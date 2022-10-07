Telecoms security provisions in force as of 1 October 2022, Economic Crime and Corporate Transparency Bill introduced to parliament, and more in this week’s round-up of UK and EU techlaw news developments not covered elsewhere on the SCL website.

UK law

Telecoms security provisions in force as of 1 October 2022

The Electronic Communications (Security Measures) Regulations 2022 came into force on 1 October 2022. The Regulations require the providers of public electronic communications networks or public electronic communications services to take specified security measures. Regulations 5(3) and 8(6) refer to the countries listed in the Schedule. Regulation 5(3) requires a network provider or service provider to ensure that certain tools that enable monitoring or analysis cannot be accessed from a listed country and are not stored on equipment located in a listed country. Regulation 8(6) requires a network provider or service provider to ensure that a security permission cannot be granted to, or exercised by, a person while the person is in a listed country. Regulation 16 contains an exemption for cases where the network provider or service provider is a micro-entity as defined in that section. The Regulations supplement the general duties imposed on all providers of public electronic communications networks and public electronic communications services by sections 105A and 105C of the Communications Act 2003. Ofcom will regulate compliance with the Regulations and the Telecoms Security Act 2021.

Economic Crime and Corporate Transparency Bill introduced to parliament

The Economic Crime and Corporate Transparency Bill has been introduced to parliament. Among other things, it provides for powers for law enforcers to seize and recover suspected criminal cryptoassets which are the proceeds of crime or associated with illicit activity such as money laundering, fraud and ransomware attacks. The Bill will: principally amend both criminal confiscation powers in Parts 2, 3 and 4 of the Proceeds of Crime Act 2002 (POCA) and civil recovery powers in Part 5 of POCA to enable enforcement agencies to more effectively tackle criminal use of cryptoassets. It is due to receive its second reading on 13 October 2022.

Ofcom opens investigation into VSP provider’s failure to respond to information request

Ofcom is investigating Tapnet Ltd, which provides the video-sharing platform (VSP) RevealMe, after it did not respond to a statutory request for information. Ofcom regulates UK-based VSPs with the aim of ensuring that they have appropriate measures in place to protect users from certain types of harmful material in videos. Earlier this year, Ofcom issued a number of information requests to VSPs to help it understand and monitor the safety measures VSPs have in place and to inform its forthcoming VSP report. VSPs are required by law to comply with a statutory demand for information from Ofcom. As of 29 September 2022, Tapnet had not provided a response to the information request, and is now subject to a formal investigation. Ofcom will provide updates as its investigation progresses.

ICO fines four firms targeting people with home improvement predatory marketing calls

The ICO has fined four companies a total of £370,000 for making over 820,000 home improvement predatory marketing calls to people registered with the Telephone Preference Service. The ICO started its investigation into predatory marketing calls generated by the sector in 2020, after vouchers of up to £5,000 were offered to home-owners to improve energy efficiency. As the ICO had previously seen with “green scheme” and other initiatives, complaints soon came in from people who had been called regarding loft, window and wall insulation. All complainants were registered with the TPS, and many were vulnerable or elderly, with some having ongoing health conditions. The ICO investigation found the companies were deliberately or negligently flouting electronic marketing laws to make a profit. Some of the companies also used different trading names.

ICO consults on Children's code evaluation

Following the first anniversary of the Children’s code’s implementation, the ICO is evaluating the Code’s impact. The consultation is to gather the views of stakeholders and the public. These views will inform an upcoming report evaluating the impact of the Children’s code. The consultation ends on 11 November 2022.

ICO publishes guidance on research provisions in the UK GDPR and the DPA 2018

The ICO has published guidance on the research provisions in the UK GDPR and the DPA 2018. It is aimed at DPOs and those with specific data protection responsibilities in organisations undertaking research, archiving or processing for statistical purposes. It provides guidance on how these provisions work and sets out the ICO’s understanding of the provisions’ key terms. It explains how the provisions relate to the data protection principles and grounds for processing. It also details the exemptions set out in the provisions. It summarises the key points you need to know and answers frequently asked questions.

ICO publishes report on sandbox participation by CDD Services Ltd

The ICO has published a report about the participation by CDD Services Ltd in its regulatory sandbox. The sandbox supports organisations who are developing products or services that use personal data in innovative and safe ways and where such products or services deliver a potential public benefit. CDD is a private limited company that provides digital compliance solutions to organisations. It entered the sandbox to explore specific data protection related matters regarding their SafeGuarden platform. CDD intended to pilot SafeGuarden in the Hull4Heroes “Veterans Village” which provides transitional housing, employment, training and support for ex-service people and their families. In brief, SafeGuarden would allow people to prove their identity and grant permission to share their personal data with different parties or organisations to access their services. CDD’s participation in the Sandbox has allowed the ICO to further consider the issues that can arise in the context of complex data sharing activities involving several parties. The ICO’s work with CDD has also highlighted the importance and usefulness for organisations in identifying a specific use case to consider and mitigate data protection risks fully before live processing of personal data commences.

UK-US Data Access Agreement comes into force

The US Department of Justice has confirmed that the agreement between the UK and USA on Access to Electronic Data for the Purpose of Countering Serious Crime (Data Access Agreement) came into force on 3 October 2022. It will enable both the US and the UK’s investigators to gain better access to data necessary to combat serious crime, such as terrorism, transnational organised crime, and child exploitation. It says this will be consistent with privacy and civil liberties standards, as it allows service providers in each country to respond to qualifying and lawful orders for electronic data without breaching restrictions on cross-border disclosures.

ICO publishes guidance on direct marketing using live calls

The ICO has published guidance about direct marketing using live calls. The Privacy and Electronic Communications Regulations 2003 (as amended) (PECR) cover live telephone calls made for direct marketing purposes. A live call is a telephone call where a live person is speaking to the person they are calling. Direct marketing is “the communication (by whatever means) of advertising or marketing material which is directed to particular individuals”. There are stricter rules for direct marketing calls about claims management services and pension schemes. The guidance points out that live marketing calls may also be affected by the rules and standards of other regulators. For example, the Financial Conduct Authority (FCA) has rules banning certain types of cold-calling.

CMA says that satellite communication deal raises competition concerns

The CMA has found Viasat’s merger with Inmarsat could lead to airlines facing higher prices for on-board wifi. Viasat and Inmarsat are two of the largest satellite communications companies in the world, supplying businesses globally with mobile connectivity that enables services such as internet, email, and video calling. The 2 businesses agreed to merge in a $7.3 billion deal announced in November 2021. Viasat and Inmarsat are 2 of the largest satellite communications companies in the world, supplying businesses globally with mobile connectivity that enables services such as internet, email, and video calling. The 2 businesses agreed to merge in a $7.3 billion deal announced in November 2021. The firms now have 5 working days to submit proposals to address the CMAs competition concerns. The CMA then has a further 5 working days to consider whether to accept any offer instead of referring the case for an in-depth Phase 2 investigation.

EU law

Council of the EU approves Digital Services Act

The Council of the EU has approved the Digital Services Act. The DSA defines clear responsibilities and accountability for providers of intermediary services, such as social media, online marketplaces, very large online platforms (VLOPs) and very large online search engines (VLOSEs). The rules are designed asymmetrically, which means that larger intermediary services with significant societal impact (VLOPs and VLOSEs) are subject to stricter rules. Following the Council’s approval of the European Parliament's position, the legislative act was adopted. After being signed by the President of the European Parliament and the President of the Council, it will be published in the Official Journal of the European Union and will start to apply fifteen months after its entry into force.

MEPs call for using blockchain to fight tax evasion and an end to crypto asset non-taxation

MEPs have adopted a resolution calling for a better use of blockchain to fight tax evasion and for member states to coordinate more on the taxing of crypto assets. It sets out a framework through which both goals of using blockchain in taxation and uniformly taxing crypto assets can be achieved. The resolution says that crypto assets must be subject to fair, transparent and effective taxation. However, it also invites authorities to consider a simplified tax treatment for occasional or small traders and small transactions. The resolution says that national administrations must use all available instruments to facilitate efficient tax collection, and it identifies blockchain as one of these instruments. According to the resolution, Blockchain’s unique features could offer a new way to automate tax collection, limit corruption and better identify ownership of tangible and intangible assets allowing for better taxing mobile taxpayers.

European parliament agrees common charger rules

Following the European Parliament’s approval, EU consumers will soon be able to use a single charging solution for their electronic devices. By the end of 2024, all mobile phones, tablets and cameras sold in the EU will have to be equipped with a USB Type-C charging port. From spring 2026, the obligation will extend to laptops. Council will have to formally approve the Directive before it is published in the EU Official Journal. It will enter into force 20 days after publication. Member states will then have 12 months to transpose the rules and 12 months after the transposition period ends to apply them. The new rules will not apply to products placed on the market before the date on which the Directive takes effect.