UK law

UK government announces four new governmental departments

The government has announced the creation of four new governmental departments. The new departments include the Department for Energy Security and Net Zero, the Department for Science, Innovation and Technology, the Department for Business and Trade and a slimmed down Department for Culture, Media and Sport. The new Department for Science, Innovation Technology will be responsible for taking forward the Online Safety Bill as well as "delivering key legislative and regulatory reforms to drive competition and promote innovation, including the Data Protection and Digital Information Bill, the Digital Markets, Competition and Consumer Bill and [the government's] pro-innovation approach to regulating AI."

Online Safety Bill receives second reading in House of Lords

The Online Safety Bill received its second reading on 1 February 2023. Members discussed the use of age verification measures, the responsibility of social media platforms to tackle illegal content, protections for vulnerable adults online and the promotion of harmful content in social media algorithms. The Bill now moves to Lords committee stage.

Court of Appeal finds InterDigital's 4G/LTE patent valid

In InterDigital Technology Corp and others v Lenovo Group Ltd and others [2023] EWCA Civ 34, the Court of Appeal upheld the Patent Court's decision in the dispute about InterDigital's portfolio of standard-essential patents (SEPs) for 3G and 4G telecommunications. The Court of Appeal upheld the Patent Court's ruling that the patent was valid, essential and infringed and rejected Lenovo's arguments about obviousness and prejudice. The court said that there is no general rule necessitating patent specifications to set out the advantage of the invention compared with prior art. It considered the exceptions to this, focusing on the operation of the narrow "prejudice case" exception. There was a further hearing about breach of embargo of the judgment - the court said "The illegitimate disclosures which A made and authorised or caused were relatively limited in content and in terms of the number and identity of recipients. They did not include the draft judgment itself. The disclosure was made to people with a close professional interest in the outcome on express terms as to confidentiality which were adhered to. There was no public disclosure. The facts of the disclosure were investigated and disclosed to the court by the wrongdoer itself without prompting. For my part I would accept the evidence that has been filed, including A's explanation and his apology. I am confident that he has now understood the position. Further proceedings would be disproportionate to any need to uphold the court's authority."

DCMS calls for views about cyber security risks of software

The DCMS has published a call for views about the cyber security risks of software used by businesses and organisations. It wants to better understand the nature of software risks as to a whole UK organisations, and where government should focus on mitigating them. This call for views focuses on software risks across the  breadth of the software lifecycle. It ends on 1 May 2023.

Update on the ICO's change of approach to regulating communication service providers

The ICO has issued a statement saying that it is aiming to reduce data protection compliance burdens and costs for businesses by providing regulatory clarity, support and guidance, as well as focussing its resources where it can have the greatest impact. This change in approach will allow the ICO to better use resources on investigations where significant harm has been, or is likely to be, caused to individuals and where it can have the greatest impact as a proportionate regulator. The ICO will use its discretion not to take enforcement action against public electronic communications service providers under Regulation 5A of the Privacy and Electronic Communications Regulations 2003 if they fail to comply with the 24-hour notification requirement in relation to such incidents, provided that they are still notified to the ICO within 72 hours of the breach. The ICO may take enforcement action and impose a monetary penalty on a communications service provider if it fails to notify the ICO within that period. However, the ICO says that it remains committed to working with communications service providers to help them minimise the regulatory burden, including by keeping the impact of the ICO exercising its discretion in this way under review.

Ofcom launches review examining inflation-linked mid-contract prise rise clarity

Ofcom has launched a review to examine whether inflation-linked, mid-contract price rises give phone and broadband customers sufficient certainty and clarity about what they can expect to pay. It is concerned about the degree of uncertainty consumers face about future price rises specified in contracts based on inflation. Ofcom says that the unpredictability of inflation rates means it can be difficult to know, months in advance, what an inflation-linked price rise will equate to in pounds and pence when consumers enter a contract. Ofcom expects to publish the initial findings later in 2023.

IPO publishes report of rights reversion and contract adjustment

The Intellectual Property Office has published a report with research which investigates two proposals that have been made to protect the contractual interests of UK music creators by making changes to domestic copyright law. One of the proposals is to introduce a reversion right, which would provide a means by which the transfer of copyright returns to the music creator at an agreed time-period after the contract with a rights holder has been signed. The other is to introduce a contract adjustment right, which would enable music creators to address disproportionate revenues resulting from contractual terms. The report follows the inquiry into the Economics of Music Streaming by the House of Commons Digital, Culture, Media and Sport Select Committee. Following the report, the CMA investigated the sector, but decided not to make a market investigation reference. It noted that "the proposals for rights reversion, contract adjustment and equitable remuneration could have more potential to improve outcomes for artists compared to measures to increase competition, but would need to be carefully thought through to avoid possible unintended consequences".

Outcome of consultation on Online Sales Tax published

As an outcome of the Business Rates Review, on 25 February 2022 the government launched a consultation considering the case for an Online Sales Tax. The government reviewed the feedback it received from stakeholders over the consultation period and announced at the Autumn Statement 2022 its decision not to proceed with such tax. It has now published a document summarising the views shared during the consultation process that informed the government's conclusion that an OST would be complex to design and risked creating unintended distortion or unfair outcomes between different business models.

Outcome of consultation on Digital identity and attributes published

The digital identity and attributes consultation was published on 19 July 2021 as a route to seek views and feedback on the government's proposed approach to enabling the use of secure and trusted digital identity products in the UK. This response provides an overview and analysis of key findings from the consultation, based on responses received from across the spectrum of likely end users. The government has set out legislative measures they will seek to introduce when parliamentary time allows. These measures include creating a governance framework to oversee a robust accreditation and certification process by which organisations can prove their adherence to the rules of the UK digital identity and attributes trust framework; enabling a permissive legal gateway so that trusted private sector organisations can check data held by public bodies for the purpose of identity and eligibility verification; and establishing that digital identities and attributes have the same validity as physical proofs of ID, such as a passport.

ICO issues guidance on child protection for game developers

The ICO has issued guidance for game developers regarding the protection of children and data protection laws. The ICO's recommendations aim to ensure that games will conform with the Age Appropriate Design Code (known as the Children's code). They also aim to help design and gaming communities to embed data protection considerations when designing games. The recommendations are based on the ICO's experiences and findings during a series of voluntary audits of game developers, studios and publishers in the gaming industry. The recommendations are that games designers and providers: identify if players are under the age of 18 with a reasonable degree of certainty, and discourage false declaration of age; ensure that games are not detrimental to children's health and well-being, by including checkpoints and age-appropriate prompts to encourage players to take breaks from extended play or help them to disengage from extended sessions without feeling pressurised to continue playing or becoming fearful of missing out; and turn off behavioural profiling for marketing by default. If a child chooses to opt into receiving ads, game providers should implement measures to control or monitor product placement, advertising, or sponsorship arrangements including within community servers, where children can access community servers from within the game; and discourage the use of "nudge techniques" to encourage children to make poor privacy decisions, including reviewing the marketing of social media competitions and partnerships to children and encouraging children to create social media accounts due to fear of missing out on rewards.

ICO fines business £200,000 for making over 1.7 million unlawful calls

The ICO has fined It's OK Ltd £200,000 for what it called a "sustained and exploitative campaign" of nuisance calls. It's OK Ltd made 1,752,149 nuisance calls over the period of 1 July 2019 to 1 June 2020 to people registered with the Telephone Preference Service, representing an average of over three calls every minute. SCL readers will be aware that it is a breach of the Privacy and Electronic Communications Regulations 2003 to make a live marketing call to anyone who is registered with the TPS, unless they have told the specific organisation that they do not object to receiving calls from them. Some complaints received by the ICO suggested that It's OK would attempt to mislead individuals that their white good warranties had expired and encourage them to pay for services they may not have needed. The ICO's investigation also found evidence to suggest that It's OK Ltd were potentially targeting elderly individuals.

FCA announces action taken against unregistered crypto ATM operators in Leeds

The Financial Conduct Authority has investigated several sites around Leeds which it suspected of hosting illegally operated crypto ATMs. The FCA is working with law enforcement partners to disrupt and disable illegal Crypto ATMs. The FCA will review evidence that it has collected and then consider if further potential enforcement action is warranted.

EU law

European Commission issues guidance on EU DSA's obligation to publish user numbers

Practical questions have been raised on the provisions of the Digital Services Act concerning the obligation to publish information on the number of users. The European Commission has therefore issued guidance aiming to answer those questions. The guidance will be kept under review.

European Parliament approves decision to negotiate improved working conditions

The European Parliament has approved the decision to start negotiations on new measures to improve conditions for workers on digital labour platforms. The new rules would regulate how to correctly determine the employment status of platform workers and how digital labour platforms should use algorithms and artificial intelligence to monitor and evaluate workers.

Industry, Research and Energy Committee back Data Act

The Data Act aims to boost innovation by removing barriers obstructing consumers and businesses' access to data. The draft legislation, adopted on Thursday in the Industry, Research and Energy Committee, would contribute to the development of new services, in particular in the sector of artificial intelligence where huge amounts of data are needed for algorithm training. It can also lead to better prices for after-sales services and repairs of connected devices. MEPs adopted measures to allow users to gain access to the data they generate, as 80% of industrial data is never used, according to the European Commission. They also want to ensure contractual agreements are at the centre of business-to-business relations. Companies could decide what data can be shared, and the manufacturer choose not to make certain data available by design. When companies draft their data-sharing contracts, the law will rebalance the negotiation power in favour of SMEs, by shielding them from unfair contractual terms imposed by companies that are in a significantly stronger bargaining position. The draft law also defines how public sector bodies can access and use data held by the private sector that is necessary in exceptional circumstances or emergencies, such as floods and wildfires. MEPs considered provisions to protect trade secrets and avoid a situation where increased access to data is used by competitors to retro-engineer services or devices. They also amended the draft to set stricter conditions on business-to-government data requests. Finally, the proposed Act would facilitate switching between providers of cloud services, and other data processing services, and introduce safeguards against unlawful international data transfer by cloud service providers. It will put to a vote by the full House during the 13-16 March plenary session.

MEPs back plans for an EU-wide digital wallet

The Industry, Research and Energy Committee has adopted its position on the proposed update of the European digital identity framework. The new eID would allow citizens to identify and authenticate themselves online (via a European digital identity wallet) without having to resort to commercial providers, as is the case today - which raises trust, security and privacy concerns. It would also give users full control of their data and let them decide what information to share and with whom. In their amendments, MEPs propose to make the European Digital Identity Wallet a tool that can also read and verify electronic documents, and allow for peer-to-peer interactions. They also propose measures to strengthen privacy and documents, and allow for peer-to-peer interactions. They also propose measures to strengthen privacy and cybersecurity as well as to register all transactions to ensure third parties are held accountable. Using the EU wallet will always be voluntary. MEPs also want to ensure that citizens who choose not to adopt it are not treated different to those who do. The scheme would require each member state to notify at least one "Wallet" under a national eID scheme to make them interoperable at EU level. The draft legislation includes provisions to securely request, obtain, store, combine and use personal identification data and electronic certificates, that can be used to authenticate online and offline and to access goods and public and private services.

European Commission reports launch of Transparency Centre

The signatory organisations of the 2022 Code of Practice on Disinformation have launched the Transparency Centre and published baseline reports on how they turn the commitments from the Code into practice. The new Transparency Centre aims to ensure visibility and accountability of signatories' efforts to fight disinformation and the implementation of commitments taken under the Code by having a single repository where interested parties can access and download online information. The baseline reports are providing insight and extensive initial data such as: how much advertising revenue flowing to disinformation actors was prevented; number of value of political ads accepted and labelled or rejected; instances of manipulative behaviours detected (such as creation and use of fake accounts); and information about the impact of fact-checking.

European Commission announces launch of European Blockchain Regulatory Sandbox

Th European Commission has launched a regulatory sandbox for innovative use cases involving Distributed Ledger Technologies. The sandbox establishes a pan-European framework for regulatory dialogues to increase legal certainty for innovative blockchain solutions. It is running from 2023 to 2026 and will annually support 20 projects including public sector use cases on the European Blockchain Services Infrastructure. Projects will be chosen through calls for expression of interest. Every year, the most innovative regulator participating in the sandbox will also be awarded a prize.