Technology & Digital round-up: 21 January 2022

21st January 2022

Happy New Year and welcome to our first Technology & Digital round-up of 2022. This edition covers cryptoassets, data fines, cloud services, smart supermarkets, cyber security, the metaverse and much more.

If you would like to receive this and other similar updates direct to your inbox, please click here.

Get in touch with Sally Mewies or Luke Jackson if you have any queries or need advice or assistance.

The legal part…

• We published Technology & Digital: What to look out for in 2022 giving a flavour of ten legal and regulatory developments we expect to see this year.

• HM Treasury unveiled the Government’s plan to strengthen the rules on cryptoasset advertisements and protect consumers from misleading claims. It proposes to bring the promotion of cryptoassets within the scope of financial promotions legislation. This means that all crypto marketing promotions will need to be issued or approved by an FCA-authorised person and comply with the ‘fair, clear and not misleading’ requirement. The FCA is now consulting until 23 March 2022 on strengthening its financial promotion rules for high risk investments, including cryptoassets. Watch out for our upcoming briefing. This is an important step forward in creating a robust regulatory framework that will foster innovation while ensuring consumer protection. In related news, the Advertising Standards Authority has upheld a series of complaints regarding cryptoasset advertising in recent weeks, having previously confirmed that it is treating this as a ‘red alert’ priority issue.

• The International Monetary Fund says that cryptoassets such as Bitcoin have matured from an obscure asset class with few users to an integral part of the digital asset revolution, raising financial stability concerns. Its analysis suggests that cryptoassets are no longer on the fringe of the financial system and it is therefore time to adopt a comprehensive, coordinated global regulatory framework to guide national regulation and supervision and mitigate the financial stability risks stemming from the crypto ecosystem.

• The Law Society published the second edition of its legal and regulatory guidance on blockchain. In his foreword to the report, the Master of the Rolls describes it as a comprehensive guide to the legal and regulatory considerations that everyone in the on-chain space needs to understand. He refers to three major developments that he believes are imminent, including the launch of central bank digital currencies that will put cryptoassets into mainstream use.

• Meanwhile, the House of Lords Economic Affairs Committee published a report concluding that it has yet to hear a convincing case for why the UK needs a retail central bank digital currency. It says that, while such a currency may provide some advantages, it would present significant challenges for financial stability and the protection of privacy.

• Following on from the recent release of its National Cyber Strategy 2022, the Government published its 2022 cyber security incentives and regulation review. Among other things, it is considering ways in which it can mandate large companies to appropriately assess and address the cyber risks they face. Two consultations were published alongside the review: one on proposals for legislative changes to drive up levels of cyber resilience, particularly in organisations which play an important role in the UK economy, like managed IT service providers; the other on proposals for how a stronger cyber security profession can support better cyber resilience. See the press release.

• The new UK Information Commissioner began his five year term saying that he looks forward to ensuring the law continues to be relevant in our changing world. This will be a busy year for the ICO as it actively engages with the Government over proposed wide-ranging data reforms and the introduction of the Online Safety Bill, and strengthens links with other digital regulators. It is currently consulting until 24 March 2022 on how it uses its powers to investigate, regulate and enforce: “We are focussed on promoting best practice and compliance but, where it is necessary, we will exercise a fair and proportionate approach to enforcement action”.

• One of the ICO’s non-executive directors delivered a comprehensive speech on regulatory cooperation across borders at an event on data protection and transnational cooperation in the post-Brexit era. Among other things, he talked about how the power and reach of multinational technology platforms over personal data is now unprecedented, and common action will create clearer and more forceful direction towards respect for data protection and privacy. As to the UK’s continuing data adequacy status he said that, while ‘essential equivalence’ is not cast in stone and does not require a carbon copy of the GDPR, if essential elements of protection are missing, that would create a serious obstacle. This is relevant because of the ongoing data reform consultation and the Government considering how to proceed.

• It was reported that Facebook’s parent company Meta is facing a billion-pound class action case concerning the alleged abuse of its market dominance to impose unfair terms and conditions on British Facebook users, giving it the power to exploit their personal data. Over in the US, the Federal Trade Commission has been given the go-ahead to take Meta to court over anti-trust rules. The competition and consumer regulator is trying to make Meta sell off Instagram and WhatsApp.

• The French data regulator fined Google and Facebook a total of £175 million over cookie consent issues, finding that while the tech giants provided a virtual button to allow the immediate acceptance of cookies, there was no equivalent to refuse them as easily.

• And finally, in a decision that could sound the death knell for the use of US cloud services in Europe, the Austrian data regulator found that a website which had been exporting visitors’ data to the US as a result of implementing Google Analytics, breached the GDPR’s rules on international transfers. There were insufficient safeguards to effectively block US intelligence services from accessing the data.

…and in other news

• Contrary to initial reports, global retailer H&M denied reports it was collaborating with CEEK to sell virtual fashions in the metaverse…for now.

• Microsoft is acquiring video game publisher Activision Blizzard for an eye-watering $68.7 billion. According to Microsoft’s CEO, the deal will play a key role in the development of metaverse platforms.

• It was announced that leading UK researchers will work with international collaborators to develop the technologies of tomorrow through 12 projects which aim to address the challenges of monitoring Earth’s emissions and climate, quantum computers, communication networks, better medicines and electric vehicles.

• The National Cyber Security Centre issued an alert advising organisations to take steps to mitigate the Apache Log4j vulnerabilities. The alert contains further links including on what everyone needs to know and what boards should be asking.

• In related news, the Cyber Essentials certification scheme will adopt a new tiered pricing structure from 24 January 2022. The NCSC previously announced that it will introduce an updated set of requirements for the scheme in response to the evolving cyber security challenges that organisations now face.

• The NCSC added its support to new advice from its international partners on countering Russian state-sponsored cyber threats targeting critical infrastructure.

• Non-profit organisation Worker Info Exchange – dedicated to helping workers access and gain insight from data collected from them at work – published a report evidencing the harms caused by gig platforms’ algorithmic workforce management systems.

• Aldi opened its first till-free supermarket following similar moves by Tesco, Sainsbury’s and Amazon, as this report asks whether smart supermarkets herald the end of shopping as we know it.

• You can now buy Tesla merchandise with Dogecoin – the cryptocurrency which was initially started as a joke – after the electric carmaker’s CEO Elon Musk announced the development on Twitter. The purchases are apparently non-refundable.

• Kosovo has pulled the plug (temporarily) on all crypto mining activity as it seeks to ease a crippling energy crisis. This is part of the ongoing global discussion around cryptocurrency regulation and the impact of cryptocurrency mining on the environment.

Get in touch with one of our experts if you have any queries or need advice or assistance.