CDEI publishes adoption guide on privacy enhancing technologies, Ofcom publishes further recommendations on making on-demand services accessible, Ofcom and CMA issue annual reports and more in this week’s round-up of UK and EU techlaw news developments not covered elsewhere on the SCL website.
CDEI publishes adoption guide on privacy enhancing technologies
The CDEI has published a beta version of its PETs adoption guide, which is an interactive tool designed to aid decision-making around the use of privacy enhancing technologies (PETs) in data-driven projects. The core component of the adoption guide is a question and answer-based decision tree, which seeks to support decision-making around the use of PETs by helping the user to explore which technologies could be beneficial to their use-case. It poses a series of questions relating to the sensitivity of data, how it is stored and accessed, and how it is intended to be used. The adoption guide also provides background on what PETs are, and the opportunities they present, as well as a repository of real-world use-cases, and a catalogue of additional resources for further reading. Over the next few months, the CDEI will be gathering feedback on its adoption guide, and conducting usability tests to maximise its relevance and usefulness to developers and practitioners, with a view to publishing a final version later in the year, after incorporating the feedback it receives. Additionally, it aims to supplement the repository of real-world use-cases, which it hopes will prove a useful resource for organisations seeking to leverage PETs, and enable them to learn from others in the community.
Ofcom publishes further recommendations on making on-demand services accessible
Ofcom has published further recommendations on how to make on-demand services accessible to people with hearing and sight impairments. On-demand services are increasingly popular, but they often do not provide features such as subtitles, audio description and signing (access services). Previously, Ofcom made recommendations to the UK government suggesting new accessibility rules for on-demand services to bring them in line with those for broadcast television: subtitling on 80% of their programmes, audio description on 10% and signing on 5% within four years of the rules taking effect. Ofcom has set out further detail on how the proposed new requirements could be implemented; provided further clarity on the signing requirements; and recommended that providers should be obliged to tell people which of their services are accessible, and on which platforms. It has also included more detailed suggestions on the circumstances which would exempt providers from meeting any new requirements or allow them to meet them partially; for example, due to affordability, low audience share or technical difficulties.
Ofcom issues annual report
Ofcom has issued is annual report. It says that this has been an exceptional year, and keeping communications going across the UK has never been more important. There was significant focus from Ofcom, and the organisations it works with, on responding to the impact of the pandemic as well as developments of interest to tech lawyers. The UK government confirmed it intends to appoint Ofcom as the regulator responsible for overseeing online safety. Ofcom will support and inform the development of the Online Safety Bill by providing technical advice on how the regime can work. It conducted new consumer research to help its understanding of the potentially harmful experiences of video-sharing platform users and their awareness of online safety tools. It consulted on draft guidance for providers on the regulatory requirements. It also formed the Digital Regulation Cooperation Forum with the CMA, ICO and FCA to help bring about greater cooperation in regulating online platforms. Finally, it provided guidance on updated legislation on Network and Information Systems as well as engaging with government, industry, the Telecoms Vendor Diversification Taskforce, and others on strategies to improve telecoms vendor diversity, and the development of open, interoperable telecom systems.
CMA issues annual report
The CMA has also issued its annual report. It details the work it has carried out in the past year in its role as the UK’s competition and consumer authority. The year has brought significant change for the CMA. This included re-orientating its activity in response to the pandemic and addressing new problems that arose for consumers and businesses. The CMA also assumed significant extra responsibilities on mergers and antitrust due to the UK’s departure from the EU. Among other projects, it has launched antitrust cases into large digital companies including Google and Apple that would previously have been reserved to the European Commission. It also secured commitments from Instagram to do more to tackle the risk of fake online reviews and prevent hidden advertising on its platform. In addition, it published the advice of the Digital Markets Taskforce in December 2020, putting forward recommendations to the UK government for the design and implementation of a pro-competition regime for the most powerful digital firms. Finally, it published a market study report on online platforms and digital advertising
ICO investigates data breach regarding DHSC CCTV footage
The ICO is investigating an alleged data breach over the Matt Hancock CCTV footage. EMCOR Group, which provides facilities management and CCTV services for the Department of Health and Social Care, has submitted a breach report as a processor of personal data, alleging images were taken from the DHSC CCTV system without consent from either EMCOR or the DHSC. CCTV images were later published by The Sun newspaper on 25 June 2021. As part of the investigation, ICO teams searched two residential properties. Personal computer equipment and electronic devices were seized as part of the operation and the ICO’s enquiries into alleged breaches of section 170 of the Data Protection Act 2018 continue.
EU & International law
Government Roadmap for AI in Ireland launched
Ireland has launched its National Artificial Intelligence Strategy. The Irish government has developed the National AI strategy to ensure that Ireland harnesses the potential of AI in a way that builds user confidence and trust, and which is accountable and acceptable to society. The whole of government strategy sets objectives for increased productivity and better public service outcomes through the use of AI. It also sets out a roadmap for a secure and supportive enabling environment so that innovation and adoption of AI can thrive within an appropriate governance framework. It has eight thematic strands and forms part of the Irish government strategy for economic recovery after the pandemic.
BEUC files complaint against WhatsApp for breaching EU consumer laws
The European Consumer Organisation (BEUC) has made a complaint to the European Commission and eight European consumer authorities about what it alleges are multiple breaches of EU consumer rights made by WhatsApp. BEUC’s concerns include undue pressure on users to accept policy updates through ‘persistent, recurrent and intrusive’ notifications that it says restrict users’ freedom of choice and breach the Unfair Commercial Practices Directive (2005/29/EC) because they imply users will only have limited functionality if they do not agree to the changes. The complaint also considers WhatsApp’s unclear communication to consumers of the new terms and says that it does not highlight clearly the transfer of personal data to Facebook and other parties, which breaches consumer law on using clear and transparent contract terms and commercial communications.
EACA comments on the proposed ban on targeted advertising
The European Association of Communications Agencies (EACA) says that it is alarmed by calls in the European Parliament, specifically in the LIBE committee, to ban targeted advertising and other amendments that call into question existing EU privacy and data protection rules. The comments have arisen in the context of Digital Services Act debates in the European Parliament. While the IMCO committee rapporteur proposes a default switch-off of targeted advertising, several LIBE members have gone further in suggesting that there should be a ban of targeted advertising even if consent was given in line with the GDPR. EACA says that data-driven advertising is covered by the existing EU legal framework. Without targeted advertising, publishers could no longer subsidise free content for users, content and services would move behind jurisdiction walls; SMEs with smaller markets and less resources would be disproportionately hit; and a ban would negatively affect employment in the ad ecosystem. Rather than banning targeted advertising altogether, EACA says that regulators should focus on addressing specific concerns, including by enforcing existing applicable law and encouraging the emergence of new, privacy-protective techniques that can retain the benefits of ads personalisation while enhancing the protection of personal data.
European Council adopts High Performance Computing Joint Undertaking regulation
The European Council has adopted a regulation on establishing the European High Performance Computing Joint Undertaking. The regulation aims to paves the way for the next generation of supercomputers to be developed in Europe. It will also strengthen research and innovation capabilities, the development of a supercomputing infrastructure ecosystem and the acquisition of world-class supercomputers. This will make it possible to widen the use of the supercomputing infrastructure to a large number of public and private users. It also supports the green and digital transitions, and the development of key skills for European science and industry. It also takes into account technological developments such as quantum computing.