Law Commission extends call for evidence on smart contracts, DCMS Select Committee launches inquiry on impact of influencers, HMRC issues updated cryptoassets manual, Research paper on loot boxes and gambling published, Phone-paid Services Authority consultation on new code of practice and more in this week’s round-up of UK and EU techlaw developments.
Law Commission extends call for evidence on smart contracts
The Law Commission has extended the deadline for responses to its call for evidence on smart contracts from 31 March 2021 to 15 April 2021. The Law Commission’s call for evidence aims to ensure that the technology of smart contracts can thrive in England and Wales. The call for evidence forms part of its projects on smart contracts and cryptoassets.
DCMS Select Committee launches inquiry on impact of influencers
The House of Commons Digital, Culture Media and Sport Select Committee has launched an inquiry which will examine the power of influencers on social media. It will cover how influencer culture operates, and will consider what it calls the absence of regulation on the promotion of products or services, aside from the existing policies of individual platforms. A recent investigation by the Advertising Standards Authority found that more than three-quarters of influencers "buried their disclosures within their posts". The inquiry will also assess influencer impact when it comes to media and popular culture as well as the positive role they can play, such as raising awareness for a campaign addressing vaccine hesitancy among people from ethnic minority backgrounds. The inquiry ends on 7 May 2021.
HMRC issues updated cryptoassets manual
HMRC has issued an updated cryptoassets manual. The aim of this manual is to help people understand the tax implications that can arise from transactions involving cryptoassets. It is written for HMRC staff but may also assist tech lawyers in understanding HMRC’s interpretation of the law as it relates to cryptoassets as at the date of publication. The terminology, types of coins, tokens and transactions can vary. The tax treatment of cryptoassets continues to develop due to the evolving nature of the underlying technology and the areas in which cryptoassets are used. As such, the facts of each case need to be established before applying the relevant tax provisions according to what has actually taken place (rather than by reference to terminology). HMRC’s views may evolve further as the sector develops and HMRC may publish amended or supplementary guidance accordingly.
Research paper published on loot boxes linking them to problem gambling
Loot boxes are purchasable video game content with randomised rewards. Due to structural and psychological similarities with gambling, they have come under increasing media, academic and legal scrutiny. The UK government is currently reviewing evidence on loot boxes, which is being considered in the review of the Gambling Act 2005. A report commissioned by Gambleaware has now been published following a collaboration between the University of Wolverhampton and the University of Plymouth. It aims to inform future UK policy on loot boxes with a robust, evidence-based approach. Any legislation regulating loot boxes will require careful consideration. Drawing from experiences in other jurisdictions, it sets out a series of recommendations for future policy. Prospective policy should include provisions for clear definitions of loot boxes, game labelling and age ratings, full disclosure of odds presented in an easy-to-understand way, spending limits and prices in real currency, and finally, obligations of gatekeepers (ie developers, distributors and content providers) for the trade they enable and profit from. The report also warns that in the rapidly evolving world of video gaming, legislation against loot boxes is liable to be quickly rendered anachronistic. Longer-term mitigation of risk – from the potential dangers of a broad range of psychological nudges, potentially liable to cause unsustainable levels of spending in vulnerable individuals – will require increased provision for consumer protection, child-focused data protection policies, more research, and educational packages that mitigate against these dangers and harms.
Phone-paid Services Authority consults on new Code of Practice
The Phone-paid Services Authority has launched a consultation on a new Code of Practice. The proposed Code intends to introduce standards in place of outcomes, focus on the prevention of harm, be simpler and easier to comply with and be underpinned by effective and efficient enforcement. The consultation document sets out the context to the draft Code of Practice and seeks feedback and comments from consumers, industry and other stakeholders. The consultation ends on 5 July 2021.
EU and international law
EU data protection authorities adopt joint opinion on the Digital Green Certificate Proposals
The European Data Protection Board and the European Data Protection Supervisor have adopted a joint opinion on EU proposals for a Digital Green Certificate. The Digital Green Certificate aims to facilitate the right to free movement within the EU during the COVID-19 pandemic by establishing a common framework for the issuance, verification and acceptance of interoperable COVID-19 vaccination, testing and recovery certificates. The Opinion states that co-legislators should ensure that the Digital Green Certificate is fully in line with EU personal data protection legislation. They highlight the need to mitigate the risks to fundamental rights of EU citizens and residents that may result from issuing the Digital Green Certificate, including its possible unintended secondary uses. They emphasise that the use of the Digital Green Certificate may not, in any way, result in direct or indirect discrimination of individuals, and must be fully in line with the fundamental principles of necessity, proportionality and effectiveness. A comprehensive legal framework should uphold those principles. The EDPB and the EDPS reiterate that currently there seems to be little scientific evidence as to whether having received the COVID-19 vaccine (or having recovered from COVID-19) grants immunity, and, by extension, how long such immunity may last, although scientific evidence is growing daily. Moreover, a number of factors are still unknown regarding the efficacy of the vaccination in reducing transmission. The Proposal should set out clear and precise rules governing the scope and application of the Digital Green Certificate and impose appropriate safeguards. This will allow individuals, whose personal data is affected, to have sufficient guarantees that they will be protected, in an effective way, against the risk of potential discrimination. It must expressly provide that access to and subsequent use of individuals’ data by EU member states once the pandemic has ended is not permitted and the Regulation must be strictly limited to the current situation. The Opinion includes specific recommendations for further clarifications on the categories of data affected by the proposal, data storage, transparency obligations and identification of controllers and processors for the processing of personal data.
IAB Europe announces OBA Framework has officially been withdrawn
IAB Europe has announced the formal withdrawal of the “IAB Europe EU Framework for Online Behavioural Advertising” or “OBA Framework”, originally published in 2011. This follows a review of the Framework in light of the changes brought to EU data protection law by the adoption of the GDPR. The requirements of the law now go beyond the functionality that it prescribes. Due to its lack of alignment to the updated legal landscape, if it continued to remain “in circulation”, the OBA Framework would cause confusion in the market.
European Commission issues call for feedback about dissemination of disinformation
The European Commission has issued a call for feedback about its Code of Practice on Disinformation. An evaluation of the Code in June 2020 found that the Code needs to be strengthened and effectively monitored to fight against disinformation. After feedback has been received, the Commission has plans to release official guidance to accompany the Code. The guidance aims to tackle the spread of false and misleading advertising, reduce financial incentives for those spreading disinformation, and increase transparency among political and issue-based messaging. The feedback period will end on 29 April 2021.
European Parliament adopts resolution on Commission's evaluation report on implementation of GDPR
The European Parliament has adopted a resolution about the GDPR. The resolution states that the regulation has been an overall success, and agrees with the European Commission that it is not necessary at this stage to update or review the legislation. However, it does have some criticisms. It points out that some controllers try to rely on all six lawful bases under Article 6(1) without setting out the specifics. Controllers often misuse the legitimate interest basis because they do not analyse the balance of interests. The European Parliament also expresses concern about the uneven and sometimes non-existent enforcement of the GDPR by supervisory authorities, even though two years have passed since it started to apply. Finally, the resolution points out that some organisations are breaching their obligation to comply with Article 12(1) because they do not provide relevant information about data sharing and do not use simple and accessible language in privacy notices. MEPS say that this is especially important in relation to online access by children.
ICANN org publishes response on the proposed DSA regulation
The Internet Corporation for Assigned Names and Numbers has submitted feedback on the proposed Digital Services Act (DSA) regulation. The DSA is a legislative initiative launched in response to growing concern over the roles and responsibilities of online platforms. Once adopted, it will introduce obligations concerning illegal content that will apply to digital services providers that offer services in Europe, regardless of whether they are established in Europe. The proposal also attempts to clarify the rules for the conditional exemption from liability. Domain Name System (DNS) service providers are in scope. ICANN highlights that the proposed DSA, in its current form, is not sufficiently specific with regard to the scope of applicability to DNS services. According to ICANN, it is unclear which DNS services are targeted and whether they would fall under the general scope of application of the DSA, because DNS services are not clearly within one of the three intermediary services categories of the DSA (namely, "mere conduit," "caching," and "hosting" services). In turn, concerns arise as to the liability exemption for third-party content foreseen in the DSA when it comes to DNS services.