The Week’s Tech Law News Round Up

May 5, 2022

UK

CMA publishes next steps in Norton / Avast inquiry

The Competition and Markets Authority has set out the issues to guide its investigation into whether the merger between Norton and Avast would lead to a substantial lessening of competition in consumer cyber security.

The CMA announced the 2nd phase of the inquiry in March 2022 after finding in Phase 1 that NortonLifeLock and Avast would cease to be separate if the merger went ahead and would have a combined share of supply of more than 25%.

The deadline for responses is Thursday 19th May 2022.

Call for views on app security and privacy

The DCMS has launched a call for views on how they can improve the security and privacy of apps and app stores. The call follows a review into the app store ecosystem from December 2020 to March 2022 which found that malicious and poorly developed apps continue to be accessible to users. It also suggested a voluntary Code of Practice for app stores and developers.

The government wants to know whether such an approach could work, to hear on the content of the proposed Code and whether additional proposals should be taken forward. They would also welcome views, particularly from developers, on the review and feedback processes they have encountered when creating apps on different app stores.

The consultation runs until 29 June 2022.

EU

European Commission to investigate Apple Pay over competition concerns

The European Commission has published a Statement of Objections over Apple’s approach to its mobile wallet. 

The Statement sets out that Apple enjoys significant market power and that their mobile wallet system forms a ‘closed ecosystem’. It then notes that Apple Pay is the only mobile wallet solution that may access the necessary NFC input on iOS and Apple does not make it available to third-party app developers of mobile wallets. In view of this, the Commission has taken the preliminary view that Apple’s dominant position in the market for mobile wallets on its operating system iOS, restricts competition which, if confirmed, would infringe Article 102 of Treaty on the Functioning of the European Union.

The Commission will now investigate further and notes that there is no legal deadline for completion.

European data regulators warn over Data Act

The European Data Protection Supervisor (EDPS) and the European Data Protection Board (EDPB) published their Joint Opinion on the proposed Data Act, which seeks to free up sharing of data between public bodies for the benefit of EU citizens.

The opinion, while welcoming the efforts made to ensure that the Data Act does not affect the current data protection framework, makes clear they are cautious about the Act citing several areas needing attention and clarification and, in the accompanying press release expressing “deep concerns about the lawfulness, necessity and proportionality of the obligation to make data available to EU Member States’ public sector bodies and to EU institutions, bodies, offices and agencies (EUIs) in case of “exceptional need””.

Andrea Jelinek, EDPB Chair, said: “It is crucial to solidly embed the GDPR in the overall regulatory architecture that is being developed for the digital market. Not just for this proposal, but also concerning other legislative proposals, such as the Data Governance Act or the Digital Markets Act. A clear distribution of competences amongst the relevant regulators will need to be ensured, as well as efficient cooperation to avoid the risk of fragmented supervision, the establishment of a parallel set of rules and to ensure legal certainty for organisations and data subjects.”