ICO publishes position paper on digital certification schemes, UK consults on Highway Code changes for self-driving vehicles, EU to roll out new digital VAT rules and more in this week’s round-up of UK, EU and international techlaw news developments not covered elsewhere on the SCL website.
ICO publishes position paper on digital certification schemes
The ICO has published a position paper on digital certification schemes. It says that inspiring trust and confidence in the public about how their personal data is used in a digital identity system is paramount. It welcomes the opportunity to provide its regulatory advice on how the UK Government’s digital identity and attributes trust framework should address data protection. It has also highlighted that accountability for the way that personal data is processed must be present from the outset. It welcomes the decentralised approach that the framework proposes, which provides a strong foundation for a ‘data protection by design’ approach that must be embedded across the system. It recommends that: robust governance and clear accountability are established; any system is user-centric and boundaries around who controls personal data and how it is used and gathered are clearly established; effective measures are in place to address the data protection risks that relate to data minimisation and purpose limitation; and organisations operating in the trust framework must have appropriate technical and organisational security measures in place to protect the personal data held in the system.
UK government consults on changes to Highway Code for self-driving vehicles
Following a call for evidence, the UK government has set out how vehicles fitted with Automated Lane Keeping System technology could legally be defined as self-driving, as long as they receive GB type approval and that there is no evidence to challenge the vehicle’s ability to self-drive. Designed for use on a motorway in slow traffic, ALKS enables a vehicle to drive itself in a single lane, while maintaining the ability to easily and safely return control to the driver when required. The announcement comes alongside a consultation on the Highway Code rules with the aim of ensuring that the first wave of the ALKS technology is used safely and responsibly. The consultation ends on 28 May 2021.
EU to roll out new VAT rules in July 2021
New VAT rules for e-commerce will be rolled out across the EU in July. The aims are to simplify life for businesses that sell goods online, while ensuring a more level playing field with online companies from outside the EU. These rules will be particularly significant for anyone selling goods online or running an online marketplace. The EU wants to ensure that VAT is paid where goods are consumed or the services paid for are provided; create a uniform VAT regime for cross-border supplies of goods and services; offer businesses a simple system to declare and pay their VAT in the EU, using the (Import) One-Stop Shop portal; and introduce a level playing field between EU businesses and non-EU sellers. As of 1 July, businesses will be able to electronically declare and pay the VAT for all their intra-EU sales in a single quarterly return. The Import One-Stop Shop (IOSS) facilitates the collection, declaration and payment of VAT for sellers that are supplying goods from outside the EU to customers in the EU. In practice, this means that these suppliers and electronic interfaces can collect, declare and directly pay the VAT to the tax authorities of their choice, rather than having the customer pay the import VAT at the time the goods are delivered to them. Finally, the current VAT exemption for packages entering the EU with a value not exceeding €22 will be abolished.
AEPD-EDPS joint paper on ten misunderstandings related to anonymisation published
The AEPD (Spanish data protection authority) and European Data Protection Supervisor (EDPS) have published a joint report on anonymisation. They say that technological developments in recent years have steadily increased the demand for quality data. In this context, both public and private entities are considering anonymisation as a means to share data without harming the fundamental rights of individuals. However, along with its growing popularity, some misconceptions related to anonymisation have become widespread. The objective of the joint paper is to raise awareness about some misunderstandings about anonymisation, and to motivate its readers to check assertions about the technology, rather than accepting them without verification.
EDPS publishes report on EU’s proposals to regulate AI
The EDPS has also published a report on the European Commission’s legislative proposal for an Artificial Intelligence Act. It welcomes and supports the aims to ensure that AI solutions are shaped according to the EU’s values and legal principles. At the same time, the EDPS regrets to see that its earlier calls for a moratorium on the use of remote biometric identification systems - including facial recognition - in publicly accessible spaces have not been addressed by the Commission. The EDPS says that it will continue to advocate for a stricter approach to automated recognition in public spaces of human features - such as of faces but also of gait, fingerprints, DNA, voice, keystrokes and other biometric or behavioural signals - whether these are used in a commercial or administrative context, or for law enforcement purposes. A stricter approach is necessary given that remote biometric identification, where AI may contribute to unprecedented developments, presents extremely high risks of deep and non-democratic intrusion into individuals’ private lives. The EDPS says that it will undertake a meticulous and comprehensive analysis of the proposal to support the EU co-legislators in strengthening the protection of individuals and society at large. In this context, the EDPS will focus in particular on setting precise boundaries for those tools and systems which may present risks for the fundamental rights to data protection and privacy.
EUIPO publishes report on monitoring and analysing social media in relation to IPR infringement report
The EUIPO has published a report on social media and IPR infringements. It says that the growth of e-commerce has been well documented, but how the rise of different technologies and consumer habits has affected IPR infringement on the internet and, in particular, on social media platforms, is not clear. Therefore, EUIPO decided to conduct a study to better understand the volume and frequency of IPR infringement on social media. The study provides a comprehensive picture of the social media uses related to possible IPR infringement activities or promotion; it measures the relative presence of IPR infringement on physical products and digital content on social media compared to genuine products or licit copyright-protected digital content; and it identifies key indicators in order to better recognise IPR infringement business models on social media. The study identified 11% of conversations regarding physical products could be possibly related to counterfeits, and 35% of conversations on digital content could be possibly related to piracy. The social media included in the study are Facebook, Instagram, Reddit and Twitter.
European Parliament adopts rules for quick removal of terrorist content online
A new law to address the dissemination of terrorist content online has been approved by the European Parliament. The new regulation will target content such as texts, images, sound recordings or videos, including live transmissions, that incite, solicit or contribute to terrorist offences, provide instructions for such offences or solicit people to participate in a terrorist group. In line with the definitions of offences included in the Directive on combating terrorism, it will also cover material that provides guidance on how to make and use explosives, firearms and other weapons for terrorist purposes. Hosting service providers will have to remove or disable access to flagged terrorist content in all member states within one hour of receiving a removal order from the competent authority. Member states will adopt rules on penalties, the degree of which will take into account the nature of the breach and the size of company responsible. Content uploaded for educational, journalistic, artistic or research purposes, or used for awareness-raising purposes, will not be considered terrorist content under these new rules. Internet platforms will not have a general obligation to monitor or filter content. However, when competent national authorities have established a hosting service provider is exposed to terrorist content, the company will have to take specific measures to prevent its propagation. It will then be up to the service provider to decide what specific measures to take to prevent this from happening, and there will be no obligation to use automated tools. Companies should publish annual transparency reports on what action they have taken to stop the dissemination of terrorist content. The Regulation will enter into force on the twentieth day following publication in the Official Journal. It will start applying 12 months after its entry into force.
Advertising Standards Authority of Ireland publishes annual report
The ASAI has published its annual report. Among other things it continued its ongoing focus on providing information and guidance to the influencer and blogger industry. As part of this, the ASAI conducted research around consumer sentiment in this area which revealed just over half (51%) of people in Ireland say they are concerned by a lack of transparency in influencer marketing. With transparency being a significant aspect of the ASAI’s brief in seeking to maintain the highest standards in advertising, this statistic demonstrates the level of consumer concern in a growth marketing area. The concept of transparency is one that the ASAI continues to strongly promote amongst advertisers, and particularly in the growth area of influencer marketing.
G7 tech leaders agree new proposals aiming to boost online safety worldwide
Leaders from the UK, Canada, France, Germany, Italy, Japan, the US and EU signed a declaration containing a series of shared principles on how to tackle the global challenge of online safety, including that online firms should have systems and processes in place to reduce illegal and harmful activity and prioritise the protection of children. The principles say that any steps to improve online safety must support the values of open and democratic societies and respect human rights and fundamental freedoms.
ACCC publishes Digital Platform Study
The Australian Competition & Consumer Commission has published its second Digital Platform Services Inquiry interim report. It finds that Apple’s App Store and Google’s Play Store have significant market power in the distribution of mobile apps in Australia, and measures are needed to address this. The ACCC has put forward a series of potential measures in response to its findings, including that consumers be able to rate and review all apps, that consumers have the ability to change any pre-installed default app on their device, that app developers be allowed to provide consumers with information about alternative payment options and that information collected by Apple and Google in their capacity as app marketplace operators be ring-fenced from their other operations. The ACCC will revisit the issues raised in the report during the course of the five-year Digital Platform Services Inquiry and will take into account steps by Apple and Google to address the concerns identified.