Norton extends refund rights after CMA action, ICO imposes monetary penalty on Papa John’s for unlawful marketing messages, Ofcom seeks views on media plurality and media ownership rules, and more in this week’s round-up of UK and EU techlaw news developments not covered elsewhere on the SCL website
Norton extends refund rights for anti-virus software after CMA action
The CMA has secured extended refund rights for all customers of anti-virus firm Norton whose contracts auto-renew. This follows a similar commitment from McAfee. Norton gave the formal commitment as part of the CMA’s wider investigation into auto-renewing contracts in the anti-virus software sector. This identified a number of concerns in relation to Norton’s automatically renewing contracts, which could result in customers paying for services they no longer want or need. Norton has agreed to make the changes necessary to address the CMA’s concerns. These include ensuring that customers whose contracts auto-renew for another year will be able to end their contracts and seek refunds for the remaining months. In addition, the new refund right will be backdated for people who were previously refused a refund in 2020; Norton will contact customers who have not used their products for over 12 months, to let them know how they can disable automatic renewal or end their contract and get a refund. It will also provide clearer information upfront on pricing, for example by making it clear if the auto-renewal price in the second year is higher than the price paid when the anti-virus product was first purchased; and it will automate the process for obtaining a refund to make it simple and easy for customers.
ICO imposes monetary penalty on Papa John’s for unlawful marketing messages
The ICO has fined the pizza company Papa John’s (GB) Ltd £10,000 for sending 168,022 nuisance marketing messages to its customers without valid consent, as required by the Privacy and Electronic Communications Regulations 2003. This was after the ICO received 15 complaints from Papa John’s customers about the unwanted marketing, which was distributed by texts and emails. The ICO investigation concluded that Papa John was relying upon a ‘soft opt in’ exception as a form of marketing consent. However, the ICO ruled that this exemption could not be relied upon, as a privacy notice was not provided to the customers at any point, with an option to opt out.
Ofcom seeks views on media plurality and media ownership rules
Ofcom has launched a programme of work to help inform its next steps on media plurality in the UK. It wants to ensure that the regulatory framework for media plurality is fit for the online world. It is seeking input about specific features of the current news media landscape, as well as consulting on proposed changes to the media ownership rules that the UK parliament has put in place. In relation to media plurality, it is seeking views about three specific areas: the role of online intermediaries and the use of algorithms to surface news to UK consumers, both of which challenge Ofcom’s ability to measure media plurality and identify potential concerns; market changes outside the context of a media merger, such as cumulative market exit or organic growth in market share, and whether or how changes to the wider market context may have increased the need to consider plurality concerns outside the context of a specific media merger; and any other features of the UK news media landscape that may have implications for news consumption in the UK or which may raise potential concerns for plurality. The consultation ends on 10 August 2021.
Smart Data Working Group: Spring 2021 report published
The Smart Data Working Group was set up to progress Smart Data initiatives; reduce duplication; and maximise the combined potential of these initiatives. The new report, produced by BEIS with the support and input of the working group, is in three parts. Part one updates on the potential benefits and use cases of Smart Data in banking, finance, communications, and energy. It also explores the activities and challenges required throughout the Smart Data customer journey. Part two sets out practical proposals for cross-sector coordination and poses questions to help inform future policy development. Part three explains the links between Smart Data and wider work and sets out the roadmap for Smart Data beyond the report and ahead of legislation.
EASA publishes Opinion on management of information security risks
The European Union Aviation Safety Agency has published an Opinion on Management of Information Security Risks, aimed at safeguarding the entire civil aviation system against potential safety effects caused by cyberattacks. As information systems become more and more interconnected and are increasingly the target of malicious acts, the risks of such attacks, events and incidents in civil aviation are constantly increasing. The proposed new rules aim to make the aviation system more resilient to these information security events. The Opinion defines ways to identify and manage information security risks which could affect communication technology systems and data used for civil aviation purposes, and so in turn have an impact on aviation safety. In particular, it proposes the introduction of an information security management system (ISMS) for the competent authorities, EASA, and for organisations in all aviation domains and requires them to report incidents and vulnerabilities related to information security. The proposed provisions include high-level, performance-based requirements, and will be supported by acceptable means of compliance, guidance material and industry standards.
EU IPO issues paper on IP infringement on social media
The EU IPO has published a paper on new and existing trends in using social media for IP infringement activities and good practices to address them. Social media services are combining a number of functionalities for individuals and businesses to communicate and share all kinds of content publicly, semi-publicly or privately. With the growing popularity of social media, IP infringers have developed new strategies to misuse their unique combination of functionalities for their own purposes. The discussion paper explores new and existing trends whereby social media functionalities are misused to infringe IP rights directly, to support IP-infringing activities happening through other channels, or to provide information on such activities. It identifies some of the challenges faced by IP owners, law enforcement authorities and social media companies in addressing these trends. Most importantly, it lists the preventive and reactive good practices developed by social media services to counteract these trends.