To help organizations stay on top of the main developments in European digital compliance,
This report follows our previous updates on European digital regulation and compliance developments for 2021 (Q1, Q2, Q3, Q4) and (Q1, Q2, Q3, Q4) 2022.
In this issue, we look at how both the EU and
EU
1. EU targets heavy data traffic generators and consults on a "Connectivity Tax"
2. The EU Data Act: Where does it stand, and what's the
3. New EU rules promoting the repair of goods
4. EU proposes a "withdraw button" requirement
5. Green Claims Directive: Verify green claims before you use them in the EU!
6. Network and Information Systems (NIS) regulation in the EU and
7. New
8. Data Protection and Digital Information Bill - the "new"
9. The
10.
11. Online Safety Bill arrives at the
12. Class actions in
13.
Regulation of New Technologies
14. EU developments in artificial intelligence
15.
1. EU targets heavy-data traffic generators and consults on a "Connectivity Tax"
The
For several years, IAPs have been calling for some sort of compensation payable by certain CAPs whose services are the origin of a significant proportion of data traffic on their communications networks. The proposed compensation is labelled with terms such as "connectivity tax" or "fair share contribution".
IAPs claim that the relationship between global "Big Tech" companies and the European infrastructure providers must be brought into balance. CAPs and major civil society organisations strongly oppose the concept, claiming that the traffic is caused by the IAPs' own customers (i.e., users) who pay for the data transport.
What's new?
In
Apart from that, while the Commission's questionnaire does not take a position per se, its design and language clearly reveal a level of sympathy with the idea of a contribution to be paid by the so-called "large traffic generators". This terminology implies a characterisation of very few "Big Tech" companies as generating their profit at the expense of European infrastructure builders. Many of the questions seem to be designed to trigger responses in support of this imbalance being fixed.
In addition, a chapter with consumer-focussed questions emphasises the need for universal services and affordability of high-speed connectivity, practically ruling out that consumers should bear the cost of building up networks to cope with their own increased traffic demands (e.g., through data caps, higher subscription prices, etc.).
What's next?
The Commission's consultation is open until
In the meantime, see our fuller summary of the consultation and the underlying dispute.
2. The EU Data Act: Where does it stand, and what's the
In
Supporters of the draft Data Act have welcomed the draft legislation for driving a "future in which data is widely shared and further used for innovative business models, more efficient processes and better policy making". On the other hand, critics have warned that the draft Data Act could actually lead to "an increase in anticompetitive or unfair practices among businesses"and flagged that businesses willface"pressure and costs in implementing the various measures imposed by the Data Act".
Read our previous article on the scope and impact of the EU Data Act, which we have revisited (and provided input on the
What's next?
The
3. New EU rules promoting the repair of goods
The
What's new?
In
The Proposed Directive amends the remedies granted under the EU Sale of Goods Directive 2019/771 ("SGD") for non-conformity in such a way that consumers will, in the future, only be able to choose replacement as a remedy when it is cheaper than repair.
Furthermore, for certain product groups listed in an Annex, the Proposed Directive introduces a new obligation to repair any defects that come into existence or become apparent outside and beyond the two-year liability period imposed on sellers under the SGD.
The Annex covers household products like dishwashers, vacuum cleaners, tablets and mobile phones - and also servers and data storage products. There have been suggestions that the Proposed Directive's scope could also be extended to allow "smart" products that incorporate (or are inter-connected with) digital content or digital services to be included in the Annex.
The obligation to repair includes:
-
an obligation on the producer to repair (or have a subcontractor repair) the product upon a consumer's request, and to inform consumers of this producer obligation. Producers must also ensure that independent repairers have access to certain spare parts and repair-related information and tools;
- an obligation on the repairer to provide to the consumer (upon request) standardised information about available specific repair services; and
- an obligation on the EU member states to ensure that at least one online platform exists in their territory that allows consumers to find repairers.
- identification of the contract, and
- details of the electronic means by which the confirmation of the withdrawal will be sent to the consumer.
- any services and/or products that are likely to fall within the scope of
NIS 2 ; - the relevant jurisdictions in which those services and/or products are made available, to determine which national implementing laws will likely apply;
- the potential impact of the new requirements on such services and/or products; and
- whether any services qualify for the "one-stop shop" mechanism and register with the relevant competent authority (where their "main establishment" is located) before
mid-January 2025 . - Amending the threshold for what constitutes "automated decision making", with less-stringent requirements applying to decisions that do not use sensitive data (such as health or ethnicity data).
-
Removing the requirement for organisations to maintain a record of processing activities, unless the processing is considered high-risk - which the
UK government views as "pointless paperwork for businesses". - Creating a preset list of legitimate interests, which do not require controllers to carry out a balancing test prior to relying on legitimate interest as a basis. While the proposed list includes certain examples (e.g., direct marketing, intra-group transfers of personal data where necessary for administrative purposes and security purposes), it still remains narrow and does not include commercially focussed activities.
- invest Ł2.5 billion over ten years to fund the development of quantum technologies (see the full quantum strategy) and build an "exascale" supercomputer;
- award a Ł1 million prize each year to researchers that drive progress in critical areas of AI;
-
extend the
British Patient Capital program for an additional ten years, providing at least Ł3 billion in investment; and -
announce twelve locations across the
UK that will receive grants and tax concessions for five years to encourage investment and research. - advertising and sponsoring on all the above media that are particularly likely to induce or encourage children to consume HFSS foods;
-
advertising of HFSS foods on radio and audio-visual media services
between 6 a.m. and 11 p.m. , regardless of its effect on children; - advertising of HFSS foods on all in-scope media except outdoor advertising if the advertising is directly related to content that is also appealing to children; and
- outdoor advertising of HFSS foods in the vicinity of certain establishments used mainly by children, including daycare centers, schools, playgrounds, except for window surfaces of sales stands, kiosks or similar shops.
What's next?
The Commission's proposal will now enter the EU's legislative procedures, where it will be discussed within the
4. EU proposes a "withdraw button" requirement
Back in
What's new?
In
To further strengthen consumer protection, the Council position proposes extending the application of the withdraw button to all distance consumer contracts concluded by the means of an online interface (e.g., websites or mobile apps) - i.e., going far beyond the proposal by the
The proposed withdraw button will need to be labelled in a legible manner and must contain nothing but the words "withdraw from contract here" or a corresponding unambiguous formulation. The withdraw button will need to be placed on the online interface in a prominent manner and be easily accessible to the consumer. Using the button must allow the consumer to make the withdrawal statement by providing or confirming the following information:
-
name of the consumer,
The withdrawal statement must be submitted by using a confirmation button. Once the consumer uses the confirmation button, the online trader will need to send to the consumer a confirmation that the withdrawal statement has been submitted, including the date and time of the submission.
The planned withdraw button should not be confused with the "cancellation" button that has already been in force in
What's next?
The next step is the trilogue negotiations between the
5. Green Claims Directive: Verify green claims before you use them in the EU!
In
The Proposal is the Commission's follow-up to its 2020 study which found that 53.3% of green claims were vague, misleading or unsubstantiated, and that 40% were completely unsubstantiated.
What's new?
The Proposal aims to introduce clear regulation for green claims and green labels. In particular, the Proposal provides that green claims must be substantiated with scientific evidence that is widely recognised, identifying the relevant environmental impacts and any trade-offs between them. Before companies can use any green claims in their marketing materials, they will need to submit supporting evidence alongside any draft green claim for assessment and verification by an officially accredited third party.
Regarding environmental labelling schemes, the Proposal provides that these should be solid and reliable, and their proliferation shall be controlled. New public schemes, unless developed at EU level, will not be allowed, and new private schemes will only be allowed if they can show higher environmental standards than existing ones and get a pre-approval.
Except for certain micro-enterprises (with less than ten employees and less than €2 million turnover or balance sheet), the rules would apply to all companies doing business in the EU, unless the claims are covered by more specific rules (such as the EU Ecolabel).
In case of non-compliance, penalties shall include rules on profit-skimming, temporary exclusion from public tenders and subsidies, and fines of up to 4% of the trader's annual turnover generated in the EU Member State(s) concerned.
What's next?
The Proposal will now go through the regular legislative process. It will be discussed both in the
6. Network and information systems (NIS) regulation in the EU and
We have noted before that both the EU and the
The current NIS regimes in the EU and the
But, as in other areas where the
What's new?
EU developments
In the EU, Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the EU (
See our full client alert for a more detailed review of the substantive obligations and enforcement rules introduced by
Since
In any event, in order to inform organisations' compliance planning efforts and business impact assessments, organisations should already begin to identify:
The
Nevertheless, in
On the one hand, the
What's next?
EU Member States will implement
In practice, although the
7. New
In
Many companies are increasingly seeking to raise their profile and attract customers and investors by highlighting their environmental prestige (for example, by disclosing their net zero targets) - and any of these companies operating in the
The new Guidance (which comes after the EU recently published a draft law requiring companies to face strict penalties unless they justify within ten days the green claims that they make) strengthens the
According to the Guidance, any companies operating in the
The CMA is slowly following suit, having recently published a "Green Claims Code" and further guidance on how to make environmental claims that simultaneously comply with consumer protection law obligations.
What's next?
We anticipate further legislation in this area - particularly the new Digital Markets, Competition and Consumer Bill, which is expected to grant the CMA further enforcement capabilities in the form of monetary penalties where companies have breached consumer protection laws.
8. Data Protection and Digital Information Bill - the "new"
The
While the Bill retains key principles of its predecessor, the
These changes include:
What's next?
One of the big questions is whether the implementation of the Bill will compromise the
For now, the Bill has only passed its first reading in the
9. The
The
What's new?
Consisting of ten priority points, the Framework is also backed by Ł370 million of government funding. It's intended as a strategy to define a more cohesive, coordinated approach to Science and Technology within government.
Strategic focus
The Framework identifies artificial intelligence, engineering biology, future telecommunications, semiconductors and quantum technologies as "critical" technologies. A total of Ł250 million has been dedicated to "technology missions" in AI, quantum technologies and engineering biology. The government will be publishing various strategies, White Papers (including the awaited AI White Paper) and plans to bolster the
Areas of development
There will be investment in research, but also in talent and infrastructure. In addition to exploring programs to attract international talent, there will be expanded opportunities for participation in STEM, whether by training, retraining or upskilling. Key infrastructure investments will be identified via collaborations and consultations. There is also an aim to increase investment in research via private and public funding.
Funding
In addition to further funding of research and development (R&D), investment in the industries will be increased by encouraging
Regulation
Overall, a light-touch approach to regulation is likely when considering the Framework and previously published AI strategies. The Framework describes a regulatory regime that utilises the
Global reach
The Framework would also foster the
What's next?
The science and tech community is still waiting to hear news on the
10.
The
Regulation and spending measures
To support the rapid and safe introduction of emerging technologies, the government has accepted the
For research intensive companies, the government plans to:
Other (tax-related) measures
To create a competitive corporation tax regime, the government has also announced other measures that may benefit digital companies operating in the
For example, the
Also, the
11. Online Safety Bill arrives at the
The
Since
Another amendment proposed an approach to content moderation that would involve bypassing end-to-end encryption (E2EE) by scanning for the removal of harmful material (terrorist content and Child Sex Exploitation and Abuse content) from a user's device before a message is sent and subsequently encrypted. Major providers of E2EE services have spoken out against this amendment, denouncing the proposed approach for threatening private and safe communication.
Some service providers have stated that they will not decrypt their E2EE services, even in the face of the large fines that the OSB seeks to impose (i.e., the greater of Ł18 million or 10% of annual global turnover). Others have gone as far as to consider pulling their services from the
Separately, it's worth noting that new technologies are being developed just as quickly as new amendments to the OSB are being tabled. Providers of newer and up-and-coming technologies, such as generative AI, may find that they are immediately caught by the onerous obligations of the OSB, just as they are making a name for themselves. And the
What's next?
The OSB is due to progress on to the committee stage in the
12. Class actions in
In
What's new?
The new Draft of the Consumer Rights Enforcement Act(Verbraucherrechtedurchsetzungsgesetz - "VDUG-E") implements the EU's Representative Action Directive (2020/1828) ("RAD").
The main element of the VDUG-E is the introduction of the possibility to bring collective redress actions (Abhilfeklage) before the competent Higher Regional Court. Such claims can be initiated by so-called "qualified entities" (such as consumer associations), but not by individual consumers, and may include any monetary and non-monetary redress measures such as a price reduction, termination of contracts, refunds of the price paid, damages, etc., provided such claims are of the same kind (gleichartig).
It is important to note that the VDUG-E goes beyond the RAD's requirements causing a direct effect on companies, especially also in the digital space. First, while the RAD's scope was limited to certain violations of EU law, the VDUG-E provides that collective redress actions can be initiated for all violations of law resulting in a claim against another "undertaking", i.e., for instance, also basic contractual or tort claims. Second, the collective redress action is not only open for consumers as required under the RAD, but also for small companies (employing less than 50 people and having an annual turnover or an annual balance sheet of less than €10 million).
What's next?
If the VDUG-E comes into force in its current form, it seems likely that it will indeed strengthen class actions in
13.
What's new?
The proposal introduces different levels of advertising and sponsoring restrictions for HFSS foods, ranging from a complete ban of such advertising in certain media to an effects-based restriction that relies on how likely the advertising would induce or encourage children under the age of 14 to consume HFSS foods.
While the proposal only obliges "food businesses and any natural or legal person providing advertising or sponsorship", it will have an indirect effect on all media providers with advertising inventory, as the restricted advertisements must no longer be displayed on such inventory. As relevant media providers, the draft lists radio, press/print, information society services, audio-visual media services, VSPs and providers of outdoor advertising.
In particular, the proposal seeks to prohibit:
According to the draft, the enforcing authorities could penalise food businesses and advertising/sponsoring providers with fines up to €30,000 and confiscate any objects to which the infringement relates.
What's next?
The draft already attracted broad criticism, supposedly leading the Ministry to hold back the launch of a public consultation that would allow businesses and industry associations to comment on the proposal. It is currently unclear if the political pressure will result in the Ministry changing the draft before starting the legislative process, including a public consultation, the adoption of a government draft and subsequent parliamentary proceedings.
So far, critics have argued that the proposal exceeds the government's respective plans for HFSS foods advertising restrictions as laid out in the coalition agreement. It has further been pronounced that the federal legislator has no authority to establish media-related provisions (instead of the federal states) and that the proposed ban violates constitutional rights of affected industry players.
What are the EU and
At the EU level, there is currently no harmonised regime for HFSS foods advertising. The Audiovisual Media Services Directive requires Member States to encourage codes of conduct aimed at reducing the exposure of children to HFSS foods advertising, but this only applies to TV and on-demand services, and Member States are free to go beyond that requirement.
In the
14. EU developments in artificial intelligence
There were a couple of notable artificial intelligence (AI)-related developments in the EU in
First, the EU's proposed regulatory scheme for AI took a further step through the legislative process. Also, the
We have written before that the EU is pursuing a more regulatory approach to AI than
What's new?
On 24 January, the
The EESC overall approves of the proposed EU legislation and does not make major requests for amendments. One of its main points is the need to pursue a liability scheme as uniform as possible in its application across the EU and to reduce the risk of divergent interpretations under national case law. The EESC therefore calls on the EU to define with more clarity concepts such as "high-risk activities" (and believes that potential harm to the environment should be one of the factors to be included in the high-risk category) and "eligible damage". It also calls for setting up a network of alternative dispute resolution bodies to make it easier for victims who have suffered harm to exercise their rights. The five-year horizon to review the effects of the directive is too distant for the EESC, and it suggests acting earlier, at most three years after the directive enters into force.
Also in January, the EU signed an AI Collaboration Agreement with
The administrative arrangement's primary focus is to increase
What's next?
While the administrative arrangement may be a sign of increasing
15.
Back in
What's new?
The original
The positive action was a proposal to introduce a new copyright and database right exception permitting text and data mining (TDM) for any purpose - with the aim of speeding up the TDM process, which is often a precursor to the development of AI. Previously, the TDM exception only applied to non-commercial purposes.
The proposed lack of action was to choose not to replicate the EU's regulatory proposals in relation to AI-based technology - especially the new EU AI Act, the AI-related revision of the EU Product Liability Directive and the proposal for an EU AI Liability Directive, all described in our
It's the first of these
But if that point of detail was almost sneaked out into the public domain, the White Paper "A Pro-innovation Approach to AI Regulation" was launched with lots of publicity in
The White Paper proposes a new regulatory framework ("Framework") aimed at identifying and addressing various risks associated with AI development and use. But the Framework doesn't assign rules or risk levels to entire sectors or technologies - as the EU proposes. Rather, it adopts a principles-based, context- and outcomes-oriented approach to regulating AI, which focusses on the use of AI rather than the technology itself. It lays out some key cross-sectoral principles (such as safety, security and robustness; appropriate transparency and explainability; contestability and redress) that existing regulators will be expected to implement proportionately.
What's next?
The
But it's the White Paper that will form the
But it remains unlikely that the
We are grateful to the following member of MoFo's European Digital Regulatory Compliance team for their contributions:
Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.
©
Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.
©
Mr
CA 94105-2482
Tel: 4152687000
Fax: 4152687522
E-mail: mcervantes@mofo.com
URL: www.mofo.com
© Mondaq Ltd, 2023 - Tel. +44 (0)20 8544 8300 - http://www.mondaq.com, source