ICO publishes draft chapter 4 of its anonymisation, pseudonymisation and PET guidance for views, ICO takes action against companies over predatory marketing calls, DCMS publishes response to consultation on digital identities and attributes and more in this week’s round-up of UK and EU techlaw news developments not covered elsewhere on the SCL website.
ICO publishes draft chapter 4 of its anonymisation, pseudonymisation and PET guidance for views
The Information Commissioner's Office has published a draft chapter 4 (Accountability and governance) of its anonymisation, pseudonymisation and privacy enhancing technologies (PET) guidance. It explains the governance approach organisations should take when they anonymise personal data. It also explores the factors they need to consider for ensuring transparency such as using DPIAs to identify and mitigate risks and keeping up to date with technical and legal developments to ensure anonymisation remains effective. The chapter also provides guidance on other relevant legislation organisations should consider when disclosing anonymous information. The consultation ends on 16 September 2022.
ICO takes action against companies over predatory marketing calls targeting elderly, vulnerable people
The ICO has announced fines totalling £405,000 to five companies responsible for over 750,000 unwanted marketing calls targeted at older, vulnerable people. The ICO also issued the companies with enforcement notices that require them to immediately stop making predatory calls. After receiving complaints from the public and information from partner organisations, including Action Fraud, Trading Standards, the consumer group Which? and the call blocker provider trueCall, the ICO began investigating a number of companies that were calling people to sell insurance products or services for white goods and other large household appliances. Many of the complainants said the people receiving the calls were vulnerable, with some having been suffering with dementia or other underlying health conditions. The ICO investigation found that these companies were deliberately targeting older people by buying marketing data lists from third parties, specifically asking for personal information about people who are aged 60 and over, homeowners and with landline numbers. The evidence gathered suggests these companies were either working together or using the same marketing list to target people. This resulted in some people losing thousands of pounds for white goods insurance and servicing which the companies often knew they did not need.
DCMS publishes response to consultation on digital identities and attributes
The DCMS has published the responses and outcome to its consultation on the operation of the digital identity system and the governing body which will oversee its rules. The response provides an overview and analysis of key findings from the consultation, based on responses received from across the spectrum of likely end users. The government will bring forward legislation when parliamentary time allows. The measures include creating a governance framework to oversee a robust accreditation and certification process by which organisations can prove their adherence to the rules of the UK digital identity and attributes trust framework; enabling a permissive legal gateway so that trusted private sector organisations can check data held by public bodies for the purpose of identity and eligibility verification; and establishing that digital identities and attributes have the same validity as physical proofs of ID, such as a passport.
FCA issues warning about illegal crypto ATMs operating in the UK
The FCA has issued a warning about illegal crypto ATMs operating in the UK. Crypto ATMs offering cryptoasset exchange services in the UK must be registered with the FCA and comply with UK Money Laundering Regulations (MLRs). It says that none of the cryptoasset firms registered have been approved to offer crypto ATM services, meaning that any of them operating in the UK are doing so illegally and consumers should not be using them. The Upper Tribunal recently ruled against Gidiplus, a firm offering crypto ATM services, which wanted to continue trading, pending the Upper Tribunal’s determination of its appeal against the FCA refusing its application for registration under the MLRs. The judge concluded that there was a “lack of evidence as to how Gidiplus would undertake its business in a broadly compliant fashion”. The FCA is concerned about crypto ATM machines operating in the UK and will therefore be contacting the operators instructing that the machines be shut down or face further action. Since it published the list of unregistered crypto firms that may have been continuing to conduct business, a recent assessment found that 110 are no longer operational. It regularly warns consumers that cryptoassets are unregulated and high-risk.
Joint statement from UK financial regulatory authorities on sanctions and the cryptoasset sector
The UK financial regulatory authorities have issued a joint statement which reiterates that all UK financial services firms, including the cryptoasset sector, are expected to play their part in ensuring that sanctions are complied with. They share intelligence and act to prevent sanctions evasion, including through cryptoassets. They are also ready to act in the event of sanctions breaches. Financial sanctions regulations do not differentiate between cryptoassets and other forms of assets. The use of cryptoassets to circumvent economic sanctions is a criminal offence under the Money Laundering Regulations 2017 and regulations made under the Sanctions and Anti-Money Laundering Act 2018. The FCA has already written to all registered cryptoasset firms and those holding temporary registration status to highlight the application of sanctions on various entities and individuals. Where transactions give rise to concerns about sanctions evasion or money laundering firms should also consider their obligations to report to the UK Financial Intelligence Unit (UKFIU) at the National Crime Agency under the Proceeds of Crime Act 2002. The UKFIU has published guidance and a Suspicious Activity Reports (SARs) glossary code that should be used when reporting any suspicions. They remind all other authorised financial institutions to check the FCA register to identify whether any cryptoasset firms they do business with are registered, or to check the equivalent register of the jurisdiction in which the cryptoasset firm is based. Both the FCA and the PRA will act if they see authorised financial institutions supporting cryptoasset firms operating in the UK illegally. The Office of Financial Sanctions Implementation (OFSI), part of HM Treasury, ensures financial sanctions are properly understood, enforced and implemented in the UK. As set out in communications from the FCA, cryptoasset firms must take steps to ensure they are compliant with their legal obligations in relation to sanctions. Controls developed to identify customers and monitor their transactions under the MLRs can help with compliance, but firms will need to implement additional sanctions specific controls as appropriate.
Cryptocurrencies in the EU: new rules to boost benefits and curb threats
The European Parliament’s the Economic and Monetary Affairs Committee has adopted its negotiating position on new rules on crypto-assets. Key provisions agreed by MEPs for those issuing and trading crypto-assets (including asset-referenced tokens and e-money tokens) cover transparency, disclosure, authorisation and supervision of transactions. They aim to ensure that consumers would be better informed about risks, costs and charges. In addition, the legal framework supports market integrity and financial stability by regulating public offers of crypto-assets. Finally, the agreed text includes measures against market manipulation and to prevent money laundering, terrorist financing and other criminal activities. To reduce the high carbon footprint of crypto-currencies, particularly of the mechanisms used to validate transactions, MEPs ask the European Commission to include in the EU taxonomy for sustainable activities any crypto-asset mining activities that contribute substantially to climate change, by 1 January 2025. MEPs stress that other industries (such as the video games and entertainment industry, data centres) also consume energy resources that are not climate-friendly. They call for the Commission to work on legislation addressing these issues across different sectors. MEPs want the European Securities and Markets Authority (ESMA) to supervise the issuance of asset-referenced tokens, whereas the European Banking Authority (EBA) would be in charge of supervising electronic money tokens.
ICC and WTO launch first-ever standards toolkit for paperless trade
The International Chamber of Commerce and the World Trade Organization have published the first-ever toolkit to help companies and government agencies adopt available standards to accelerate the digitalisation of trade processes. The report emphasises that one of the primary barriers to the adoption of paperless processes is a lack of awareness of existing standards for digital trade. Currently, fewer than 1% of trade documents are fully digitised globally, with a typical transaction requiring the exchange of 36 documents and 240 copies in hard-copy. In this context, the Standards Toolkit for Cross-border Paperless Trade provides the international trade community for the first time with a comprehensive overview of existing digital trade standards that can be used to facilitate trusted, real-time supply chain collaboration and real-time data exchange. To this end, the toolkit identifies close to 100 available standards, frameworks and initiatives that offer the potential to enable all parties in global supply chains to speak the same, universal language – regardless of the tools used to automate processes – by leveraging a core set of standardised trade-related document and data formats. The report maps a range of foundational standards for adoption by all participants in global trade – such as country codes to legal entity identifier standards – while also incorporating starting toolkits for various types of supply chain actors, from logistics operators to customs authorities.
Both ICC and the WTO say that they will work to promote use of the new toolkit through their respective networks and will continually update the standards covered to ensure the toolkit remains relevant to all intended users.