ICO issues statement on an agreement reached between Somerset Bridge Insurance Services Limited and the ICO, ICO levies fine of £200,000 for making nuisance marketing calls, Working group publishes interim report on e-signatures and more in this week’s round-up of UK and EU techlaw news developments not covered elsewhere on the SCL website.
ICO issues statement on an agreement reached between Somerset Bridge Insurance Services Limited and the ICO
In February 2019, the ICO imposed a monetary penalty notice against Somerset Bridge Insurance Services Limited (formerly, and at the relevant time, Eldon Insurance Services Limited) in the sum of £60,000 for a breach of the Privacy and Electronic Communications (EC Directive) Regulations 2003 SI 2003/2426. An enforcement notice and assessment notice were also imposed. Somerset Bridge appealed the notices. Following discussions between the parties, Somerset Bridge has agreed to withdraw its appeal against the monetary penalty notice and enforcement notice. Somerset Bridge will pay the penalty sum of £60,000 without admission of liability and has agreed to a consensual audit of its data protection practices. The ICO has, in turn, agreed to cancel its assessment notice. Since the imposition of the penalty notice in February 2019, Somerset Bridge has undergone a number of changes, including a change in ownership and its management team. Somerset Bridge has also conducted a review of its data protection compliance, which resulted in the implementation of amended policies and practices, particularly in relation to its marketing activities. The ICO will carry out a consensual audit of Somerset Bridge Insurance's direct marketing and general data protection governance structure and processes in the coming months. Somerset Bridge recognises its duty of cooperation with the ICO and the vital importance of protecting personal information, and says that it is robustly committed to upholding the data protection rights of its customers moving forward.
ICO issues fine of £200,000 for making nuisance marketing calls
The ICO has fined a home improvement firm £200,000 for making more than half a million unsolicited marketing calls. The firm made 675,478 nuisance calls between June 2020 and March 2021, offering insulation services to people registered with the Telephone Preference Service. This is a breach of the Privacy and Electronic Communications (EC Directive) Regulations 2003 SI 2003/2426 unless the recipient has notified the company that they do not object to receiving such calls. Home2Sense Ltd told ICO investigators that customer data was acquired from an “unknown source” and blamed its staff for not screening the phone numbers in their database against the TPS. Following more than 60 complaints from the public, the ICO’s investigation found that the company identified itself with different trading names when calling customers. The ICO has also issued the company with an enforcement notice ordering them to stop making unsolicited marketing calls.
Working group publishes interim report on e-signatures
The Ministry of Justice has welcomed an interim report on e-signatures, published by the Industry Working Group on Electronic Execution of Documents, which sets out their analysis of the current situation in England and Wales; identifies simple best practice guidance based on existing technology, including for vulnerable individuals; and makes recommendations for future analysis and reform. In the next phase of its work, the Group will focus on its remaining Terms of Reference, namely, to consider the challenges arising from the use of electronic signatures in cross-border transactions and how to address them, and how best to use electronic signatures so as to optimise their benefits when set against the risk of fraud.
ENISA publishes report on implementing data protection by design and by default
The European Union Agency for Cybersecurity (ENISA) has published a report on data protection engineering. The report is designed to help assess the most relevant techniques depending on each processing operation and based on the need of the data controller by providing strengths and possible limitations. Traditional security techniques such as access control and privacy preserving storage are discussed in addition to novel concepts such as synthetic data which introduce new opportunities and challenges. The report emphasises the importance of policy guidance and the ability to demonstrate compliance and provide assurance to end-users.
European Commission issues report on coronavirus disinformation report
The European Commission has published a report on the measures taken in November and December 2021 against coronavirus disinformation. The report is based on the Code of Practice on Disinformation, which various platforms signed in October 2018. The report states that the number of videos with a vaccine tag tripled from October to December 2021 on TikTok; Google reported that it has updated the information panels on COVID-19 vaccination in Google Search with more content, Facebook removed a disinformation and harassment network that targeted medical professionals, journalists and elected officials, and that Microsoft had approximately 733,000 impressions of vaccine advertising from public health authorities between November and December 2021. Twitter reported on design updates to labels for misleading tweets related to COVID-19 and vaccines, to make them easier to spot. Twitter has implemented dedicated prompts containing vaccine-related trustworthy information in several EU countries. The Commission also announced that a new Code will be published in March 2022.
Irish regulators welcome new National Digital Strategy for Ireland
The Broadcasting Authority of Ireland, Competition and Consumer Protection Commission, Commission for Communications Regulation and the Data Protection Commission have issued a joint statement welcoming the publication of the National Digital Strategy. They say that the National Digital Strategy marks a step change for Ireland’s ambition to harness the possibilities of digital technology while providing protection from harm in the online world. Further, professional, effective and appropriate regulation in the digital environment is critical to achieve the aims set out in the National Digital Strategy. Regulation in the digital environment transcends traditional sectoral regulation and so it is important that regulatory bodies have the ability to cooperate and coordinate appropriately. Ensuring that regulatory structures are fit for purpose in the online world will result in benefits for consumers, better operation of online markets, greater protection for consumers and citizens online, and will enhance Ireland’s international reputation. The Government’s commitment to achieving a modern, cohesive and well-resourced regulatory framework in the National Digital Strategy is particularly welcome. The proposed designation of Ireland’s Digital Services Coordinator in early 2022 will provide scope to implement the necessary planning and design to implement the forthcoming EU Digital Services Act and fulfil Ireland’s important role under the Country of Origin principle. The regulators look forward to the formal structured engagement with the Digital Issues Senior Officials Group envisaged by the National Digital Strategy. Enhanced engagement will bring both the experience and expertise of regulators to ensuring clarity, coherence and cooperation in digital regulation.