UK
UK government tables amendment to Data (Use and Access) Bill to deal with deepfakes
The UK government has tabled an amendment to the Data (Use and Access Bill) to deal with deepfakes. The Data (Use and Access) Bill is currently before Parliament. The government’s amendment will criminalise intentionally creating a sexually explicit deepfake without consent, and either with intent to cause alarm, humiliation, or distress, or for the purpose of sexual gratification and without reasonable belief in consent. It is already an offence to share or threaten to share intimate images, including deepfakes, under the Sexual Offences Act 2003, following amendments that were made by the Online Safety Act 2023. The new offences to create new offences for the taking of intimate images without consent and the installation of equipment with intent to commit these offences will be included in the upcoming Crime and Policing Bill, which will be introduced when parliamentary time allows
ICO issues fine of £200,000 for instigating unlawful loan promotion nuisance texts
The Information Commissioner has fined West Sussex-based company ESL Consultancy Services Ltd (ESL) £200,000 for knowingly instigating unlawful loan promotion nuisance text messages being sent to people who had not consented to receive them. ESL came to the ICO’s attention through a separate investigation into an affiliate marketer and lead generator. The ICO found that between September 2022 and December 2023, ESL used a third party to send marketing text messages without ensuring valid consent was in place to send the messages. ESL also took steps to try and conceal the identity of the sender of the messages by using unregistered SIM cards. As a result, the ICO received 37,977 complaints. ESL has also been issued with an enforcement notice.
Ofcom launches digital safety toolkit for online services
Ofcom has launched a digital toolkit to help businesses comply with new online safety rules. It is a step-by-step guide online services can follow to help them complete an assessment of the risks of illegal content on their platforms. It will also help them to comply with additional safety, record-keeping and review duties. The tool is for providers of services that allow users to generate, share and upload content (user-to-user services) and search services. It has been designed with small and medium-sized businesses in mind but could be useful to any organisation that falls under the Online Safety Act. It is divided in to four steps based on Ofcom’s risk assessment guidance. Progressing through the tool will help services to complete an illegal harms risk assessment and make the required records.
Ofcom modifies General Conditions C2.11 and C2.12
On 25 October 2024 Ofcom published its statement on the future regulation of premium rate services (PRS) which sets out its decision to transfer the regulatory functions of the Phone-paid Services Authority (PSA) to Ofcom. On 1 February 2025, Ofcom will assume day-to-day responsibility as regulator and enforcer of PRS regulation. As set out in the statement, on 1 February 2025 the PSA’s Code of Practice (Code 15) which currently regulates the PRS market will be replaced by a new set of requirements on providers of PRS contained in an order (the PRS Order). The current General Conditions of Entitlement (the GCs) contain several references to the PSA and its Code of Practice that will no longer be appropriate after the 1 February 2025 once the PSA ceases to be the regulator for PRS. Ofcom has now confirmed that it will modify the GCs to remove reference to the PSA and its Code of Practice so that the GCs are aligned with the future regulatory framework for PRS.
High Court holds that bitcoin not contained on lost hard drive
In Howells v Newport City Council [2025] EWHC 22 (Ch), the High Court ruled that a hard drive containing the private key to access Bitcoin did not constitute the Bitcoin itself. Neither did it constitute the right to access it. The court considered the rights associated with a hard drive holding a private key for Bitcoin access. This arose in a widely reported case when H accidentally discarded a hard drive at a council rubbish dump and it was buried in a landfill site. H sought the return of the hard drive, permission to try to recover it, or the value of the Bitcoin accessible via the hard drive. He estimated the value to be over £600 million. The council accepted that it did not own the Bitcoin but claimed ownership of the hard drive found in the landfill. It said that it would not excavate or allow excavation of the landfill for health and safety reasons (and no doubt, cost). The High Court considered the Law Commission’s recent report about digital assets. The court said that cryptocurrency like Bitcoin is now often considered a “third category” of property, distinct from physical possessions and actionable claims. However, the court ruled that Bitcoin could not be physically present on the hard drive, as Bitcoin is intangible and is not situated on a physical object. It said that the hard drive might contain a digital record of the private key (used to manage a cryptocurrency account). This was like writing the private key on a piece of paper and then throwing it away. If the claimant had another record of the private key, he could use it to access the Bitcoin. The private key was confidential information, and unauthorised use of it to access the claimant’s cryptocurrency account would be illegal. The High Court dismissed H’s claims that the council was infringing the claimant’s personal and property rights regarding the hard drive. It said that under the Control of Pollution Act 1974, the hard drive belonged to the council because it had been left at the dump.
IPO launches new patent search tool
A new online search tool for UK patents has launched with the aim of making it easier for businesses and innovators to search and access patent information, supporting UK growth and innovation. One IPO Search, developed by the Intellectual Property Office (IPO), replaces the previous Ipsum service. The new service offers enhanced features to help IP professionals and the public search for UK patents more easily. It is part of the IPO’s transformation programme which aims to deliver a suite of new digital services in the second half of 2025, including streamlined patent applications services and innovative customer account management systems.
EU
European Commission welcomes the integration of the revised Code of conduct on countering illegal hate speech online into the Digital Services Act
The Commission and the European Board for Digital Services have said that they welcome the integration of the revised “Code of conduct on countering illegal hate speech online”” into the framework of the Digital Services Act (DSA), which encourages voluntary codes of conduct to tackle risks online. The Code aims to strengthen the way online platforms deal with content that EU and national laws define as illegal hate speech. It also aims to facilitate compliance with, and the effective enforcement of, the DSA when it comes to risks of dissemination of illegal content on their services.
European Commission addresses additional investigatory measures to X in the ongoing proceedings under the Digital Services Act
The Commission has addressed three additional technical investigatory measures to X relating to its recommender system. This is under the proceedings launched in December 2023 under the DSA. First, the Commission is requesting X to provide internal documentation on its recommender systems and any recent changes made to it, by 15 February 2025. In addition, a retention order requires X to preserve internal documents and information regarding future changes to the design and functioning of its recommender algorithms, for the period between 17 January 2025 and 31 December 2025, unless the Commission concludes its investigation beforehand. Finally, the Commission issued a request for access to certain of X’s commercial APIs, technical interfaces to its content that allow direct fact-finding on content moderation and virality of accounts. These steps aim to allow the Commission services to take all relevant facts into account in the complex assessment under the DSA of systemic risks and their mitigation.
