Data-driven technologies, particularly artificial intelligence and other complex algorithms, have the potential to enhance patient care and catalyse medical breakthroughs. However, these technologies are heavily reliant on data, which poses challenges in ensuring that patient information is handled in a safe, secure and legally compliant way.

In response to early issues with the deployment of artificial intelligence and other algorithmic tools in healthcare, on 5 September 2018 the UK Department of Health & Social Care (DH) published an Initial Code of Conduct for Developers and Suppliers of Data-driven Health and Care Technology (the Code). The Code is not legally binding but aims to raise standards by establishing best practices.

The Code consists of:

  • 10 key principles (i.e., what DH expects from suppliers of data-driven technologies)

These principles outline best practice for safe and effective digital innovations, including defining the user, the value proposition, the commercial strategy, and the type of algorithm being built.

To address data protection concerns, Key Principle 3 mirrors the GDPR regime by requiring developers to be “fair, transparent and accountable about what data you are using“. Key Principle 4 also states you must “use data that is proportionate to the identified user need” and refers to the national opt-out policy, allowing patients to opt out from having their patient data used beyond their direct care.

  • 5 commitments (i.e., what DH will do to support and encourage innovators in health and care)
    • simplifying the regulatory and funding landscape;
    • creating an environment that enables experimentation;
    • encouraging the system to adopt innovation;
    • improving intolerability and openness; and
    • listening to users.

DH is encouraging developers of data-driven technologies to manage risks to the safety and quality of care by signing up to the Code. It will produce a revised version of the Code in December 2018 and seeks feedback from researchers, innovators, the public, and the NHS. The feedback questionnaire is available here.

In today’s judgment, the UK Supreme Court held that rights-holders should bear the costs of implementing website blocking injunctions to prevent IP infringement. The judgment overturns the practice adopted by the English courts since 2011 of requiring internet service providers, as innocent intermediaries, to bear these costs.

Continue Reading UK Supreme Court: rights-holders must pay costs of blocking IP-infringing websites

A recent judgment of the European Court makes it clear that in many circumstances more than one party may be a joint data controller. Whilst the judgment pre-dates the GDPR, its consideration of what constitutes ‘control’ and ‘joint control’ remains good law under the GDPR. The judgment means that parties who may have considered themselves ‘data processors’ in the past should review whether they are in fact ‘joint data controllers’ with others. Continue Reading Are joint data control relationships now the norm rather than the exception?

On 29 November 2017, the Court of Justice of the European Union (ECJ) confirmed that, under the Copyright Directive (the Directive), the making available of copies of television programmes saved in the cloud must be authorised by the holder of the copyright or related rights. Continue Reading ECJ confirms rights holders can stop cloud-based television recording services

On 13 September 2017, the Commission issued a proposal for a Regulation to strengthen the role of the EU Agency for Network and Information Security (ENISA) by:

  • granting it a permanent mandate;
  • clarifying its role as the information hub of the EU for cybersecurity; and
  • tasking it with the responsibility of proactively contributing to policy in the area of network information and security.

The proposal also introduces EU-wide cybersecurity certification schemes for ICT products and services, which will be prepared by ENISA. This aims to address current market fragmentation and provide a comprehensive set of cybersecurity rules, technical requirements, standards and procedures. Continue Reading EU Commission proposes stronger mandate for ENISA and EU-wide cybersecurity certification

In a judgment delivered on 14 June 2017, the Court of Justice of the European Union (CJEU) decided that making available a online sharing platform falls within the concept of “communication to the public” for the purposes of copyright law, and can therefore amount to infringement of copyright in protected works which are shared via that platform. This decision bolsters the ability of copyright owners to pursue the operators of such platforms, and to obtain relief against intermediaries (in particular ISPs) forcing them to block their users from accessing such platforms.

The immediate practical consequence of the CJEU’s decision is that the national courts are entitled to grant blocking injunctions against ISPs in order to block users from accessing TPB. This is plainly a positive outcome from the point of view of copyright holders, giving them stronger rights to restrict unauthorised distribution of their protected works. The generally pro-rightsholder approach of the CJEU in this case mirrors the recent efforts of the English courts to modernise its remedies in order to secure adequate protection against infringing activities, as reported in a previous blog post.

Continue Reading Providing an online sharing platform is an “act of communication”, says the CJEU

On May 23, 2017, the United States Federal Communications Commission (FCC) released the text of a Notice of Proposed Rule Making (NPRM) that solicits public comment on what FCC Chairman Ajit Pai calls a plan for “Restoring Internet Freedom.” The NPRM contemplates reversing the 2015 FCC Open Internet Order that classified both fixed and mobile broadband internet access services as telecommunications services and subjected them to some of the common carrier regulations found in Title II of the Communications Act. The 2015 Order also adopted no-blocking, no-throttling, and no-paid-prioritization rules, as well as a general internet conduct standard. Continue Reading American Federal Communication Commission Publishes NPRM Geared Towards Reversing Open Internet Order

On 10 May 2017, the European Commission published its mid-term review of the implementation of Europe’s Digital Single Market strategy. Launched in 2015, the ambitious strategy covered 16 actions under the three pillars: (1) improving access to digital goods and services for consumers and businesses across Europe; (2) creating the right conditions and a level playing field for digital networks and innovative services to flourish; and (3) maximising the growth potential of the digital economy. Despite a lot of activity, the Commission was only able to highlight one actual delivered improvement in its review – the abolition of retail roaming charges – although it looks forward to the imminent implementation of cross-border content portability in early 2018 and the expected approval of a proposal to address unjustified geo-blocking.

Continue Reading European Digital Single Market strategy mid-term review: What happens next?

On 27 April 2017, the UK’s new Digital Economy Act came into force. Following the calling of a snap General Election for 8 June, it was brought into force during the final parliamentary wash-up. Whilst some proposals were withdrawn or watered down, a number of important provisions, notably reform of the UK’s electronic communications code which governs the relationship between telecoms operators and landowners, were brought into force without significant amendment.

Continue Reading UK’s Digital Economy Act comes into force reforming telecoms operators’ rights to access land and buildings

In January 2017, the European Commission published the proposed text of a new draft e-Privacy Regulation (ePR) as part of its ongoing drive to advance one of its key initiatives, the Digital Single Market.

Whilst the impending introduction of the GDPR has been dominating headlines for the past months, the ePR has somewhat gone under the radar. We set out the key points to look out for with regard to the ePR and who it is likely to apply to.

Continue Reading The ePrivacy Regulation: what you need to know