ICO fines Just Hype, UK government publishes response to AI select committee report, Royal Society publishes report on vaccine passports and more in this week’s round-up of UK and EU techlaw developments.
ICO fines Just Hype £60,000 for spam text messages
The Information Commissioner's Office has issued a monetary penalty notice of £60,000 to Just Hype Ltd for sending SMS marketing messages without adequate consent or soft opt-in in breach of the Privacy and Electronic Communications (EC Directive) Regulations 2003 SI 2003/2426.
UK government responds to the House of Lords Select Committee on Artificial Intelligence
The UK government has published its response to the December 2020 report by the House of Lords Select Committee on AI. The government says that it is grateful for the report and is following up on progress made against the recommendations. In particular, the government welcomes the positive re?ections in the report, but also takes seriously its message that there is no room for complacency. It says that the committee’s messaging is echoed in the AI Council’s Roadmap, the recommendations of which the government is now considering. The government says that it is strongly committed to delivering on the power and promise of AI, including working with the AI Council to embed the recommendations of their AI Roadmap. However, it accepts that there is still much to do. The government’s approach needs to focus on establishing the right arrangements between institutions: across government and the public sector, between regulators, and with academia and industry.
Royal Society outlines twelve challenges for vaccine passports
A COVID-19 vaccine passport is feasible but not all the pieces are in place to allow one to be effectively delivered yet, according to the Royal Society. A report published by the SET-C (Science in Emergencies Tasking: COVID-19) group outlines 12 criteria that should be satisfied to deliver an effective vaccine passport. The report highlights key challenges such as the need for more information on the efficacy of vaccines in preventing infection and transmission by the currently circulating viruses, including genetic variants and the duration of protective immunity in order to establish how long a passport might be valid. Other issues highlighted include the technical opportunities and challenges of having systems that can work seamlessly with each other and the need to meet legal and ethical standards.
UK government rejects plans for legislation on representative action under DPA 2018
The DCMS has issued a response from the government to the call for views and evidence on the operation of the ‘representative’ action provisions of the Data Protection Act 2018. Having considered the evidence, the government has concluded that there is not a strong enough case for introducing new legislation. The ICO is one of the biggest data protection regulators in Europe and has a wide range of investigatory and enforcement powers that were significantly strengthened by provisions in the Data Protection Act 2018. Although the government accepts that some groups in society might find it difficult to complain to the ICO or bring legal proceedings of their own accord, there is no strong evidence to suggest the ICO cannot or will not investigate serious, singular breaches of the legislation or systemic failings across whole sectors. Much of the ICO’s current regulatory activity, including the development of the Age Appropriate Design Code, is focused on ensuring that high risk processing activities which can have an impact on children or vulnerable people are carried out fairly, lawfully and transparently. The government is sympathetic to views of business groups who have said that new legislation could increase uncertainty for data controllers. It is also mindful of the potential impact of new legislation on the workload of the ICO and the courts. The government is not convinced that any perceived benefits of new legislation would outweigh these risks.
UK government launches rapid review into use of health data for research and analysis
The UK government has launched a new review which will focus on the more efficient and safe use of health data for research and analysis for the benefit of patients and the healthcare sector. The review will complement the forthcoming Data Strategy for Health and Social Care which will set the direction for the use of data in a post-pandemic healthcare system. The Secretary of State for Health and Social Care has asked Dr Ben Goldacre to undertake the rapid review and report his findings in April.
Irish DPC issues guidance on CCTV, Discovery and Access Requests
The Irish Data Protection Commission has issued guidance following the High Court decision in Dudgeon v Supermacs Ireland Ltd  IEHC 600. The court ruled that a restaurant was not obliged to disclose CCTV recordings of an incident to a person identifiable on the recording and who claimed damages for injuries resulting from that incident. The decision has prompted discussion of how it may affect access requests under Article 15 of the GDPR and Section 91 of the Data Protection Act 2018, specifically CCTV recordings. The decision in this case was based on the law concerning discovery and was not in reference to or related to data protection rights. The right to request access to personal data applies whether an individual is involved in litigation or not. For that reason, unless a restriction under the GDPR or relevant data protection legislation can be relied upon, a data controller is still required to fulfil access requests in relation to CCTV footage.
Fighting child sexual abuse: detection, removal and reporting of illegal content online
In July 2020, the European Commission published the EU Strategy for a more effective fight against child sexual abuse. In particular, the Commission committed in the Strategy to: propose the necessary legislation to tackle child sexual abuse online effectively including by requiring relevant online services providers to detect known child sexual abuse material and require them to report that material to public authorities; and start working towards the possible creation of a European centre to prevent and counter child sexual abuse, based on a thorough study and impact assessment. The Commission is now consulting is to gather the necessary evidence about the above initiatives, as part of the consultation activities that the related inception impact assessment announced in December 2020. The consultation ends on 15 April 2021.
MEPs scrutinise Digital Services Act and Digital Markets Act
The European Parliament Internal Market and Economic Affairs Committees have discussed the Digital Services Act and the Digital Markets Act. The aim of the legislation is to create a single European rulebook to tackle various challenges currently faced with online platforms from hate speech, disinformation and election manipulation to the sale of dangerous and counterfeit products and unfair market access of SMEs. MEPs concentrated their comments on consumer protection, scrutinising the options to curb the power and control of big tech, including their access and use of people’s personal data, for example for targeted advertising, and ways to guarantee product safety, including the question of limited liability of platforms for the quality of products sold. They also discussed issues such as interoperability to enhance competition, algorithm transparency, and acquisitions and mergers in the digital sector. The Economic and Monetary Affairs committee focused on how the draft legislation would help protect competition in the EU, by speedily tackling the monopolistic nature of the digital sector and its fast evolving environment. MEPs expressed some doubts that the rules would allow the Commission to act decisively and quickly enough, or that the penalties envisaged were consistent enough. Numerous MEPs also raised fears over who would be controlling the ‘gatekeepers’. Some said that the legislation proposed risked not being enough to do this whereas others said that the legislation was simply giving gatekeepers too much leeway.
European Commission proposes to extend free roaming in EU to 2032
The European Commission has published a new draft Roaming Regulation which would aim to ensure that roaming without additional charges continues after the current rules expire in 2022. It would also adjust the maximum wholesale charges to ensure sustainability of the provision of retail roaming services at domestic prices, introducing new measures to increase transparency and ensuring a genuine ‘roam-like-at-home’ experience in terms of quality of service and access to emergency services while roaming.