UK law

CMA to investigate ESS’s move to three-year contracts for schools

The CMA is investigating whether education software company Education Software Solutions Ltd Group is abusing a dominant position to push schools into accepting a new three-year contract. The investigation will assess concerns around a contract change made by ESS, which is the largest provider of school management information systems in the UK. The company is requiring its customers to move from one-year contracts to three-year contracts and the CMA is considering whether schools were given sufficient time to consider their options, such as moving to an alternative provider instead of renewing with ESS for the full three years. The CMA is concerned that this change makes it more difficult for alternative providers to compete with ESS to win business. As part of its investigation, the CMA will also consider the pricing of some ESS product packages – specifically, it will look at how ESS’s management information system product is being sold alongside its financial management software. This could encourage customers to buy both products and deter customers moving away from ESS. The CMA is concerned that, by adopting such a pricing strategy, market players that only offer one of these services may be unable to compete, potentially leading to an uncompetitive market in future.

UKs digital watchdogs take a closer look at algorithms and set out plans for year ahead

The Digital Regulation Cooperation Forum (DRCF) has published its annual report, its workplan for the year ahead and two papers on algorithms with a call for comments. It says that “algorithmic processing” is commonplace and often beneficial, underpinning many of the products and services we use in everyday life. However, algorithmic systems pose significant risks if used without due care. Regulators need to work together to articulate the nature and severity of these risks and take measures to mitigate them. The four members of the DRCF: the CMA, Financial Conduct Authority, ICO and Ofcom seek views about what is needed from regulators and where industry should step up. The DRCF workplan for 2022/23 includes projects that will help to tackle some of the biggest digital challenges, including: protecting children online; promoting?competition and privacy in online advertising; supporting improvements in algorithmic transparency; and enabling innovation.

ICO fines Reed for sending unsolicited direct marketing messages

The ICO has fined Reed Online Ltd £40,000 for sending 6,250,966 unsolicited direct marketing messages between 4 and 7 February 2021, in contravention of the Privacy and Electronic Communications Regulations 2003, SI 2003/2426, reg 22. Reed provides a platform to assist users with finding work and career enhancement throughout their careers. It came to the attention of the ICO by seven complaints being made through the ICO Spam reporting facility. The complaints were about marketing emails sent by Reed Online Limited with the subject title "Have your CV reviewed by the professionals." The email invited 5 individuals to submit their CVs to be reviewed. Reed said the emails were sent in error but the ICO said intention does not matter. It issued a fine but said that there were mitigating factors: Reed has developed a specific PECR training module for staff and the IT issue which led to the contravention being possible has been fixed.

EU law

EDPS publishes annual report

The EDPS has published its Annual Report 2021. The report highlights the EDPS’ achievements regarding EU institutions’ compliance with the data protection framework. The Report also highlights the EDPS’ increasing role in advocating for the respect of privacy and data protection in EU legislation. In 2021, the EDPS increased the use of its corrective powers. For example it issued a Decision to order Europol to delete datasets with no established links to criminal activity, which the EDPS sees in the context of respecting the rule of law and upholding a mature checks and balances system. It also gave 88 Opinions, including Formal Comments in 2021, compared to 27 in 2020, and so addressed a record number of legislative consultations. This increase demonstrates a recognised importance of embedding data protection in EU law. It has also maintained its cooperation with civil society, academia, and various other stakeholders. In the spirit of joint responsibility for the success of the GDPR, the EDPS also continued its active participation in the European Data Protection Board’s work, by proposing or partaking in a variety of initiatives. Given the increase of cyberattacks worldwide, the EDPS furthered its work on raising awareness about personal data breaches to assist EU institutions in preventing and handling them.