We reported last year that the Unitary Patent and Unified Patent Court (UPC) were progressing. The main hurdle to clear was sufficient countries ratifying the Protocol on the Provisional Application (PAP-Protocol) of the UPC Agreement to allow the provisional application period (PAP) to begin.
The Government has published the long anticipated Online Safety and Media Regulation Bill 2022 which it has hailed as a “watershed moment as we move from self-regulation to an era of accountability in online safety”.
Online safety is one of the headline items, and it will be overseen by the newly-established Media Commission (Coimisiún na Meán). The Bill also seeks to implement a number of other key legislative reforms including the transposition of the revised Audiovisual Media Services Directive and the alignment of the regulation of video on-demand services with traditional broadcasting.
The publication of this Bill follows input from and engagement with key stakeholders from the public, NGOs, companies and government organisations over the course of the last three years.
We have summarised some of the key aspects of the Bill below.
The new Enforcement and Modernisation Directive 2019/2161, more commonly known as the ‘Omnibus Directive’ (the Directive), aims to strengthen consumer rights through enhanced enforcement measures and increased transparency requirements.
EU Member States must adopt national implementation measures by 28 November 2021. The new requirements set out in the Directive must then come into force by 28 May 2022.
Who the Directive applies to
Those engaged in online business-to-consumer (B2C) transactions as well as companies offering digital services to consumers where payment by the consumers is in the form of personal data rather than money, will fall under the remit of the Directive.
When the European Commission adopted the new EU Standard Contractual Clauses (new SCCs) for international data transfers earlier this year, we highlighted 3 key dates to be aware of. As one of those dates – 27 September 2021 – has now passed, its timely to remind ourselves why those dates are important.
The Government has published its legislation programme for Autumn 2021. We have set out below the status of key Bills of relevance to the data protection, commercial and technology sector.
Priority legislation for publication and drafting this Autumn
- Online Safety and Media Regulation (OSMR) Bill – This Bill will provide for the establishment of a multi-person Media Commission (including an Online Safety Commissioner), the dissolution of the Broadcasting Authority of Ireland, a regulatory framework to tackle the spread of harmful online content, and implementation of the revised Audiovisual Media Services (AVMS) Directive 2018/1808. The Heads of Bill were published on 9 January 2020, with additional provisions approved on 8 December 2020 and 18 May 2021. The government also approved the integration of the Broadcasting (Amendment) Bill into the OSMR Bill. Member States were due to implement the revised AVMS Directive in national law by 19 September 2020, so Ireland has missed this deadline. Pre-legislative scrutiny is ongoing. Further background information information on the proposed Bill is available here.
- Consumer Rights Bill – This Bill will give effect to two EU Directives (770/2019 and 771/2019) on consumer contracts for the supply of digital content and digital services, and on consumer contracts for the sale of goods. It will also update and consolidate the statutory provisions on consumer rights and remedies in relation to contracts for the supply of non-digital services, unfair contract terms, and information and cancellation rights. The General Scheme of the Bill has been published for public consultation. The Heads of Bill were approved on 20 April 2021.
The DPC recently fined WhatsApp €225m for failing to discharge its transparency obligations under the GDPR. The decision will have implications for all businesses, particularly regarding their privacy notices and transparency obligations. The decision sets out the DPC’s high expectations in regard to businesses’ transparency obligations. It also clarifies the relevance of the consolidated turnover of the entire group of companies when calculating both the maximum fining cap, and the appropriate fine to impose.
This publication provides a deep dive into the DPC’s findings and considers their impact on businesses.
The European Data Protection Board (EDPB) published its finalised Guidelines on the concepts of controller and processor in the GDPR (07/2020) (Guidelines) in July. These concepts play a crucial role in the application of the GDPR as they determine who is responsible for compliance with GDPR obligations and how data subjects can exercise their data protection rights in practice. In Part I, we outlined some of the key highlights of the Guidelines in respect of the controller and processor concepts. This Part II addresses the key highlights in respect of the joint controller concept and the implications of the joint controller relationship.
The European Data Protection Board (EDPB) published its finalised Guidelines on the concepts of controller and processor in the GDPR (07/2020) (Guidelines) in July. These concepts play a crucial role in the application of the GDPR as they determine who is responsible for compliance with GDPR obligations and how data subjects can exercise their data protection rights in practice. In Part I of this blog, we outline some of the key highlights of the Guidelines in respect of the controller and processor concepts and the implications of the controller to processor relationship. Part II will address the key highlights of the Guidelines in respect of joint controllers.
The Agreement on a Unified EU Patent Court (UPC Agreement) has been ratified by Germany following legal challenges in recent years over the constitutionality of the ratification bill.
The UPC Agreement provides for the establishment of a Unified Patent Court (UPC) as a court common to all participating Member States, with exclusive competence in respect of European patents and European patents with unitary effect.
The UPC will replace all individual enforcement courts in participating Member States and is intended to remove the need for and the cost of multi-jurisdictional patent disputes.
The finalised EDPB Guidelines on the concepts of controller and processor (07/2020) in the GDPR were published this week. The Guidelines set out the EDPB’s recommendations on what should be included in data processing contracts between controllers and processors, in order to ensure compliance with Article 28 GDPR. We have set out some key highlights of the Guidelines below.