On 13 September 2017, the Commission issued a proposal for a Regulation to strengthen the role of the EU Agency for Network and Information Security (“ENISA“) by:

  • granting it a permanent mandate;
  • clarifying its role as the information hub of the EU for cybersecurity; and
  • tasking it with the responsibility of proactively contributing to policy in the area of network information and security.

The proposal also introduces EU-wide cybersecurity certification schemes for ICT products and services, which will be prepared by ENISA.  This aims to address current market fragmentation and provide a comprehensive set of cybersecurity rules, technical requirements, standards and procedures. Continue Reading EU Commission proposes stronger mandate for ENISA and EU-wide cybersecurity certification

On 14 September 2017 Ofcom, the UK communications industry regulator, adopted new statutory guidelines (“Penalty Guidelines“) on how it would assess and determine the penalties (fines) payable by regulated communications companies who breach their obligations under the Communications Act 2003 (“Act”). The revised guidelines follow Ofcom’s June 2017 adoption of new guidelines for enforcement in regulatory investigations (“Enforcement Guidelines“) and procedures for investigating breaches of competition related conditions in Broadcasting Act licences (“Broadcasting Investigation Procedures“).

Although on their face the changes to the guidelines seem relatively minor, when considered against the background of (i) Ofcom’s increasingly pro-active enforcement policy; and (ii) the increased difficulty of challenging Ofcom’s decisions, following the 20 July 2017 change in the standard of review of decisions on appeal from an ‘on the merits‘ review to ‘judicial review principles‘, we expect the changes to make it easier for Ofcom to take action against regulated communications companies and more difficult for those companies to defend and appeal Ofcom’s decisions. As a net result, regulated communications companies need to take Ofcom enforcement action more seriously. Those companies are now financially incentivised to engage early with Ofcom and consider early settlement to secure a settlement discount, especially as they will find it more difficult to challenge Ofcom’s decisions on appeal. Continue Reading What is the impact of the new Ofcom penalty guidelines?

The UK Government has released a “Future Partnership” paper setting out its vision for UK-EU data flows post-Brexit. In particular, the paper anticipates seeking an early UK-EU agreement that each area’s data protection laws provide equivalent protection, which would allow data to continue to flow between the EU, the UK and other third countries post-Brexit.  Continue Reading UK Government seeks EU equivalency for UK data protection law post-Brexit

With holiday season upon us, earlier this week Matt Hancock, the UK Government’s Digital Minister, announced proposals for a new UK data protection law. Previously covered on this blog here and here, little new of substance was announced, but in a slow news week, the announcement garnered significant UK media coverage and attention.  Continue Reading UK’s Digital Minister announces changes to UK data protection law

Ofcom published its annual Communications Market Report this week. This report provides a reference for industry, stakeholders and consumers across the sectors Ofcom regulates.  A handy bite-size version of the report is available here.

What has the 2017 report revealed? Continue Reading A nation of binge-watchers: Ofcom reveals the UK’s TV and online habits in its annual report

This week heralded further progress for the European Digital Single Market strategy, with the online content portability regulation mentioned previously on this blog coming into force on 20 July 2017, following publication of this regulation in the EU Official Journal on 30 June 2017. The regulation itself sets out a number of key dates during next year and onwards for content providers and consumers alike to watch for. Continue Reading ‘Watch like at home’: dates worth watching for

Following the Government’s decision to include a revised data protection law in the Queen’s Speech last month, the House of Lords EU Home Affairs Sub-Committee reviewed the potential implications on national security, stability and public safety of the UK exiting the European Union without an agreement to ensure there is unhindered data flow between the two sides. The Committee issued a stark warning that it was “struck by the lack of detail” on how the Government would ensure that the UK data protection regime continues to allow data transfer with the European Union in a post-Brexit world.

Continue Reading UK Data protection post-Brexit: a “cliff-edge”?

On 11 July 2017, Ofcom announced that it would be auctioning (i) 40 MHz of spectrum in the 2.3 GHz band; and (ii) 150 MHz of spectrum in the 3.4 GHz band in the UK in late 2017. Ofcom has decided to impose spectrum caps to, in Ofcom’s words, ‘safeguard competition‘. It remains to be seen whether any of the market participants challenge Ofcom’s decision on spectrum caps. Ofcom also published an Information Memorandum for prospective bidders and issued a consultation on the auction regulations. The consultation closes on 14 August 2017. Whilst the 2.3 GHz spectrum can be used for current LTE (4G) services, the 3.4 Ghz spectrum is expected to support faster next generation mobile (5G) services. Continue Reading UK to auction 2.3 and 3.4 GHz spectrum in 2017

In a judgment delivered on 14 June 2017, the Court of Justice of the European Union (CJEU) decided that making available a online sharing platform falls within the concept of “communication to the public” for the purposes of copyright law, and can therefore amount to infringement of copyright in protected works which are shared via that platform. This decision bolsters the ability of copyright owners to pursue the operators of such platforms, and to obtain relief against intermediaries (in particular ISPs) forcing them to block their users from accessing such platforms.

The immediate practical consequence of the CJEU’s decision is that the national courts are entitled to grant blocking injunctions against ISPs in order to block users from accessing TPB. This is plainly a positive outcome from the point of view of copyright holders, giving them stronger rights to restrict unauthorised distribution of their protected works. The generally pro-rightsholder approach of the CJEU in this case mirrors the recent efforts of the English courts to modernise its remedies in order to secure adequate protection against infringing activities, as reported in a previous blog post.

Continue Reading Providing an online sharing platform is an “act of communication”, says the CJEU

A revised data protection law forms part of the new government’s legislative agenda for the UK. Key points in the Queen’s Speech on 21 June 2017 were that a new UK Data Protection Bill (the Bill) will replace the current Data Protection Act 1998; the new Bill will implement the EU General Data Protection Regulation (GDPR) in the UK (a fact that the party manifestos were silent on before the election); and the government intends to put the UK in the best position to maintain data sharing across the EU and internationally. These points remained unchallenged in the subsequent parliamentary debates, and the government’s express intention to implement the GDPR through national law in the UK was welcomed by many businesses. Continue Reading Proposal for a new UK Data Protection law