Children’s Code in force as of 2 September 2021, Facebook’s takeover of Giphy raises competition concerns, CMA investigates NVIDIA merger with Arm and more in this week’s round-up of UK and EU techlaw news developments not covered elsewhere on the SCL website.
Children’s Code in force as of 2 September 2021
The Age-Appropriate Design Code (Children’s Code) came fully into force on 2 September, following a year’s transition period. It is a data protection code of practice for online services, such as apps, online games, and web and social media sites which are likely to be accessed by children. The code applies to UK-based and non-UK companies which process the personal data of children in the UK. The ICO says that currently, some of the biggest risks come from social media platforms, video and music streaming sites and video gaming platforms. In these sectors, children’s personal data is being used and shared, to “bombard” them with content and personalised service features. This may include inappropriate advertisements; unsolicited messages and friend requests; and privacy-eroding nudges urging children to stay online. The ICO is concerned with a number of harms that could be created as a consequence of this data use, which are physical, emotional and psychological, and financial. However, it says that the Code is already having an impact on these services. Facebook, Google, Instagram, TikTok and others have all made significant changes to their child privacy and safety measures recently.
Facebook’s takeover of Giphy raises competition concerns
The CMA has provisionally found Facebook’s merger with Giphy will harm competition between social media platforms and remove a potential challenger in the display advertising market. The merger brings together Facebook, the largest provider of social media sites and display advertising in the UK, with Giphy, the largest provider of GIFs. The CMA intends to issue its final report by 6 October 2021.
CMA investigates NVIDIA merger with Arm
The CMA is investigating the anticipated acquisition by NVIDIA Corporation of Arm’s Intellectual Property Group business. It has found that NVIDIA’s purchase of Arm raises serious competition concerns. If the deal goes ahead, the CMA is concerned that the merged business would have the ability and incentive to harm the competitiveness of NVIDIA’s rivals by restricting access to Arm’s intellectual property. Arm’s IP is used by companies that produce semiconductor chips and related products, in competition with NVIDIA. Ultimately, the CMA is concerned this loss of competition could stifle innovation across a number of markets, including data centres, gaming, the internet of things, and self-driving cars. This could result in more expensive or lower quality products for businesses and consumers. In addition, the government has issued a public interest intervention notice in relation to the merger, on the ground of national security. The Secretary of State will decide whether the merger should be referred for an in-depth Phase 2 investigation on both competition and national security grounds, or if it should be passed back to the CMA to investigate on competition grounds only.
EDPS issues opinion on proposed Directive on consumer credit
The European Data Protection Supervisor has published his Opinion on the European Commission’s proposed Directive on consumer credits. The Directive’s aim is to modernise existing consumer credit rules to address changes brought about by digitalisation and other market trends, such as the increased use of online sales channels or new forms of consumer credits, for example short-term high-cost loans. The EDPS considers that the Proposal has a clear impact on the protection of individuals’ rights and freedoms regarding the processing of personal data, in particular the provisions concerning creditworthiness assessment and personalised offers on the basis of automated processing. In his Opinion, the EDPS supports the Proposal’s aim of strengthening consumer protection. The EDPS says that the Directive should further specify the categories of data that may and may not be used to assess creditworthiness. In this regard, the EDPS supports the prohibition of processing social media data and health data for this purpose. At the same time, the EDPS recommends extending such prohibition to the use of any special categories of personal data under Article 9 of the GDPR, as well as information concerning individuals’ online browsing behaviour. The EDPS considers that the requirements, role and responsibilities of credit databases or third parties providing credit scores should also be addressed. The Proposal should harmonise the categories of information that can be contained in databases for creditworthiness assessment and specify when these databases should be consulted. When the creditworthiness assessment involves the use of profiling or other automated processing of personal data, consumers should always receive meaningful prior information and be able to request a human assessment. For personalised offers on the basis of automated processing, creditors should be required to provide clear, meaningful and uniform information about the parameters used to determine the price. These parameters should also be clearly delineated by the Proposal. Having regard to the Proposal for an Artificial Intelligence Act, the EDPS recommends ensuring that the relevant consumer credit and data protection rules are integrated into the (third-party) conformity assessment process before any CE marking of AI systems for creditworthiness assessment.
European parliament committees publish report on biometric techniques
Two European parliament committees have published a study on ethical aspects of biometric recognition and behavioural detection techniques with a focus on their current and future use in public spaces. It was commissioned by the European Parliament’s Policy Department for Citizens’ Rights and Constitutional Affairs at the request of the JURI and PETI Committees, and analyses the use of biometric techniques from an ethical and legal perspective. Biometric techniques raise a number of specific ethical issues, as an individual cannot easily change biometric features, and as these techniques tend to intrude into the human body and ultimately the human self. Further issues are more generally associated with large-scale surveillance, algorithmic decision making, or profiling. The study analyses different types of biometric techniques and draws conclusions for EU legislation.