UK law

UK government publishes final plans for new telecoms security regulations and code of practice

The UK government has published its response to its proposed new telecoms security regulations. It says that as soon as parliamentary time allows, it will lay updated final regulations and a draft code of practice, which will be based on the responses received to the consultation. The changes will aim to support the security of the UK’s telecoms networks and services by ensuring that public telecoms providers: protect data stored by their networks and services, and secure the critical functions which allow them to be operated and managed; protect tools which monitor and analyse their networks and services against access from hostile state actors; monitor public networks to identify potentially dangerous activity and have a deep understanding of their security risks, reporting regularly to internal boards; and take account of supply chain risks, and understand and control who has the ability to access and make changes to the operation of their networks and services.

CMA says that Microsoft / Activision deal could lead to competition concerns

The CMA has issued an update on the Microsoft/Activision investigation. It points out that Microsoft is one of three large companies, together with Sony and Nintendo, that have led the market for gaming consoles for the past 20 years with limited entries from new rivals. Activision Blizzard has some of the world’s best-selling and most recognisable gaming franchises, such as Call of Duty and World of Warcraft. The CMA is concerned that if Microsoft buys Activision Blizzard it could harm rivals, including recent and future entrants into gaming, by refusing them access to Activision Blizzard games or providing access on much worse terms. The CMA has also received evidence about the potential impact of combining Activision Blizzard with Microsoft’s broader ecosystem. Microsoft already has a leading gaming console (Xbox), a leading cloud platform (Azure), and the leading PC operating system (Windows OS), all of which could be important to its success in cloud gaming. The CMA is concerned that Microsoft could leverage Activision Blizzard’s games together with Microsoft’s strength across console, cloud, and PC operating systems to damage competition in the nascent market for cloud gaming services. The CMA considers that these concerns warrant an in-depth Phase 2 investigation. Microsoft and Activision Blizzard have five working days from 1 September to submit proposals to address the CMA’s concerns. If suitable proposals are not submitted, the deal will be referred for a Phase 2 investigation. 

ICO acts over alleged theft of road traffic accident data from garages

The ICO has commenced criminal proceedings against eight individuals over the alleged unlawful accessing and obtaining of people’s personal information from vehicle repair garages to generate potential leads for personal injury claims. The alleged activity took place across the UK between 1 December 2014 and 30 November 2017. The defendants are alleged to have conspired together to access and obtain the personal data of hundreds of thousands of individuals without the consent of the companies concerned. The defendants will now face prosecution for conspiring to commit an offence under section 1 of the Computer Misuse Act 1990, relating to the alleged unlawful accessing of personal data held on computers, and conspiring to commit an offence under section 55 of the Data Protection Act 1998, relating to the alleged unlawful obtaining of personal data. This prosecution follows a complex and wide-ranging criminal investigation by the ICO. The first hearing will take place at Manchester and Salford Magistrates Court on 27 October 2022.

Territorial issues considered in software IP infringement claim

The court has considered the case of IBM United Kingdom Ltd v LZLABS GmbH and others [2022] EWHC 2094 (TCC). IBM Corp (a US company) owns certain IP used in software needed to use IBM mainframe computers It granted non-exclusive licenses for the relevant IP to IBM UK, who provided the software to its customers including to Winsopia. The arrangements between IBM UK and Winsopia were covered by a 2013 contract.  It provided for restrictions on Winsopia’s permitted use of the software, provided for English law and also contained an exclusive jurisdiction clause (for the courts of England). Winsopia’s parent company which was based in Switzerland was alleged to have breached the agreement. IBM UK sought to bring proceedings in England, and IBM Corp brought proceedings in Texas. Winsopia applied for particular declarations against IBM Corp as well as an anti-suit injunction regarding the proceedings in Texas. The court held that it had no jurisdiction to grant the declarations or injunctions which meant Winsopia had to deal with proceedings in both England and Texas,

EU law

European Commission calls for views about ecodesign and ecolabelling of mobile phones and tablets

The European Commission has called for views about two draft regulations on energy labelling and ecodesign requirements for smartphones and tablets. The call for views follows consultations about the energy labelling and ecodesign requirements for these devices. The draft regulation on ecodesign aims to ensure that mobile phones and tablets are designed to be energy efficient and durable; consumers can easily repair, upgrade and maintain them; and the devices can be reused and recycled. The draft delegated regulation on energy labelling introduces labelling requirements that aim to support ecodesign by providing consumers with better information regarding product sustainability. The call for views ends on 28 September 2022 and the Commission plans to adopt the regulations later this year.

International law

Australia joins the Global Cross-Border Privacy Rules Forum

Australia has joined the Global Cross-Border Privacy Rules (Global CBPR) Forum, a multilateral initiative which aims to better facilitate the flow of data across borders. The Global CBPR Forum will establish a certification system to help companies demonstrate compliance with internationally recognised data privacy standards. The Australian government statement says that it encourages interoperability and cooperation between economies to help bridge differences in data protection and privacy frameworks. It also supports the development of an open and reliable digital trade environment, that strengthens consumer and business trust in digital transactions, and promotes global trade by facilitating the secure flow of data.