UK law
Gambling Commission issues industry warning notice about licensed software appearing on illegal market
The Gambling Commission has issued an industry warning notice about licensed software appearing on illegal markets. The Commission said that it knows about casino games supplied by licensed operators appearing on unlicensed websites available to consumers in Grean Britain illegally. These markets are unregulated, and do not provide the same safeguards that are required of operators. They often target vulnerable customers. In addition, the websites may have inadequate social responsibility and Anti-Money Laundering (AML) controls in place and leave customers open to risks of fraud, data privacy issues and unfair practices. The Commission has found that, in some instances, third party resellers are distributing games supplied by operators to the illegal market, often in breach of their contractual obligations. Commission licensees may have been negligent in allowing them to do so and in the process, place their own licence at risk. The Commission advises operators to actively monitor their business relationships to ensure any partners are not participating in offering illegal gambling facilities to the GB market, and where identified, terminating relationships where non-compliance has occurred. It also wants licensees to actively engage with the Commission where such activity is identified, setting out the preventative measures adopted to ensure such activity ceases immediately. Actively notifying the Commission and setting out a clear plan to mitigate the issue at pace is a minimum requirement. The Commission is adopting a proactive approach to this matter and may decide at any point to conduct test purchasing activity to evidence potential breaches.
Evaluation Task Force publishes new guidance on evaluating the impact of AI impact
The Evaluation Task Force has published a new annex to the Magenta Book. This provides guidance on best practices for evaluating the impact of AI tools and technologies. The guidance has been co-produced with the Department for Transport and Frontier Economics and focuses on impact evaluation design and methodology, including using randomised control trials for testing new AI products. As well as this, it contains case studies to illustrate high-quality approaches to evaluating the impact of various AI tools.
Data Protection (Charges and Information) (Amendment) Regulations 2025 made
The Data Protection (Charges and Information) (Amendment) Regulations 2025 SI 2025/63 have been made. They amend regulation 3(1) of the Data Protection (Charges and Information) Regulations 2018, by increasing the annual charges payable to the ICO. The changes raise Tier 1 (micro-organisations) fees from £40 to £52, Tier 2 (small and medium organisations) from £60 to £78, and Tier 3 (large organisations) from £2,900 to £3,763. The Regulations include transitional provisions ensuring the new charges do not apply to ongoing charge periods where data controllers have already paid their fees, provided the charge period began between 18 February 2024 and immediately before the Regulations come into force.
Ofcom issues Annual Report on Notices to deal with terrorism content and/or CSEA content
Ofcom has issued its first annual report on notices to deal with terrorism content and/or child sexual abuse and exploitation (CSEA) content. Under 128 of the Online Safety Act 2023, it has sent the report to the Secretary of State and the report was presented to the UK parliament on 23 January 2025. The Act gives Ofcom the power to issue a “Technology Notice” requiring a provider of a Part 3 service to deal with terrorism and/or CSEA content when Ofcom considers it necessary and proportionate to do so. The report explains how Ofcom has laid the groundwork for the use of its Technology Notice functions, which has led to it consulting about proposals for its advice to the Secretary of State on minimum standards of accuracy for accredited technology and about the providers of Part 3 services on how it proposes to exercise its Technology Notice functions. Currently, this part of the regime is not active, and the Secretary of State cannot approve or publish any minimum standards of accuracy until they have received advice from Ofcom.
EU law
European consumer groups criticise Meta’s latest pay-or-consent policy
The European Consumer Organisation (BEUC) has written to relevant EU enforcement authorities to share its concerns that Meta’s latest pay-or-consent policy in the EU may be infringing consumer and data protection law as well as the Digital Markets Act. At the end of 2024, Meta rolled out a second version of its pay-or-consent policy. In November 2023, Meta’s original pay-or-consent mechanism required Facebook and Instagram users to either consent to the processing of their personal data for advertising purposes by the company or pay a fee so that they would not be shown advertisements based on their personal data. According to BEUC, the new version of Meta’s pay-or-consent policy fails to address the fundamental problems consumer groups identified in its initial approach. BEUC and its members consider that Meta’s newest pay-or-consent policy breaches EU law on numerous counts, including: using misleading practices and unclear terms and confusing interface design to steer users towards Meta’s preferred option; not giving to users the possibility to consent fully freely to their data being processed, while Meta does not minimise the data it collects from users; and Meta degrades the service to users who do not consent to the use of their personal data.
