Children’s code design guidance launched, Ofcom issues final version of notification guidance for video on demand programme services, ICO calls on G7 countries to tackle cookie pop-ups challenge, ICO fines another company for nuisance calls, and more in this week’s round-up of UK techlaw news developments not covered elsewhere on the SCL website.
Children’s Code design guidance launched
We reported last week that the Age Appropriate Design Code (Children’s Code) came into force on 2 September. The ICO has now released design guidance which shows how to apply some of the standards the Code in practice, to create an open, transparent and safe place for children online. Its resources focus on transparency, a common challenge for online services, and a key standard within the Code. There are resources for other standards on the Code hub.
Ofcom issues final version of notification guidance for video on demand programme services
On 1 November 2020 new rules applying to UK-based on demand programme services (ODPS) came into force. The new rules amended the criteria used to determine whether a service would qualify as an ODPS and therefore fall within the scope of the regulatory framework. ODPS providers in the UK are legally obliged to submit a formal notification of their service to Ofcom and must comply with statutory requirements intended to prevent the inclusion of harmful content and certain types of advertising and sponsorship. Further information on the background and legislative context of the updated regulations can be found in the guidance. Providers must make their own assessment of whether their service meets the statutory criteria and should therefore be notified. The guidance is intended to help providers understand whether they fall within scope of the definition of an ODPS under the Communications Act 2003. If it appears to Ofcom that a service meets the statutory criteria but has not notified, they have statutory powers to request information to make an assessment, and to take enforcement action if a provider has failed to notify. This can include a financial sanction and directing the provider to notify. However, Ofcom has indicated that will concentrate its resources on the bigger players, and where potential audience harm is deemed to be the greatest.
ICO calls on G7 countries to tackle cookie pop-ups challenge
The ICO has called on fellow G7 data protection and privacy authorities to work together to overhaul cookie consent pop-ups. It wants individuals’ privacy to be more meaningfully protected and wants businesses to provide a better web browsing experience. Elizabeth Denham presented suggestions on how to improve the current cookie consent mechanism, making web browsing smoother and more business friendly while better protecting personal data. She said that web browsers, software applications and device settings should allow people to set lasting privacy preferences of their choosing, rather than having to do that through pop-ups every time they visit a website. This would aim to ensure people’s privacy preferences are respected and the use of personal data is minimised, while improving users’ browsing experience and removing friction for businesses. While this approach is already technologically possible and complies with data protection law, the ICO believes the G7 authorities could have a major impact in encouraging technology firms and standards organisations to further develop and roll out privacy-oriented solutions to this issue.
ICO fines Glasgow company for making half a million nuisance calls
The ICO has fined Glasgow-based company DialADeal Scotland Ltd (DDSL) for making more than half a million nuisance marketing calls. The calls were made to telephone numbers which had been registered with the Telephone Preference Service where people had not given their permission to receive them and so breached the law. The calls, which were made between August 2019 and March 2020, generated more than 500 complaints to the ICO and the TPS by TPS subscribers, one of the highest numbers received. The complaints suggested that DDSL had used several false trading names and the ICO’s investigation found that the company also disguised the telephone numbers they were calling from. DDSL has been fined £150,000 by the ICO. The ICO has also issued DDSL with an Enforcement Notice ordering it to stop making unsolicited marketing calls and has successfully blocked its attempt to be struck off the Companies House register to try and avoid paying any fine.
PSA fines Taptronic FZC £1,250,000 after it charged consumers without consent
The Phone-paid Services Authority (PSA) has fined and banned Taptronic FZC from the market after investigating its “Fitguru” subscription alerts service. The PSA received a total of 410 complaints from consumers regarding this service. The complainants variously alleged that they had not agreed to be charged by the service. The Tribunal found that Taptronic FZC committed six breaches of the PSA Code of Practice. The breaches were around fairness, consent to charge, complaint handling, failing to register a service, failing to register a service and providing false information to the PSA. The Tribunal formally reprimanded Taptronic FZC, fined it £1,250,000 and banned it from the market and stopped access to the Fitguru service for six years. It also ordered Taptronic FZC to refund any consumers who claim a refund.
Law Commission publishes 2021-22 business plan
The Law Commission has issued its business plan which sets out its priorities for 2021-22. It plans to consult on the following issues of interest to tech lawyers: digital assets, electronic trade documents; and to issue a smart contracts scoping study as well as further documents on intimate image abuse, communications offences and automated vehicles. More generally, the business plan sets out four new priorities: to ensure that the law is fair, modern and clear; how the Law Commission engages with stakeholders; developing future ways of working and enhancing its approach to diversity and inclusion.
House of Lords Communications and Digital Committee holds new inquiry on effectiveness of digital regulation
The House of Lords Communications and Digital Select Committee is holding an inquiry on the effectiveness of digital regulation. It is building on its previous report on regulation in a digital world, which it published in March 2019. It is asking various questions about how well coordinated digital regulation is, and how effective the Digital Regulation Co-operation Forum is. It also asks if regulators have the powers and capabilities, including expertise, to keep pace with developments, and what the appropriate balance is between giving regulators flexibility and providing clarity in legislation. Another question relates to how effective digital regulators’ horizon scanning is and how it could be improved. The Committee also asks how effective parliamentary oversight of digital regulation is and what respondents’ views are about the Committee’s proposal for a “Digital Authority”, overseen by a joint committee of Parliament. Finally, the Committee asks how effectively UK regulators co-operate with international partners, how such co-operation could be improved, and whether there are any examples of strategic approaches to digital regulation in other countries from which the UK could learn. The consultation ends on 22 October 2021.
UK government publishes second version of digital identity trust framework
The UK government has published the second version of its digital identity trust framework which forms part of its plans to improve identity verification. The latest draft rules to govern the future use of digital identities follow the publication of the first version of the trust framework in February 2021 and the consultation last month. The framework incorporates feedback from the public. It shows how organisations can be certified to provide secure digital identity services, they will have to go through an assessment process with an independent certification body. It also states how data can be shared between organisations. The government plans to start testing the framework in partnership with service providers.