Offering Public WiFi in the UK: A changing landscape? August 2014 Update
In May 2013, we published an article informing readers of some of the legal and practical implications of offering public Wi-Fi in the UK. You can read our article here. Now, just over a year later, changes are being introduced to some of the areas of legal compliance that public Wi-Fi providers should be aware of.
(a) Changes to the Data Retention Requirements
To recap, in 2006, the European Data Retention Directive 2006/24/EC (the “Directive”) introduced a framework in the EU for the retention of communications data by providers of public electronic communications services aimed at assisting in the prevention and detection of organised crime and terrorism within the EU.
The Data Retention (EC Directive) Regulations 2009 (the “2009 Regulations”) were introduced to implement the Directive in the UK. However, the Directive and the national regulations implementing it throughout the EU caused significant controversy. One legal challenge has culminated in a ruling by the European Court of Justice declaring certain aspects of the Directive invalid. A key factor which led to this ruling was the failure of the Directive to provide sufficient safeguards for the privacy rights of individuals, given the substantial interference which it facilitated with those rights.
In order to plug the resulting gap, the UK introduced new emergency legislation, the Data Retention and Investigatory Powers Act 2014 (“DRIPA”) which came into force on 17 July 2014. This legislation is intended to be a temporary measure and is due to expire on 31 December 2016. It is envisaged that it will be replaced by a new EU law.
The data retention obligations contained in the new UK law (DRIPA) are largely similar to those under the 2009 Regulations, with certain alterations being made to address some of the ambiguities and issues that existed. It also amends the Regulation of Investigatory Powers Act 2000 to clarify that UK jurisdiction will apply to overseas organisations providing public telecommunications services in the UK.
The obligations under DRIPA apply only to the specific public telecommunications operators that are cited or described in a retention notice made by the Secretary of State requiring them to retain relevant communications data if it is considered necessary and proportionate to achieve various purposes. Those purposes include the interests of national security and the prevention or detection of crime.
The data to be retained includes certain internet and telephony data, including data necessary to identify the source of a communication, the destination of a communication, the date, time and duration of the communication, the type of communication and the equipment used. This includes the name and address of a subscriber or registered user to whom an internet protocol address is allocated and the date and time of log-in and log-out of internet access services. Such data may be required to be retained for a maximum period of 12 months and the Secretary of State may make regulations to further specify the kind of data that must be held. Under the current regime, the content of any communications is not required to be retained.
So far as public Wi-Fi providers are concerned, the DRIPA would appear to apply to them only if the Secretary of State makes a retention notice in writing requiring a particular provider or description of providers to comply. Public Wi-Fi providers will need to remain alert for any such notices being made and for forthcoming changes in this area, given the temporary nature of the UK legislation and the likelihood of new EU law being promulgated on this topic.
(b) New Data Protection Regulation
In addition to the state of flux in EU data retention law, a new EU data protection Regulation is currently being negotiated by EU Member State representatives. The draft Regulation contains a number of wide-reaching and controversial provisions that could have significant economic implications. This has led to marked differences of opinion among Member States on certain key provisions.
As a result, the form and content of this draft Regulation remains very uncertain. However, it is likely to significantly increase the level of data protection compliance required by any business engaged in processing personal data and dramatically increase potential maximum penalties and fines. Recent commentary indicates that the target for the new Regulation to be enacted is the end of 2015, but many believe that this is optimistic. EU Regulations are self-implementing and do not require transposition at national level. However, it is expected that there will be a two year grace period for implementation of the new Regulation following its enactment. Given that public Wi-Fi providers may process individual user data, this is an area that they should follow closely.
(c) Online Copyright Infringement – The Fate of the Digital Economy Act 2010
The Digital Economy Act 2010 (“DEA”) sought to impose initial obligations on Internet Service Providers (“ISPs”) for them to notify their subscribers when a report of copyright infringement has been received in relation to their account and provide anonymous copyright infringement lists to copyright owners.
The DEA also placed an obligation on Ofcom to implement a code to regulate compliance with these initial obligations. In June 2012, Ofcom published a revised draft code and made it clear that Wi-Fi providers would initially be outside the scope of the code, which would initially only apply to ISPs providing fixed-line internet access to over 400,000 subscribers.
Implementation of the regime envisaged by the DEA has proved difficult and lengthy, with some of the proposals in the draft Ofcom code, such as cost-sharing, raising controversy and a legal challenge over the lawfulness of the DEA being brought in the courts.
In light of these issues, in July 2014 a voluntary partnership initiative called Creative Content UK was launched, which has received government backing. This initiative is a joint programme between the creative industries and ISPs to raise awareness of online copyright infringement, educate users about legal ways to access content online and introduce subscriber alerts for alleged infringement. The programme is set to commence in the Spring of 2015. No information has yet been provided about the consequences of ignoring alerts, but it is hoped that the initiative will educate and deter infringement.
Following the launch of Creative Content UK, the UK government has announced that it will no longer be doing any work on the DEA regime, which it seems will be abandoned in favour of the Creative Content UK scheme. Although at this stage, involvement in the Creative Content UK scheme is not mandatory and only certain larger ISPs have signed up to it, the message being delivered is clear: ISPs are encouraged to proactively assist in the fight against online copyright infringement, and that’s what they seem to be doing. This is therefore an area that public Wi-Fi providers need to keep abreast of.
d) Conclusion: What next?
The regulation of the issues discussed above is evolving and developing at an increasing pace, necessitated by corresponding developments in technology and the ever-changing political landscape. It is vital for all those potentially affected by these legal developments to keep their finger on the pulse to ensure that they are well-placed to deal with the implications of any future changes to their business going forward.
Squire Patton Boggs (UK) LLP
Squire Patton Boggs (UK) LLP is one of the world’s strongest integrated legal practices with more than 1,500 lawyers in 44 offices across 21 countries. Our EU Data Protection Group is ideally placed to advise on this and all other data privacy issues, with specialist data privacy lawyers, located for example, in France, Germany, the UK, Belgium, the Czech Republic, Hungary, Slovakia and Spain.
Widely acknowledged for its international reach and diverse sector expertise, it advises every type of business from fast-growth companies and the established global mid-market to Fortune 100 and FTSE 100 businesses, together with regional and national governments. For more information, visit www.squirepattonboggs.com.
This article is made available by Squire Patton Boggs only to provide general commentary of the law as it stands on 18 August 2014, not to provide specific legal advice nor to warrant compliance with the law by Purple WiFi Limited. There is no attorney-client relationship between the reader and Squire Patton Boggs. This article should not be used as a substitute for competent, up-to-date legal advice from a licensed professional attorney.
© Squire Patton Boggs (UK) LLP
All rights reserved
To discuss how we can help you, please contact:-
Intellectual Property and Technology
T – 0113 284 7679
E – firstname.lastname@example.org
Intellectual Property and Technology
T – 0113 284 7459
E – email@example.com