The European Commission has launched its first set of “specification proceedings” under the Digital Markets Act (“DMA”).

“Specification proceedings” are actions taken by the Commission under the DMA which formalises the Commission’s regulatory discussions with a gatekeeper, allowing it to investigate particular compliance points, which can ultimately result in the Commission issuing a decision to the relevant gatekeeper on what specific measures a gatekeeper must implement to ensure effective DMA compliance.

These latest proceedings relate to Apple’s interoperability obligations under the DMA. Article 6(7) of the DMA provides that gatekeepers shall allow providers of services and providers of

Continue Reading Commission launches first specification proceedings under the DMA

At the start of November, the UK government hosted an AI Safety Summit, intended to provide a forum for in-depth discussions on the challenges and opportunities of AI technology. It attracted a wide array of senior stakeholders from across policy, business, academia and government and appears to show a UK desire to lead in this area.

The opening day of the Summit saw the unveiling of the Bletchley Declaration (the Declaration) – a non-binding commitment agreed by the 27 countries whose delegates attended the Summit including USA, China, India and the EU.

Although a voluntary declaration, lacking any real “legislative

Continue Reading The Bletchley Declaration: further evidence of the global legislative focus on Artificial Intelligence

The Commission has published a draft delegated act on audits to be performed very large online platforms (“VLOPs“) and very large online search engines (“VLOSEs“) pursuant to Article 37 of Digital Services Act Regulation (“DSA“) for public feedback.Continue Reading Commission publishes Draft Delegated Act in respect of Audits conducted under DSA

The new Enforcement and Modernisation Directive 2019/2161, more commonly known as the ‘Omnibus Directive’ (the Directive), aims to strengthen consumer rights through enhanced enforcement measures and increased transparency requirements.

Key dates

EU Member States must adopt national implementation measures by 28 November 2021. The new requirements set out in the Directive must then come into force by 28 May 2022.

Who the Directive applies to

Those engaged in online business-to-consumer (B2C) transactions as well as companies offering digital services to consumers where payment by the consumers is in the form of personal data rather than money, will fall under the remit of the Directive.Continue Reading New Deal for EU Consumers- the Omnibus Directive explained

On 6 April 2020, the Data Protection Commission (DPC) published a report on the use of cookies and other tracking technologies (Report) and an updated guidance note on cookies and other tracking technologies (Guidance).

The Report is based on a review carried out by the DPC of websites in various sectors in Ireland, including insurance, banking, media, retail and the public sector. The purpose of the DPC’s report was to examine whether organisations are complying with the law, and, in particular, how organisations are obtaining the consent of users for the use of cookies. The majority of the 38 organisations examined were found to have potential compliance issues, particularly in relation to reliance on implied consent for setting non-necessary cookies; lack of choice for users to reject all cookies; bundling of consent for all purposes; and the possible misclassification of cookies as “necessary” or “strictly necessary“.  The Report gives an overview of the responses received highlighting what the DPC considers to be both “good” and “bad” practices that it encountered on the websites, and the Guidance provides website operators with guidance on how to comply with the rules relating to cookies, which are set out in the Irish ePrivacy Regulations.Continue Reading DPC publishes Report and Guidance on cookies following a “cross-sector and cross-size” sweep of website operators

The UK government has published its initial consultation response on the Online Harms White Paper (see our previous post here). The new regulatory framework proposes introducing a ‘duty of care’ on online services in respect of harmful content. The government’s initial response reports on the findings from the public consultation, and provides an indication of how the legislation will be taken forward.
Continue Reading Online Harms White Paper – UK government publishes its initial consultation response

In Amazon EU Case C-649/17, the Court of Justice of the European Union (CJEU) held that the Consumer Rights (CR) Directive 2011/83/EU does not require an e-commerce platform to make a telephone number available to consumers before the conclusion of a contract. It is sufficient for traders, when concluding distance contracts with consumers, to use other means of communications, such as online chat services or telephone call-back, as long as consumers have a means of contacting traders quickly and efficiently.
Continue Reading E-Commerce platforms not obliged to make telephone number available to consumers

In the case of Eva Glawischnig-Piesczek v Facebook Ireland Ltd (Case C-18/18), the Advocate General (AG) of the Court of Justice (CJEU) was asked to clarify the scope of the obligation that may be imposed on a host provider to remove illegal information. Article 15(1) of the e-Commerce Directive 2000/31/EC (the Directive) prohibits Member States from imposing a general monitoring obligation on host providers, and the CJEU considered whether that provision precludes a court, in the context of an injunction to remove notified illegal content, from ordering a host provider to seek and identify identical or equivalent illegal content. The CJEU also considered the territorial scope of a removal obligation, and whether removal could be ordered on a worldwide basis.

In his Opinion, AG Szpunar concluded that a host provider may be ordered to remove not only notified illegal content, but to seek and identify among the information disseminated by any user of that platform, information ‘identical’ to that which has been characterised as illegal by a court. In addition, a host provider may be ordered to seek and identify information ‘equivalent’ to that characterised as illegal, but only among the information disseminated by the original user, and not by any user.  The AG also considered that since the Directive does not regulate the territorial scope of an obligation to remove information disseminated via a social network platform, it does not preclude a host provider from being ordered to remove such information on a worldwide basis. Whilst the AG’s Opinion is not binding on the CJEU, it will be of persuasive value.
Continue Reading Advocate General delivers significant Opinion on scope of host providers’ obligation to remove illegal content

On 17 April 2019, the European Parliament approved a new Regulation on platform-to-business trading practices. It requires online platforms and online search engines to comply with certain legal obligations and also encourages them to take voluntary complimentary steps. The Regulation aims to ensure that businesses using online intermediation services and general online search engines have greater certainty and clarity with respect to the rules governing their relationships with these platforms and how to resolve potential disputes.

The text adopted by the European Parliament has not yet been formally approved by the Council of the EU. Once approved, the Regulation will enter into force 12 months after its publication in the Official Journal.Continue Reading European Parliament agrees new rules to improve fairness of online platforms

Last week MoneyConf firmly put Dublin in the Fintech spotlight. The pressure on financial services firms to make better use of technology to reduce costs and improve customer service shows no sign of relenting. At the same time they need to carefully navigate the related regulatory challenges around technology outsourcing. A member of the ECB Supervisory Board recently observed that banks are not “technological houses” and said that the fragmentation of banks’ services across a range of external providers creates a “challenge” for banks’ leaders, who retain responsibility. This statement will resonate, in particular, with financial institutions looking to understand how much they are currently using, and how they can make more and better use of, cloud based technology solutions.
Continue Reading European Banking Authority Recommendations on Outsourcing to Cloud Service Providers