This Week’s Techlaw News Round-up

April 19, 2024

UK law

UK government announces new law to tackle deepfake creation

The Ministry of Justice has announced a new offence for individuals who create a sexually explicit deepfake even if there is no intent to share. Offenders will face prosecution and an unlimited fine and if the image is shared, offenders may be subject to a custodial sentence. The new offence will be introduced through an amendment to the Criminal Justice Bill, which is currently passing through the House of Lords.  This follows new offences introduced in the Online Safety Act 2023.

DRCF publishes its 2024/25 Workplan

The Digital Regulation Cooperation Forum has published its new Workplan, setting out its three-year vision which incorporates protecting and empowering people online, and unlocking digital innovation and economic growth. Key areas of focus for 2024/25 include the upcoming launch of the AI and Digital Hub pilot, activities around online safety and data protection, AI governance, as well as its plan to deep dive on emerging technologies including digital ID and deepfakes.  It has also published its annual report for 2023-2024.  The DRCF has also established the International Network for Digital Regulation Cooperation, to foster international discussions on regulatory coherence.

ASA publishes 2023 Annual Report

The Advertising Standards Authority has published its 2023 Annual Report. The Report focuses on the ASA’s AI-based ‘Active Ad Monitoring’ system that processed three million ads in 2023 and should process ten million in 2024, therefore allowing the ASA to review adverts more quickly and efficiently. In addition, the Report covers the ASA’s new strategy that it launched in 2023. It highlights how the ASA is now prioritising proactive regulatory projects, moving away from complaints-led investigations towards ASA-led monitoring and enforcement action. This has helped support the ASA’s focus on tackling ad-related societal concerns in areas such as green claims, youth vaping, body image, gambling, and prescription-only-medicines. The report also sets out the ASA’s partnership work with the CMA and FCA, as well as examining the potential harm arising from the use of digitally altered images in ads.

ICO issues call for evidence on accuracy of training data and model outputs for generative AI

The consultation sets out the ICO’s emerging thinking on generative AI development and use. For generative AI models, both developers and deployers must consider the impact that training data has on the outputs, but also how the outputs will be used. If inaccurate training data contributes to inaccurate outputs, and the outputs have consequences for individuals, then it is likely that the developer and the deployer are not complying with the accuracy principle. For example, if users wrongly rely on generative AI models to provide factually accurate information, there can be negative impacts such as reputational damage, financial harms and spread of misinformation. Data protection law’s accuracy principle is closely linked to the right of rectification, which is a right that people have under the law to ask for their data to be corrected. The analysis in this document does not cover the right to rectification, but a future call for evidence will focus on people’s information rights in the context of generative AI development and use.  The call for evidence ends on 10 May.

Ofcom publishes online safety research agenda

Ofcom has published its online safety research agenda, which sets out the areas of research that will help to inform and underpin its work.  It says that as it is an evidence-based regulator, it uses research and data to guide its activity across its various workstreams.  Following the research it has already conducted, and given the complexity of the Online Safety Act and the services it regulates, it will continue with a programme of ongoing research that will broaden its evidence base and keep it up to date. Its areas of interest for future research are arranged into four themes: understanding user activity and behaviour; understanding online risk and harm; understanding service design and characteristics; and understanding safety measures and technologies.

Ofcom publishes updated TV access services Code and guidelines

Ofcom has published a statement about amendments to the Ofcom TV access services code. It sets out the statutory requirements, and the accompanying best practice guidelines which provide recommendations on ensuring the quality and usability of access services.  The requirements also apply to on-demand services.  It has also produced guidance.

Ofcom publishes new Electronic Communications Code of practice

The Electronic Communications Code confers certain rights on providers of electronic communications networks and on providers of systems of infrastructure (designated by Ofcom as “Code Operators”) to install and maintain electronic communications apparatus on, under and over land, including on public highways, and results in considerably simplified planning procedures. If agreement cannot be reached with the owner or occupier of private land, the Code allows an Code Operator to apply to the court to impose an agreement conferring the Code right being sought or for the Code to bind the landowner or occupier. The Code also requires Ofcom to publish, amongst other things, a Code of Practice concerning agreements for access to private land under the Code. It consulted last year on changes to the 2017 Code and has now published its Statement, which includes the final version of the updated Code of Practice. It includes amendments to the 2017 Code of Practice, as well as the addition of new elements in line with updates to the Electronic Communications Code. A key new addition is the inclusion of text on the process for resolving disputes that may arise between Operators and Site Providers and specifically, best practice in relation to Alternative Dispute Resolution procedures. The text is intended to facilitate the effective resolution of disputes that arise and ensure telecommunications equipment is deployed as quickly and as smoothly as possible.

EU law

European Parliament publishes Corrigendum to EU AI Act

The European Parliament has published a Corrigendum to the EU AI Act that it adopted on 13 March 2024. It is a legal and linguistic correction to the Act, and focuses on the provisions on how the Act applies to open source software.

Commission sends request for information to TikTok regarding the launch of TikTok Lite in France and Spain

The European Commission has sent TikTok a request for information under the Digital Services Act, asking for more details on the risk assessment the provider of TikTok should have carried out before deploying the new app TikTok Lite in the EU. This concerns the potential impact of the new “Task and Reward Lite” programme on the protection of minors, as well as on the mental health of users, in particular addictive behaviour. The Commission is also requesting information about the measures Tiktok has put in place to mitigate such systemic risks. TikTok must provide the risk assessment for TikTok Lite in 24 hours and the other requested information by 26 April 2024, after which the Commission will analyse TikTok’s reply, and then assess next steps. TikTok Lite is a new app with a new functionality aimed at users aged 18+: the “Reward Program”, which allows users to earn points while performing certain “tasks” on TikTok, such as watching videos, liking content, following creators, inviting friends to join TikTok, etc. These points can be exchanged for rewards, such as Amazon vouchers, gift cards via PayPal or TikTok’s coins currency that can be spent on tipping creators. TikTok Lite was launched in France and Spain in April 2024. In February 2024, the Commission opened formal proceedings against TikTok to assess whether TikTok may have breached the DSA in areas linked to the protection of minors, advertising transparency, data access for researchers, as well as the risk management of addictive design and harmful content. The Commission is now gathering more evidence.

EDPS publishes annual report

The European Data Protection Supervisor has published its annual report. It has provided advice related to the AI Act and has also championed a number of initiatives in the field of AI, such as leading the 45th Global Privacy Assembly Resolution on Generative Artificial Intelligence Systems. It has also contributed its views about the proposed Regulation on Child Sexual Abuse Material. It also inspected the processing of personal data of the people entering the borders of the EU, carried out by Frontex in Lesbos, Greece. Looking ahead, the EDPS has invested resources in technology monitoring and innovation, by anticipating the data protection implications of certain technologies to direct their development in a privacy-orientated way, and by building and encouraging the use of IT services that put into practice the EU’s data protection principles.

Current rules on child abuse material online extended until April 2026

The European Parliament has voted in favour of prolonging an exemption to EU privacy rules facilitating the detection of child sexual abuse material online until 3 April 2026. MEPs endorsed a temporary extension of the current e-Privacy derogation that allows the voluntary detection, by internet platforms, of child sexual abuse material online. The derogation will be extended until 3 April 2026 so that an agreement on the long-term legal framework to prevent and combat child sexual abuse online can be reached. At the same time, reporting on the voluntary measures companies have taken to find child sexual abuse material will be harmonised. According to the Commission, the reporting has so far been inconsistent, making it difficult to assess the impact of the current law. The temporary derogation from EU legislation on the respect of privacy online is due to expire in August 2024. The Parliament already has a position on the proposal for permanent rules to combat and prevent child sexual abuse on the internet, but the Council has yet to agree on its negotiating mandate. Therefore, an extension is needed to prevent a legal vacuum. The provisional agreement on the derogation will now have to be formally adopted by the Council before it can become law.