McAfee extends refund rights for UK consumers, CMA welcomes Tribunal judgment in Sabre tech merger case, Legislation laid to enable British spaceports, ICO blog posts on the Children’s Code, and more in this week’s round-up of UK and EU techlaw news developments not covered elsewhere on the SCL website.
McAfee extends refund rights for UK consumers
McAfee, a leading supplier of anti-virus software, has extended its refund rights for all customers whose contracts have auto-renewed. The changes are due to the CMA’s investigation into the anti-virus software sector. They include McAfee ensuring that customers whose contract auto-renews for another year will be able to end their contract and seek a refund for the remaining months. In addition, the new refund right will be backdated for people who were previously refused a refund in 2020. The process for turning off auto-renewal will be made more straightforward for customers in the future. It will provide clearer information upfront on pricing, for example by making clear that the auto-renewal price in the second year is higher than the price paid when the anti-virus product was first purchased. McAfee will also locate important information about how to turn off automatic renewal and obtain a refund more prominently on its website and in emails sent to customers. The investigation into the sector was launched in response to the loyalty penalty ‘super-complaint’ from Citizens Advice about long term customers overpaying for key services. This raised concerns that some anti-virus software companies’ terms and practices may be unfair and could result in UK customers paying for services they no longer want or need.
CMA welcomes Tribunal judgment in Sabre software merger case
The CMA has welcomed a Competition Appeal Tribunal judgment dismissing Sabre’s challenge of the CMA’s decision to block its proposed acquisition of Farelogix. The judgment endorses the approach to the share of supply test, on which the CMA relied to find jurisdiction to assess the merger. In particular, the Tribunal confirmed that the application of the share of supply test is a matter of judgement for the CMA and it has a broad discretion in determining the criteria used. Sabre and Farelogix supply software solutions which help airlines to sell flights via travel agents including those that operate online. Their IT solutions enable airlines to create add-ons to tickets sold through travel agents such as seats with extra leg room, WiFi and meals. Additionally, the two companies offer services to help airlines connect with passengers via travel agents. On 9 April 2020, the CMA published a report blocking Sabre’s proposed acquisition of Farelogix after finding the deal could result in less innovation in their services, leading to fewer new features that may be released more slowly. Fees for certain products might also go up. As a result, airlines, travel agents and UK passengers would be worse off. In particular, the CMA was concerned that UK passengers would miss out on the benefits of continued innovation and greater choice in and control over their travel experiences.
Legislation laid to enable British spaceports
Developed with the UK Space Agency and the Civil Aviation Authority, new regulations have bene laid in the UK Parliament. The regulations include the Space Industry (Appeals) Regulations 2021, Spaceflight Activities (Investigation of Spaceflight Accidents) Regulations 2021 and the The Space Industry Regulations 2021.They aim to make it possible for satellites and rockets to launch from the UK with spaceports planned for Cornwall, Wales and Scotland. The legislation will come into force this summer.
ICO launches blog series on compliance with Children’s Code standards
The ICO has announced a new blog series in which the ICO plans to explain the 15 standards set out in the Children’s Code, to help organisations comply with the Code. The first blog explores the Data Protection Impact Assessments (DPIAs) standard, which requires all organisations covered by the Children’s Code to carry out a DPIA to mitigate data protection risks to any children likely to access the organisation’s service. The ICO has advised organisations to publish their completed DPIA to fortify public confidence. The second blog post discusses the ICO’s practical guidance to help designers, and work with the design community to identify the support they need to conform with the Code, test its guidance and get feedback from key stakeholders and run events with the design community to share the new guidance and gather more feedback. This is a new approach for the ICO and it hopes to create more practical guidance, which is relevant for industry needs, as a result.
European Parliament and Council reach agreement on Commission vaccine passport proposal
The Commission has welcomed the provisional political agreement between the European Parliament and the Council on the Regulation governing the EU Digital COVID Certificate. This means that the certificate (previously called the Digital Green Certificate) should be ready by the end of June. Following the agreement, the EU Digital COVID Certificate will cover vaccination, test and recovery; will be available in a digital and paper-based format, depending on the choice of the recipients, and contain a digitally signed QR code. It will also be free of charge, be obtained easily and will also be available to those vaccinated before the EU Digital COVID Certificate Regulation entered into force; and it may also be used by member states for national purposes, if this is provided for in national law. Member states should not impose additional travel restrictions on the holders of an EU Digital COVID Certificate, unless they are necessary and proportionate to safeguard public health. The political agreement will now have to be formally adopted by the European Parliament and the Council. The Regulation will enter into force on 1 July, with a phasing-in period of six weeks for the supply of certificates for those member states that need additional time.
Cyber-attacks: Council extends framework for sanctions for another year
The Council of the European Union has decided to extend the framework for restrictive measures against cyber-attacks threatening the EU or its member states until 18 May 2022. Under the framework, the EU can impose targeted restrictive measures on persons or entities involved in cyber-attacks which cause a significant impact, and constitute an external threat to the EU or its member states. Restrictive measures can also be imposed in response to cyber-attacks against third states or international organisations where such measures are considered necessary to achieve the objectives of the Common Foreign and Security Policy (CFSP). Sanctions currently apply to eight individuals and four entities, and include an asset freeze and a travel ban. Additionally, EU persons and entities are forbidden from making funds available to those listed. The extension is part of the EU's scale up of its resilience and its ability to prevent, discourage, deter and respond to cyber threats and malicious cyber activities to safeguard European security and interests. In June 2017, the EU stepped up its response by establishing a Framework for a Joint EU Diplomatic Response to Malicious Cyber Activities (the "cyber diplomacy toolbox"). The framework allows the EU and its Member States to use all CFSP measures, including restrictive measures if necessary, to prevent, discourage, deter and respond to malicious cyber activities targeting the integrity and security of the EU and its member states.