EDPB adopts first decision under Article 65 GDPR, European Commission issues third set of reports on disinformation, new NIS Regulations, and more in this week’s round-up of techlaw news from the past week.
EDPB adopts first decision under Article 65 GDPR
The EDPB has adopted by a majority of two thirds of its members its first dispute resolution decision under Article 65 GDPR. The binding decision seeks to address the dispute arisen following a draft decision issued by the Irish supervisory authority as lead supervisory authority regarding Twitter International Company and the subsequent relevant and reasoned objections (RROs) expressed by a number of concerned supervisory authorities (CSAs). The Irish authority issued the draft decision following an own-volition inquiry and investigations into Twitter, after Twitter notified it about a personal data breach on 8 January 2019. In May 2020, the Irish SA shared its draft decision with the CSAs under Article 60 (3) GDPR. The CSAs then had four weeks to submit their RROs. The CSAs issued RROs on the infringements of the GDPR identified by the Irish SA, the role of Twitter as the (sole) data controller, and the level of the proposed fine, but the Irish SA disagreed that the objections were relevant or reasoned. The matter was referred to the EDPB under Article 60 (4) GDPR. On 9 November 2020, the EDPB adopted its binding decision and will notify it formally to the Irish SA. The Irish SA shall adopt its final decision on the basis of the EDPB decision, which will be addressed to the controller, without undue delay and at the latest one month after the EDPB has notified its decision. The Irish SA and CSAs shall notify the EDPB of the date the final decision was notified to the controller. Following this notification, the EDPB will publish its decision on its website.
European Commission issues third set of reports on disinformation
The European Commission has published the third set of reports on actions taken by the signatories of the Code of Practice on Disinformation to fight false and misleading coronavirus-related information. The reports provide an overview of actions taken by the online platforms during the month of September, and demonstrate willingness to provide increased transparency around their policies on coronavirus disinformation. However, the reporting still lacks appropriate granularity in data, including about the impact of their policies, to ensure sufficient transparency and public accountability and enable consistent monitoring. The monthly reporting programme is required under the 10 June 2020 Joint Communication to ensure accountability towards the public of the efforts made by platforms and relevant industry associations to limit online disinformation related to coronavirus. The reports focus on actions taken in September 2020 by the Code's platform signatories, Facebook, Google, Microsoft, Twitter and TikTok. The Commission plans to present two complementary initiatives by the end of the year: a European Democracy Action Plan and a Digital Services Act package.
UK government responds to call for views on amendments to the Network and Information Systems Regulations 2018
In May 2020, the government published its first Post-Implementation Review of the Network and Information System Regulations 2018. Its purpose was to evaluate how effective the NIS Regulations have been in achieving their original objective of improving security standards across critical UK sectors. The government issued a call for evidence in May 2020 and has now published its response with amendments to the draft amended regulations. For example, it has included a new provision setting out limitations to the information that may be shared, in the interest of proportionality and reasonableness. The redrafted regulations also ensure authorities act with reasonableness - the information requested must be pertinent and authorities must have reasonable grounds for requesting it. Inspectors must also act reasonably. Representations must be sought from interested parties before decisions are taken. The authorities must also issue guidance about how penalties will be calculated. The Network and Information Systems (Amendment and Transitional Provision etc) Regulations 2020 SI 2020/1245 have now been made.
Further Ofcom consultation on certain elements of the wholesale fixed telecoms market review
Ofcom has published revised proposals on certain aspects of how it plans to regulate BT’s wholesale services between April 2021 and March 2026. It is a further consultation to proposals published in January and February 2020, which are designed to support competition and investment in faster fibre networks while protecting customers. Having considered responses to its January and February consultations, Ofcom is now re-consulting on some changes to its proposals, including: pricing for physical infrastructure access and single order generic ethernet access; pricing and implementation for dark fibre; and regulatory reporting requirements. The consultation ends on 8 December, and Ofcom says it will publish its final decisions before April 2021 as part of its wholesale fixed telecoms market review statement.
UK government issues Verification of Children Online Phase 2 report
The UK government has issued its VoCO (Verification of Children Online) Phase 2 report. The Verification of Children Online (VoCO) project is a child safety research project that aims to deal with the challenge of knowing which online users are children. The project has brought together children, industry and child safety stakeholders to consider the technical, commercial, legal and behavioural factors that would enable companies to recognise and better protect their child users. It has been a collaboration between DCMS, the Home Office and GCHQ. The report captures the outputs of the second phase of the VoCO project.
European Commission consults on accessible web and digital content for people with disabilities
The Web Accessibility Directive 2016/2102/EU aims to make public-sector websites and mobile applications in the EU more accessible to the public, particularly people with disabilities. It sets standard requirements for web accessibility products and services across the EU with a deadline of 23 September 2020 as the date by which all public sector websites across the EU would have to be accessible for persons with disabilities. The Commission is now seeking feedback on several issues, including the accessibility requirements set out in the Directive and the added value of accessibility statements, the level of accessibility of websites and mobile apps and the impact of the Directive on the availability of public online content. The consultation ends on 8 December 2020.
EUIPO issues report on automated content recognition
The report is the first phase of analysis on automated content recognition (ACR) technologies such as watermarking and fingerprinting. It shows that they are deployed for a very broad range of purposes, which go far beyond the protection or management of IP rights. The technologies are central to a number of business and security applications and to address major societal challenges, such as the spread of terrorist or child abuse content online. This drives major improvements and innovation in the field of ACR, with technologies that are becoming more and more effective at recognising short extracts or elements of a piece of content. Phase 2 of the discussion paper will explore the development and complementary uses of ACR technologies, with five use cases of such technologies to support the protection or management of IP. It should be finalised by the second quarter of 2021 and will aim to contribute to a better understanding of the current and potential impact of ACR technologies on IP.
CAA publishes updated guidance on drones
The CAA has updated its guidance note CAP 722: Unmanned Aircraft System Operations in UK Airspace – Guidance. It is the primary guidance document for the operation of unmanned aircraft systems within the UK. It is intended to assist those who are involved in all aspects of the development and operation of UAS. This edition has been re structured and its content reflects the requirements of the UAS regulations that will apply from 31 December 2020.