ASA report on influencer advertising, ICO says that update is coming for anonymisation guidance, Data adequacy memorandum, Action on nuisance calls, Scottish AI strategy and more in this week’s round-up of UK and EU techlaw developments.
ASA finds ‘unacceptable’ level of influencers correctly labelling ads on Instagram
The ASA has published a report about the results of its monitoring sweep of content posted on Instagram by 122 UK-based influencers, carried out in September 2020. In summary, the ASA found inconsistent disclosure across Stories; inconsistent disclosure across campaigns of Stories, IGTV, Reels, posts, visibility of ad labels; the use of #affiliate or #aff with no additional upfront disclosure (those labels are not likely to be enough on their own to disclose to users the advertising nature of the content); and influencers should not rely on bios or past posts to make it clear to consumers that they are connected to a product. The ASA found that nearly one in four of the Stories it assessed was advertising, but only 35% of them were clearly labelled and obviously identifiable as such. It says that the level of non-compliance is unacceptable. The ASA has contacted all the influencers, as well as a number of brands, and put them on notice that if future spot checks reveal problems, it will take enforcement action.
ICO says that it will update its anonymisation guidance
The ICO has published a blog post in which it outlines its plans to update guidance on the anonymisation and pseudonymisation when sharing data to enhance privacy protection. It plans to explore the following topics: anonymisation and the legal framework – legal, policy and governance issues around the application of anonymisation in the context of data protection law; identifiability – outlining approaches such as the spectrum of identifiability and their application in data sharing scenarios, including guidance on managing re-identification risk, covering concepts such as the ‘reasonably likely’ and ‘motivated intruder’ tests; guidance on pseudonymisation techniques and best practices; accountability and governance requirements in the context of anonymisation and pseudonymisation, including data protection by design and data protection impact assessments; anonymisation and research - how anonymisation and pseudonymisation apply in the context of research; guidance on privacy enhancing technologies and their role in safe data sharing; technological solutions – exploring possible options and best practices for implementation; and data sharing options and case studies.
DCMS and ICO sign data adequacy memorandum
Following the UK’s departure from the EU, the Secretary of State for the Department for Digital, Culture, Media and Sport can make UK data adequacy arrangements with global partners. The statutory process of assessing the adequacy of countries requires consultation with the ICO. The Secretary of State and the Information Commissioner have agreed a Memorandum of Understanding, which recognises the roles and responsibilities of DCMS and the ICO in carrying out adequacy assessments.
Ofcom and ICO publish plan for tackling nuisance calls
Ofcom and the ICO have outlined a joint plan for tackling nuisance and scam calls for 2021/2022. Ofcom and the ICO saw complaints about nuisance calls and messages fall in 2020. However, both also noted a surge in complaints from September/October to December 2020 compared to the same period in 2019. In May 2020 they set key areas of focus in tackling nuisance calls, including: taking targeted action against people or companies that are not following the ICO’s and Ofcom’s rules; raising awareness of and tackling Covid-19 scams and continuing to support the work of Stop Scams UK; working with telecoms companies to improve how they disrupt and prevent nuisance calls, by reviewing solutions made available to customers; working with other regulators and enforcement agencies to identify new opportunities to prevent nuisance calls and scams; and sharing intelligence with others, including international partners and enforcement agencies. The update reports on the progress made in each of the areas over the past year. In the year ahead, Ofcom and the ICO will continue to take action on these five key areas and in 2022 will publish an update on their progress.
Scotland’s AI strategy published
Digital Scotland has published Scotland AI’s Strategy, which sets out measures to help Scotland become a leader in the development and use of ‘trustworthy, ethical and inclusive AI’. The AI strategy forms part of Scotland’s digital strategy.
Council adopts conclusions on the EU's cybersecurity strategy
The Council has adopted conclusions on the EU's cybersecurity strategy for the digital decade. The strategy was presented by the European Commission and the high representative for foreign affairs in December 2020. It outlines the framework for EU action to protect EU citizens and businesses from cyber threats, promote secure information systems and protect a global, open, free and secure cyberspace. The Council’s conclusions note that cybersecurity is essential for building a resilient, green and digital Europe. They say that a key objective is achieving strategic autonomy while preserving an open economy. This includes reinforcing the ability to make autonomous choices in the area of cybersecurity, with the aim being to strengthen the EU's digital leadership and strategic capacities. In its conclusions, the Council highlights a number of areas for action in the coming years. To ensure the development, implementation and monitoring of the proposals presented in the cybersecurity strategy, the Council encourages the Commission and the high representative to establish a detailed implementation plan. The Council will also monitor the progress in the implementation of the conclusions through an action plan which will be regularly reviewed and updated.
MEPs highlight the potential of the data economy for jobs
MEPs have adopted a report saying that the EU should tap into increasing volumes of data as a source of growth and innovation. The report says that for European businesses, universities and research to be globally competitive, an EU-wide strategy that enables the free flow of data within the EU is needed. Further, a data society must be set up that is built on rights and EU values such as privacy, transparency and respect of fundamental rights, leading to better and automated real-time services, sustainable growth and high-quality jobs. Individuals should have full control over their data and be empowered to take decisions about it. The free flow of data in Europe must remain the founding principle in future policies, and this will involve challenges related to data quality, bias, protection and security or unfair trading conditions, which will have to be addressed. The report is a response to the European Commission’s communication on a European strategy for data, which aims to create single market for data that will ensure Europe’s global competitiveness and data sovereignty.