry out affordability assessments based on Commission thresholds. The consultation covers what the thresholds for those affordability assessments should be, the nature of those affordability assessments and how operators are required to protect consumers following an assessment. The consultation ends on 12 January 2021.
COVID-19 Committee launches its new inquiry on the impact of digitalisation
The Committee is seeking evidence on how a rapidly increasing reliance on digital technology, accelerated by the pandemic, may have an impact on wellbeing. The Committee is particularly interested in hearing about the impact of digitalisation on four key drivers of wellbeing: physical health, mental health, social interaction and quality of working life. The closing date for written submissions is 11 December.