UK law

Online Safety Bill recommitted to Public Bill Committee for scrutiny

The Online Safety Bill has been recommitted to the Public Bill Committee. This pushes it one step back in the legislative process but is due to the scale of the UK government's proposed amendments, which need to be scrutinised properly. The stage is expected to conclude on 15 December 2022. Some other amendments will be tabled in the Lords.

Specialisation and Research and Development Agreements Block Exemption Orders 2022 published

The Competition Act 1998 (Specialisation Agreements Block Exemption Order 2022 (SI 2022/1272) and the Competition Act 1998 (Research & Development Agreements Block Exemption) Order 2022 (SI 2022/1271) have been made and published. The Orders enter into force on 1 January 2023.

ICO publishes direct marketing guidance and resources

The ICO has published detailed guidance and resources on direct marketing to assist organisations to comply with the law and benefit from their direct marketing activities. The ICO recognises that direct marketing plays an essential role in helping businesses grow, but also that it can cause nuisance, harm and distress to consumers. The guidance and resources aim to help businesses use direct marketing to make people aware of new products and services responsibly and legally.

Five businesses fined a total of £435,000 for making nearly half a million unlawful marketing calls

The ICO has fined five companies a total of £435,000 for making nearly half a million unlawful marketing calls to people registered with the Telephone Preference Service. The companies collectively made nearly half a million unlawful marketing calls, some of which appeared to be directed at elderly vulnerable people who had taken action to block the calls by registering with the TPS. The companies were calling people attempting to encourage them to sign up for white goods insurance, such as washing machine, kitchen appliance or boiler cover. In most instances, the callers already had or did not need the service. The ICO investigation also found, in some cases, the companies were deliberately targeting a specific demographic: including homeowners, over 60, with a landline. During the calls, there is evidence that some of the companies used apparent pressure tactics with a view to obtaining payment details from people.

Procurement Policy Note provides guidance on data protection legislation

The Crown Commercial Service has published Procurement Policy Note 03/22 - Updated Guidance on Data Protection Legislation. The note applies to all central government departments, their Executive Agencies and non-departmental public bodies. Other public bodies will also be subject to data protection legislation and may wish to apply the approaches set out in the note. The PPN updates and replaces PPN 02/12 and reflects changes to the data protection legal framework which affect government procurement.

Telecommunications Security Code of Practice published

The government has published the Telecommunications Security Code of Practice under sections 105E and 105F of the Communications Act 2003 (as amended by the Telecommunications (Security) Act 2021). The Telecommunications Security Code of Practice sets out guidance about how to comply with the Electronic Communications (Security Measures) Regulations 2022 SI 2022/933. In particular, it explains key concepts in the Regulations, and suggests technical guidance measures to help providers to demonstrate compliance with their legal obligations. The Code of Practice came into force on 1 December 2022.

Regulatory Horizons Council issues report on the regulation of AI as a medical device

The Regulatory Horizons Council is an independent expert committee that identifies the implications of technological innovation, and provides government with impartial, expert advice on the regulatory reform required to support its rapid and safe introduction. Its report makes recommendations on how the UK can encourage innovation and improve safety in the area of AI as a medical device through changes to the regulatory system.

Ofcom sets out position on the future of mobile markets and spectrum

Ofcom has set out its future approach to mobile markets and the role of spectrum in enabling mobile internet growth, following consultation. Ofcom says that any future mobile merger would be informed by the specific circumstances of that particular merger, rather than just the number of competitors. It will consider where, and when, additional spectrum may be needed and will take other competing uses into account in its future spectrum management decisions. In relation to spectrum, it has also published an update on its current position on access to the upper 6 GHz band for mobile services. It sees potential benefits for consumer benefit from either higher-power licensed mobile or from lower-power Wi-Fi of the upper 6 GHz band, but the case between the two is currently finely balanced. Based on the balance of risks and opportunities, Ofcom currently favours a "no change" outcome to the upper 6 GHz band, which it says will provide flexibility to respond to future market and industry developments. This will not prevent Ofcom from making the band available for licenced mobile use in the future. Ofcom plans to consult on proposals for the future use of the band in the UK at a later date.

New survey of UK public attitudes to artificial intelligence launched

The Alan Turing Institute and the Ada Lovelace institute are jointly conducting a new survey to understand and monitor public awareness of, and attitudes towards, AI and the data-driven technologies. It will examine the UK public's awareness and perception of AI, including the potential benefits and risks, as well as attitudes to AI governance and regulation. The survey will add insights on public attitudes to AI and data-driven technology through: a focus on specific technology use cases; a survey design that will explore why people currently think they way they do about AI; a representative sample of people who are currently offline (without internet access); and a specific focus on AI rather than data. Participants will be asked about a range of specific uses of AI, from facial recognition and medical diagnostics to driverless cars and credit scoring.

New plans to strengthen tech ties between UK and Japan

The UK and Japan have unveiled details of a new digital partnership. It aims to structure engagement between the UK and Japanese governments on a range of digital issues, including how to improve the resilience of globally significant supply chains such as semiconductors and telecommunications. The countries will develop joint research and development initiatives to share expertise. The UK and Japan will also strengthen foundations for trade and investment between their tech economies and make it easier for businesses to operate in both countries by aligning approaches to digital regulation. Improving cyber resilience is a priority for the partnership, which will see the UK and Japan promote initiatives to standardise the security of internet-connected products and apps and address the risks of digital services in supply chains. Collaboration between the ICO and Japanese regulations will be supported through the partnership.

UK government to take no further action under NSI Act 2021 on Aveva group acquisition

The government has powers under the National Security and Investment Act 2021 to scrutinise and, if necessary, intervene in qualifying acquisitions on national security grounds. The acquisition by Ascot Acquisition Holdings Limited (an indirect subsidiary of Schneider Electric SE) of Aveva Group plc was notified to the Investment Security Unit in October 2022. Following screening of the notification, the Business Secretary has decided that no further action will be taken under the Act in relation to the acquisition.

Digital Regulation Cooperation Forum issues call for input on next year's work plan

The Digital Regulation Cooperation Forum brings four UK regulators: the CMA, Ofcom, ICO and FCA together with a view to delivering a coherent approach on digital regulation. The DRCF has now issued a call for input inviting views about issues that the DCRF should take into consideration as it develops its plan of work for 2023 to 2024. The call for inputs ends on 6 January 2022.

EU law

Council of the EU adopts common position on Chips Act

The Council of the EU has adopted its position on the proposed regulation establishing a framework of measures to strengthen Europe's semiconductor ecosystem. The Chips Act addresses the current shortage of semiconductors in Europe. With the Chips Act, the EU claims to double its global market share in semiconductors from 10% to at least 20% by 2030. The general approach formalises the Council's negotiating position. It provides the Council presidency with a mandate for negotiations with the European Parliament, which will start as soon as the Parliament adopts its position.

Council of the EU adopts common position on eiD

The Council of the EU has adopted its common position on the proposed legislation on the framework for a European digital identity (eiD). The revised regulation aims to ensure universal access for people and businesses to secure any trustworthy electronic identification and authentication by means of a personal digital wallet on a mobile phone. The adoption of the general approach will allow the Council to enter negotiations with the European Parliament once the Parliament adopts its own position with a new to reaching an agreement on the proposed regulation.

Irish DPC welcomes latest successful prosecution of marketing offences

The Data Protection Commission has welcomed the outcome of the prosecution proceedings that were taken by it at Naas District Court against a publishing company. The company pleaded guilty to three charges in relation to breaches of the regulations which apply to the sending of unsolicited marketing communications without consent (Regulation 13 of Statutory Instrument 336 of 2011). The three charges related to the sending of unsolicited marketing emails to two individuals without their consent. The Court convicted the company on all three charges and it imposed three fines of €2,000, i.e. a total o €6,000. The company was given six months to pay the fines. The DPC commented that the fines reflected how seriously the court viewed the offending behaviour that was outlined in evidence. The DPC says that the court decision should serve as a reminder to all organisations that are engaged in any form of electronic marketing, such as by email, text message or cold calling, that non-compliance with the regulations may result in a criminal prosecution by the Data Protection Commission.