This week’s Techlaw News Round-Up

December 6, 2019

Update on proposed E-privacy Regulation

The Transport, Telecommunications and Energy Council of the EU recently discussed the draft E-Privacy Regulation. The draft regulation is subject to concerns about issues such as the role of the European Data Protection Board, preventing child abuse imagery, protecting terminal equipment information, data retention and interaction with new technologies. These concerns have not been resolved, and as a result, the draft text did not receive support among EU member states to come to a general approach. Press reports suggest that the European Commission will present a revised proposal on the draft during the first six months of 2020. As a result, it is unlikely that the draft regulation will be agreed in early 2020 as had been hoped, or that it will be adopted before the UK leaves the EU.

World’s first ISO approved drone safety standards announced by ISO

The world’s first ISO approved drone standards have been announced by the International Organisation for Standardisation following a 12-month period of consultation. The standards relate to safety and quality for unmanned aircraft systems (UAS) and provide a new framework of approved regulatory compliance. The new standards include protocols on quality, safety, security and overall ‘etiquette’ for the operation of commercial air drones, which will help shape future regulation and legislation. It is the first in a series of emerging standards for air drones, with others due to address general specifications, product manufacture and maintenance, unmanned traffic management and testing procedures. The ‘etiquette’ for drone use aims to reinforce compliance towards no-fly zones, local regulation, flight log protocols, maintenance, training and flight planning documentation. Social responsibility is also at the heart of the standards, which strengthen the responsible use of a technology that aims to improve and not disrupt everyday life. The standards also seek to address public concerns surrounding privacy and data protection, requiring operators to have appropriate systems to handle data alongside communications and control planning when flying. The hardware and software of all related operating equipment must also be kept up to date. The fail-safe of human intervention is required for all drone flights, including autonomous operations, with the aim of ensuring that drone operators are held accountable.  

Council of the European Union adopts conclusions on 5G networks

The Council of the European Union has published its conclusions on the significance of 5G to the European economy, as well as the need to mitigate security risks connected with 5G. The Council acknowledges the requirement to meet the objectives of the 5G action plan adopted by the European Commission in 2016. It also stresses the need to secure the swift demand-based roll-out of 5G networks as they are a key asset for European competitiveness. The Council emphasises the importance of safeguarding the security and resilience of electronic communications networks and services, in particular 5G, following a risk-based approach. It also highlighted the importance of a coordinated approach as well as reviewing risks in respect of interdependencies between 5G networks and other public and private services. The Council supports the current work of the European Union Agency for Cybersecurity. It also calls upon member states and the European Commission to take steps necessary to ensure the security and integrity of electronic communication networks.

ENISA plans cybersecurity certification scheme

The European Union Agency for Cybersecurity (ENISA) plans a candidate cybersecurity certification scheme for cloud services. Under article 48(2) of the EU Cybersecurity Act, the European Commission has requested ENISA to prepare a cybersecurity certification candidate scheme for cloud services, taking into account existing and relevant schemes and standards. It says that a single European cloud certification is critical for enabling the free flow of non-personal data, which allows for the unrestricted movement of data across borders and information systems within the EU. A call for expressions of interest for an ad-hoc working group for cloud cybersecurity certification will be launched in due course.

European Commission publishes review of mobile roaming market

The European Commission has published its review of the roaming market, showing that travellers across the EU have benefited from the end of roaming charges in June 2017. The use of mobile data while travelling in the EU has increased tenfold, with a peak of 12 times higher use of mobile data abroad during the holiday period. The use of roaming data within the EU and European Economic Area (EEA) peaked in the holiday period of summer 2018 (third quarter) with 12 times higher use of mobile data abroad compared with before all retail roaming costs were scrapped. Over the same period, the volume of phone calls made while roaming was almost three times higher. At wholesale level, the reduction in price caps has contributed to a further reduction in wholesale roaming prices, which in turn makes end of roaming charges sustainable for almost all roaming providers. The report concludes that the competition dynamics in the roaming market are not likely to change in the near future, which means that the current retail and wholesale regulation is still necessary. The current rules for roaming should continue to apply in the coming years.

Nine more countries join initiative to explore quantum communication for Europe

Nine EU states have agreed to work with ten other EU countries towards the development of a quantum communication infrastructure (QCI) across Europe. They have signed the declaration of cooperation which launched in June 2019. Its signatories will explore together, with the European Commission and with the support of the European Space Agency, the development and deployment within the next ten years of a European QCI. It would ultimately link sensitive public and private communication assets all over the EU, using quantum technologies to ensure the secure transmission and storage of important information. The QCI would be made up of two elements: one based on earth, making use of existing fibre communication networks linking strategic sites throughout the EU, and the other based in space, to enable coverage of long distances across the EU and other continents. The plan is for the signatory countries to complete their preliminary work by the end of 2020. OPENQKD, a pilot project funded by the European Commission and set to run for three years, is already underway. Its goal is to develop an experimental testbed using Quantum Key Distribution (QKD), an extremely secure form of encryption that has the potential to keep telecommunications, health care, electricity supplies and government services safe from cyber-attacks. Once the QCI is operational in Europe, QKD would be the first service to make use of it.

FMSB publishes speech on AI

The Fixed Income, Currencies and Commodities Markets Standards Board has published a speech by its chair, Mark Yallop, on artificial intelligence and conduct in wholesale markets. The speech considered the extent to which AI is being used in wholesale markets, the implications if it is, or might become, widespread, and how regulatory and other kinds of control may be needed. In the wholesale arena, machine learning is most commonly used in second-line functions such as anti-money laundering, fraud detection and credit risk management. Some firms are also deploying machine learning in first-line activities such as trade pricing and execution. The data warehouses created to hold the data needed for AI will be vulnerable to cyber threats; and the consequences of a successful cyber-attack may be far greater than considered so far. The speech considers new risks such as model drift, bias, market concentration and correlation, and resources.

Other news this week on scl.org