ASA adds appendix to CAP Code about video-sharing platforms, CDEI publishes roadmap to catalyse development of AI assurance ecosystem, ICO fines Virgin Media Limited for direct marketing emails, ICO publishes paper on end-to-end encryption, Patents Court holds Optis mobile phone patents invalid for obviousness and more in this week’s round-up of UK, EU and international techlaw news developments not covered elsewhere on the SCL website.
ASA adds appendix to CAP Code about video-sharing platforms
Ofcom has announced that it has published its final guidance on video sharing platforms. The ASA has now announced that the way it regulates advertising on some video-sharing platform (VSP) services will be changing. It has been designated by Ofcom as the co-regulator for VSP-controlled advertising appearing on UK-regulated VSP services. A new Appendix has been included in the UK Code of Non-broadcast Advertising and Direct & Promotional Marketing (the CAP Code), which will apply to aspects of advertisements on VSP services that are subject to statutory regulation under the Communications Act 2003 (as amended). The Appendix sets out rules reflecting the new statutory requirements. The Appendix does not introduce new requirements for VSP advertising: VSPs are already required, under law, to comply with them and the Appendix is consistent with the principles of the CAP Code. Adding these requirements to an Appendix of the CAP Code means that the ASA can take action on suspected breaches against the VSP provider and without the need to refer to Ofcom to use its statutory enforcement power, although the ASA can refer serious or repeated issues to Ofcom.
CDEI publishes roadmap to catalyse development of AI assurance ecosystem
The Centre for Data Ethics and Innovation has set out the steps required to build an AI assurance ecosystem in the UK.
The roadmap, which was a commitment in the UK’s National AI Strategy, follows calls from public bodies including the Committee on Standards in Public Life, and industry, to build an ecosystem of tools and services that can identify and mitigate the range of risks posed by AI and drive trustworthy adoption. It addresses one of the biggest issues in AI governance identified by international organisations including the Global Partnership on AI, OECD and World Economic Forum. Assurance services, like audit, certification and impact assessments, are common in other sectors, such as financial services and cybersecurity. However, assurance services for AI are currently relatively undeveloped. The roadmap sets out the roles and responsibilities of different stakeholders, and identifies six priority areas for action: generate demand for reliable and effective assurance across the AI supply chain, improving understanding of risks, as well as accountabilities for mitigating them; build a dynamic, competitive AI assurance market, that provides a range of effective services and tools; develop standards that provide a common language for AI assurance; build an accountable AI assurance profession to ensure that AI assurance services are also trustworthy and high quality; support organisations to meet regulatory obligations by setting requirements that can be assured against; and improve links between industry and independent researchers, so that researchers can help develop assurance techniques and identify AI risks.
ICO fines Virgin Media Limited for direct marketing emails
In August 2020, Virgin Media sent 451,217 “Price Freeze” ‘service emails’, which included a Marketing Preference Reminder, to customers who had opted out. One complaint received by the ICO described the email as “a service message dressed up as an attempt to get me to opt back in to marketing”. The ICO found that Virgin Media transmitted those direct marketing messages and issued a monetary penalty notice for £50,000 for a serious contravention of Regulation 22 of the Privacy and Electronic Communications (EC Directive) Regulations 2003.
ICO publishes paper on end-to-end encryption
The ICO says that it is often asked about end-to-end encryption (E2EE). It has therefore published a paper setting out a framework for considering the impact of end-to-end encryption on online safety. E2EE raises challenging questions for online safety which the ICO continues to consider, given the context in which it regulates the processing of personal data. It is important that any approach to E2EE seeks to reconcile addressing the immediate harms with longer term privacy and safety impacts. The paper provides a summary of the ICO’s current thinking to support the evolving discussion on governance of E2EE. It builds on its engagement with a range of national and international stakeholders to build up its own picture around E2EE as the UK’s data protection regulator, but does not necessarily represent its final settled policy position.
Patents Court holds Optis mobile phone patents invalid for obviousness
In yet another case in the long-running mobile patents case saga, Optis Cellular Technology LLC and others v Apple Retail UK Ltd and others  EWHC 3121 (Pat), the Patents Court ruled that three related Optis patents were invalid for obviousness. Optis owns former Ericsson patents that are essential to cellular standards and wants Apple to take out a licence to use them.
Phone-paid Services Authority publishes its 2020–2021 annual report
The PSA has published its Annual report for the 2020/21 financial year, which details the PSA’s activities regulating the phone-paid services market. In 2020/21, complaint levels dropped to the lowest levels it has seen in a decade. In 2020/21, it received 5,347 complaints from consumers, compared to 13,914 complaints in 2019/20 and 33,610 in 2016/17. It has continued developing Code 15, the most comprehensive review of its regulation in more than a decade. The new Code will enable a new approach to regulation that aims to raise standards, prevent harm, be simpler to comply with and be underpinned by smarter enforcement. In terms of enforcement, it worked on 249 cases and issued fines totalling £3,635,000 against non-compliant service providers.
ECtHR rules in case relating to non-removal of “tags” on the internet
The European Court of Human Rights has ruled in Biancardi v. Italy about the “right to be forgotten”. The applicant, a former editor-in-chief of an online newspaper, had been found liable in the Italian courts because he had kept on his newspaper’s website an article about a fight in a restaurant, which also gave information about related criminal proceedings. The tags to the article had not been de-indexed. This meant that anyone could type into a search engine the restaurant’s name or owner’s name and have access to sensitive information on the criminal proceedings, notwithstanding the fact that the owner had asked for the article to be taken down. The applicant said it was a breach of the ECHR. The ECtHR ruled that the Italian courts’ findings were a justifiable restriction on the applicant’s freedom of expression, especially as he had not been required to remove the article from the internet permanently. Therefore, there was no violation of Article 10 of the European Convention on Human Rights as the applicant had alleged.
FTC to block $40 billion semiconductor chip merger
The Federal Trade Commission has sued to block US chip supplier Nvidia Corp’s $40 billion acquisition of UK chip design provider Arm Ltd. The FTC says that semiconductor chips power the computers and technologies that are essential to our modern economy and society. The proposed vertical deal would give one of the largest chip companies control over the computing technology and designs that rival firms rely on to develop their own competing chips. The FTC’s complaint alleges that the combined firm would have the means and incentive to stifle innovative next-generation technologies, including those used to run data centres and driver-assistance systems in cars. The proposed merger has also attracted action from the CMA and the European Commission.