This Week’s Techlaw News Round-Up

December 1, 2023

UK law

CMA wins appeal in Apple case

The Court of Appeal has upheld the CMA’s decision to launch a market investigation into mobile browsers and cloud gaming, overturning a pervious ruling quashing the investigation. The unanimous judgment overturned the Competition Appeal Tribunal’s previous decision. In March 2023 which upheld an appeal by Apple and suspended the CMA’s investigation pending the Court of Appeal’s judgment. However, the CMA’s market investigation remains on hold pending the determination of any application for permission to appeal to the Supreme Court. The Court of Appeal found that the CAT had erred in its interpretation of the Enterprise Act 2002 and that such an interpretation, if uncorrected, would have “serious consequences” on the CMA’s ability to promote competition and protect consumers. The Court of Appeal ruled that the CMA’s standalone power under the Enterprise Act to investigate carries with it sufficient and important public law safeguards and that “there is no overarching principle that an undertaking is entitled to be investigated once and only once”. The Court held that whilst the Enterprise Act contained protections against undue investigatory burdens, “the principal purpose of the Act is to promote competition and protect consumers” and, in its view, the CAT “lost sight of this consideration”.

Court of Appeal allows appeal in software copyright infringement case

In THJ Systems Limited and another v Daniel Sheridan and another [2023] EWCA Civ 1354, the Court of Appeal allowed a cross-appeal against a decision of the High Court dismissing a claim of infringement of copyright in software-related artistic works. The court also dismissed the appeal of lack of subsistence of copyright in the works. The Court of Appeal said that the first instance judge should not have applied the “skill and labour” test
for originality, and instead should have applied the “author’s own
intellectual creation”. Nevertheless, the judge was correct to find that the graphic works under consideration were
original. However, he had been wrong to deal with the issue of infringement, and specifically communication to the public in the UK, in his judgment. This was because the defendants had already admitted infringement pre-trial.

Explanatory notes to Online Safety Act 2023
published

The explanatory notes to the Online Safety Act 2023 have been published. They do not form part of the
Act and are not endorsed by Parliament.
However, they provide a useful explanation of what each part of the Act will mean in practice, provide background information on the development of
policy, and include information about how the Act will affect existing legislation.

CAP and BCAP issue update on use of digitally
altered images review

The Committee of Advertising Practice (CAP) and the
Broadcast Committee of Advertising Practice (BCAP) have issued an update about
their review of the
use of digitally altered images used in advertising and their potential harmful impact on body image. The statement confirms that the CAP and BCAP will, by Spring 2024, decide if the existing protections in the CAP and BCAP Codes and guidance adequately address the potential harms arising from digitally altered
body parts and proportions depicted in advertising, publish a report from a roundtable involving children and young people convened in October 2023 to help inform the discussions on the Codes, and engage with members of the advertising
industry to facilitate any wider considerations of industry initiatives intended to address potential harms arising from digitally altered body parts and proportions depicted in advertising.

Culture, Media and Sport Committee publishes
government response to inquiry on connected tech

The Culture, Media and Sport Select Committee has published the
government’s response to the first report from its inquiry “Connected tech: smart or sinister?” The government partially accepts the majority of the Committee’s conclusions and recommendations. Where it has not accepted the
conclusions and recommendations, it has outlined the existing or planned actions that are in progress to address the issues raised by the Committee.

CAA consults on proposed changes to drone
regulations

The UK Civil Aviation Authority is
consulting
on proposals designed to make drone flights safer and to make it easier for drone users to understand and comply with regulations. The proposed changes include
making regulations simpler by reducing complexity in operational requirements in the “open” category, renaming operational sub-categories to “over”, “near” and “far”, and removing what the CAA says are confusing exemptions for “toy” drones, improving drone safety and security by implementing product standards
for drones through a class-marking system, and introducing Remote-ID, geo-awareness and geo-fencing functionality for certain categories of drones. The consultation ends on 10 January 2024.

DSIT consults on super-complaints under Online
Safety Act

The Department for Science, Innovation and
Technology is consulting on the super-complaints procedure under the Online Safety Act 2023. The Act includes provisions for super-complaints to be made against decisions made by Ofcom under the Act. Super-complaints will play an essential role within the new regulatory framework established by the Act as they will allow for complaints about systemic issues to be raised with Ofcom. They will enable eligible entities to bring systemic issues that arise across services, or in exceptional circumstances on one service, to Ofcom’s
attention. The consultation ends on 11 January 2024.

Government publishes responses to consultation on
requirements for UK-related domain name registries to tackle domain name abuse

The Department for Science, Innovation and
Technology has published a summary of responses received to its consultation asking for views on its proposals for regulations defining prescribed practices and requirements, which are to be introduced following sections 19-21 of the Digital Economy Act 2010 coming into force. DSIT
will consider feedback before drafting the relevant regulations.

Public Bill Committee consults on Media Bill

The Public Bill Committee has announced that it is now
able to receive written evidence on the Media Bill. The Public Bill Committee will
scrutinise the Bill line by line. The first sitting of the Public Bill
Committee is expected to be on Tuesday 5 December and the Committee is scheduled to report by Thursday 14 December. The government has also published its response to two
reports published by the DCMS Committee on the draft Media Bill earlier this year. The Government welcomed the publication of the Culture, Media and Sport Committee’s final report on the draft Media Bill. It said that the Committee’s
work has helped to ensure that the Bill delivers the right outcomes for audiences and listeners in the face of rapid technological change.

Guidelines for secure AI system development
published by NCSC

NCSC has issued guidelines for secure AI system
development.  The document recommends guidelines for
providers of any systems that use artificial intelligence, whether those systems have been created from scratch or built on top of tools and services provided by others. Implementing these guidelines will help providers build AI systems that function as intended, are available when needed, and work without
revealing sensitive data to unauthorised parties. This document is aimed primarily at providers of AI systems who are using models hosted by an organisation or are using external application programming interfaces.

ASA launches five year strategy to help improve ad
regulation

The Advertising Standards Authority has launched a
new five-year strategy, which includes using AI to assist with regulation of advertising. It has already increasingly been using AI to identify ads which may be problematic and support its compliance work. It also carried out a pilot scheme focused on
platform and intermediary transparency and accountability. It says that it will now invest more in its preventative and proactive work than its reactive complaints casework. It intends to resolve investigations more quickly, focus on preventing irresponsible ads appearing in the first place, and deliver what
it says will be ongoing, agile and visible enforcement, including through mechanisms developed with platforms and intermediaries. To achieve this, it will continue to invest in AI, saying it hopes that it will help it to provide
more and better reporting on areas where there is high compliance in online
ads, including after its interventions.

EU law

Council of the EU adopts the Data Act for fair
access and use of data

The Council of the EU has adopted the Data Act. It places
obligations on manufacturers and service providers to allow their users, whether organisations or individuals, access and reuse the data generated by the use of their products or services. It also allows users to share that data with third parties. Following the Council’s formal adoption, the new regulation
will be published in the OJ in the coming weeks and will enter into force the twentieth day after its publication. It shall apply from 20 months from the date of its entry into force. However, Article 3, paragraph 1 (requirements for simplified access to data for new products), shall apply to connected products
and the services related to them placed on the market after 32 months from the date of entry into force of the Data Act.

Consumer groups file complaint against Meta’s ”pay-or-consent” model

Meta is currently rolling out changes to its service in the EU which require Facebook and Instagram users to either consent to the processing of their data for advertising purposes by the company or pay in order not to be shown
advertisements.  BEUC, the European
consumer law association, says that this is “an unfair choice for users, which runs afoul of EU consumer law on several counts and must be stopped.” As a result, BEUC and 19 of its members have filed a complaint with the network of consumer protection authorities, saying that Meta is engaging in unfair commercial practices in multiple ways. BEUC is also assessing whether Meta is infringing the GDPR. BEUC says that Meta is partially blocking the use of Facebook and
Instagram until users have selected one option or the other, which it says constitutes an aggressive practice under European consumer law. Through persistence and by
creating a sense of urgency, Meta pushes consumers into making a choice they might not want to take. In addition, many consumers likely think that, by opting for the paid subscription as it is presented, they get a
privacy-friendly option involving less tracking and profiling. In fact, users are likely to continue to have their personal data collected and used, but for
purposes other than ads. Meta provides misleading and incomplete information to
consumers which does not allow them to make an informed choice. Meta is
misleading them by presenting the choice as between a paying and a “free” option,
while the latter option is not “free” because consumers pay Meta through the
provision of their data, as set out in case law. Given the market power of
Meta’s Facebook and Instagram services in the EU and the very strong network
effects of social media platforms, consumers do not have a real choice because
if they quit the services, they would lose all their contacts and interactions
built over the years. The very high subscription fee for “ad-free” services is
also a deterrent for consumers, which means consumers do not have a real choice.