Ada Lovelace Institute publishes report on technical methods for regulatory inspection of algorithmic systems, Electronic Communications (Universal Service) (Costs) (Amendment) Regulations 2021 made, House of Lords Communications and Digital Select Committee issues report on digital regulation, UK government issues National Cyber Strategy and more in this week’s round-up of UK, EU and international techlaw news developments not covered elsewhere on the SCL website.
Ada Lovelace Institute publishes report on technical methods for regulatory inspection of algorithmic systems
The Ada Lovelace Institute has published a report on technical methods for regulatory inspection of algorithmic systems. Motivated by UK online safety legislation, this report will be useful primarily to Ofcom as the designated UK online-safety regulator. However, it should also be of relevance to international regulators considering this challenge, for instance in relation to the European Digital Services Act. The report explores six methods that regulators can use as part of a regulatory inspection: code audit, user survey, scraping audit, API audit, sock-puppet audit and crowd-sourced audit. The report identifies how and where these methods may be applicable as part of a regulatory inspection process; sets out existing technical approaches for auditing online platforms and makes suggestions for how these techniques could be used to audit content-recommendation and moderation systems.
Electronic Communications (Universal Service) (Costs) (Amendment) Regulations 2021 made
The Electronic Communications (Universal Service) (Costs) (Amendment) Regulations 2021 SI 2021/1377 have been made. These Regulations amend the Electronic Communications (Universal Service) (Costs) Regulations 2020 (S.I. 2020/545) (the “2020 Regulations”). Regulations 2(a) and 2(b) substitute the term “central funds” for “public funds” wherever it is used in the 2020 Regulations and insert a definition of public funds. They will enter into force on 24 December 2021.
House of Lords Communications and Digital Select Committee issues report on digital regulation
In March 2019, the Committee drew attention to the insufficiencies of the existing regulatory system to confront the challenges posed by the rapid pace of technological developments. It said that legislation was too slow to respond and regulation was fragmented, characterised by significant gaps and overlaps. It has now updated its report. It says that there has been some progress, with the new Digital Regulation Co-operation Forum (DRCF) being a small step in the right direction. However, the Committee does not believe that the DRCF in its current form is the best answer to these challenges. Though the DRCF has enhanced cooperation among some regulators, there remains a lack of overarching coordination and oversight of regulatory objectives. Coordination needs to be extended and formalised. More regulators need to be included and there need to be more formal processes to ensure accountability and effective collaboration. The Committee is also concerned that, though the DRCF has conducted promising early work in rationalising regulatory conflicts, there is not a sufficiently rigorous or accountable process in place for resolving these conflicts in future. Having clearer mechanisms to rationalise these conflicts would provide greater certainty for industry, making regulation more predictable and conducive to innovation. The DRCF should be put on a statutory footing as the “Digital Regulation Board” and independent non-executive members appointed, including an independent chair. Information sharing needs to be enhanced to avoid duplication of work and ensure that the greatest range of perspectives feed into regulation. Where appropriate, regulators should also be able to share their powers and jointly regulate. This will require statutory measures. A joint committee of Parliament should be appointed to scrutinise digital regulation. Although the work of several existing committees touches in some way on the digital world, no single select committee has a remit to focus on digital regulation, which is a significant gap in parliamentary oversight.
Ofcom consults on annual plan of work for 2022
Ofcom is consulting on its annual plan of work for 2022. It says that it will maintain its focus on three areas: internet that can be relied upon; media that is trusted and valued, and helping people live a safer life online. The seven themes for its work over the next year are: investment in strong, secure networks; getting everyone connected; fairness for customers; enabling wireless services in the broader economy; supporting and developing UK media; serving and protecting audiences; and establishing regulation of online safety. The consultation ends on 9 February 2022 and Ofcom will publish the final plan in March 2022.
UK government issues National Cyber Strategy
Th government has published a strategy setting out the government’s approach to protecting and promoting the UK’s interests in cyberspace. The strategy is built around five core pillars: strengthening the UK cyber ecosystem, investing in people and skills and deepening the partnership between government, academia and industry; building a resilient and prosperous digital UK, reducing cyber risks so businesses can maximise the economic benefits of digital technology and individuals are secure online and confident that their data is protected; taking the lead in the technologies vital to cyber power, building industrial capability and developing frameworks to secure future technologies; advancing UK global leadership and influence for a more secure, prosperous and open international order, working with government and industry partners and sharing the expertise that underpins UK cyber power; detecting, disrupting and deterring the UK’s adversaries to enhance UK security in and through cyberspace, and making more integrated, creative and routine use of the UK’s full spectrum of levers.
European Parliament committee agrees position on Digital Services Act
The European Parliament’s Internal Market and Consumer Protection Committee has adopted its position on the Digital Services Act (DSA) proposal. MEPs have said that providers of hosting services should act on receipt of take down notices “without undue delay, taking into account the type of illegal content that is being notified and the urgency of taking action”. They also say there should be stronger safeguards to ensure the non-arbitrary and non-discriminatory processing of notices and respect for fundamental rights, including the freedom of expression. Specific actions must be required from online marketplaces to ensure that consumers can purchase safe products online, strengthening the obligation to trace traders. The Committee has strengthened provisions about recommender systems with the aim of making sure that online platforms are transparent about the way these algorithms work and to make them more accountable for the decisions they make. Very large online platforms (VLOPs) will have to carry out mandatory risk assessments and take risk mitigation measures, which should help to better deal with harmful content and disinformation. VLOPs will also have to share data with authorities and researchers, to allow scrutiny over how they work and to help better understand the evolution of online risks. The DSA complements the European Democracy Action Plan, which aims to build more resilient democracies across the EU by countering disinformation. The Committee has also said that recipients of digital services and organisations representing them must be able to seek redress for any damages resulting from platforms not respecting their due diligence obligations. Further changes concern, among others: certain exemptions from DSA obligations for micro and small enterprises; online platforms should be prohibited from using deceiving or nudging techniques to influence users’ behaviour through “dark patterns”; with regard to targeted advertising the text provides for more transparent and informed choice for all recipients of services, including information on how their data will be monetised and to better protect minors from direct marketing, profiling and behaviourally targeted advertising for commercial purposes; more choice on algorithm-based ranking: VLOPs should provide at least one recommender system which is not based on profiling; additional obligations for platforms primarily used for the dissemination of user-generated pornographic content; and enforcement of the DSA: clarification of the role of “Digital Services Coordinators” in member states and their cooperation with the Commission. Plenary will vote on the amended DSA proposal in the January session. The approved text will then become the European Parliament’s mandate for negotiations with EU governments, planned to start under the French presidency of the Council in 2022.
European Commission proposes new rules regulating working conditions of people working through digital labour platforms
The European Commission has proposed a set of measures to improve working conditions in platform work and to support the sustainable growth of digital labour platforms in the EU. The new rules aim to ensure that people working through digital labour platforms can enjoy the labour rights and social benefits to which they are entitled. The rules also aim to provide for additional protection regarding the use of algorithmic management (that is, automated systems that support or replace managerial functions at work). A common set of EU rules will aim to provide increased legal certainty. The Commission is putting forward a Communication setting out the EU approach and measures on platform work. These are complemented by actions that national authorities, social partners and other relevant parties should take. It also aims to lay the foundations for work on future global standards for high-quality platform work. The Commission also proposes a Directive on improving working conditions in platform work. This includes measures to correctly determine the employment status of people working through digital labour platforms and new rights for both workers and self-employed people regarding algorithmic management. Finally, the Commission has published Draft Guidelines clarifying the application of EU competition law to collective agreements of solo self-employed people seeking to improve their working conditions. This includes those working through digital labour platforms.
Provisional political agreement reached on proposal for new Roaming Regulation
The European Commission has welcomed the provisional political agreement reached by the European Parliament and the Council on the Commission's proposal for a revised Regulation on roaming on EU mobile telecommunications networks. The new regulation will extend until 2032 the existing system prohibiting extra charges for calls or data used while travelling within the EU. The Commission also says that that it will examine the issue of surcharges for intra-EU calls and consider if there is an ongoing need to reduce caps to protect consumers. The new Regulation is expected to enter into force on 1 July 2022.
ENISA AI issues threat landscape report
The European Union Agency for Cybersecurity (ENISA) has published a report mapping the assets and threats of AI and sets a baseline for securing the AI ecosystem across Europe. The key points include defining AI’s scope in the context of cybersecurity by following a lifecycle approach. The ecosystem of AI systems and applications is defined by taking into account the different stages of the AI lifecycle -- from requirements analysis to deployment; identification of assets of the AI ecosystem as a fundamental step in pinpointing what needs to be protected and what could possibly go wrong in terms of the security of the AI ecosystem. The report also maps the AI threat landscape by means of a detailed taxonomy. This serves as a baseline for the identification of potential vulnerabilities and attack scenarios for specific use cases; and classification of threats and listing of relevant threat actors. The impact of threats to different security properties is also highlighted. The report identifies the challenges and opportunities to deploy secure AI systems and services across the EU. Finally, the report highlights the need for more targeted and proportionate security measures to mitigate the identified threats, as well as the need for an in-depth look into AI’s use in sectors such as health, automotive and finance.
EUIPO Observatory publishes study on trends and drivers in online copyright infringement in the EU
The EUIPO Observatory has published a study on trends and drivers in online copyright infringement in the EU (including the UK). It examines the consumption of copyright-infringing content in the EU member states and the UK for TV programmes, music and film, using a variety of desktop and mobile access methods, including streaming, downloading, torrents and ripping software. The report has two parts, a descriptive analysis of the trends in the consumption of infringing content and an econometric analysis of the factors that influence differences in piracy rates among the EU member states. The analysis is based on data on access to websites offering pirated music, film and TV programmes in all member states, between January 2017 and December 2020. The dataset includes over 240 thousand aggregates for a total of 133 billion accesses. The report’s main conclusion is that digital piracy is declining for all types of content. Except for a temporary increase in film piracy in the spring of 2020, the decline continued during the COVID pandemic: piracy decreased by 20 % in 2018, by 6 % in 2019 and by 34 % in 2020.
European Commission moves to open source its software
The European Commission has adopted new rules on Open Source Software that will enable its software solutions to be publicly accessible whenever there are potential benefits for citizens, companies or other public services. The recent Commission study on the impact of Open Source Software and Hardware on technological independence, competitiveness and innovation in the EU economy showed that investment in open source leads on average to four times higher returns. The Commission services will be able to publish the software source code it owns in much shorter time and with less paperwork. The Commission will make its software available as open source in one single repository to facilitate access and reuse. Before its release, each software will be checked to avoid security or confidentiality-related risks, data protection issues or infringement to intellectual property rights of third parties.