Welcome to the September edition of Technol-AG, Addleshaw Goddard's monthly technology update.
- OFCOM is the latest regulator to take an interest in the digital markets
Following announcements from other regulators, OFCOM has recently announced a new programme of work in respect of competition in the digital markets, in response to changes to the way consumers communicate with each other and consume news and media.
For the next year, OFCOM's main focus will be on undertaking a market study under the Enterprise Act 2002 into cloud services in the UK, as OFCOM recognises that cloud service providers have become essential trading partners to communications providers, who are relying on these providers to exchange data and to operate their networks. The concentration of the provision of cloud services in the hands of Amazon, Microsoft and Alphabet is likely to be of particular concern to OFCOM if this means that communications providers have little influence over the prices charged by these companies and any significant change in these prices are then flowed down to consumers. Such concentration risks are being noticed by other UK regulators, such as the Financial Conduct Authority, as covered in our July update.
OFCOM will also focus its work in this space on the following areas:
- net neutrality;
- competition in digital content gateways, in particular audio visual gateways: connected televisions, smart speakers/digital assistants; and
- online personal communications services such as WhatsApp and Zoom. The regulation of providers that provide such services (sometimes called "over-the-top" service providers or OTT service providers) has been part of the core of regulations in this space in the EU. In particular, in the European Electronic Communications Code which EU Member States had to implement by 21 December 2020 included a new regulatory framework that applied certain regulatory obligations on the OTT service providers. The UK Government had initially decided to deprioritise implementing this regulatory framework in the UK, but there now seems to be renewed focus on regulating these types of providers.
OFCOM's previous programmes of work have led to a diversification of the telecommunications market, in particular in relation to the provision of mobile services. OFCOM's market study may have a similar effect for digital markets. For further details on OFCOM's proposals, click here.
- EHRC publishes new guidance on discrimination in AI
The Equality and Human Rights Commission has published new guidance on the use of artificial intelligence (AI) by public bodies and how AI systems may be causing discriminatory outcomes. Whilst the guidance is aimed at the public sector, it will be useful to those within the private sector, particularly employers using AI in recruitment.
AI systems may lead to discrimination and deepen inequalities. Discrimination may happen because the data given to the AI systems is already biased. Bias may also occur during the development and programming of the systems as the bias may arise from the decisions made from the individuals training the AI. Bias can also develop and accumulate over time as the system is used.
Public bodies and anyone responsible for developing or using AI as part of a service they are delivering on behalf of a public body need to consider the Public Sector Equality Duty (PSED). The PSED has two parts:
- the general duty which focuses on eliminating unlawful discrimination, advancing equal opportunity and fostering good relations; and
- specific duties which include assessing equality impact and setting equality objectives.
Companies will need to build equality into their existing services and decisions about new policies or services. Consideration must be given to how AI may affect individuals with different protected characteristics. Having limited or no data on certain protected characteristics will not be an excusable defence. Proportionate steps must be taken to fill any data gaps.
As the PSED applies, even if you are commissioning a third party to use the AI on your behalf, it is important that you monitor compliance of any external third party. It is recommended that companies make it a contractual requirement for the third party to comply with the PSED and supply information to enable compliance to be monitored.
- DHSC provide policy guidelines on how to make the NHS and social care more data driven
The Department of Health & Social Care (DHSC) has published further information on the 12 guidelines that were set out in the "Data saves lives: reshaping health and social care with data" policy paper in June 2022. This policy paper introduced a new strategy to make the NHS and social care more data driven, which will bring benefits to all parts of health and social care.
The policy is aimed at enabling the use of NHS data for research and analysis purposes while ensuring user data is protected within secure data environments. These secure data environments will allow organisations tight control over who can access user data and what can be done with it. The NHS is piloting a national scheme in which users from the NHS, academia, industry and charities will be able to securely access NHS data within the framework of data protection provided by the policy.
The latest additional guidelines, published in September 2022, provide further details on the data protection practices that will be implemented in NHS secure data environments. These are laid out in the ‘Five Safes framework’ developed by the Office for National Statistics. The five principles of this framework are:
- Safe settings: preventing inappropriate access to or misuse of data;
- Safe people: limiting access to system data to individuals who have been duly trained and authorised;
- Safe projects: ensuring information is used for research projects intended for the public good;
- Safe data: ensuring information is protected and confidential; and
- Safe outputs: ensuring summarised information taken out of the system is non-identifiable.
In light of this policy, organisations involved in accessing NHS data for research and analysis purposes should familiarise themselves with secure data environment practices and ensure they comply with these data protection guidelines.
- Law Commission proposes digital assets are recognised as personal property
The Law Commission of England and Wales has published a consultation paper on digital assets, proposing that they are recognised as a new form of personal property. Implementing such a proposal could have a major impact on a variety of specific real life situations, such as the use of digital assets as collateral for loans, alongside encouraging confidence in digital asset markets.
Potential examples of digital assets which might fall within a new category of personal property include digital files and digital records, email accounts and in-game digital assets, domain names, carbon emissions trading schemes, crypto-tokens/crypto-assets and NFTs. Court recognition of property rights in these 'data objects' would give the holder rights potentially enforceable against the whole world, and the Law Commission is clear that such a proposal aims to incentivise use of English law and the jurisdiction of England and Wales with respect to the burgeoning international markets in digital assets and the growth industries servicing them. It's clear that many consumer goods companies now seek to exploit growing consumer demand for digital experiences by providing a blend of digital and physical product.
Building upon the conclusions of the Legal Statement on the Status of Cryptoassets and Smart Contracts by the UK Jurisdiction Taskforce (in 2019), i.e. that 'smart contracts'/contractual obligations written in human-readable computer code are as enforceable as any other contractual obligation, the consultation will close in November but will be followed in future by related Law Commission consultations on conflict of laws and emerging technology and Decentralised Autonomous Organisations (DAOs).