On 7 March 2025, the Changshu People’s Court (in China’s Jiangsu province) announced that it had recently concluded a case on the topical issue of whether AI-generated works can be protected by copyright. In the case, a plaintiff surnamed Lin used the AI tool Midjourney to create an image, and then Photoshop to further refine it. The image depicted a half-heart structure floating on the water in front of a cityscape, in which the other half of the heart was ‘completed’ by its reflection in the water. The plaintiff posted the image on social media and also obtained copyright registration for the image in China. An inflatable model company and a real estate company posted images substantially similar to the plaintiff’s image on their social media accounts and the inflatable model company’s 1688 online store, and also created a real 3D installation based on the image at one of the real estate company’s projects. The court found for the plaintiff, requiring that the inflatable model company publicly apologise to the plaintiff on its Xiaohongshu (RedNote) account for three consecutive days, and that the defendants compensate the plaintiff for economic losses and reasonable expenses totalling RMB 10,000. Although both the plaintiff and the defendants had rights of appeal, neither party appealed and the decision is now effective.

In reaching its decision, the court first examined the Midjourney user agreement which stipulates that the rights in outputs prompted by users belong to the user with very few exceptions. The court then examined the iterative process by which Midjourney users can modify the prompt text and other details of the output images. On this basis, the court held that the plaintiff’s crafting of their prompt and subsequent modification of the image reflected their unique choices and arrangement, making the ultimate image an original work of fine art protected by copyright. The defendants infringed the copyright in that image by disseminating it online without the plaintiff’s permission and using it without naming the plaintiff as the author. However, the court held that the copyright enjoyed by Lin was limited to the 2D image as recorded in the copyright registration certificate (rather than the idea of the 3D half-heart art installation as depicted in the image); the construction of the physical 3D installation by the defendants based on the central idea of Lin’s work (i.e. a half-heart floating on the water, an idea used by many prior works) did not infringe Lin’s copyright.

In the court’s WeChat post, some illustrative comments were shared from Hu Yue, Deputy Director of the court’s Intellectual Property Tribunal. “The premise for AI-generated content to be recognised as a work is that it should be able to reflect the original intellectual input of a human,” Hu states. He comments that “for creators, this judgement is a ‘reassurance’. It clarifies that creators who use AI tools to create have legal copyright over their works provided that the works have innovative design and expression (…) In addition, this case lawfully determined that the use of the ideas and concepts of another person’s work does not constitute infringement, which avoids overprotection of copyrights and abuse of rights, and is conducive to guiding the people on how to further innovate on the basis of using AI.”

Our comments

Cases involving generative AI and IP issues are going through courts around the world. US cases dominate, particularly on the issue of whether use of copyright works to train an AI model constitutes copyright infringement. However, courts in China have been notable for their boldness on the issue of copyright subsistence. Decisions in 2019 and 2020 from the Shenzhen City Nanshan District People’s Court, the Beijing Internet Court and the Beijing Intellectual Property Court have all found that AI-assisted text-based works could be protected by copyright. Most importantly, the Beijing Internet Court in November 2023 issued a significant decision in which it held that the plaintiff enjoyed copyright in an image generated using the AI tool Stable Diffusion. It was critical to the decision that the plaintiff had engaged in a process of “intellectual creation” by independently designing and refining the features of the image through several rounds of input prompts and parameter adjustments, and by making artistic choices regarding the final outcome. Applying similar reasoning, this latest case from the Changshu People’s Court is the second in China granting copyright protection to AI-generated images reflecting the “original intellectual input of a human”.

The relative willingness of Chinese courts to find subsistence of copyright in AI-generated works created by user prompts can be compared with the position in the United States, in which the United States Copyright Office has refused protection for AI-generated visual artworks in at least four cases. Guidance issued by the Office in March 2023 and January 2025 reiterate that: copyright protects only materials that are the product of human creativity; copyright protection is not available for purely AI-generated content, but human contributions to AI-assisted works are protectable, with protection analyzed on a case-by-case basis; and user prompts alone are insufficient to justify copyright protection for the output. The importance attributed to human input is shared with China, however it is safe to say a global consensus on this issue has yet to emerge.

In the meantime, China is becoming a world leader in both AI innovation and regulation. China’s National Intellectual Property Administration in December 2024 issued guidelines on patent applications for AI-related inventions, providing welcome guidance to firms seeking IP protection for innovations involving or assisted by AI. This follows the National Technical Committee 260 on Cybersecurity’s September 2024 release of an AI Safety Governance Framework, outlining principles for tackling AI-related risks in accordance with a “people-centered approach” and the “principle of developing AI for good.”

Edward Chatterton is a Partner at DLA Piper where he is Global Co-Chair of Trademark, Copyright and Media Group and Co-Head of IPT, Asia

Joanne Zhang is a Registered Foreign Lawyer (New York, USA) in the Intellectual Property & Technology team based in DLA Piper’s Hong Kong office. She is dually qualified in New York, USA, and China.

Liam is a Knowledge Development Lawyer in DLA Piper’s Intellectual Property and Technology group. He is based in the APAC region and focuses on trademark, copyright, media and artificial intelligence issues across the international practice.

The post Another Chinese court finds that AI-generated images can be protected by copyright: the Changshu People’s Court and the ‘half heart’ case appeared first on Society for Computers & Law.

UK government tables amendment to Data (Use and Access) Bill to deal with deepfakes

The UK government has tabled an amendment to the Data (Use and Access Bill) to deal with deepfakes. The Data (Use and Access) Bill is currently before Parliament. The government’s amendment will criminalise intentionally creating a sexually explicit deepfake without consent, and either with intent to cause alarm, humiliation, or distress, or for the purpose of sexual gratification and without reasonable belief in consent. It is already an offence to share or threaten to share intimate images, including deepfakes, under the Sexual Offences Act 2003, following amendments that were made by the Online Safety Act 2023. The new offences to create new offences for the taking of intimate images without consent and the installation of equipment with intent to commit these offences will be included in the upcoming Crime and Policing Bill, which will be introduced when parliamentary time allows

ICO issues fine of £200,000 for instigating unlawful loan promotion nuisance texts

The Information Commissioner has fined West Sussex-based company ESL Consultancy Services Ltd (ESL) £200,000 for knowingly instigating unlawful loan promotion nuisance text messages being sent to people who had not consented to receive them. ESL came to the ICO’s attention through a separate investigation into an affiliate marketer and lead generator. The ICO found that between September 2022 and December 2023, ESL used a third party to send marketing text messages without ensuring valid consent was in place to send the messages. ESL also took steps to try and conceal the identity of the sender of the messages by using unregistered SIM cards. As a result, the ICO received 37,977 complaints. ESL has also been issued with an enforcement notice.

Ofcom launches digital safety toolkit for online services

Ofcom has launched a digital toolkit to help businesses comply with new online safety rules. It is a step-by-step guide online services can follow to help them complete an assessment of the risks of illegal content on their platforms. It will also help them to comply with additional safety, record-keeping and review duties. The tool is for providers of services that allow users to generate, share and upload content (user-to-user services) and search services. It has been designed with small and medium-sized businesses in mind but could be useful to any organisation that falls under the Online Safety Act. It is divided in to four steps based on Ofcom’s risk assessment guidance. Progressing through the tool will help services to complete an illegal harms risk assessment and make the required records.

Ofcom modifies General Conditions C2.11 and C2.12

On 25 October 2024 Ofcom published its statement on the future regulation of premium rate services (PRS) which sets out its decision to transfer the regulatory functions of the Phone-paid Services Authority (PSA) to Ofcom. On 1 February 2025, Ofcom will assume day-to-day responsibility as regulator and enforcer of PRS regulation. As set out in the statement, on 1 February 2025 the PSA’s Code of Practice (Code 15) which currently regulates the PRS market will be replaced by a new set of requirements on providers of PRS contained in an order (the PRS Order). The current General Conditions of Entitlement (the GCs) contain several references to the PSA and its Code of Practice that will no longer be appropriate after the 1 February 2025 once the PSA ceases to be the regulator for PRS. Ofcom has now confirmed that it will modify the GCs to remove reference to the PSA and its Code of Practice so that the GCs are aligned with the future regulatory framework for PRS.

High Court holds that bitcoin not contained on lost hard drive

In Howells v Newport City Council [2025] EWHC 22 (Ch), the High Court ruled that a hard drive containing the private key to access Bitcoin did not constitute the Bitcoin itself.  Neither did it constitute the right to access it. The court considered the rights associated with a hard drive holding a private key for Bitcoin access. This arose in a widely reported case when H accidentally discarded a hard drive at a council rubbish dump and it was buried in a landfill site. H sought the return of the hard drive, permission to try to recover it, or the value of the Bitcoin accessible via the hard drive.  He estimated the value to be over £600 million. The council accepted that it did not own the Bitcoin but claimed ownership of the hard drive found in the landfill. It said that it would not excavate or allow excavation of the landfill for health and safety reasons (and no doubt, cost). The High Court considered the Law Commission’s recent report about digital assets.  The court said that cryptocurrency like Bitcoin is now often considered a “third category” of property, distinct from physical possessions and actionable claims. However, the court ruled that Bitcoin could not be physically present on the hard drive, as Bitcoin is intangible and is not situated on a physical object. It said that the hard drive might contain a digital record of the private key (used to manage a cryptocurrency account). This was like writing the private key on a piece of paper and then throwing it away. If the claimant had another record of the private key, he could use it to access the Bitcoin. The private key was confidential information, and unauthorised use of it to access the claimant’s cryptocurrency account would be illegal. The High Court dismissed H’s claims that the council was infringing the claimant’s personal and property rights regarding the hard drive.  It said that under the Control of Pollution Act 1974, the hard drive belonged to the council because it had been left at the dump.

IPO launches new patent search tool

A new online search tool for UK patents has launched with the aim of making it easier for businesses and innovators to search and access patent information, supporting UK growth and innovation. One IPO Search, developed by the Intellectual Property Office (IPO), replaces the previous Ipsum service.  The new service offers enhanced features to help IP professionals and the public search for UK patents more easily. It is part of the IPO’s transformation programme which aims to deliver a suite of new digital services in the second half of 2025, including streamlined patent applications services and innovative customer account management systems.

EU

European Commission welcomes the integration of the revised Code of conduct on countering illegal hate speech online into the Digital Services Act 

The Commission and the European Board for Digital Services have said that they welcome the integration of the revised “Code of conduct on countering illegal hate speech online”” into the framework of the Digital Services Act (DSA), which encourages voluntary codes of conduct to tackle risks online. The Code aims to strengthen the way online platforms deal with content that EU and national laws define as illegal hate speech. It also aims to facilitate compliance with, and the effective enforcement of, the DSA when it comes to risks of dissemination of illegal content on their services.

European Commission addresses additional investigatory measures to X in the ongoing proceedings under the Digital Services Act

The Commission has addressed three additional technical investigatory measures to X relating to its recommender system. This is under the proceedings launched in December 2023 under the DSA. First, the Commission is requesting X to provide internal documentation on its recommender systems and any recent changes made to it, by 15 February 2025. In addition, a retention order requires X to preserve internal documents and information regarding future changes to the design and functioning of its recommender algorithms, for the period between 17 January 2025 and 31 December 2025, unless the Commission concludes its investigation beforehand. Finally, the Commission issued a request for access to certain of X’s commercial APIs, technical interfaces to its content that allow direct fact-finding on content moderation and virality of accounts. These steps aim to allow the Commission services to take all relevant facts into account in the complex assessment under the DSA of systemic risks and their mitigation. 

The post This Week’s Techlaw News Round Up appeared first on Society for Computers & Law.

The UK government is consulting on how copyright material can be used to train AI models. It aims to ensure protection and payment for rights holders and support AI developers to innovate responsibly.

Currently, uncertainty about how copyright law applies to AI is holding back both sectors from reaching their full potential. It can make it difficult for creators to control or seek payment for the use of their work, and creates legal risks for AI firms, stifling AI investment, innovation, and adoption. After previous attempts to agree a voluntary AI copyright code of practice proved unsuccessful, the government wants to work with the creative and AI sectors to deliver a workable solution.

To address this, the consultation proposes introducing an exception to copyright law for AI training for commercial purposes while allowing rights holders to reserve their rights, so they can control the use of their content. Together with transparency requirements, this aims to give them more certainty and control over how their content is used and support them to strike licensing deals. This would also give AI developers greater certainty about what material they can and cannot use and ensure wide access to material in the UK.

Before these measures could come into effect, further work with both sectors would be needed to ensure any standards and requirements for rights reservation and transparency are effective, accessible, and widely adopted. This would allow for smooth application by AI developers and right holders alike, ensuring rights holders of all sizes can reserve their rights and that any future regime delivers government objectives. These measures would be fundamental to the effectiveness of any exception, and the government says that it will not introduce an exception without them. 

The consultation also proposes new requirements for AI model developers to be more transparent about their model training datasets and how they are obtained. For example, AI developers could be required to provide more information about what content they have used to train their models. This would enable rights holders to understand when and how their content has been used in training AI.

Licensing is essential as a means for creators to secure appropriate payment for their work, and the proposals lay the groundwork for rights holders to strike licensing deals with AI developers when rights have been reserved. The government cites the example of a photographer who uploads their work onto their internet blog and could reserve their rights, with confidence that their wishes will be respected and generative AI developers will not use their images unless a licence has been agreed. This aims to support the creative and media industries’ control, and their ability to generate revenue from the use of their material and provide AI developers with certainty about the material they can legally access.

The government welcomes licensing deals that have already been agreed, including by major firms in the music and news publishing sectors. However, it says that many more creators and right holders have not been able to do so under the current copyright regime. It says that the creative industries, and businesses of all sizes, need more help to control their content and strike licensing deals.

The consultation also recognises issues related to the protection of personality rights in the context of digital replicas, such as deepfake imitations of individuals, and seeks views about whether the current legal frameworks are sufficiently robust to tackle the issue.

The consultation ends on 22 February 2025.

The post UK consults on proposals to give creative industries and AI developers clarity over copyright laws appeared first on Society for Computers & Law.

As many readers will know, software escrow is a risk mitigation tool that safeguards the critical assets, such as software applications, organisations are reliant on. It typically involves a tri-party legal agreement being set up between an end-user (e.g., employees at a law firm), a software vendor, and a trusted escrow agent. Having a software escrow solution in place ensures that critical assets remain accessible and operational to an end-user, even during disruption events (such as a vendor facing bankruptcy).

The rising demand and use for software runs in tandem with the ever-increasing level of risk associated with its use. As a result, the implementation of software escrow has become increasingly prevalent across the globe.

Within modern legal practice, examples of critical software applications that are commonly safeguarded by software escrow include case management software, communication and collaboration software, and document automation software. The safeguarding of these applications supports the best interests of all stakeholders that are in some way impacted by them, such as lawyers, clients, and collaborators.

The Evolution of Software Escrow

The concept of software escrow initially emerged in the 1980s. During this time, the widespread use of software was growing at a rapid rate. In response, software escrow solutions were designed and brought in to address proactively the risks associated with using third-party software suppliers. These solutions provided a means for business continuity in situations where software vendors went out of business or could not provide adequate support.

Whilst the overarching purpose of software escrow has remained the same since then, many aspects have seen tremendous change. Traditionally, software escrow was limited to single licensee arrangements for safeguarding on-premises software. However, the evolution of the industry means escrow can now be implemented for a much wider range of purposes and arrangements. Types of escrow agreements now include:

• single license
• multi-licensee
• SaaS
• hardware
• technology
• distributor Agreement

As technology and various industries continue to advance, it’s very likely that the needs and preferences that escrow solutions cater to will continue to become increasingly specific.

How do Software Escrow Agreements Work?

The first step when setting up a software escrow is an in-depth discussion between an escrow provider and a client. The aim of this is to determine whether software escrow is applicable to the client’s needs, if so, the type of agreement that is required and to establish trigger conditions, also known as release conditions. These are the agreed conditions which when met will lead to an escrow provider carrying out a software escrow release event.

The legal framework of software escrow typically comprises of five components:

The Agreement

A tri-party legal agreement between a software vendor, an escrow agent, and a software application’s end-user. The agreement clearly outlines the criteria that needs to be met for a source code release event to occur.

Release Conditions

These are specific conditions that are pre-determined in an escrow agreement. When these conditions are met, an escrow agent is authorised to release the materials held under escrow to the software licensee (i.e., the end-user). Examples of release conditions that would facilitate a release event include vendor bankruptcy, vendor insolvency, and a vendor not providing adequate maintenance and/or support.

Source Code Validation

Once a client deposits their source code to an escrow provider, it is evaluated to ensure that it is accurate, up to date, and can be redeployed if required.

Intellectual Property Rights

The intellectual property rights of all parties involved in the arrangement need to be clearly defined as this determines source code ownership and the end user’s rights upon release.

Compliance

Many client projects require the implementation of a software escrow solution. Additionally, many emerging laws involve regulations that can be satisfied through utilising software escrow, such as the Digital Operational Resilience Act (DORA) which is set to be enforced in the EU Finance Sector in January 2025.

Ultimately, software escrow can form the foundation of an effective risk mitigation and business continuity plan. It is a tool that enables organisations to face, address, and overcome unforeseen challenges with confidence and peace of mind. A software escrow release event involves an end-user receiving the materials, documentation, and guidance required to resume the operation of a software application following a disruption event. This mitigates against a range of risks, such as financial loss, damaged stakeholder relationships, and reputational damage. The absence of a software escrow solution during a time of crisis poses the risk of an organisation’s business operations coming to a standstill. Additionally, in situations where an organisation has already experienced some degree of damage following a crisis event, software escrow can be used as an effective disaster recovery tool.

The escrow space is now at a point where agreements can be customised to cater to the bespoke needs and specifications of clients.

The Use of Software Escrow in Legal Practice

As in many other industries, software forms the backbone for critical organisational operations within the legal industry. Whilst software escrow has established itself as a tool that many legal professionals recommend to clients, it’s not always a tool that they use internally.

The use of software escrow by lawyers themselves ensures that the best interests of stakeholders are placed at the forefront. This includes any stakeholder that is in some way impacted by the critical applications used by lawyers. The implementation of software escrow equips legal professionals with the ability to have uninterrupted access to these applications, regardless of any disruption that occurs. A major duty of legal professionals is the safeguarding of clients, which is a responsibility that is personified through a comprehensive risk mitigation strategy.

Ultimately, software escrow provides a proactive means for legal professionals to manage unforeseen challenges in an organised and convenient way.

The nature of the legal industry, and the role of security within it, would undoubtedly benefit from being more robust and operationally resilient, especially in the face of disruption. Escrow is one way to bolster those efforts.

The Current and Future Impact of AI on Software Escrow

The AI revolution has undoubtedly impacted the software escrow landscape and will continue to shape its future. For example the deployment of machine learning algorithms, enhances the capability to identify and mitigate potential security threats, ensuring that our clients’ assets are safeguarded. AI and machine learning technologies can also help identify vulnerabilities in code more quickly.

AI has will help with operational efficiencies, from automating routine processes to facilitating more accurate verification of software assets, while predictive analytics will help escrow agents anticipate and navigate the increasingly complex landscape of software compliance and regulation.

More fundamentally, what are the implications of trying to capture an AI algorithm or LLM in a software escrow agreement?

It’s often overlooked that an AI algorithm is fundamentally composed of code, originally created by humans. Regardless of its complexity, it remains an application running on compute resources—whether on a large scale, as seen with OpenAI’s ChatGPT models, or on a smaller scale, deployed locally or privately for specific use cases. In both scenarios, the large language models rely on code executed by an operating system, which can, in turn, be included in a software escrow agreement.

Regarding large language models, a key concern is often the data associated with the machine learning or AI algorithm. Training these models typically involves the utilisation of large, vast datasets. This data may comprise of publicly available information from the internet, which brings its own set of implications, as well as private data repositories, such as an organisation’s extensive collection of files and documents. These datasets are essential, as they provide the algorithm with the knowledge to generate responses and recognise patterns. For example, in facial recognition, the model compares CCTV images to those stored on a server to identify matches.

Ultimately, when it comes to a software escrow agreement, both the code and the underlying data are crucial to ensure the application is effectively protected and functional.

These intersections of AI with software escrow services are set to shape a new era of innovation and security, resulting in an ongoing evolution of the escrow space.

Mark Ryan is the Head of Escrow & Continuity at SES Secure, a provider of Software Escrow Solutions who have worked with clients across the globe for over 25 years. Mark has over two decades of experience in the Software Escrow sector working alongside legal professionals as a solutions advisor and guest speaker.

Tom Sweet is the Head of Technology at SES Secure. Tom leads SES Secure’s in-house team of technical experts who address the technical elements of all client projects. Tom has over 10 years of experience in the Software Escrow sector. Tom is also responsible for SES Secure’s approach to AI technologies.

The post Software Escrow – Its Evolution, Use in Legal Frameworks and The Influence of AI appeared first on Society for Computers & Law.

Spreadex and Sporting Index merger raises provisional competition concerns

Last year, Spreadex acquired the “retail business” of Sporting Index from Sporting Group Holding Limited (Sporting Group). Spreadex and Sporting Index both provide fixed odds betting and sports spread betting to customers based in the UK. The CMA reviewed the acquisition and decided that a Phase 2 investigation was needed. It has focused on licensed online sports spread betting, where Sporting Index and Spreadex are the only two operators. The investigating panel provisionally considers that the merger has substantially lessened, or could substantially lessen, competition in the supply of licensed online sports spread betting services in the UK. The panel provisionally found that the deal would remove the only other licensed provider in the UK, and suppliers of other betting services, such as fixed odds betting and financial spread betting, only provided a weak constraint on the new business. The panel is provisionally concerned that this could lead to worse user experience, a more limited range of products and/or higher prices than would otherwise have been the case without the transaction. The panel is now consulting on possible remedies for this substantial lessening of competition, including whether Spreadex should sell a business made up of all or some of the Sporting Index assets that it acquired as part of the merger, and whether it should also have to include any Spreadex assets in the sale. 

CMA announces investigation into Amazon/Anthropic partnership

The CMA is considering whether it is or may be the case that Amazon’s partnership with Anthropic has resulted in the creation of a relevant merger situation under the merger provisions of the Enterprise Act 2002 and, if so, whether the creation of that situation has resulted, or may be expected to result, in a substantial lessening of competition within any market or markets in the UK for goods or services.  It has announced that it will be carrying out a formal investigation. The end of the initial period and the deadline for the CMA to announce its decision whether to refer the merger for a Phase 2 investigation is 4 October 2024.

ICO issues statement in response to Google announcing it will no longer block third party cookies in Chrome

The ICO has issued a statement in response to Google announcing that it will not longer block third party cookies in Chrome.  It says “We are disappointed that Google has changed its plans and no longer intends to deprecate third party cookies from the Chrome Browser. From the start of Google’s Sandbox project in 2019, it has been our view that blocking third party cookies would be a positive step for consumers. The new plan set out by Google is a significant change and we will reflect on this new course of action when more detail is available. Our ambition to support the creation of a more privacy friendly internet continues. Despite Google’s decision, we continue to encourage the digital advertising industry to move to more private alternatives to third party cookies – and not to resort to more opaque forms of tracking. We will monitor how the industry responds and consider regulatory action where systemic non-compliance is identified for all companies including Google.”

UK joins global digital trade agreement

The UK and 90 other countries have finalised the E-Commerce Joint Initiative at the World Trade Organization aimed at making trade faster, cheaper, fairer and more secure. Once implemented, the agreement will commit all participants to the digitalisation of customs documents and processes. The signatories also commit to recognising e-documents and e-signatures, reducing the need for businesses to physically sign contracts and post them around the world. The agreement also commits signatories to putting in place legal safeguards against online fraudsters and misleading claims about products. Attention now turns to working with WTO partners to incorporate the agreement into the WTO legal framework. Once incorporated, UK ratification will take place. The European Commission has also welcomed the agreement.

ASA issues reminder that joint partnerships on Instagram should clearly identify ads

The Advertising Standards Authority has published an article on joint partnerships on Instagram and the reasons for it upholding complaints about ads from TALA, an activewear company owned by Grace Beverley. Four TikToks were posted by Beverley and two Instagram reels were jointly published by both Beverley and TALA.  The ASA took the view that they were not obviously identifiable as ads. There was some criticism of the decision, which the ASA seeks to resolve with its article. It says that when an influencer posts an ad, it needs to be immediately clear and obvious to the person who sees/hears and interacts with it that they are being advertised to. Importantly, and to allay some of the concerns expressed by commentators in and around this ruling, the ASA was not saying that any content posted by an influencer is an ad or must be labelled as such. When there is editorial control from an advertiser or a clear commercial interest, including when someone owns a brand, and it is not clear from context that people are seeing an ad, that is where the ASA needs to see proper disclosure.

IPO publishes guidance about assessing patent applications involving artificial neural networks

The Intellectual Property Office (IPO) has issued statutory guidance regarding the changes on the way it assesses inventions involving artificial neural networks (ANNs) for excluded subject matter. It has published the guidance because of the Court of Appeal’s decision in Comptroller General of Patents, Designs and Trade Marks v Emotional Perception AI Ltd [2024] EWCA Civ 825.  The Court held that that an ANN is a computer and that, whether it is implemented as hardware or software, the weights and biases of the ANN are a program for a computer and are therefore within the purview of the “program for a computer” exclusion. The guidance says that patent examiners should treat ANN-implemented inventions like any other computer implemented invention for the purposes of section 1(2). They should also apply the Aerotel approach to assess whether an ANN-implemented invention makes a contribution which is technical in nature

Patents Court considers international SEP patent pool FRAND jurisdiction

The Patents Court has issued its ruling in Tesla Inc and another v IDAC Holdings Inc and others [2024] EWHC 1815 (Ch). Interdigital were a group of US companies, owning Standard Essential Patents (SEPs) regarding 5G.  They and various other SEP co-owners have agreed to join a patent platform to license them to use in the automotive industry. The fourth defendant Avanci ran the platform but did not own any SEPs itself.  Tesla was not happy with the terms of the 5G licence that Avanci had offered. It asked the court to make declarations of invalidity and non-essentiality and to revoke three UK patents. InterDigital and Avanci challenged the court’s jurisdiction to hear the claim.  Alternatively, InterDigital applied to strike out the claim to the extent there was jurisdiction over it. The judge took the view that Tesla’s claims failed. The ruling meant that the court did not have jurisdiction over the licensing claims.  It also meant that they should not be struck out. The court said that the patent claims against InterDigital were unlikely to proceed and therefore stayed them.

DSIT Secretary of State commissions AI Action Plan

The Secretary of State Department for Science, Innovation and Technology has commissioned an Action Plan to set out a roadmap for the UK government to capture the opportunities of AI to enhance growth and productivity and create tangible benefits. It aims to build an AI sector that can scale and be competitive globally; adopt AI to enhance growth and productivity, and support government project delivery; use AI in government and boosting take-up in all parts of the public sector and the wider economy and strengthen the enablers of artificial intelligence adoption, such as data, infrastructure, public procurement processes and policy, and regulatory reforms

EU

EU and Singapore conclude negotiations for landmark Digital Trade Agreement

The EU and Singapore have concluded negotiations for a Digital Trade Agreement (DTA). This deal is the first EU agreement of its kind, reflecting the EU’s aspiration to be a global standard-setter for digital trade rules and cross-border data flows.  The DTA will complement the 2019 EU-Singapore Free Trade Agreement, aiming at connecting both economies further and benefiting businesses and consumers that want to engage in digital trade. It will also provide binding rules aimed at building consumer trust, ensuring predictability and legal certainty for businesses, as well as removing and preventing the emergence of unjustified barriers to digital trade. In addition, it aims to unlock new economic opportunities while ensuring a safe online environment. The EU and Singapore will now follow their respective procedures to work towards formal signature and conclusion. 

European Commission issues report on GDPR

The European Commission has published its latest report on the GDPR.  The report finds that the GDPR is delivering effectively for individuals and businesses, ensuring strong protection for data subjects and risk-based obligations for controllers and processors. It also outlines some priority areas to improve the application of the GDPR, such as a swift adoption of the Commission’s proposal for a GDPR Procedural Regulation to ensure robust enforcement with quick remedies. It also calls for proactive support from data protection authorities, especially for SMEs; a consistent interpretation and enforcement of the GDPR across the EU, and effective cooperation between regulators at national, EU and international levels to guarantee a coherent application of the growing body of EU digital rules.

European Commission consults on guidelines to protect children under Digital Services Act

The Digital Services Act aims to make the online world safer for children and it requires providers of all online platforms accessible to them to put in place measures to ensure a high level of privacy, safety and security as part of their service. It also empowers the Commission to issue guidelines to help providers of online platforms apply this high level of protection for minors. The Commission intends to adopt these guidelines in the first half of 2025. The guiding principle of this work is the rights of the child, and the best interest of the child should be a central consideration when designing and deploying online platforms’ products, services and policies. In line with the general approach of the DSA, the Commission proposes that the guidelines take a risk-based approach to online harm. This means that online platforms that are accessible to minors should regularly conduct a child specific impact assessment that is structured around the “5C” typology of risks, namely risks to minors from content, conduct, contact and consumers as well as cross-cutting risks. Identified risks should be addressed in a reasonable, proportionate and effective manner. Measures to keep minors safe will vary from one online platform to another due to their different nature. The consultation ends on 30 September 2024.

TikTok will permanently withdraw TikTok Lite Rewards programme from the EU to comply with DSA

The Commission has made TikTok’s commitments to permanently withdraw TikTok Lite Rewards programme from the EU binding. These commitments were aimed at addressing the Commission’s concerns in its proceedings opened on 22 April and aim to ensure compliance with the Digital Services Act. Tiktok made the following commitments: a commitment to withdraw the TikTok Lite Rewards programme from the EU, permanently; and a commitment not to launch any other programme which would circumvent the withdrawal. The Commission has now made these commitments legally binding, meaning that any breach of the commitments would immediately amount to a breach of the DSA and could therefore lead to fines. With this decision, the Commission is closing the formal proceedings opened against TikTok on 22 April.

European Commission seeks feedback on draft antitrust Guidelines on exclusionary abuses

The European Commission is consulting on draft Guidelines on exclusionary abuses of dominance. Article 102 of the Treaty on the Functioning of the European Union (TFEU) prohibits dominant companies from engaging in abusive behaviour, including behaviour that excludes competitors from the market. The presence of network effects, for instance in digital markets, can affect exclusionary abuses of dominance. The enforcement of Article 102 TFEU is key to ensuring that competition works effectively, that all businesses get a fair chance to compete and that consumers can reap the benefits of competitive markets. The draft Guidelines aim at reflecting the Commission’s interpretation of the EU courts’ case law on exclusionary abuses and the Commission practice. This aims to help increase legal certainty to the benefit of consumers, and businesses, as well as national competition authorities and courts. The Commission is currently planning to finalise the draft Guidelines on Exclusionary Abuses in 2025.

The post This week’s Techlaw news round-up appeared first on Society for Computers & Law.

UK universities are renowned for ground-breaking research and innovation that has changed society and the world. It is sometimes easy to take for granted what they have contributed to the world, from the discovery of penicillin to establishing the first working computer and even DNA fingerprinting. These are just a few in a very long list of discoveries of work made possible by the immense talent and expertise the UK has to offer. It is therefore no small wonder that universities in the UK rank fourth in the world for global innovation and first in Europe for collaborations with industry.

The economic impact the sector has had both in the UK and internationally is staggering. All in all, research and development results in somewhere between £1.96 – £2.34 in private spending for every £1 spent on research. In total, some 96,000 people are employed in businesses spun out of universities who collectively turnover a substantial £13 billion. Furthermore, the contribution made by delivering research to established businesses and organisations is estimated to be above £1.4 billion¹ . Many of the outcomes of research and development are commercialised at pace and provide the UK economy with strong footing to compete on a global scale.

It is no wonder then, that the cutting-edge research of UK universities might be a victim of its own success by having a big target on its back. In April this year the Director General of MI5, Ken Mc Callum, jointly addressed leading universities alongside the CEO of the National Cyber Security Centre (NCSC) on the threats they face. Specifically, UK universities are firmly in the crosshairs of foreign nation state threat actors seeking to gain an economic advantage by getting their hands on highly prized research and intellectual property. But it is not just economic wellbeing that is at stake. University research includes technology used for defence and protection of UK assets which, in the hands of foreign powers, could be used to advance their own tactical security measures.

According to the official government National Cyber Security Breach Survey² , it was much more probable for a wider range of cyber attacks and breaches to be experienced by higher education institutions than businesses. So rampant is the threat they are under, that half of those who participated said resulting breaches occurred on a weekly basis. This shows just how much of a sought-after target universities have become particularly as there is a need to protect intellectual property too, which is often seen as a separate threat factor from to the need to protect against cyber intrusions.

In comparison to UK businesses, higher education institutions and universities were more likely to experience cyber incidents resulting in breach of data or monetary loss as a result of an attack: 61% compared with just 8% of large businesses reporting the same impacts showing just how wide the divide is.
By their very nature, the culture of universities foster a collaborative environment and one built on partnerships with other research institutes and leading experts from around the world. These an open working practices, require a degree of inter connectivity, so the stringent protocols, procedures and necessary due diligence that would otherwise be undertaken in a corporate environment can get overlooked. In the corporate world, commercially sensitive data would not be shared openly, freely and without consideration of geographies and management but the very nature of some cutting edge research demands a wide global community operating on varying networks to share critical data without the same controls always being in place.

The geopolitical lens has changed the threat level universities face and will continue to do. Throughout the UK, there have been an increase in the number of state-sponsored cyber attack emanating from Russia and China as well as other nation states seeking to gain an advantage in everything from research on new materials to energy and even agricultural advancements. Let’s also not forget that state backed criminal groups continue to utilise ransomware services as part of a criminal enterprise operations to financial gain from both the universities attacked and by selling data acquired thus providing them with two potential revenue streams.

So, what are the most prevalent types of cyber attack vectors and where should universities be focusing their defensive efforts?

It should perhaps come as no surprise that the most prevalent form of attack is phishing coupled with impersonation of individuals, the institutions and other interested parties. Identifying key individuals and groups associated with particular disciplines is all too easy from both academic and personal online sources. Preventing the enormous volume of emails on university networks is a difficult undertaking from both an institutional level and that of JISC (the not-for-profit service which maintains the UK’s education networks).

Phishing is the foundation for the vast majority of cyber attacks on universities, be they data breaches or malware infections. Defending against these is simple in theory but the practice can be difficult. The focus should be on awareness for users and implementing access controls to limit access to the most sensitive research data. Furthermore, to ensure the UK remains at the forefront of research, leading in the world of innovation and contributing to the economy, universities should consider investing in cyber security specialists to help protect and negate the e impact and reputation. An ounce of prevention will really be worth a pound of cure for any university that suffers a data breach where any resulting fine could have been money better spent on advancing research.

1. Impacts (universitiesuk.ac.uk) ↩︎
2. Cyber security breaches survey 2023: education institutions annex – GOV.UK (www.gov.uk) ↩︎

The post The Cyber Threat to the UK’s Universities appeared first on Society for Computers & Law.

The IPO has now reported its findings to Ministers and agreed key objectives concerning SEPs, which are:

• helping implementers, especially SMEs, navigate and better understand the SEPs ecosystem and Fair Reasonable and Non-Discriminatory (FRAND) licensing;
• improving transparency in the ecosystem, both pricing and essentiality; and
• achieving greater efficiency in respect of dispute resolution, including arbitration and mediation.

With those objectives in mind, the government is now focusing on introducing key non-regulatory interventions before it starts a technical consultation later in 2024 or in 2025. It will cover the SEP framework and FRAND licensing. Those non-regulatory actions and details of the future technical consultation are set out below.

Introduction of a UK SEPs Resource Hub

The IPO understands that resource-constrained SME and smaller innovators (generally referred to as implementers) often have a poor understanding of the SEPs ecosystem. This includes information around licensing, pricing, essentiality, and dispute resolution. There is information available, but this can be patchy, complex, hard to find, and may not come from a trusted source. The IPO is aiming to launch an online SEPs Resource Hub by May 2024. This will be a repository of tools, guidance and other material designed to help SMEs navigate the SEPs ecosystem. Guidance may include signposting to dispute resolution procedures, information on patent pools, and court processes in the event of disputes. The Hub’s contents will be refreshed on an ongoing basis, including after any future technical consultation.

International collaboration and enhanced engagement with Standard Development Organisations

The IPO recognises that SEPs are a global issue, and its ambition is more coordination on those issues at an international level. As such, there will be an increase in the pace and visibility of its discussions with other patent offices on global ecosystem challenges. Government will also increase its engagement with Standard Development Organisations on both Intellectual Property Rights policy and the involvement of SMEs in standardisation.

A future technical consultation on SEPs and FRAND licensing

The IPO is considering other options that could help improve the functioning of the market in respect of SEPs. It will carry out a full and formal technical consultation later in 2024 which will include any options that would require a change to legislation.

Clarifying the position on SEP Injunctions

The government has considered the views from industry regarding injunctions through the Call for Views and industry engagement. After considering the evidence, the relevant legal frameworks and international obligations, it has concluded that it will not be consulting on making legislative changes to narrow the use of injunctions in SEPs disputes. As part of the Lords debate at Report stage of the Digital Markets, Competition and Consumers Bill this week, peers discussed the IPO report and expressed disappointment about the position on injunctions. The IPO says that it will continue engagement with relevant industry and institutions to continue to inform its ongoing policy development and implementation of those actions set out above.

The post Intellectual Property Office issues update on Standard Essential Patents appeared first on Society for Computers & Law.

UK law

ASA investigates supplier pathway of irresponsible ads online

The ASA has launched two projects aimed at better understanding where responsibility lies for inappropriately targeted and irresponsible ads that appear online. This work forms part of its strategy commitment to protect vulnerable audiences, including children, and to bring greater transparency and broader accountability to online advertising regulation. The projects involve looking in depth at the supplier pathway of online ads that are found to have breached the UK Code of Non-broadcast Advertising and Direct & Promotional Marketing (CAP Code). One project will monitor for ads for age-restricted products, including alcohol, gambling and foods high in fat, salt or sugar (HFSS), on sites of particular interest to under-18s. Another project will use the same approach to monitor for seriously offensive and potentially harmful ads, which the ASA knows to have appeared in mobile quiz and game apps.  Using monitoring findings, the ASA will undertake several in-depth case studies seeking to identify the parties involved in the supplier pathway of these non-compliant ads, assessing the part played by the advertiser, the publisher and the intermediary companies that sit between them. It will seek their input to better understand how the ads came to appear, publishing its findings and assessments to help deliver its strategic commitments. It will report on the outcome of the projects later in the year.

ICO issues enforcement order to Home Office

The ICO has issued an enforcement notice and a warning to the Home Office for failing to sufficiently assess the privacy risks posed by its pilot of GPS electronic monitoring of migrants. The ICO says that it has been in discussion with the Home Office since August 2022 on its pilot to place ankle tags on, and track the GPS location of, up to 600 migrants who arrived in the UK and were on immigration bail. Its investigation found that the Home Office failed to sufficiently assess the privacy intrusion of the continuous collection of people’s location information. It says that tracking people is highly intrusive and organisations planning to do this must be able to provide a strong justification for doing so. The Enforcement Notice orders the Home Office to update its internal policies, access guidance and privacy information in relation to the pilot scheme’s data. The ICO has also issued a formal warning stating that any future processing by the Home Office on the same basis will be breach data protection laws and attract enforcement action.

ICO issues enforcement order to charity Penny Appeal

The ICO has sent an enforcement notice to charity Penny Appeal requiring them to stop sending unwanted marketing texts without consent. Penny Appeal sent more than 460,000 texts over a ten-day period to 52,000 people who had never given their consent, or who had clearly opted out. The texts were sent between April and May 2022 during Ramadan, encouraging people to donate to the charity daily. These messages led to 354 complaints. The ICO said that although it understands that reaching donors is a crucial part of fundraising, charities have a responsibility to ensure their marketing follows the law. The ICO said that the complaints illustrate how unlawful messages can affect public trust and cause upset to existing donors.

ICO reprimands West Midlands Police for data protection failure

A reprimand has been issued to West Midlands Police after the force repeatedly incorrectly linked and merged the records of two individuals with similar personal data. West Midlands Police failed to ensure the accuracy of the personal data of the two individuals, resulting in multiple incidents where officers attended a wrong address, including on one occasion when there were serious safeguarding concerns relating to one of the individuals.

New law proposed to deal with online prison content

The Prison Media Bill (which is a private member’s bill supported by the government) will soon go to Committee stage in the House of Commons and aims to criminalise filming and uploading footage filmed behind bars. Currently it is not an offence for someone outside a prison to upload a video they have been sent by someone in custody. The new laws will criminalise posting of videos – as well as photographs and audio recordings – regardless of whether the uploader is in custody or not. It will also criminalise unauthorised filming of staff, including by so-called ‘auditors’, or content captured by drones. Those found guilty will face prosecution and an unlimited fine. Social media companies will be required to remove the illegal content more quickly.

UK Parliament announces call for evidence on Automated Vehicles Bill

The House of Commons Public Bills Committee has issued a call for evidence on the Automated Vehicles Bill. It is seeking evidence as soon as possible, as report stage is due to end on 18 April 2024.

EU law

European Parliament adopts position on SEPs to protect key technologies

The European Parliament has adopted its negotiating position on the new rules on standard-essential patents (SEPs). The fact that these patents are essential to a technical standard mean that no inventions in related areas e.g. Internet of Things (IoT) products, connected vehicles or smart cities can be developed without using them. The EUIPO should become the new EU hub providing information on standard-essential patents and related assistance to companies with the aim to ensure transparency and support innovation. EUIPO should create a register with key information on standard-essential patents and set up an electronic database with specialised information accessible to registered users, including academic institutions. MEPs also want the competence centre to cooperate with national and international patent offices and collect SEPs-related rules outside the EU. MEPs want EUIPO to set up a SEP Licensing Assistance Hub as a one-stop shop to provide free-of-charge training and support to small and medium-sized enterprises (SMEs) and start-ups. The European Parliament is now ready to start talks with EU countries on the final shape of the legislation. The file will be followed up by the new Parliament after the European elections on 6-9 June.

European consumer groups file further complaints against Meta’s pay-or-consent model

Meta is currently rolling out changes to its service in the EU which require Facebook and Instagram users to either consent to the processing of their data for advertising purposes by the company or pay to not be shown advertisements. BEUC says that this is an unfair choice for users, and argues that it breaches EU consumer law on several counts and must be stopped. Eight consumer groups from the BEUC network have filed complaints with their national data protection authorities against Meta, on the basis the tech giant does not adhere to the principles of fair processing, data minimisation and purpose limitation of the GDPR. In addition, BEUC says that Meta does not have a valid legal basis to justify its collection of data from Facebook and Instagram users, because the choice it imposes on its users cannot lead to their freely given and informed consent.

MEPs back plans for an EU-wide digital wallet

The European Parliament has approved plans for a new digital wallet. The new digital identity framework will provide EU citizens with cross border digital access to key public services. The new Regulation will allow citizens to identify and authenticate themselves online.  It will be offered on a voluntary basis. During negotiations, MEPs secured provisions to safeguard citizens’ rights and foster an inclusive digital system by avoiding discrimination against people opting not to use the digital wallet. The law provides for free “qualified electronic signatures” for EU wallet users, which are the most trusted, and have the same legal standing as a handwritten signature, as well as wallet-to-wallet interactions, to improve the fluidity of digital exchanges. MEPs have also mandated an open-source wallet to encourage transparency, innovation and to enhance security. They also set rules for the registration and oversight of companies involved to ensure accountability and traceability. Via a so-called privacy dashboard, users will be able to have full control of their data and will be able to request their data be deleted, as provided for under the GDPR. The Regulation will now have to be formally endorsed by the EU Council of Ministers to become law.

Parliament adopts new transparency rules for political advertising

The European Parliament has adopted new rules on transparency and targeting of political advertising, which will make election and referenda campaigns more transparent and resistant to interference. The new rules will regulate political advertisements, notably online ads, while also providing for a framework for political actors to advertise more easily across the EU. Under the new rules, political advertising will have to be clearly labelled. Citizens, authorities and journalists will be able to easily obtain information on whether they are being targeted with an ad, who is paying for it, how much is being paid, and to which elections or referendum it is linked. All political advertising and related information will be stored in a public online repository. To limit foreign interference in European democratic processes, sponsoring ads from outside the EU will be prohibited in the three-month period before an election or referendum. To protect voters from manipulation, targeting and amplification techniques will only be possible for online political advertising based on personal data collected from the subject once their explicit and separate consent has been given. Special categories of personal data (eg ethnicity, religion, sexual orientation) or minors’ data cannot be used. The rules neither affect the content of political ads nor rules on conduct and financing of political campaigns. Personal views, political opinions, such as any unsponsored journalistic content, or communication on the organisation and participation in elections (e.g. announcements of candidates) by official national or EU sources are not affected.

The post This Week’s Techlaw News Round-up appeared first on Society for Computers & Law.

University spin-outs

At the Autumn Statement 2023, the UK government announced that it had accepted the recommendations in Professor Irene Tracey’s and Doctor Andrew Williamson’s independent review of university spin-outs. With the aim of helping boost commercialisation across the UK’s university sector, the government is taking forward implementation of the review’s recommendations. The government has asked universities to report on their spin-out policies by the end of May and has also begun consulting on the design of the new £20 million proof-of-concept fund to support universities and future founders to de-risk technology, and on a pilot approach to supporting the establishment by universities of shared Technology Transfer Offices.

Digital technology and AI

• The government has made the following announcements:
• Compute Access: the government is confirming that it will set out later this year how access to the UK’s public compute facilities will be managed.
• AI Safety Institute Update: the government is providing a progress update on recruitment and safety testing.
• AI Upskilling Fund Pilot: the government is announcing a new £7.4 million AI Upskilling Fund pilot that aims to help SMEs develop the AI skills of the future.
• SME Digital Adoption Taskforce: the government is announcing that it will shortly be launching the Taskforce, which will investigate how best to support the adoption of digital technology by SMEs to boost their productivity.
• Data pilots to support AI and data access: the government is introducing two new data pilots with the aim of driving high quality AI in education and improve access to data in adult social care for a total of £3.5 million, and confirming the design details of the data research cloud pilots announced last year.
• Turing Institute: the government is announcing that it will invest up to £100 million in the Turing Institute over the next five years.

In addition, it has announced:

• AI Document Processing: the government will utilise AI to reduce the need for manual scanning of paper documents through the introduction of Intelligent Document Processing technology in the administration of court cases.
• Digital Jury Bundles: the government will provide the Crown Prosecution Service with £10 million additional funding for digitising jury bundles in the criminal courts, to reduce paper wastage and unnecessary trial delays. This aims to save up to 55,000 hours a year in court preparation time to enable reducing the length of trials.
• Accelerating smart data schemes in energy and transport: following the announcement at the Autumn Statement 2023 that the government would seek to maximise the benefits from incoming Data Protection and Data Information Bill Smart Data powers, the government is providing targeted funding for consultations and calls for evidence to accelerate schemes in energy and transport.

Crypto-Asset reporting Framework

The government is launching a consultation to seek views on how best to implement the Crypro-Asset Reporting Framework and Amendments to the Common Reporting Standard. As announced on 10 November 2023, these changes will be made in time to ensure that information exchanges take place from 2027.

Creative industries

There were lots of announcements relating to the creative industries, but these did not include an update on the Video Games Expenditure Credit.

The post Spring Budget 2024: announcements of interest to tech lawyers appeared first on Society for Computers & Law.

ICO releases guidance on biometric data and recognition

The ICO has issued guidance on biometric recognition, which highlights how the UK GDPR applies when biometric data is used in biometric recognition systems. The guidance also looks at the uses of biometric recognition and explains how these involve processing special category biometric data. It does not cover the use of biometric classification or categorisation systems. These systems make inferences about people based on observable characteristics and will be addressed in the next phase of the ICO’s biometric technologies project through separate guidance, to be published by the end of 2024.

ICO orders Serco Leisure to stop using facial recognition technology to monitor attendance of leisure centre employees

The ICO has ordered Serco Leisure, Serco Jersey and seven associated community leisure trusts to stop using facial recognition technology (FRT) and fingerprint scanning to monitor employee attendance. The ICO’s investigation found that Serco Leisure and the trusts have been unlawfully processing the biometric data of more than 2,000 employees at 38 leisure facilities for attendance checks and subsequent payment for their time. They failed to show why it is necessary or proportionate to use FRT and fingerprint scanning, when there are less intrusive means available such as ID cards or fobs. Employees had not been proactively offered an alternative to having their faces and fingers scanned to clock in and out of their place of work, and it had been presented as a requirement to get paid. The ICO said that due to the imbalance of power between Serco Leisure and its employees, it is unlikely that they would feel able to say no to the collection and use of their biometric data for attendance checks. The ICO has now issued enforcement notices instructing Serco Leisure and the trusts to stop all processing of biometric data for monitoring employees’ attendance at work, as well as to destroy all biometric data that they are not legally obliged to retain. This must be done within three months of the enforcement notices being issued.

ICO launches second call for evidence on purpose limitation in the generative AI lifecycle

The ICO has issued a second call for evidence as part of its consultation series on generative AI. This second call focuses on how the data protection principle of purpose limitation should be applied at different stages in the generative AI lifecycle. It summarises the ICO’s analysis and its policy position. The power of generative AI models is partly due to the broad way in which they can be used. Despite the open-ended ambition of these models, developers need to consider the purpose limitation requirements of data protection, to ensure that before they start processing, they can set out sufficiently specific, explicit and clear purposes of each different stage of the lifecycle; and explain what personal data is processed in each stage, and why it is needed to meet the stated purpose. The ICO says that organisations will be better able to comply with data protection law and maintain public trust if they consider the difference between developing the generative AI model, developing the application based on it, and are clear about what types of data are used and how in each case.

Law Commission seeks views on regulation of self-flying and remotely piloted aircraft

The Law Commission of England and Wales is seeking views on how best to regulate self-flying and remotely piloted aircraft. Automation is already heavily used in aviation today, but recent breakthroughs have seen the development of new, innovative, self-flying (“autonomous”) and highly automated systems and vehicles. These include drones and advanced air mobility vehicles, such as vertical take-off and landing (“VTOL”) aircraft, which can provide short journeys for a small number of people. The consultation considers issues such as safety, drones, VTOLs, rules of the air and liability and ends on 27 May 2024.

Patents Court rules on consequential matters following FRAND judgment

The Patents Court has ruled in the case of Optis Cellular Technology LLC and others v Apple Retail UK Ltd and others [2024] EWHC 197 (Ch).  This follows judgment in the trial relating to the terms of a FRAND licence to Apple for Standard Essential Patents (SEPs) owned by Optis. In a further trial the court considered issues consequential to the judgment. The court had to consider the degree of redaction required in the public version of the judgment for reasons of confidentiality.  A balancing approach was appropriate between “trade secrets” and open justice and some issues were trade secrets.  However, other provisions in lump sum licences for which redactions had been sought did not come within definition of trade secrets and so the court refused the redactions. In addition, “non-discriminatory” implied a degree of transparency. People who were not currently party to the proceedings could apply to have the redactions in the judgment lifted. The judge also made it clear that the SEP owner cannot hedge its bets by commencing parallel proceedings and hoping to then choose the outcome most favourable to it.

New report on pro-innovation regulation and quantum computing published

The Regulatory Horizons Council has issued a report which sets out a pro-innovation approach to regulating quantum technologies. The report outlines 14 key recommendations within three categories: Regulatory Frameworks and Governance: Establishing application-specific regulatory frameworks that are adaptable and proportionate to the unique properties and development stages of quantum innovations; Standards and International Collaboration: Fostering international collaboration and harmonising standards to facilitate global market access; and Innovation Funding and Market Development: Integrating regulation and responsible innovation practices into the development of quantum technologies and fostering market development through regulatory sandboxes and testbeds. The RHC is now undertaking further work to identify priorities in regulating emerging technologies.

EU law

Zalando commits to follow consumer protection laws by providing clear information

Following a dialogue with the Commission and national consumer authorities, Zalando has committed to removing misleading sustainability flags and icons displayed next to products offered on its platform. Such claims can mislead consumers about the environmental characteristics of the products. As from 15 April 2024, the icons will not appear. Instead, clear information about products’ environmental benefits, such as the percentage of recycled materials used, will be provided by Zalando.

Delegated Act on Independent Audits under EU DSA enters into force

Under the Digital Services Act, Very Large Online Platforms (VLOPs) and Very Large Online Search Engines (VLOSEs) must undergo an annual audit, carried out by an independent auditor, to assess their compliance with their DSA obligations and with any commitments undertaken under codes of conduct and crisis protocols adopted. A delegated act on independent audits came into force on 22 February and provides a framework to guide providers of VLOPs and VLOSEs, as well as auditing organisations, in preparing and issuing audits. It sets out mandatory templates for the audit reports produced by auditors, as well as for the audit implementation reports, which will be produced by VLOPs and VLOSEs. The 20 VLOPs and 2 VLOSEs will have to transmit these audit reports to the Commission and the competent Digital Services Coordinator in their member state of establishment. They will also have to publish them at the latest within three months from the time they complete the audit report.

EDPB launches CEF action or 2024.

The European Data Protection Board has launched its Coordinated Enforcement Framework (CEF) action for 2024. Throughout the year, 31 data protection authorities (including seven German state regulators) will take part. The CEF covers the implementation of the right of access. This right was selected because it is at the heart of data protection and one of the most frequently exercised data protection rights, and one which regulators receive many complaints about. In particular, it enables individuals to check whether their personal data is processed in a compliant manner by organisations. In addition, it often enables the exercise of the other data protection rights, such as the right to rectification and erasure. In 2023, the EDPB adopted Guidelines on the right of access to help organisations respond to data access requests from individuals in line with the GDPR. The results of the joint initiative will be analysed and the various regulators will decide on possible further supervision and enforcement actions. The EDPB will publish a report on the outcome of this analysis once the actions are concluded.

1 March 2024

The post This Week’s Techlaw News Round-up appeared first on Society for Computers & Law.