Legal News

VT, UR v Conny Gmb H Case C-400/22 What are the practical implications of this case? Traders and consumers using websites to conclude distance contracts should note that the trader’s duty to secure, at the moment of ordering, the consumer’s clear confirmation of a commitment to pay, as required by Article 8(2) of Directive 2011/83/ EU, applies even where payment falls due only once a later condition is met. These consequences carry particular weight for traders that, as in the case before the Court of Justice, operate assignment-based models to advance consumers’ rights, with remuneration owed only if certain triggers occur—for example, a wholly or partly successful assertion of rights, or another formal step towards that result. Although the matter arises from a specific national context in which a trader offers to pursue tenancy-related entitlements, the knock-on effects are broader and touch any set-up where traders invite...

Meta is facing complaints from 11 European data protection authorities After announcing a privacy policy revision signalling it would use personal data to develop ‘ AI technology’, Meta now faces formal complaints from 11 European data protection authorities. Max Schrems’ campaign group NOYB has lodged cases with privacy watchdogs in Austria, Belgium, France, Germany, Greece, Ireland, Italy, the Netherlands, Norway, Poland and Spain, urging the regulators to urgently stop the change before it takes effect on 26 June. NOYB has specialised in strategic complaints, including those that led to the invalidation of Meta’s legal basis under contract for processing personal data for advertising. Since then, Meta has switched to the ‘legitimate interest’ legal basis. While the General Data Protection Regulation sets out six potential legal bases for processing personal data, the prevailing doctrine arising from data protection authorities’ guidance and decisions has......

Opportunity for financial institutions—enhanced processing and generation of data AI systems built on foundation models—deep learning models trained on extensive data—are able to process and analyse vast, highly unstructured information, covering text, computer code, voice and images, at scale and at speed. For financial institutions, potential applications, explored further below, include more efficient risk assessment alongside capital and liquidity planning, and can also support firms in aligning products more effectively with customers. Associated risk—data quality issues Foundation models tend to reflect the biases and mistakes embedded in the data used for training, so the outputs they generate are likewise susceptible to bias and error. A further issue concerns data privacy: whether input prompts that may contain firm‑specific material can remain confidential, and whether there is a possibility of information leakage. Opportunity for financial...

In this issue: New technologies Internet Data protection Media Advertising, marketing and sponsorship Reputation management Lex Talk®TMT: a Lexis®Nexis community Daily and weekly news alerts New and updated content Dates for your diary Trackers Latest Q& As Useful information New technologies EU’s AI liability rules might not arrive after all MLex: Providers and operators of artificial intelligence in the EU may ultimately avoid bespoke AI liability rules. The draft Directive on AI liability is being examined by the European Parliamentary Research Service and could be set aside, as both the European Parliament and the Council question its added value alongside domestic regimes and the EU Product Liability Directive. With the EU AI Act formally adopted and due to take effect in July 2024, attention now turns to its roll-out and the required...

AI providers in the EU AI firms operating in the EU, including Open AI, and their users are unlikely to face a standalone AI product liability regime, as EU governments and the European Parliament doubt the need for one. Most countries prefer to wait for the outcome of the Parliament’s study, an EU official told MLex, with France and the Netherlands particularly sceptical. The prevailing worry is that the sector could be over-regulated. Such an AI liability law would ease the burden of proof for individuals seeking compensation for harm linked to AI systems, and impose fresh disclosure duties on systems labelled ‘high-risk’ under the EU AI Act. Member States concur that addressing liability in the AI context matters. However, the EU Product Liability Directive, approved in March 2024, together with existing national liability frameworks, may already suffice, MLex...

Within digital policy circles, the adoption of the EU’s General Data Protection Regulation, Regulation ( EU) 2016/679 ( EU GDPR), marked a defining milestone, signalling the moment the EU positioned itself as a check on Big Tech and a global pacesetter in digital rule‑making. Even six years on, its meaning and enforcement still prompt extensive debate—so much so that a new instrument is being negotiated to revise its procedural framework. Yet the EU GDPR proved only the opening chapter. During Ursula von der Leyen’s tenure, the European Commission tabled and ultimately enacted a wave of digital and cybersecurity measures, many rivalling or even exceeding the EU GDPR in breadth and ambition. The Digital Services Act, Digital Markets Act, Artificial Intelligence Act, Data Act, Data Governance Act, Network and Information Security Directive, Directive ( EU) 2022/2555 ( NIS2), Cyber Solidarity Act, Cyber...

In this issue: Key developments and materials Internet Media Data protection Information technology Advertising, marketing and sponsorship Daily and weekly news alerts New and updated content Dates for your diary Trackers Useful information Key developments and materials Bills receive Royal Assent ahead of 2024 general election The Prime Minister, Rishi Sunak, sought and was granted the King’s permission to dissolve Parliament and announced a general election for 4 July 2024; consequently, Parliament was prorogued on 24 May 2024. The run-up to prorogation, the ‘wash-up’ period, is when outstanding parliamentary business must be approved by both Houses or it falls when Parliament is dissolved. During wash-up, the Digital Markets, Competition and Consumers Bill and the Media Bill obtained Royal Assent. Other Bills receiving Royal Assent were the Victims and Prisoners Bill, Finance ( No 2) Bill, Post...

On 20 May 2024, the Automated Vehicles Act 2024 gained Royal Assent, a landmark for the regulation and roll-out of autonomous vehicles ( AVs). Parliamentary passage The AVA 2024 progressed through parliament without notable hitch or delay, reflecting broad agreement on signalling to prospective AV manufacturers and operators the UK’s intention to introduce self-driving technologies. Several amendments were introduced, the most significant being: Section 2(2) — Statement of Safety Principles — the principles must now be framed to secure that authorised automated vehicles achieve a level of safety equivalent to, or higher than, that of careful and competent human drivers. Section 2(4) — Statement of Safety Principles — the Secretary of State, when preparing the statement, must consult organisations that appear to represent the interests of AV manufacturers, road users, and road safety. Further changes since its introduction to the House of Lords in November 2023 are largely less...

The dispute stemmed from a 2012 agreement for the modernisation of DBS’ services (the ‘ Agreement’), under which TCS undertook to assume control of and operate DBS’ legacy platforms whilst creating new digital offerings. From day one, the programme suffered delays, prompting a reset of contractual milestones. TCS maintained that DBS was the source of those delays and, in particular, that DBS’ IT hosting provider, Hewlett Packard Enterprises ( HPE), caused a critical delay. DBS contended that the true cause was that TCS’ software was not ready to be deployed on the infrastructure owing to slippage in the development and testing of the software, and further said it bore no responsibility for HPE’s activities. TCS sought £110m in delay damages. DBS advanced a counterclaim for delay, together with claims tied to deficient software quality. A separate,...

In Citadines v MPLC Deutschland Gmb H ( Case C‑723/22), the Court of Justice delivered a fresh ruling on Article 3(1) of the EU Copyright Directive, addressing the extent of liability for communicating a protected work to the public. The matter came by way of a reference from a German court in proceedings between the hotel operator Citadines Betriebs Gmb H ( Citadines) and the collective management organisation MPLC Deutschland Gmb H ( MPLC). Background The dispute relates to the transmission of an episode from a television series, in which MPLC held the rights. The episode first aired on a public television channel and was subsequently relayed for viewing by guests on television sets installed by Citadines in bedrooms and in the hotel’s fitness area. That relay took place via the hotel’s own cable distribution network. Citadines had already entered into licensing...

In this issue: Key developments and materials New technologies Internet Advertising, marketing and sponsorship Daily and weekly news alerts New and updated content Dates for your diary Trackers Latest Q& A Useful information Key developments and materials General election announced for 4 July 2024 Prime Minister Rishi Sunak has sought and obtained the King’s consent to dissolve Parliament, confirming a general election for 4 July 2024. Parliament will be prorogued on 24 May 2024 and dissolved on 30 May 2024 under the Dissolution and Calling of Parliament Act 2022. This analysis explores the implications for bills currently before Parliament and the effect on government and public bodies until polling day. See News Analysis: General election announced for 4 July 2024. New technologies DSIT announces new AI safety commitments between global companies The Department for Science, Innovation and...

Public statement and non-public legal letter It revealed the step in a notice on its website, but provided fuller particulars in a private legal letter, seen by MLex, understood to have gone to more than 700 firms. Sony Music said it wished to reaffirm its reservation of all rights in respect of any text and data mining of Sony Music Group content, save where specifically and expressly authorised. Owing to the nature of your operations and publicly available details about your AI systems, we have grounds to believe you and/or your affiliates may already have made unauthorised uses of SMG content for the training, development or commercialisation of AI systems, the letter stated. The company asked developers and streaming companies to either: confirm that neither you nor any affiliate has made any such unauthorised uses; or disclose any such uses, including how the...

Nearly two years after launching its probe into Boohoo, ASOS and Asda over potentially misleading environmental claims, the CMA has confirmed it has accepted Undertakings from each company. Under these Undertakings, the parties agree not to introduce new misleading environmental claims and to remove any that already exist. Although the Undertakings bind only the firms under investigation, the CMA’s accompanying open letter—issued alongside them and set against its expanding consumer caseload—signals that complying with consumer law is regarded as no less important than adhering to competition law. The letter also makes clear that the Undertakings should be treated as the benchmark for making environmental claims. Any business engaging in such claims should therefore carefully scrutinise its statements and practices to ensure they meet the Undertakings’ requirements. The CMA’s stance is especially timely given it is expected imminently, via the DMCC Act, to obtain...

What is the TDM copyright exception under the EU DSM Copyright Directive and how does it apply to the use of datasets in generative AI? Generative artificial intelligence depends on extensive volumes of data and content to build its learning capacity, support creativity, and deliver dependable outputs. In such a data-centric environment, text and data mining ( TDM) plays a pivotal role in processing material, uncovering knowledge, and training AI models. Article 2 of the EU DSM Copyright Directive—intended to enhance access to protected works and, in turn, drive research and innovation—defines TDM as any automated analytical method used to analyse text and data in digital form to produce information, including (but not limited to) trends, patterns, and correlations. The Directive’s overarching purpose is to widen access to protected content to stimulate research and innovation, while maintaining a fair equilibrium between the rights and...

In this issue: Internet New technologies Media Advertising, marketing and sponsorship Reputation management Data protection Daily and weekly news alerts New and updated content Dates for your diary Trackers Latest Q& A Useful information Internet DSIT publishes Online Safety Act 2023 explainer The Department for Science, Innovation and Technology has released an explainer outlining what the Online Safety Act 2023 achieves and how it shields users from harmful online content. It sets out who falls within scope, the new offences introduced, the protections for users, and the approach to enforcement. See: LNB News 09/05/2024 68. Ofcom’s consultation on protecting children from online harms casts a wide net Ofcom has issued its second major consultation under the Act, centred on safeguarding children online. The OSA 2023 imposes safety duties on user-to-user and search services that are likely to be...

The Solicitors Regulation Authority ( SRA) plans to refer a solicitor to the Solicitors Disciplinary Tribunal ( SDT) in relation to a purportedly menacing SLAPP (shorthand for strategic lawsuit against public participation) aimed at silencing Dan Neidle. Neidle, once a partner at Clifford Chance LLP, set up Tax Policy Associates, a think tank. On 10 May 2024, the SRA confirmed its intention to refer a matter concerning an Osborne Clarke individual. The watchdog declined to provide more information or verify the partner’s identity. On his Tax Policy Associates website, Neidle published extensive material about his inquiry into Zahawi’s tax affairs. He outlined exchanges with Osborne Clarke partner, Ashley Hurst. Neidle released a letter from Hurst requesting that he withdraw assertions that the MP had been dishonest. The correspondence was marked confidential and ‘without prejudice’, and warned it would be a ‘serious matter’ if he...

The government published its AI regulation white paper in March 2023, outlining five principles for UK regulators. Yet the FCA has not sufficiently mapped these to its own rules, even after a 14‑month window and an AI update that could have addressed the issue. Samantha Paul, senior knowledge lawyer at Bryan Cave Leighton Paisner LLP, rated the FCA’s AI update a C+, noting it is a solid beginning but fails to explain how the government’s AI compliance principles translate into the UK’s existing regulatory regime, or what this means in practice for firms. Lawyers warn the FCA is leaving banks with insufficient clarity on how its rules apply to the AI‑driven systems embedded in their businesses. Banks could, for instance, mis‑sell financial services to consumers or lack adequate systems and controls to repel an AI‑generated cyber attack. Clearer, upfront application of the rules from the...

Advocate General Maciej Szpunar stated in a non-binding view that video game developers (in this instance, Sony Computer Entertainment Europe Ltd) should not be permitted to prevent external companies from creating cheat software tools that adjust the manner a game operates, since such tools do not modify the copyright-protected source code. Szpunar rejected Sony’s “illusory” contention that its monopoly over the game code extends to encompass the way in which the game plays out in practice, including effort to prohibit cheat programmes that make the game easier for the user. “ In the same fashion, the author of a detective novel cannot forbid a reader from turning to the end of book to see who the killer is,......

In this issue: New technologies Internet Media Reputation management Data protection Telecommunications Advertising, marketing and sponsorship Daily and weekly news alerts New and updated content Dates for your diary Trackers Useful information New technologies Law360 reports that a cohort of visual artists has brought a proposed class action, alleging that Google’s text‑to‑image artificial intelligence ( AI) system, Imagen, was trained by copying ‘enormous amounts’ of artists’ copyrighted works without authorisation, as alleged in the filing, for the purpose of building the model. The lawsuit further challenges the broader practice of relying on vast datasets for AI training. See: Google hit with copyright claims over AI image generator. UK Parliament confirms the Automated Vehicles Bill has returned to the House of Lords for consideration of amendments proposed by the House of Commons. The Commons has put...

Background In March 2024, the Information Commissioner’s Office ( ICO) issued new guidance (the Guidance) explaining how it will determine penalty notices and set fines under the UK General Data Protection Regulation, the assimilated Regulation ( EU) 2016/679 ( UK GDPR), and the Data Protection Act 2018 ( DPA 2018) (collectively, the UK data protection laws). This Guidance replaces the penalty notice sections of the ICO Regulatory Action Policy from November 2018 and is far more detailed. It applies to all fresh cases concerning infringements of the UK data protection laws, and to ongoing matters where no notice of intent to impose a fine has yet been served... What are the key questions on which the Guidance provides greater clarity? The Guidance is divided into three sections: statutory background circumstances in which the ICO would consider a penalty notice...