Both the EU and the UK have been focusing on legislation to regulate the online environment this year.  Significant developments in the digital space include:

Digital Services Act

The Digital Services Act was published in the Official Journal at the end of October.  It came into force on 16 November 2022.  Most of it will apply from 17 February 2024, however Articles 24(2-3 &6), 33(3-6), 37(7), 40(13), 43 and Sections 4-6 of Chapter IV already apply.

The DSA will regulate the obligations and accountability of online intermediaries and platforms to tackle illegal content, products and services, while promoting transparent advertising. It aims to create a safe digital space in which users' rights are protected and businesses can compete on an equal footing. Obligations differ according to the size and impact of the organisation and the nature of the service, with the most stringent provisions applying to services designated as Very Large Online Platforms (VLOPs) and Very Large Online Search Engines (VLOSEs).  The DSA will have extra territorial reach.

Main obligations relate to:

• identifying and removing illegal content
• banning dark patterns and manipulative practices
• enhancing transparency and accountability of online platforms including in relation to recommender algorithms
• traceability and content checks on traders using the platforms.

See Interface for our analysis of the DSA.

Online Safety Bill

The UK's Online Safety Bill was introduced in Parliament in April 2022, a year after it was first published and with some major amendments.  It is intended to "deliver[s] the government’s manifesto commitment to make the UK the safest place in the world to be online while defending free expression" by requiring platforms "to tackle and remove illegal material online, particularly material relating to terrorism and child sexual exploitation and abuse." Crucially it tackled not only illegal online content, but content which is lawful but harmful.

The Bill stalled at Committee stage amidst the turmoil of successive changes in government.  After a five month hiatus, it resumed its progress on 5 December with some significant changes.  Owing to the stage to which the Bill has already progressed, the government is proposing to return a limited number of clauses to the Public Bill Committee to allow them to go through line by line scrutiny.  The clauses will then come back to the whole House for debate at a third day of Report stage.  The plan is for the Bill to pass in this parliamentary session (ie by Spring 2023).

Proposed changes include:

• Removing references to specific types of lawful but harmful content which social media platforms have to consider taking down. This will be replaced by a "triple shield" consisting of a legal requirement on social media platforms to remove illegal content, take down anything which breaches their own terms of service, and provide adults with greater choice over the content they see and engage with, including by using tools such as human moderating, blocking flagged content, sensitivity and warning screens.
• Adding new accountability and transparency requirements relating to social media policies and procedures, including a requirement to publish more information about potential risks to children and age verification measures.
• Requiring platforms to publish details of any Ofcom enforcement action against them.
• Adding additional commissioners with whom Ofcom will be required to consult when producing codes of conduct.

The Bill also contains new offences including:

• A criminal offence of controlling or coercive behaviour which will be added to the list of priority offences considered to constitute illegal content.
• Criminalisation of the encouragement of self harm.
• New communications offences.

Digital Markets Act

The Digital Markets Act was published in the Official Journal on 12 October. It introduces rules for platforms that act as "Gatekeepers" in the digital sector, to prevent unfair practices and the imposition of unfair terms and conditions on business and end users.

It came into force 20 days later and will, for the most part, start to apply six months after that.  Certain provisions around the Commission and its designation of Gatekeepers apply immediately. Gatekeepers will have six months to comply with their obligations following their designation as such. Read more here.

UK policy on a pro-competition regime for digital markets

In May, the UK government published its response to the July 2021 consultation on a new pro-competition regime for digital markets and the establishment of a Digital Markets Unit (DMU).  Some of the proposals look to parallel EU initiatives under the DMA and also, potentially, the Data Act.  The response set out proposals to tackle entrenched market positions of big tech and prevent abuse of dominance.  These are centred on a legislative regime underpinned by codes targeted at companies engaged in "Digital Services" which are designated as having "Strategic Market Status" (SMS).  The regime will be overseen and enforced by the Digital Markets Unit (DMU) which will be placed on statutory footing.  Read more.

CMA activity has been focused on the market dominance of the tech giants with Apple, Google Meta and Amazon Marketplace all under scrutiny (often with parallel issues being dealt with in the EU and USA).  In terms of sectors, mobile browsers, cloud gaming, online safety, cloud services and music streaming have all focused in CMA and Ofcom investigations and policy output. 

In May 2022, the Digital Markets, Consumer and Competition Bill was announced in the Queen's speech.  Among other things, this will place the DMU on a statutory footing, and reform the powers of the CMA to enable it to determine breaches of consumer law and issue financial penalties.  It will also look to regulate subscription traps and fake online reviews. The government also published proposals for wider reform of the UK's competition regime in July as we discuss here.  At the time of writing the Bill had not yet been published but is expected in Spring 2023.

EC draft Regulation to prevent and combat child sexual abuse online

The European Commission adopted a draft Regulation to prevent and combat child sexual abuse online in May.  The Regulation will oblige providers to detect, report and remove child sexual abuse (CSA) material on their services.  Providers will need to assess and mitigate risk of misuse of their services and take proportionate measures to address issues.

EC Code of Practice on Disinformation strengthened

In June, the EC published a strengthened version of its Code of Practice on Disinformation which builds on the 2018 version.  The revised Code aims to fill in gaps and address shortcomings, including to take account of lessons learned from the COVID-19 pandemic, and the war in Ukraine.  It follows guidance from the EC and aims to create a more transparent, safe and trustworthy online environment.  The Code is expected to become a Code of Conduct recognised under the incoming Digital Services Act.

UK digital regulation policy

The UK set up a Digital regulation Cooperation Forum (DRCF) made up of the CMA, Ofcom, the ICO and the FCA in May. 

In July 2021, the government published a Plan for Digital Regulation, setting out the government's plans to develop a pro-competition, pro-innovation approach to outcomes-focused digital sector regulation.  The government then published a policy paper on developing an outcomes monitoring framework for the Plan and issued a call for evidence which closed in September. 

The DRCF launched a new digital regulation research portal in March and then set out its 2022-23 Workplan identifying a number of priorities including:

• Protecting children online – improving outcomes for children and parents by ensuring the privacy and online safety protections overseen by the ICO and Ofcom, work together.
• Promoting competition and privacy in online advertising – fostering competitive online advertising markets via joint ICO and CMA work.
• Supporting improvements in algorithmic transparency to mitigate risks to people and competition.
• Enabling innovation in industries the DRCF regulates – to this end, the DRCF has launched a call for views on the benefits and risks of how sites and apps use algorithms, and on how algorithms should be audited.

The European Accessibility Act

The European Accessibility Act aims to improve the accessibility of specified products and services, particularly those online and relating to technology. While Member States were supposed to have adopted implementing legislation by 28 June 2022, many are lagging behind, putting the application date of 28 June 2025 in jeopardy. Read more on Interface.

Data and cybersecurity related legislation

There were also some significant developments in data and cybersecurity legislation this year which significantly impact the digital sector. See the Data Privacy section for more.

Data privacy - 2022 round up

AI

The UK and EU have continued to focus on regulating AI in 2022.  The EU is progressing its AI Act, while the UK appears to be taking a more sector-based, less prescriptive approach.  In a crowded space, here are some of the highlights.

UK government proposals on regulating AI

In January, DCMS announced that the Alan Turing Institute, supported by the British Standards Institution and the National Physical Laboratory, will pilot a new AI Standards Hub. This is in line with the National AI Strategy.  The Hub is intended to increase the UK's contribution to the development of global AI technical standards. 

In July, DCMS announced its AI Action Plan, part of its National AI Strategy. An AI paper set out proposed rules based on six very vague principles, which regulators must apply with flexibility, to support innovation while ensuring use of AI is safe and avoids unfair bias.  Rather than centralising AI regulation, the government is proposing to allow different regulators to take a tailored approach to the use of AI which is more contextual.  Regulators including Ofcom, the CMA, the ICO, the FCA and the MHRA will be asked to implement the core principles and use 'light touch' options including guidance and sandboxes, and to coordinate their approaches.

The paper was subject to a call for evidence.  The CMA published its response in July 2022.  It broadly supports a context-specific, risk-based approach with a focus on high-risk AI.  However, it also calls for regulators to be equipped with appropriate tools to regulate and intervene.  While it recognises the benefits of a light-touch regime in fostering innovation, it also considers the risks of misuse of AI are greater where businesses have a dominant position.  As such, it notes that it may consider targeted remedies in future.

The UK government published a response to its consultation on AI and IP in July as we discussed here.  The consultation looked at three areas:

• copyright protection for computer-generated works (CGWs) without a human author
• licensing or exceptions to copyright for text and data mining (TDM)
• patent protection for AI-devised inventions.

The government decided:

• It will not propose changes to the law regarding CGWs.  Proper evaluation is not possible so this area will be kept under review.
• There will be a new copyright and database exception to allow TDM for any purpose.
• No changes are planned to patent law to protect AI-devised inventions for now. This area will also be kept under review.

In November, the House of Commons Science and Technology Committee launched an inquiry into the governance of AI.  The Committee will look at how to address risks to the public from use of AI, and at how to ensure AI is used ethically and responsibly.  Written submissions to a call for evidence were invited by 25 November 2022, including on the effectiveness of the current AI UK governance framework, areas for improvement, and how AI should be regulated.

An AI White Paper which will look at how to put the government's principles into practice was expected towards the end of 2022 but appears to have been pushed back.

EU AI Act

The European Commission proposed a draft AI Act in April 2021.   It will regulate the development and use of AI by providing a framework of requirements for its developers, deployers and users, together with regulatory oversight.  The framework will be underpinned by a risk-categorisation system for AI with "high risk" systems subject to the most stringent obligations, and a ban on "unacceptable risk" AI systems.

In December, the Council of the European Union adopted its common position on the draft AI Act.  Changes from the originally proposed text include:

• a narrower definition of AI systems to cover systems developed through machine learning approaches and logic, and knowledge-based approaches
• private sector use of AI for social scoring is prohibited as are AI systems which exploit the vulnerabilities, not only of specific group of persons, but also persons who are vulnerable due to their social or economic situation
• clarification of when real-time biometric identification systems can be used by law enforcement
• clarification of the requirements for high-risk AI systems and the allocation of responsibility in the supply chain
• new provisions relating to general purpose of AI and where that is integrated into another high-risk system
• clarification of exclusions applying to national security, defence and the military as well as where AI systems are used for the sole purpose of research and development or for non-professional purposes
• simplification of the compliance framework
• more proportionate penalties for non-compliance for start-ups and SMEs
• increased emphasis on transparency, including a requirement to inform people exposed to emotion recognition systems
• measures to support innovation.

The European Parliament is expected to agree its negotiating position on the AI Act in Q2 of 2023, at which point trilogues will begin.

EC proposal for Directive on AI liability

In October, the European Commission published a proposal for an AI Liability Directive.  The Directive aims to set out uniform rules for access to information and alleviation of the burden of proof in relation to damage caused by AI systems.  It will harmonise certain rules for claims outside the scope of the Product Liability Directive in cases in which damage is caused due to wrongful behaviour.  This includes breaches of privacy or damages caused by safety issues.  It will be easier to obtain compensation where someone has been discriminated against in a recruitment process involving AI technology.  Read more.

NFTs and Digital Assets

NFTs, digital assets and anything underpinned by distributed ledger technology, have continued to cause excitement (and in some cases confusion) in 2022 with e-mobility, drones and IoT also in the spotlight.  As use cases develop, legal frameworks must adapt and this has been a real focus recently.  Here are some of the main UK developments in terms of regulating this area this year. 

HM Treasury response to consultation and call for evidence on regulatory approach to cryptoassets, stablecoins and DLT

In April, the Treasury published its response to its consultation paper on the UK regulatory approach to cryptoassets and stablecoins, and call for evidence on the use of distributed ledger technology (DLT) in financial markets.  The Treasury intends to take steps to regulate the issue or facilitation of stablecoins.  The Treasury recognises the benefits DLT could bring to Financial Market Infrastructures (FMIs).  It is developing an FMI sandbox for launch in 2023, and will ensure regulations can accommodate tokenisation and DLT in FMIs.

Call for evidence on cryptoassets

On 13 July, the House of Commons Treasury Committee announced an inquiry into cryptoassets and a related call for evidence.  The inquiry looks at the role of cryptoassets in the UK, including risks to consumers and opportunities for business.  The list of issues under considerations is wide-ranging and focuses on a variety of sectors from business to the environment, to the regulatory framework in the UK and elsewhere.  The call closed on 12 September 2022.

Law Commission proposals to reform the law to better recognise and protect digital assets

On 28 July 2022, the Law Commission of England and Wales issued its consultation paper on digital assets, setting out recommendations to ensure that the law recognises and protects digital assets, including crypto-tokens and cryptoassets.  A key point of interest is the recommendation for a third category of personal property (data objects) which are distinct from things in possession and things in action.  The consultation closed on 4 November 2022.  Read more.

DCMS Committee inquiry into NFTs and blockchain

In November, the DCMS Committee has published a call for evidence for an inquiry it has launched into NFTs and blockchain, looking at the risks and benefits, in particular:

• Is the UK's light touch approach to regulating NFTs sufficient?
• What are the potential harms to vulnerable people of NFT speculation?
• Do blockchains offer security to British investors?
• What are the potential benefits to individuals and society of NFT speculation?

Submissions to the call for evidence are invited by 6 January 2023.

Law Commission review on governing law and jurisdiction for digital assets

The Law Commission of England and Wales launched a review into how rules of private international law on governing law and jurisdiction apply to digital assets and other emerging technologies in October.  The review, which is at pre-consultation stage, will look at the current position and will develop reform proposals. It is expected to be published in the second half of 2023.

Law Commission call for evidence on Decentralised Autonomous Organisations

In November, the Law Commission of England and Wales published a call for evidence on decentralised autonomous organisations (DAOs).  DAOs are technology-mediated social structures or organisations of participants usually encoded on a distributed ledger (like blockchain), but potentially also using open source software and smart contracts.  They allow member-owned communities or organisations without centralised leadership, so the group forms for a common purpose and then operates under pre-decided rules, including to allocate investment and profits. The Law Commission is seeking views on a number of issues including whether DAOs should be characterised as unincorporated associations or partnerships under English law. The call also considers the status of DAOs' investors or token-holders, the liability of developers of open-source code, the application of money laundering and other concepts to DAOs, as well as tax issues. The consultation closes on 25 January 2023.

Other developments

DCMS Committee inquiry into IoT devices

The DCMS Committee launched an inquiry into internet connected devices including voice assistants, smart speakers, smart watches and other wearable tech, focusing on content selection, privacy and safety, as well as on benefits.  The call for evidence closed on 23 June.

Government plans for self-driving vehicle rollout

In August, the UK government published plans to roll out self-driving vehicles on roads backed by £100m of investment by 2025.  As part of this, it is consulting on a "safety ambition" for self-driving vehicles, aimed at informing standards self-driving vehicles need to meet, and sanctions manufactures could face if they fall short.  New laws will be introduced when Parliamentary time allows.  These will build on current laws and state that manufacturers are responsible for the vehicle's actions when self-driving, meaning that a human driver would not be responsible for incidents occurring while the vehicle is in control of the driving. 

The CDEI also published a report setting out proposals for a trustworthy approach to the regulation and governance of self-driving vehicles.

Government ambition statement on commercial use of drones

In July, the government published an ambition statement relating to the use of commercial drones.  It wants to make them commonplace in the UK by 2030 across a wide range of sectors.  It intends supporting the development, manufacture and adoption of drone technology, including by providing wider regulatory support through an Ofcom consultation to deliver robust connectivity.  It will also focus on investment in R&D, skills training and public education.

Another year has come and gone without the long-promised UK government White Paper on gambling, although it is rumoured to be imminent.  We do, however, know that the government is not planning to legislate to ban loot boxes outright, although they remain controversial.

New rules on protecting children and the vulnerable from online gambling harm

CAP announced new rules for gambling ads to help safeguard children, young people and vulnerable audiences which came into effect on 1 October.  The new rules require that gambling and lottery ads must not "be likely to be of strong appeal to children or young persons, especially by reflecting or being associated with youth culture".  This is a step up from the previous rules which stated that ads must not be of "particular appeal" to children. 

Something will be considered to have strong appeal with reference to under-18s, regardless of how it is viewed by adults.  For example, ads will not be able to use:

• Topflight footballers or those with strong social media followings among under-18s.
• Any sportspeople well known to under-18s, including those with a considerable volume of under-18 followers on social media.
• References to video game content and gameplay popular with under-18s.
• Stars from reality TV shows popular with under-18s.

There are limited exceptions available where the activity underlying the gambling and lottery products has a strong appeal to under-18s eg football or video gaming. 

The Gambling Commission also announced new rules which require online gambling businesses to do more to identify and take action to protect consumers at risk from harm.  The new rules came into effect on 12 September 2022 and require operators to:

• Monitor a minimum set of indicators to identify gambling harm – these include customer spend, patterns of spend, time spent gambling, gambling behaviour indicators, customer-led contact, use of gambling management tools, and account indicators.
• Flag indicators of harm and take timely action.
• Implement automated processes for strong indicators of harm.
• Prevent marketing and the take-up of new bonuses for strong indicators of harm.
• Evaluate whether operator interactions with consumers are appropriate relative to harm levels.
• Not only comply at all times but ensure third-party providers comply.

The Gambling Commission published guidance on complying with new rules in June.

In November, the Gambling Commission published its 2022 Young People and Gambling Report.  It found the headline data around age-restricted data was positive, but that there is still a group which struggles with gambling.  31% of children surveyed had spent their own money on gambling but the vast majority said their gambling was legal or did not feature age-restricted products.  Overall, the 2022 study suggested 0.9% of 11-16 year olds are classed as problem gamblers in Great Britain. This means we are likely to see further efforts to protect children by the Commission next year.

CMA investigation into auto-renewals in the gaming sector

The CMA began investigating the supply of online gaming memberships in April 2019, focusing on potential breaches of consumer protection law and, in particular, the use of auto-renewal subscriptions.  Microsoft gave a series of undertakings to the CMA in January. The CMA said Sony, Nintendo and Microsoft had all made improvements to their auto-renewal practices.  Sony has taken steps to remind customers with inactive memberships about how to stop payments and introduced a deactivation policy after long-term non-use.  Nintendo has stopped selling its Switch service with automatic renewal as the default option.  As a result, the CMA closed its investigation.

Loot boxes

In June, the government called for the purchase of loot boxes to be made unavailable to children without parental approval but is not proposing to legislate on the issue.  The 2020 call for evidence showed that loot boxes are potentially harmful, especially to children and other vulnerable people.  However, the government wants the games industry to adopt voluntary measures including age-restrictions, spending controls and information provision, to support players who spend a disproportionate amount of money on loot boxes and may be at greater risk of harm.  The government will consider legislating on the issue if the self-regulatory approach does not produce the desired impact.

The DCMS will convene a new working group comprising games companies, platforms and regulatory bodies, to develop industry-led measures to protect players.  It will also launch a Video Games Research Framework to consider positive and negative impacts of video games.   

CMA to make market investigation into cloud gaming

In November, the CMA announced that following a consultation, it would launch a market investigation into the distribution of cloud gaming services through app stores on mobile devices.  This will form part of a market investigation which will also look at the supply of mobile browsers and browser engines.  A market study carried out by the CMA into UK mobile ecosystems, found that Apple effectively blocks cloud gaming apps from its App Store.  As gaming is the most lucrative app category on Apple's App Store by some way, the CMA is concerned that Apple has an incentive to undermine the ability of cloud gaming providers to access iOS users in order to retain its market power in native app distribution and discovery on iOS.  The CMA is also concerned that Apple may have an incentive to delay the take up of cloud gaming services in order to preserve its market power in mobile devices and operating systems. 

ASA remit statement on content marketing for gambling products online

The ASA published a statement clarifying its remit and the extent to which it covers gambling provider communications in social media content marketing.  The ASA says that together with the Gambling Commission, it concludes that all social media content published by licensed gambling operators must comply with the CAP Code.  The vast majority of content marketing is effectively deemed by the ASA to "sell something" and is therefore regulated under the Code. 

It is possible that some social media content will fall outside the ASA's enforcement remit on the basis that it is considered not to be directly connected with the supply of the gambling product, usually where there are no direct or significant indirect references to gambling products. To ensure nothing falls between the gaps, the ASA and Gambling Commission have agreed that:

• The ASA will continue to consider complaints about social media ads on a case by case basis.
• In limited scenarios where complaints are deemed not to be within its remit, the ASA will refer them to the Gambling Commission.

However, the ASA says: "the message for social media operators is straightforward – all consumer-facing social media activity must comply with the standards set out in the gambling section of the CAP Code".

ASA advice on ads for mobile games

In November, the ASA published advice for compliance with advertising rules in ads for mobile games.  The advice reminds marketers about the rules which may apply to ads for mobile games, focusing on harm and offence issues, targeting, and accuracy (or avoiding misrepresentation).

Sony faces potential class action relating to abuse of dominant position of Sony PlayStation

In September, the UK's Competition Appeal Tribunal received an application to bring collective proceedings against Sony.  The application claims Sony abuses its dominant position in various markets by not permitting third-party operating systems on its PlayStation, and by ensuring games for PlayStation and add-ons can only be sold and purchased through the PlayStation Store, for which Sony takes a commission.  It is also submitted that Sony charges excessive and unfair prices for the distribution of third party-published and self-published digital games and in-game content.  The proposed class consists of all PlayStation users domiciled in the UK who purchased digital games or add-on content from the PlayStation store since 2016.  The CAT will now consider whether or not to make a collective proceedings order.

Enforcement

The Gambling Commission continues to fine online gambling businesses for breach of marketing rules and rules on social responsibility and AML. Examples this year include:

Betway fined over £400,000 for marketing on children's pages of website

Online gambling business Betway was fined over £400,000 for marketing on the children's pages of West Ham's website.  The operator's gambling logo which linked to its website was displayed on a webpage offering the opportunity to print a teddy bear for children to colour-in for a period of 20 months.  The logo also appeared for a month on a 'Young Hammers at Home' page of the website.  While there is no suggestion that Betway was deliberately targeting children, the adverts breached the Gambling Commission's rules requiring gambling advertising to be socially responsible.

Petfre (Gibraltar) Ltd (trading as Betfred and Oddsking) fined £2.9m

Petfre (Gibraltar) Ltd which trades as Betfred and Oddsking, was fined £2.9m by the Gambling Commission for social responsibility failures.  These include not having controls to prevent large levels of high velocity spending by new customers, setting safe gambling triggers to high, and anti-money laundering failings.

Online gambling operator suspended for GAMSTOP failings

Online gambling operator LEBOM Limited, trading as Lebom.app, was suspended from operations by the Gambling Commission after it was discovered not to have integrated the safer gambling self-exclusion scheme GAMSTOP.  Its licence is also being reviewed.  This is an indication of the seriousness of failing to comply with the mandatory requirement to participate in the GAMSTOP scheme.

ISPs ordered to block websites linking to pirated Nintendo games

Outside the remit of the Gambling Commission, the IP Enterprise Court granted an injunction to Nintendo to require ISPs to block access to two websites which allowed access to pirated Nintendo Switch games infringing Nintendo's copyright and trade marks. 

In the UK, ASA/CAP and government activity have focused on a wide range of sectors in terms of regulating advertising but a few stand out: influencers, greenwashing, and protection of children and the vulnerable, in particular in relation to HFSS and other food and drink products.  Here are some of 2022's key developments.  You can read more detailed analysis in our Interface edition on Advertising here.

Influencers

In January, the ASA launched a webpage to 'name and shame' influencers who repeatedly fail to disclose paid-for posts.  The ASA also began targeting ads on Instagram to alert users to the fact that the influencer in question may have been paid for their posts. Once the influencer starts to comply, their name is removed from the webpage and the ASA Instagram ads stop.

In May, the DCMS Committee published a report on influencer culture following its March 2021 inquiry.  It made a number of recommendations to the government, some of which are already being acted upon. 

The report also questioned the effectiveness of obtaining undertakings from platforms to enforce rules on influencer advertising given the time and costs involved and the lack of enforceability.  However, later in the year, TikTok, Snapchat and YouTube were reported to be in talks with the CMA which is planning to apply influencer principles to them.  The CMA applied influencer principles to Instagram in 2020.  Instagram was required to build an algorithm to detect and report posts which are suspected adverts, and to require users to disclose whether a post is a paid for promotion.

In October, the government published its response to the DCMS report which  highlighted a number of regulatory gaps including around disclosure of advertising on influencer posts, and protection of children as viewers and producers of influencer content.  The government said:

• It does not intend to amend the Online Safety Bill to require online platforms to allow for tailored complaints for different types of harm.
• It does not propose to carry out a market review of the influencer ecosystem at this time.
• It will work with industry bodies to develop a code of conduct to promote best practice.
• It will not legislate to give the CMA greater enforcement powers in addition to proposals under the (as yet unpublished) Digital Markets, Competition and Consumer Bill.

The government noted that it is considering responses to its consultation on online advertising, which may further address some of the concerns raised by the DCMS in relation to influencer culture, and also suggested the Department for Education may explore legislative ways to protect child influencers.

In November, the CMA has published a suite of guidance for social media platforms, influencers and brands, to help them comply with consumer protection law in relation to paid-for online endorsements.  Read more.

Greenwashing

There was a raft of ASA rulings on ads which were found to be 'greenwashing'. Sainsbury's, Tesco and HSBC were some of the businesses found to be making misleading claims or claims lacking in evidence.  The ASA published a reminder about rules on making environmental claims in ads.  In March, the CMA proposed reforms which included legislating to define environmental terms. See here.

In September, the CMA announced it is investigating ASOS, Boohoo and George at ASDA in relation to potentially misleading claims about their green credentials.  The CMA has said this is the start of its work focusing on the fashion sector and forms part of its wider scrutiny of greenwashing.

Children

In June, the ASA made four rulings and published summary guidance on requirements for enhanced disclosure for marketing communications targeted at under-12s. 

In November, CAP published new guidance for advertisers on how to target age-restricted ads responsibly online.  This updated guidance replaces the previous version published in January 2021. CAP advises advertisers to consider the suitability of all available tools when targeting their campaigns, and that they engage the other parties involved to make them aware of audience targeting restrictions.  The new guidance provides principles-based checklists to help advertisers and their agencies limit children and young people's exposure to restricted ads.

Other government and regulator activity

ASA report on racial and ethnic stereotyping in ads

In February, the ASA published its findings on racial and ethnic stereotyping in adverts and whether they contribute to real world harms.  The report concluded that while some stereotypes are not inherently harmful, the perception of racial and ethnic groups in advertising does have potential to cause harm and offence.  The ASA asked CAP and BCAP to consider whether additional guidance is required but there was no discussion of amendments to the advertising Codes.

ASA guidance on advertising cryptoassets

Also in February, the ASA published guidance on how the CAP Code applies to adverts for cryptoassets. Further guidance is due imminently.

CAP and BCAP consultation on advertising alcohol alternatives

CAP and BCAP consulted on rule changes and guidance on the marketing of alcohol alternatives. Proposals focus on the intersection between alcohol and alcohol alternatives.  If a marketing communication for an alcohol alternative also refers to or has the effect of promoting an alcoholic drink, the rules around advertising alcohol would apply.  In addition, restrictions on marketing alcohol alternatives to under-18s would apply.  The consultation closed on 5 May 2022.

ASA pilot to enhance online transparency

In March, the ASA announced a one year pilot from June 2022, to enhance online transparency.  In collaboration with IAB UK members including Amazon Ads, Google, Meta, TikTok, Twitter, Yahoo, Adform and Index Exchange, the pilot looks at putting the ASA's interaction with these companies and their cooperation on a more formal and consistent footing.

The ASA will use information collected to publish an interim and final report.  It will use these to make recommendations for best practice, areas for improvement, and consider whether there are any gaps in the ASA's ability to enforce the CAP Code online and how to address them.

HFSS advertising ban will apply from 1 January 2023

The Health and Care Bill received Royal Assent in May.  Among other things, the Act amends the Communications Act 2003 to introduce rules restricting advertising of HFSS products to children on TV and online by:

• Requiring Ofcom to introduce a 5.30am-9pm watershed for TV advertising of HFSS products (subject to limited exemptions).  The watershed will also apply to all On Demand Programme services subject to Part 4A of the Communications Act.
• Banning paid-for online advertising of HFSS products, again subject to exemptions.

The bans will not apply to adverts for HFSS food and drink placed by SMEs.  The DHSC issued guidance for businesses and enforcers on the Food (Promotion and Placement) (England) Regulations 2021 in April.   The new rules will apply from 1 January 2023.

UK government consultation on reform of online advertising industry

In March, the UK government consulted on reform of the online advertising regulatory framework.  The intention is to bring more businesses within scope and to create a more transparent, accountable and safer advertising market. 

Harmful or misleading adverts such as those promoting negative body images, and adverts for illegal activities or products (eg prescription medicine and counterfeit products) could be subject to new rules.  Influencers who breach rules on advertising transparency may face tougher penalties.  Cryptojacking – using legitimate-looking adverts containing malware to allow unauthorised use of devices to mine cryptocurrency is another focus.  The issue around fraudulent advertising is already being dealt with through proposed new offences in the Online Safety Bill which currently covers paid-for online advertising as we discuss here.

CMA to investigate Emma Sleep as part of action on dark patterns

The CMA announced in December that it is investigating the Emma Sleep GmbH group, looking at whether it has breached the Consumer Protection from Unfair Trading Regulations and misled consumers by using countdown timers and false claims about when discounts will end.  This forms part of the CMA's enforcement work on Online Choice Architecture or dark patterns. Online selling based on urgency claims, drip pricing and undisclosed paid-for advertising are all considered dark patterns. While the EU has legislated to ban the use of dark patterns by platforms, the UK government has said it will carry out further research before deciding whether or not to legislate.

Gambling ads

See our update on games and gambling.

EC review of consumer protection law

In March, the EC adopted a package of measures as part of the Circular Economy Action Plan published in March 2020.  The measures are intended to build in sustainability across the product lifecycle. 

The most notable of the legislative proposals is a Directive which will amend the Consumer Rights Directive (CRD) and the Unfair Commercial Practices Directive (UPCD) to:

• Require additional pre-contractual information to be given to consumers about the durability and repairability of goods, and
• Amend the blacklist of automatically unfair commercial practices to cover greenwashing and other misleading or inaccurate claims around sustainability of goods.

Other elements of the package are:

• A proposed Regulation on Ecodesign for Sustainable Products which includes new requirements to make products more sustainable, as well as requirements to supply environmental impact assessments and digital product passports for certain regulated products.
• An Ecodesign and Energy Labelling Working Plan
• A Communication on the EU Strategy for Sustainable and Circular Textiles.  This aims to tackle the environmental impact of 'fast fashion' by making textiles more durable, repairable, reusable and recyclable.  It also seeks to prevent destruction of unsold textiles, the use of hazardous substances, and ensure textiles are produced respecting social and environmental rights.
• Revision of the Construction Products Regulation to create a harmonised framework to assess and communicate the environmental and climate performance of construction materials.

Later in the year the EC published a proposal for a Directive on financial services contracts concluded at a distance.  The Directive will repeal the Distance Marketing Directive and transfer the consumer protection framework for those contracts to the Consumer Rights Directive together with some updates. 

The EC also published a call for evidence to evaluate the adequacy of the Unfair Commercial Practices Directive, Consumer Rights Directive, and Unfair Contract Terms Directive, in dealing with current consumer protection issues and digital fairness. In particular, the focus is on vulnerable consumers, dark patterns, personalisation practices, influencer marketing, contract cancellations, subscriptions, marketing of virtual items, and addictive digital products. 

In October, the European Commission published a call for evidence and a related consultation in preparation for an evaluation of the Regulation on enforcement cooperation of consumer protection laws (the CPC Regulation).

In December, the European Commission launched a public consultation on whether EU consumer protection laws still ensure a high level of protection in a digital environment. The consultation asks whether the Directives should require traders to better protect online consumers including by introducing requirements that they:

• avoid dark patterns
• provide a summary of key terms
• send automatic renewal reminders
• allow consumers to receive non-personalised advertising
• introduce a right to speak to a human about complaints.

The consultation is open until 20 February 2023.

UK proposed reforms to consumer protection law

The UK government published a consultation on reforming competition and consumer policy in July 2021, in which it asked the CMA for advice on how competition and consumer law can better support the UK's transition to an environmentally sustainable and net zero economy.  Following the CMA's response, the government published its response to the consultation in April.  It proposes making a number of legislative changes as we discuss here.

In the Queen's Speech in May, the government announced a Draft Digital Markets, Competition and Consumer Bill – this will place the DMU on a statutory footing, and reform the powers of the CMA to enable it to determine breaches of consumer law and issue financial penalties.  It will also look to regulate subscription traps and fake online reviews, issues highlighted in the government's response.  The Bill has not yet been published but is expected to be published in Spring 2023.

Changes to UK product liability regime

The government continues to consult on proposed changes to the UK's product liability regime as discussed here.  In November, the government also announced an extension to time periods for changing from CE-marked to UKCA-marked products. 

• The period during which CE marking may be used in Great Britain will be extended by two years to 31 December 2024.

• The period during which businesses can use a sticky label or an accompanying document to affix the UKCA marking and include importer information for products from EEA countries is being extended to 31 December 2027 (from 31 December 2025).

• Manufacturers will be able to use conformity assessment activities for CE marking undertaken by 31 December 2024 as the basis for the UKCA marking (until 31 December 2027); previously only activities during the period to 31 December 2022 could be used in this way.

EC proposal for revised Directive on liability for defective products

In October, the EC published a proposal for a Directive on liability for defective products as we discuss here.  This much-anticipated proposal for a new Product Liability Directive will update the strict liability regime for consumers to recover compensation for defective products on a "no-fault" basis. These new reforms seek to radically reform the strict liability regime and are of significance to manufacturers and importers supplying products in the EU as well as online marketplaces and fulfilment providers in some cases. Read more.

EC proposal for Regulation to prohibit products made with slave labour

The EC published a proposal for a Regulation to prohibit products made with forced labour in the EU market in November.  It will prohibit the placing on the EU market of products made using forced labour, as well as the export of such products from the EU.  It covers products made in the EU for domestic consumption and for export, as well as imported goods.  Member States will be required to designate competent authorities to implement and enforce the Regulation and customs authorities will also have obligations under the Regulation.

The proposal is linked with the proposal for a Directive on corporate sustainability due diligence to the extent that the competent authorities will take into account whether a company has carried out effective due diligence on its supply chains when carrying out their assessment.

Political agreement reached on EU General Product Safety Regulation

At the end of November, the European Parliament and Council reached provisional political agreement on the new General Product Safety Regulation which will overhaul the current Directive with a focus on online shopping.  The agreed text had not been published at the time of writing.  Points highlighted in the Council's press release include:

• Online marketplaces will have to establish a single point of contact in charge of product safety.
• Online marketplaces will have obligations to ensure they know the traders on their platforms and the products they offer.
• Market surveillance authorities will be able to issue orders requiring marketplaces to remove dangerous products from their platforms.
• There will be a single market surveillance regime applying to all products.
• Specific measures will seek to protect vulnerable customers including children, and cover cybersecurity risks.
• Consumers will be entitled to repair, replacement or a refund in respect of recalled products.  Where possible, economic operators will have to ensure consumers can choose from at least two of these options.
• Economic operators will need to appoint a responsible person for products sold online and offline, wherever they originate from.

Following adoption, Member States will have 18 months to apply the new rules.

Case law highlights

New CJEU decisions no longer apply in the UK. They may, however, be taken into account and are instructive where they relate to retained EU law.

CJEU says intermediaries are traders under the Consumer Rights Directive

The CJEU said that a ticketing agency selling as a disclosed agent for an event organiser, acted as a trader for the purposes of the Consumer Rights Directive and had to comply with requirements on traders including supplying pre-contractual information. 

The Court said that it was possible for both the principal trader and the intermediary to qualify as traders under the CRD in relation to the same consumer supply.  The intermediary could not avoid liability simply by explaining its status to the consumer and passing obligations back to the primary trader.  The Court said the purpose of the CRD is to ensure that consumers are given relevant information by traders in the broad sense, before they enter into contracts.  This was distinguished from liability for contractual failings (for example, the supply of a defective product).

The CJEU was also asked whether the requirements around providing pre-contractual information in a clear and comprehensible manner, in plain and intelligible language, and in a manner appropriate to the means of distance communication used, precluded the information being provided in general online terms and conditions acceptable by ticking a box.  The Court said it did not.  However, the supply of online terms and conditions accepted by the consumer using a tick box, could not be a substitute to the requirement to provide confirmation of the contract to the consumer in a durable medium under Article 8(7) of the CRD.

CJEU decision on withdrawal rights during CRD cooling off period

Under the Consumer Rights Directive, there is an exception to the withdrawal right during the 14 day cooling off period for distance contracts for "services related to leisure activities, if the contract provides for a specific data or period of performance".  This would cover concert tickets by an event organiser.  The CJEU was asked to decide whether it would also cover the sale of tickets by an intermediary (ticketing platform) acting on behalf of the organiser. 

The CJEU held that such contracts are covered.  Even though the platform would not be the provider of the services, the exception is a sectoral one which covers all services provided in the leisure sector.  In addition, intermediary contracts are expressly contemplated as within scope of the CRD.  In the event of cancellation, the organiser would be liable to reimburse the consumer under the terms of the particular contract.  This was significant as the purpose of the exemption is to provide protection to traders against the risk of not filling events to capacity due to cancellations.

CJEU decision on online ordering buttons

The Consumer Rights Directive introduced a requirement to have a 'buy' button indicating an obligation to pay for online consumer contracts.  The CJEU was asked whether only the wording on the button could be taken into account or whether surrounding circumstances and processes could also be taken into consideration, and whether the words "complete booking" were sufficiently clear. 

The CJEU said it was for the referring German court to decide whether the words "complete booking" constituted an unambiguous notification of an obligation to pay. The test would be whether, both in everyday language and in the mind of the average, well informed, reasonably observant and circumspect customer, the wording is reasonably, necessarily and systematically associated with the creation of an obligation to pay.  Commission guidance suggests wording like 'register', 'confirm' and 'order now' is less likely to work than wording like 'pay now' or 'confirm purchase'. 

The CJEU also said that only the actual wording on the button (or similar function) is relevant.  The surrounding processes should not be taken into account.

CJEU ruling on pre-contractual information on commercial guarantees under the CRD

The CJEU considered the pre-contractual information which must be given by traders to consumers in respect of commercial guarantees.  The issue was whether a trader's Amazon page which gave consumers access to a technical manufacturer's guarantee via a link was sufficient. 

The CJEU said that a trader must always provide pre-contractual information about its own guarantees but may remain silent about any manufacturer's guarantees.  Where the trader makes the guarantee a central or decisive element of its offer by drawing attention to it for marketing purposes, then pre-contractual information should be provided.  Where the mention of the guarantee is incidental or insignificant, full information is not required.  Where the trader is required to give information about the manufacturer's guarantee, this must include conditions on application and implementation which might affect the consumer's decision to purchase from the trader.  This includes the guarantee's duration, territorial scope, where the item will be repaired, any restrictions on the guarantee, and the guarantor's name and address.

CJEU ruling on commission payments under the Commercial Agents Directive

The CJEU ruled on the interpretation of Article 7(1) of the Commercial Agents Directive (the Directive is implemented in the UK by the Commercial Agents Regulations and uses the same wording as the Directive in Article 7(1)).

Article 7(1) provides that an agent is entitled to commission on sales it secures (7(1)(a)), or on repeat sales to a customer it has previously secured (7(1)(b)).  The CJEU was asked to consider whether Article 7(1)(b) gave commercial agents an absolute right to commission on repeat sales or whether the parties to an agency contract could exclude Article 7(1)(b).  The CJEU said that Article 7(1)(b) is not mandatory and can be contracted out of.  There were a number of factors supporting this interpretation including that unlike other provisions, 7(1)(b) is not expressed to be mandatory and was taken off a list of mandatory provisions during negotiation of the Directive.

CJEU ruling on Unfair Contract Terms Directive and limitation periods

The CJEU handed down a preliminary ruling which deals with limitation periods on the right to bring claims to recover payments made under an unfair contract term.  In the case in question, the limitation period expired for some payments before the contract ended.

The CJEU said that the Unfair Contract Terms Directive (implemented by Part 2 of the Consumer Rights Act 2015 in the UK), prevents a limitation period that runs from the date of each performance (ie payment) by the consumer of the unfair term where:

• The consumer was not in a position at that date to assess the unfairness of the term or was not aware of it.
• The contract's repayment period was longer than the statutory limitation period.

While Member States are responsible for implementing the UCTD, the CJEU says that they cannot make it impossible or excessively difficult to exercise rights conferred by EU law.

The CJEU also confirmed that Member State law cannot allow for declaration that a contract term is only partly unfair, leaving the fair part effective where this affects the substance of the term.

While we can't be comprehensive here, we have selected other key UK legislation tabled this year which will impact the commercial tech and data sectors. See the other sections of this month's Radar for sector-specific developments.

Retained EU Law Bill

The Retained EU Law (Revocation and Reform) Bill 2022-23 (REUL Bill), also referred to as the 'Brexit Freedoms Bill' was introduced to Parliament during the ill-fated Truss government, having been announced in the May Queen's Speech.  It gives the government the power, largely through amendment of the EUWA, to repeal, amend or "assimilate" all retained EU law (subject to certain exemptions, including for financial services and tax). It also includes a controversial sunset clause, constraining the time for completing this challenging exercise.

The Bill stalled during the political upheaval in the autumn and the Regulatory Policy Committee recently declared its Impact Assessment not fit for purpose. 

Nonetheless, The REUL Bill completed its committee stage in the House of Commons in early December, and a revised version of the Bill as amended in Public Bill Committee, was published.  While the Committee did not agree amendments to exclude specified legislation (including environmental, worker and consumer protections) from the scope and declined to require the government to set out a complete list of laws to be revoked by clause 1, it did include other amendments.  Most of these add clarity. Notably, clause 22 was amended to enable transitional, transitory or saving provisions to be made in connection with anything sunsetted under clauses 1 or 3.  The Bill now moves to report stage at which point it will be debated and may be further amended. The Bill stands to have a major impact on UK law as we discuss here.

Bill of Rights

The UK government published a draft Bill of Rights in June.  The controversial draft legislation will repeal the Human Rights Act 1998 and create a new human rights framework in the UK.  Under the current version of the Bill, the UK will remain a signatory to the European Convention on Human Rights, the First Protocol and the Thirteenth Protocol.  As such, it will give effect to the same rights as the HRA 98 and it will be unlawful for any public authority to act or fail to act in a way which is incompatible with a Convention right. However, the Bill provides scope for designated derogations and reservations and also contains wide-ranging provisions about the interpretation of rights. 

Notable changes include:

• Claimants will be required to show "significant disadvantage" before they can proceed with a claim – a higher threshold than the current one.
• Courts will be required to give additional weight to certain rights or principles – for example, "great weight" to upholding the right to freedom of speech and "the greatest possible weight" to the principle that "in a Parliamentary democracy, decisions about how such a balance should be struck are properly made by Parliament" when weighing Convention rights against an Act or a public authority's action, and when balancing different policy aims, Convention rights and the Convention rights of other persons.
• The Supreme Court is the ultimate judicial authority on questions under domestic law relating to Convention rights. Courts must not adopt an interpretation of a Convention right that expands on the protection it provides unless there is no reasonable doubt that the European Court of Human Rights would do the same.
• The Courts may adopt an interpretation of a Convention right which diverges from EctHR jurisprudence.

It is unclear whether or not this will make it difficult for the UK to remain a signatory to the ECHR.

The Bill was dropped at about the same time as Dominic Raab was dropped as Justice Secretary by Liz Truss.  Shortly after his reinstatement by Rishi Sunak, it was announced that the Bill would resume its progress.

The EU's VBER and the UK's VABEO on vertical restraints

The EC's revised VBER and updated guidelines on vertical restraints came into force on 1 June 2022 and expire on 31 May 2034.  The EC amended the current rules to add clarity, fill in gaps, or adapt the rules to market realities.  Updated guidelines provide further guidance on, in particular, issues relating to information exchange in dual distribution and e-commerce and online platforms.

A transitional period will apply from 1 June 2022 to 31 May 2023 in respect of agreements already in force on 31 May 2022 which do not satisfy the exemption conditions under the new VBER but which did satisfy them under the old one.

The UK meanwhile introduced Vertical Agreements Block Exemption Order (VABEO), which came into force on 1 June 2022 and guidance on its application was published in July.  Despite areas of alignment with the EU including in relation to agency, the non-equivalence principle in selective distribution and resale price maintenance, there are also differences which create compliance challenges for parties operating across the EU and UK. Vertical agreements that are intended to be implemented in or have effects in both the EU and UK need to take account of both regimes.

Financial Services and Markets Bill

The Financial Services and Markets Bill was introduced to Parliament in July as we discuss here.  Among other things it will revoke retained EU law relating to financial services and markets, reflecting one of the key outcomes of the Future Regulatory Framework Review undertaken by HM Treasury.

Electronic Execution of Documents

The MoJ published the Industry Working Group on Electronic Execution of Documents interim report in February, analysing the current position in England and Wales, providing best practice guidelines, and recommendations for reform. 

Among its recommendations, the Group suggests:

• Agreeing as early as possible that electronic execution will be used and the procedure for execution.
• Using a signing platform providing minimum security, safety and functionality with a strong audit trail to demonstrate intention to sign, and which includes a download facility.
• Considering whether additional evidence is necessary.
• Providing multiple options to vulnerable customers and counterparties.

Recommendations for reform include that Qualified Electronic Signatures should be capable of fulfilling witness and attestation requirements (particularly where underpinned by a regulated digital identity trust framework), and the establishment of a cross-border database of permissible regulatory and execution modes.  The report suggests that electronic witnessing can be more robust than signatures witnessed in an unsupervised environment.

In November, the Law Society and City of London Law Society updated their note on electronic signatures.  Amendments to the 2016 version include:

• Remote signings – where an e-signing platform is used, the so-called 'Mercury Procedures' set out in the Societies' note on execution of documents at virtual signings must be used.  This means that in relation to deeds, any signature and its attestation must form part of the same physical document when signed.  Those organising the signing should take appropriate authorisations from signatories to implement the dating and delivery of the relevant documents and affixing of signature pages to the final agreed form.
• Implementation of the e-Commerce Directive and Trade and Cooperation Agreement – certain types of contract may not benefit from protective provision to support use and validity of e-signatures.  Parties entering into these types of agreement should take advice on local law.
• Use of common seal – it is safest for a company formed under the Companies Act not to use an e-seal on electronic documents and not to substitute an e-seal for a corporate seal. 

Other changes reflect changes in common practice since 2016 and changes made by HM Land Registry, HMRC and others.