UK law
Online Safety Act 2023 (Priority Offences) (Amendment) Regulations 2024 made
The Online Safety Act 2023 (Priority Offences) (Amendment) Regulations 2024 (SI 2024/1188) have been made. They make amendments to the priority offences set out in Schedule 7 to the Online Safety Act 2023 and come into force on 10 December 2024. Criminal offences listed in Schedule 7 to the Act are made “priority offences” by section 59 of the Act. Part 3 of the Act imposes duties on providers of certain internet services in relation to priority offences and content which amounts to these offences. The Act repealed the offence under section 33 of the Criminal Justice and Courts Act 2015 (disclosing private sexual photographs and films with intent to cause distress) and replaced it with new offences under section 66B of the Sexual Offences Act 2003 (sharing or threatening to share intimate photograph or film). The Regulations remove the repealed offence from Schedule 7 to the Act and add the new offences to that Schedule. The Secretary of State considers it appropriate to add these offences to Schedule 7 because of the prevalence of content on regulated user-to-user services or regulated search services that amounts to the new offences, the risk of harm to individuals in the UK presented by such content and the severity of that harm.
DSIT publishes Model for Responsible Innovation
The Department of Science, Innovation and Technology has published a Model for Responsible Innovation. The Model was created by DSIT’s Responsible Technology Adoption Unit to help teams across the public sector and beyond to innovate responsibly with data and AI. The Model sets out a vision for what responsible innovation in AI looks like, and the component Fundamentals and Conditions required to build trustworthy AI; and it operates as a practical tool that public sector teams can use to rapidly identify the potential risks associated with the development and deployment of AI, and understand how to mitigate them. The Responsible Tech Adoption Unit uses the model to run red-teaming workshops with teams seeking to innovate with data-driven tech. These collaborative sessions map data and AI projects against the model to rapidly identify where risks might arise and prioritise actions to ensure their approach is trustworthy.
CMA clears Alphabet/Anthropic merger
The CMA has decided that Alphabet’s partnership with Anthropic does not qualify for investigation under the merger provisions of the Enterprise Act 2002. It has published a summary of its decision and will publish a full version soon. The CMA does not believe that Google has acquired material influence over Anthropic as a result of the partnership. In any event, the CMA found that the UK turnover test was not met, as Anthropic’s UK turnover does not exceed £70 million in the UK.
Lords Committee calls for evidence on Property (Digital Assets etc) Bill
The House of Lords has established a Special Public Bill Committee to consider the Property (Digital Assets etc) Bill. The Bill seeks to give effect to the recommendation of the Law Commission of England and Wales that there should be statutory confirmation that a thing will not be deprived of legal status as an object of personal property rights merely by reason of the fact that it is neither a thing in possession nor a thing in action. This recommendation responds to the development of new types of assets such as crypto-tokens which challenge the traditional categories. Reponses are sought by 20 December 2024.
FTT holds that serious but non-deliberate breach still warrants a substantial penalty
In Monetise Media Ltd v Information Commissioner [2024] UKFTT 959 (GRC), the First-Tier Tribunal considered an appeal by Monetise Media Ltd against the Information Commissioner’s decision to impose a £125,000 monetary penalty notice for a breach of the Privacy and Electronic Communications (EC Directive) Regulations 2003. The FTT substituted a lower penalty of £85,000. It said that MML had “instigated” the sending of unsolicited marketing messages by third-party affiliates, and did so negligently but not deliberately. Finally, the ICO had erred in the MPN by using too high a starting point and by giving excess weight to aggravating factors.
EU law
ENISA consults on technical guidance for cybersecurity risk management measures in Implementing Regulation to NIS 2 Directive
The draft of the technical guidance aiming to support entities in scope of Commission Implementing Regulation (EU) 2024/2690 of 17 October 2024 to implement the technical and methodological requirements of the measures referred to in Article 21(2) of Directive (EU) 2022/2555 is now available for industry consultation. The consultation ends on 9 December 2024.
