UK law
Court of Appeal rules that UK courts can grant declaration for interim FRAND licence
The Court of Appeal recently delivered its ruling in the case of Panasonic Holdings Corporation v Xiaomi Technology UK Limited & Ors [2024] EWCA Civ 1143. The case involved standard essential patents owned by the complainant (Panasonic) and was an appeal from the Patent Court’s decision in which the Patents Court refused an application by the defendants (Xiaomi) for a declaration that Panasonic should grant Xiaomi an interim licence. A majority of the Court of Appeal held that there was power to grant such a declaration, and in the circumstances, it would be granted.
Investigatory Powers (Amendment) Act 2024 (Commencement No 1 and Transitional Provisions) Regulations 2024 made
The Investigatory Powers (Amendment) Act 2024 (Commencement No 1 and Transitional Provisions) Regulations 2024 SI 2024/1021 have been made They brought certain provisions of the Investigatory Powers (Amendment) Act 2024 (IP(A)A 2024) into force on 14 October 2024. These Regulations also make transitional provision for communications data retention notices issued under section 87 of the Investigatory Powers Act 2016 which are now in effect
Media Act 2024 (Commencement No 2 and Transitional and Saving Provisions) Regulations 2024 made
The Media Act 2024 (Commencement No 2 and Transitional and Saving Provisions) Regulations 2024 have been made. They brought certain provisions of the Media Act 2024 into force on 17 October 2024. These are the second set of commencement regulations under the Act.
Ofcom issues update on approach to information notices under Online Safety Act 2023 Ofcom has issued an update on information notices under the Online Safety Act 2023. The Act introduces a system for categorising some regulated online services based on key characteristics, including user numbers and functionality. The providers of categorised services will be required to comply with additional duties depending on which category they fall within. Some regulated services will be designated as category 1, 2A or 2B services if they meet certain thresholds that will be set out and brought into effect via secondary legislation that will be introduced by the Secretary of State. Ofcom submitted research and advice to the Secretary of State and published the advice in March 2024, including proposed thresholds. The Secretary of State will take a decision about those thresholds, considering Ofcom’s advice. Once the secondary legislation is laid in Parliament, Ofcom will begin the process of engaging with providers that it believes may meet the thresholds by issuing draft information notices to relevant providers. Ofcom will, as a general rule, issue information notices in draft form to the stakeholder holding the relevant information to ensure that the notice is appropriately worded and targeted and sufficiently clear for the recipient to respond to within the proposed timeframe. While providers are not required to respond to draft information notices, Ofcom strongly encourages all providers who receive them to engage with Ofcom, particularly if there are any concerns or questions they might have about the draft notice. Once the secondary legislation passes in Parliament and becomes law, it will issue final information notices that providers will be required to respond to. The information provided will help Ofcom to make the necessary assessments of which services should be categorised and in which categories. It will publish the register of categorised services once it has made those assessments. As some providers may not have been subject to an information notice from Ofcom before, it is publishing this information to allow services time to prepare and to build their understanding of the information notice process under the Act as it relates to the categorisation process. Failing to comply with a final information notice can result in significant consequences. Failing to comply can include not responding by the given deadline or providing an inaccurate or incomplete response.
Ofcom renews co-regulatory arrangements for broadcast, ODPS and VSP advertising
Following consultation, Ofcom has announced the renewal of the co-regulatory arrangement that designates responsibility to the ASA system for the day-to-day regulation of broadcast, on demand programme service (ODPS), and video-sharing platform (VSP) advertising for a further period of ten years, until 31 October 2034. The ASA has day-to-day responsibility for regulating advertising on these services, with Ofcom providing a statutory backstop. The existing co-regulatory arrangements are due to expire at the end of October 2024 (ODPS and VSP) and the beginning of November 2024 (broadcast).
Court of Appeal says that malicious communications offence committed by posting relevant communication on website
In R v BLC [2024] EWCA Crim 1186, the Court of Appeal held that the offence of sending a malicious communication, under section 1 of the Malicious Communications Act 1988, would be committed by posting a relevant communication on a website and did not require a communication being sent or directed to a person.
EU law
Council of the EU adopts Cyber Resilience Act
The Council has adopted a new law on cybersecurity requirements for products with digital elements with a view to ensuring that products, such as connected home cameras, fridges, TVs, and toys, are safe before they are placed on the market (cyber resilience act). The new regulation aims to fill the gaps, clarify the links, and make the existing cybersecurity legislative framework more coherent, ensuring that products with digital components, for example “Internet of Things” (IoT) products, are made secure throughout the supply chain and throughout their lifecycle. Following its adoption, the legislative act will be signed by the presidents of the Council and of the European Parliament and published in the EU’s official journal in the coming weeks. The new regulation will enter into force twenty days later and will apply 36 months after its entry into force with some provisions to apply at an earlier stage.
European Commission adopts implementing regulation on NIS2 Directive
The Commission has adopted the first implementing rules on cybersecurity of critical entities and networks under the Directive on measures for high common level of cybersecurity across the Union (NIS2 Directive). The new rules detail cybersecurity risk management measures as well as the cases in which an incident should be considered significant and companies providing digital infrastructures and services should report it to national authorities. The implementing regulation will be published in the Official Journal in due course and enter into force 20 days thereafter.
Council of the EU adopts new designs protection legislation package
The Council of the EU has adopted the revised Directive on the legal protection of designs and the amended Regulation on community designs, with the aim of improving the protection of industrial designs in the era of digital designs and 3D printing. The two pieces of legislation will make it cheaper to register designs at the EU level, harmonise procedures between EU and national systems, and exempt from the design protection the spare parts used for repair of complex products under a new “repair clause”.
Council of the EU formally adopts Product Liability Directive
The Council of the EU has formally adopted a Directive on liability for defective products. The new Directive updates the existing strict liability regime, established through the 1985 Product Liability Directive (85/374/EEC), in line with the digital age, circular economy business models and global value chains. Among other things, it extends the definition of “product” to digital manufacturing files and software. Online platforms can also be held liable for a defective product sold on their platform.
Digital Services Act: request for information to Temu on traders selling illegal products on its market place
The European Commission has sent a request for information (RFI) to Temu under the Digital Services Act (DSA), requesting it to provide detailed information and internal documents on the mitigation measures taken against the presence and reappearance of traders selling illegal products on its online marketplace. The RFI further requires Temu to supply additional data and information on the measures adopted to mitigate the risk of dissemination of illegal products, as well as risks relating to consumer protection, public health and users’ wellbeing. Moreover, the Commission is also requesting details on the recommender systems of Temu and the risk to the protection of users’ personal data. Temu must provide the requested information by 21 October 2024.
European Commission closes market investigation into X’s online social networking service
The European Commission has found that the online social networking service of X should not be designated as a core platform service under the Digital Markets Act (DMA). Today’s decision comes after an in-depth market investigation launched on 13 May 2024 following the notification by X of its status of potential gatekeeper. Together with the notification, X also submitted rebuttal arguments, explaining why its online social networking service should not, in its view, qualify as an important gateway between businesses and consumers, even if X is deemed to meet the quantitative thresholds set out in the DMA. The Commission has concluded that X does indeed not qualify as a gatekeeper in relation to its online social networking service, given that the investigation revealed that X is not an important gateway for business users to reach end users. The Commission will continue to monitor the developments on the market with respect to this service, if any substantial changes arise.
Council of the EU adopts Platform Workers Directive
The Council of the EU has adopted new rules that aim to improve working conditions for the more than 28 million people working in digital labour platforms across the EU. The Platform Workers Directive will make the use of algorithms in human resources management more transparent, ensuring that automated systems are monitored by qualified staff and that workers have the right to contest automated decisions. It will also help correctly determine the employment status of persons working for platforms, enabling them to benefit from any labour rights they are entitled to. Member states will establish a legal presumption of employment in their legal systems that will be triggered when certain facts indicating control and direction are found. The directive will now be signed by both the Council and the European Parliament and will enter into force following publication in the EU’s Official Journal. Member states will then have two years to incorporate the Directive into their national legislation.
Irish Data Protection Commission launches inquiry into Ryanair’s customer verification process
The Data Protection Commission has opened an inquiry into Ryanair’s processing of personal data as part of the customer verification processes for customers who book Ryanair flights from third party websites or online travel agents. The DPC has received several complaints regarding Ryanair’s practice of requesting additional ID verification from customers who book travel tickets via third party websites, as opposed to booking directly on Ryanair’s website. Those verification methods may include biometric data. The inquiry will be conducted under Section 110 of the Data Protection Act 2018. The inquiry is cross-border in nature and will consider whether Ryanair has complied with its various obligations under the GDPR, including the lawfulness and transparency of the data processing.