UK law
DSIT and NCSC seek views on draft Cyber Governance Code of Practice
The Department for Science, Innovation and Technology (DSIT) and National Cyber Security Centre (NCSC) are consulting about a new draft Cyber Governance Code of Practice aimed at improving businesses’ cyber resilience. The Code sets out the critical governance areas directors need to consider when seeking to protect their organisations. The Code is designed to be simple to use, with the relevant information all in one place. It is for organisations of all sizes. The consultation ends on 19 March 2024. The government has also published its response to its call for views on software resilience and security for businesses and organisations. It has set out a package of policy interventions that the government intends to take forward in the coming months and years. These interventions will aim to empower organisations who develop, sell and buy software to better understand their responsibilities and take action to reduce risk, thereby improving standards of software security throughout our supply chains.
Ofcom publishes report updating its approach to regulating video sharing platforms
The regulatory regime for video sharing platforms (VSPs) came into force in November 2020 and Ofcom launched its VSP Guidance for providers and Plan and Approach in October 2021. During its first year of regulation, it found that while all VSPs had some safety measures to protect users, there was room for improvement. Since then, Ofcom has taken a broader look at the way platforms set, enforce, and test their approach to user safety, including looking at VSPs’ user policies and how VSPs protect children from encountering harm. Ofcom has now published a report which summarises how it has regulated VSPs so far. It has also set out its priorities for the rest of the time the VSP regime is in force, before the Online Safety Act comes fully into force and regulates VSPs. It will prioritise making sure that: there are clear user policies in place that are easy to find and understand; terrorist videos or videos that incite hatred and/or violence are taken down quickly; child abusers are prevented from sharing and/or watching child sexual abuse videos; children are prevented from finding and viewing pornographic videos on adult platforms; children are protected from finding and viewing other age-inappropriate videos, and all users can access easy-to-use and effective tools to report content or submit complaints.
Communications and Digital Committee launches inquiry on the future of UK news
The House of Lords Communications and Digital Committee has launched an inquiry about the future of news in the UK. It is examining issues such as impartiality, trust, and the impact of tech platforms and generative AI on news media business models. The Committee will examine strategic challenges facing the sector and identify the actions to be taken until 2025 and 2030. Responses are invited until 12 February 2024.
EU law
European Commission sends requests for information to 17 Very Large Online Platforms and Search Engines under DSA
The European Commission has sent a formal request for information to 17 Very Large Online Platforms (VLOPs) and Very Large Online Search Engines (VLOSEs) designated as such on 25 April 2023 under the Digital Services Act. These VLOPs and VLOSEs are requested to provide more information on the measures they have taken to comply with the obligation to give access, without undue delay, to the data that is publicly accessible on their online interface to eligible researchers. The 17 VLOPs and VLOSEs must provide the requested information to the Commission by 8 February 2024. Based on the assessment of the replies, the Commission will determine next steps.
CJEU publishes Artificial Intelligence Strategy
The Court of Justice of the European Union has published its AI Strategy. It covers the definition and typology of AI, as well as the opportunities offered by AI. It has set out three goals, to improve the efficiency and effectiveness of the administrative and judicial processes; enhance the quality and consistency of judicial decisions and increase access to justice and transparency for EU citizens. The CJEU has also outlined its AI principles as well as risks and possible mitigation strategies.
European Commission seeks feedback on commitments offered by Apple over practices related to Apple Pay
The European Commission invites comments on commitments offered by Apple to address competition concerns over access restrictions to the technology used for contactless payments with mobile devices in stores. To address the Commission’s competition concerns, Apple has offered the following commitments. The first is to allow third-party mobile wallet and payment service providers to access and interoperate through a set of Application Programming Interfaces (APIs) with the NFC functionality on iOS devices free of charge, without having to use Apple Pay or Apple Wallet. Apple would create the necessary APIs to allow equivalent access to the NFC components in the so-called Host Card Emulation mode, a technology issued to securely store payment credentials and complete transactions using NFC, without relying on an in-device secure element. Apple will apply the commitments to all third-party mobile wallet app developers established in the EEA and all iOS users with an Apple ID registered in the EEA. Apple will not prevent the use of these apps for payments in stores outside the EEA. Apple will provide additional features and functionalities, including defaulting of preferred payment apps, access to authentication features such as FaceID and a suppression mechanism. It will apply fair, objective, transparent, and non-discriminatory eligibility criteria to grant NFC access to third-party mobile wallet app developers, who will have to conclude a ADP license agreement to have access. It will establish a dispute settlement mechanism under which Apple’s decisions denying access to NFC input will be reviewed by independent experts. The commitments offered by Apple would remain in force for ten years. Their implementation would be monitored by a monitoring trustee, who will report regularly to the Commission. The Commission invites all interested parties to submit their views on Apple’s proposed commitments within one month from the publication of a summary of the proposed commitments in the EU’s Official Journal. The full text of the commitments will be available on the Commission’s competition website.
IAB Europe releases implementation guidelines for DSA transparency
IAB Europe has announced the publication of its Implementation Guidelines for the EU’s Digital Services Act to help online platforms meet the legal requirements for user-facing information disclosures. To facilitate this process, IAB Tech Lab and the IAB Europe Taskforce have standardised data collection, compilation, and transport with new technical specifications and Implementation guidelines. The technical specification, hosted by IAB Tech Lab here, provides data formats and a mechanism for the transport of the data that are required to enable the advertising industry to implement relevant DSA transparency information. This solution should be adaptable across most relevant use cases, including programmatic and non-programmatic media buys, and for channels including desktop web, mobile (web/app), video, and CTV. Recognising the collaboration required in the advertising ecosystem, IAB Tech Lab and IAB Europe’s Taskforce have aligned the guidelines with the Transparency and Consent Framework (TCF) for user choice and control over parameters. The guidelines provide roles and responsibilities for different stakeholders, aiming for a seamless implementation process.