tag:blogger.com,1999:blog-50520632303403484342024-03-19T09:29:49.072+00:00The Fine PrintPragmatic thoughts on the law and legal practice.Unknownnoreply@blogger.comBlogger332125tag:blogger.com,1999:blog-5052063230340348434.post-69409025580118020092024-03-06T17:13:00.004+00:002024-03-07T10:33:48.244+00:00AI Risk Management: An Update <p><span style="font-size: medium;"><span style="background-color: white; color: #333333; font-family: "Times New Roman", serif; text-align: justify;"></span></span></p><div class="separator" style="clear: both; text-align: center;"><span style="font-size: medium;"><span style="background-color: white; color: #333333; font-family: "Times New Roman", serif; text-align: justify;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEggjQ5mU6i2Ziha7I2XXqRMSKLeINaEQyaaAaJXSaaWzGjPDi5nH8yLaN5mKObuyapOF5jiAB-86KjsvvGVxjl-b05rEZaI7Eak9eQionr7ujLSzJa7VcBYNhNanbz65PofnngqELOtiB7SQ8QAKTDGbjpdeCyC-Wec1TqTSB-ZM8XkzM0_o7kjdf741Ns/s334/Copy%20of%20New%20Picture%20(7).bmp" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" data-original-height="334" data-original-width="240" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEggjQ5mU6i2Ziha7I2XXqRMSKLeINaEQyaaAaJXSaaWzGjPDi5nH8yLaN5mKObuyapOF5jiAB-86KjsvvGVxjl-b05rEZaI7Eak9eQionr7ujLSzJa7VcBYNhNanbz65PofnngqELOtiB7SQ8QAKTDGbjpdeCyC-Wec1TqTSB-ZM8XkzM0_o7kjdf741Ns/w144-h200/Copy%20of%20New%20Picture%20(7).bmp" width="144" /></a></span></span></div><span style="font-size: medium;"><span style="background-color: white; color: #333333; font-family: "Times New Roman", serif; text-align: justify;"><p class="MsoNormal" style="background: white; line-height: normal; margin-bottom: 0cm; text-align: justify;"><span style="color: #333333; font-family: "Times New Roman",serif; font-size: medium; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB; mso-font-kerning: 0pt; mso-ligatures: none;">It's a while since I covered the legal aspects of AI here, but I've been posting on the topic fairly frequently on <a href="https://www.linkedin.com/in/simondeanejohns/recent-activity/all/" target="_blank">LinkedIn</a> and more recently on <a href="https://sdj-pragmatist.blogspot.com/2024/02/defending-humanity-against-techno.html" target="_blank">Pragmatist</a>. The widespread use of artificial
intelligence (AI) - particularly generative AI - as well as the problems described below and the fact that you may not
know you are relying on it, means you need to know how these technologies work (at
least conceptually, if not in detail) and their impact. At scale, the harms
from AI can arise before being detected, and a lot of AI has been launched as a
‘minimum viable product’ to suit the interests of developers over other
stakeholders. But to avoid over-reacting, we need to be realistic about what AI
can really achieve. To chart a safe route for the development and deployment of
AI there’s a need prioritize the public interest, and align technology with
widely shared human values rather than the self-interest of a few tech
enthusiasts, no matter how wealthy they are. That means uniting the AI
industry, researchers and civil society around the public perspective. In this
respect AI should be treated like aviation, health and safety, and medicines. It
seems unwise for the next generation of AI to launch into unregulated
territory. If you would like advice on any aspects of this post, <a href="https://www.keystonelaw.com/lawyers/simon-deane-johns" style="font-family: "Times New Roman", serif;" target="_blank">please let me know</a>.</span></p><o:p></o:p></span></span><span style="font-family: "Times New Roman", serif;"> </span><div><b style="text-align: justify;"><i><span style="color: #333333; font-family: "Times New Roman",serif; font-size: medium; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB; mso-font-kerning: 0pt; mso-ligatures: none;">What is AI?</span></i></b><p class="MsoNormal" style="background: white; line-height: normal; margin-bottom: 0cm; text-align: justify;"><span style="color: #333333; font-family: "Times New Roman", serif; font-size: medium;">The term "AI" embraces
a collection of technologies that involve ‘machine learning’ at some point:</span></p>
<ul type="disc">
<li class="MsoNormal" style="background: white; color: #333333; line-height: normal; mso-list: l2 level1 lfo2; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; tab-stops: list 36.0pt; text-align: justify;"><span style="font-family: "Times New Roman",serif; font-size: medium; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB; mso-font-kerning: 0pt; mso-ligatures: none;">artificial neural networks (ANN) –
one ‘hidden’ layer of processing<o:p></o:p></span></li>
<li class="MsoNormal" style="background: white; color: #333333; line-height: normal; mso-list: l2 level1 lfo2; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; tab-stops: list 36.0pt; text-align: justify;"><span style="font-family: "Times New Roman",serif; font-size: medium; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB; mso-font-kerning: 0pt; mso-ligatures: none;">deep learning networks (DNN) –
multiple ‘hidden’ layers of processing<o:p></o:p></span></li>
<li class="MsoNormal" style="background: white; color: #333333; line-height: normal; mso-list: l2 level1 lfo2; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; tab-stops: list 36.0pt; text-align: justify;"><span style="font-family: "Times New Roman",serif; font-size: medium; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB; mso-font-kerning: 0pt; mso-ligatures: none;">machine perception - the ability of
processors to analyse data (whether as images, sound, text, unstructured
data or any combination) to recognise/describe people, objects and
actions.<o:p></o:p></span></li>
<li class="MsoNormal" style="background: white; color: #333333; line-height: normal; mso-list: l2 level1 lfo2; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; tab-stops: list 36.0pt; text-align: justify;"><span style="font-family: "Times New Roman",serif; font-size: medium; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB; mso-font-kerning: 0pt; mso-ligatures: none;">automation<o:p></o:p></span></li>
<li class="MsoNormal" style="background: white; color: #333333; line-height: normal; mso-list: l2 level1 lfo2; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; tab-stops: list 36.0pt; text-align: justify;"><span style="font-family: "Times New Roman",serif; font-size: medium; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB; mso-font-kerning: 0pt; mso-ligatures: none;">machine control – robotics, autonomous vehicles,
aircraft and vessels<o:p></o:p></span></li>
<li class="MsoNormal" style="background: white; color: #333333; line-height: normal; mso-list: l2 level1 lfo2; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; tab-stops: list 36.0pt; text-align: justify;"><span style="font-family: "Times New Roman",serif; font-size: medium; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB; mso-font-kerning: 0pt; mso-ligatures: none;">computer vision – image, object, activity
and facial recognition<o:p></o:p></span></li>
<li class="MsoNormal" style="background: white; color: #333333; line-height: normal; mso-list: l2 level1 lfo2; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; tab-stops: list 36.0pt; text-align: justify;"><span style="font-family: "Times New Roman",serif; font-size: medium; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB; mso-font-kerning: 0pt; mso-ligatures: none;">natural language processing - speech and
acoustic recognition/response<o:p></o:p></span></li>
<li class="MsoNormal" style="background: white; color: #333333; line-height: normal; mso-list: l2 level1 lfo2; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; tab-stops: list 36.0pt; text-align: justify;"><span style="font-family: "Times New Roman",serif; font-size: medium; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB; mso-font-kerning: 0pt; mso-ligatures: none;">personalisation<o:p></o:p></span></li>
<li class="MsoNormal" style="background: white; color: #333333; line-height: normal; mso-list: l2 level1 lfo2; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; tab-stops: list 36.0pt; text-align: justify;"><span style="font-family: "Times New Roman",serif; font-size: medium; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB; mso-font-kerning: 0pt; mso-ligatures: none;">Big Data analytics<o:p></o:p></span></li>
<li class="MsoNormal" style="background: white; color: #333333; line-height: normal; mso-list: l2 level1 lfo2; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; tab-stops: list 36.0pt; text-align: justify;"><span style="font-family: "Times New Roman",serif; font-size: medium; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB; mso-font-kerning: 0pt; mso-ligatures: none;">Internet of things (IoT) <o:p></o:p></span></li>
</ul>
<p class="MsoNormal" style="background: white; line-height: normal; margin-bottom: 0cm; text-align: justify;"><span style="color: #333333; font-family: "Times New Roman",serif; font-size: medium; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB; mso-font-kerning: 0pt; mso-ligatures: none;">While AI technologies themselves
may be complex, the concepts are simple. Traditionally, we load a software
application and data into a computer, and run the data through the application
to produce a result/output. But machine learning involves feeding the data and
desired outputs into one or more computers or computing networks that are
designed to <i>write the programme</i> (e.g. you feed in data on
crimes/criminals and the output of whether those people re-offended, with the
object of producing a programme that will predict whether a given person will
re-offend). In this sense, data is used to ‘train’ the computer to write and
adapt the programme, which constitutes the "artificial intelligence".
<o:p></o:p></span></p>
<p class="MsoNormal" style="background: white; line-height: normal; margin-bottom: 0cm; text-align: justify;"><span style="font-family: "Times New Roman", serif; font-size: medium;">So, in a traditional computing
scenario you can more readily discover that the wrong result was caused by bad
data but this may be impracticable with a single hidden layer of computing in
an ANN, let alone in a DNN with its multiple hidden layers.</span></p>
<p class="MsoNormal" style="background: white; line-height: normal; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; text-align: justify;"><span style="color: #333333; font-family: "Times New Roman",serif; font-size: medium; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB; mso-font-kerning: 0pt; mso-ligatures: none;">Generative
AI tools are built using foundation models that are either single modal (receiving
input and generating content using only text, for example) or multi-modal (able
to deal with, text, audio and images and so on). A large language model (LLM)
is a type of foundation model. <a href="https://committees.parliament.uk/oralevidence/13866/html/" target="_blank">As explained to the House of Lords' communications and digital select committee</a>, LLMs are designed around probability and have
nothing to do with ‘truth’. They learn patterns of language and generate from
those learned patterns. So, a valid output for the AI may be obviously wrong to
a human with more facts available. </span></p>
<p class="MsoNormal" style="background: white; line-height: normal; margin-bottom: 0cm; text-align: justify;"><span style="color: black; font-family: "Times New Roman",serif; font-size: medium; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB; mso-font-kerning: 0pt; mso-ligatures: none;">Various AI technologies are
often used in conjunction (e.g. scanning documents for hints of fraud,
robotic process automation ("RPA") and personalising services for
individuals or groups of customers); and may be combined with devices or other
machines in the course of biometrics, robotics, the operation of autonomous
vehicles, aircraft, vessels and the 'Internet of things.<o:p></o:p></span></p>
<p class="MsoNormal" style="background: white; line-height: normal; margin-bottom: 0cm; text-align: justify;"><span style="color: #333333; font-family: "Times New Roman", serif; font-size: medium;">AI is better than humans at some
tasks (“narrow AI”) but “general AI” (same intelligence as humans) and “superintelligence”
(better than humans at everything) are the stuff of science fiction.</span></p>
<p class="MsoNormal" style="background: white; line-height: normal; margin-bottom: 0cm; text-align: justify;"><b><i><span style="color: #333333; font-family: "Times New Roman",serif; font-size: medium; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB; mso-font-kerning: 0pt; mso-ligatures: none;">What is AI used for?</span></i></b></p>
<p class="MsoNormal" style="background: white; line-height: normal; margin-bottom: 0cm; text-align: justify;"><span style="color: #333333; font-family: "Times New Roman", serif; font-size: medium;">AI is used for:</span></p>
<ol start="1" type="1">
<li class="MsoNormal" style="background: white; color: #333333; line-height: normal; mso-list: l7 level1 lfo3; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; tab-stops: list 36.0pt; text-align: justify;"><span style="font-family: "Times New Roman",serif; font-size: medium; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB; mso-font-kerning: 0pt; mso-ligatures: none;">Clustering: putting items of data into
new groups (discovering patterns);<o:p></o:p></span></li>
<li class="MsoNormal" style="background: white; color: #333333; line-height: normal; mso-list: l7 level1 lfo3; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; tab-stops: list 36.0pt; text-align: justify;"><span style="font-size: medium;"><span style="font-family: "Times New Roman",serif; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB; mso-font-kerning: 0pt; mso-ligatures: none;">Classifying: putting a new observation
into pre-defined categories based on a set of 'training data'</span><span style="color: black; font-family: "Times New Roman",serif; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB; mso-font-kerning: 0pt; mso-ligatures: none;">; </span><span style="font-family: "Times New Roman",serif; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB; mso-font-kerning: 0pt; mso-ligatures: none;"><o:p></o:p></span></span></li>
<li class="MsoNormal" style="background: white; color: #333333; line-height: normal; mso-list: l7 level1 lfo3; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; tab-stops: list 36.0pt; text-align: justify;"><span style="font-family: "Times New Roman",serif; font-size: medium; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB; mso-font-kerning: 0pt; mso-ligatures: none;">Predicting: assessing relationships among
many factors to assess risk or potential relating to particular conditions
(e.g. creditworthiness); <o:p></o:p></span></li>
<li class="MsoNormal" style="background: white; color: #333333; line-height: normal; mso-list: l7 level1 lfo3; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; tab-stops: list 36.0pt; text-align: justify;"><span style="font-family: "Times New Roman",serif; font-size: medium; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB; mso-font-kerning: 0pt; mso-ligatures: none;">Generating new content.<o:p></o:p></span></li>
</ol>
<p class="MsoNormal" style="background: white; line-height: normal; margin-bottom: 0cm; text-align: justify;"><span style="font-size: medium;"><b><i><span style="color: #333333; font-family: "Times New Roman",serif; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB; mso-font-kerning: 0pt; mso-ligatures: none;">The Challenges with AI</span></i></b><span style="color: #333333; font-family: "Times New Roman",serif; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB; mso-font-kerning: 0pt; mso-ligatures: none;"><o:p></o:p></span></span></p>
<p class="MsoNormal" style="background: white; line-height: normal; margin-bottom: 0cm; text-align: justify;"><span style="color: #333333; font-family: "Times New Roman", serif; font-size: medium;">There is a long list of concerns
about AI, including:</span></p>
<ol start="1" type="1">
<li class="MsoNormal" style="background: white; color: #333333; line-height: normal; mso-list: l4 level1 lfo4; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; tab-stops: list 36.0pt; text-align: justify;"><span style="font-family: "Times New Roman",serif; font-size: medium; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB; mso-font-kerning: 0pt; mso-ligatures: none;">cost/benefit – it cost $50m in
electricity to teach an AI to beat a human being at Go, hundreds of
attempts to get a robot to do a backflip; and the power to generate a
single AI image from text could charge an iPhone;<o:p></o:p></span></li>
<li class="MsoNormal" style="background: white; color: #333333; line-height: normal; mso-list: l4 level1 lfo4; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; tab-stops: list 36.0pt; text-align: justify;"><span style="font-family: "Times New Roman",serif; font-size: medium; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB; mso-font-kerning: 0pt; mso-ligatures: none;">dependence on training data licences,
quantity, quality, timeliness and availability;<o:p></o:p></span></li>
<li class="MsoNormal" style="background: white; color: #333333; line-height: normal; mso-list: l4 level1 lfo4; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; tab-stops: list 36.0pt; text-align: justify;"><span style="font-family: "Times New Roman",serif; font-size: medium; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB; mso-font-kerning: 0pt; mso-ligatures: none;">lack of understanding - an AI might
predict 79% of European Court judgments doesn't know any law, it just
counts how often words appear alone, in pairs or fours;<o:p></o:p></span></li>
<li class="MsoNormal" style="background: white; color: #333333; line-height: normal; mso-list: l4 level1 lfo4; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; tab-stops: list 36.0pt; text-align: justify;"><span style="font-family: "Times New Roman",serif; font-size: medium; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB; mso-font-kerning: 0pt; mso-ligatures: none;">inaccuracy - no AI is 100% accurate;<o:p></o:p></span></li>
<li class="MsoNormal" style="background: white; color: #333333; line-height: normal; mso-list: l4 level1 lfo4; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; tab-stops: list 36.0pt; text-align: justify;"><span style="font-family: "Times New Roman",serif; font-size: medium; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB; mso-font-kerning: 0pt; mso-ligatures: none;">Infringement of copyright, privacy,
confidentiality, trade secrets etc. in the training data;<o:p></o:p></span></li>
<li class="MsoNormal" style="background: white; color: #333333; line-height: normal; mso-list: l4 level1 lfo4; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; tab-stops: list 36.0pt; text-align: justify;"><span style="font-family: "Times New Roman",serif; font-size: medium; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB; mso-font-kerning: 0pt; mso-ligatures: none;">Whether using AI can meet the test of
“author’s own intellectual creation” to attract copyright protection;<o:p></o:p></span></li>
<li class="MsoNormal" style="background: white; color: #333333; line-height: normal; mso-list: l4 level1 lfo4; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; tab-stops: list 36.0pt; text-align: justify;"><span style="font-family: "Times New Roman",serif; font-size: medium; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB; mso-font-kerning: 0pt; mso-ligatures: none;">‘hallucination’ by generative AIs (producing
spontaneous errors or inaccurate responses (e.g. fictitious court
citations or literary ‘quotes’ from bogus work);<o:p></o:p></span></li>
<li class="MsoNormal" style="background: white; color: #333333; line-height: normal; mso-list: l4 level1 lfo4; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; tab-stops: list 36.0pt; text-align: justify;"><span style="font-family: "Times New Roman",serif; font-size: medium; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB; mso-font-kerning: 0pt; mso-ligatures: none;">Deepfakes (deliberately created fake
still and moving images and/or recordings)<o:p></o:p></span></li>
<li class="MsoNormal" style="background: white; color: #333333; line-height: normal; mso-list: l4 level1 lfo4; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; tab-stops: list 36.0pt; text-align: justify;"><span style="font-family: "Times New Roman",serif; font-size: medium; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB; mso-font-kerning: 0pt; mso-ligatures: none;">Making existing types of malicious
activity easier;<o:p></o:p></span></li>
<li class="MsoNormal" style="background: white; color: #333333; line-height: normal; mso-list: l4 level1 lfo4; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; tab-stops: list 36.0pt; text-align: justify;"><span style="font-size: medium;"><span style="color: black; mso-color-alt: windowtext;"><a href="http://sdj-thefineprint.blogspot.com/2019/07/explainability-remains-biggest.html" target="_blank"><span style="color: #5588aa; font-family: "Times New Roman",serif; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB; mso-font-kerning: 0pt; mso-ligatures: none;">lack of explainability</span></a></span><span style="font-family: "Times New Roman",serif; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB; mso-font-kerning: 0pt; mso-ligatures: none;"> -
machine learning involves the computer adapting the programme in response
to data, and it might react differently to the same data added later,
based on what it has 'learned' in the meantime; <o:p></o:p></span></span></li>
<li class="MsoNormal" style="background: white; color: #333333; line-height: normal; mso-list: l4 level1 lfo4; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; tab-stops: list 36.0pt; text-align: justify;"><span style="font-family: "Times New Roman",serif; font-size: medium; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB; mso-font-kerning: 0pt; mso-ligatures: none;">Specific legal/ethical issues associated
with specific AI technologies, such as the use of automated facial
recognition by the police; and where liability falls given that the AI
itself has no legal personality or status.<o:p></o:p></span></li>
<li class="MsoNormal" style="background: white; color: #333333; line-height: normal; mso-list: l4 level1 lfo4; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; tab-stops: list 36.0pt; text-align: justify;"><span style="font-family: "Times New Roman",serif; font-size: medium; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB; mso-font-kerning: 0pt; mso-ligatures: none;">Bias - the inability to remove both
selection bias and prediction bias; <o:p></o:p></span></li>
<li class="MsoNormal" style="background: white; color: #333333; line-height: normal; mso-list: l4 level1 lfo4; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; tab-stops: list 36.0pt; text-align: justify;"><span style="font-size: medium;"><span style="font-family: "Times New Roman",serif; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB; mso-font-kerning: 0pt; mso-ligatures: none;">the challenges associated with the </span><span style="color: black; mso-color-alt: windowtext;"><a href="https://www.theverge.com/2017/7/12/15957844/ai-fake-video-audio-speech-obama" target="_blank"><span style="color: #5588aa; font-family: "Times New Roman",serif; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB; mso-font-kerning: 0pt; mso-ligatures: none;">reliability of evidence</span></a></span><span style="font-family: "Times New Roman",serif; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB; mso-font-kerning: 0pt; mso-ligatures: none;"> and
how to resolve disputes arising from its use - lawyers have not typically
been engaged in AI development and deployment; <o:p></o:p></span></span></li>
<li class="MsoNormal" style="background: white; color: black; line-height: normal; mso-list: l4 level1 lfo4; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; tab-stops: list 36.0pt; text-align: justify;"><span style="font-size: medium;"><span style="color: #333333; font-family: "Times New Roman",serif; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB; mso-font-kerning: 0pt; mso-ligatures: none;">There are concerns
around the secondary impact of AI on employment and on other services that
it might draw upon without refreshing or maintaining.</span><span style="font-family: "Times New Roman",serif; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB; mso-font-kerning: 0pt; mso-ligatures: none;"><o:p></o:p></span></span></li>
<li class="MsoNormal" style="background: white; color: black; line-height: normal; mso-list: l4 level1 lfo4; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; tab-stops: list 36.0pt; text-align: justify;"><span style="font-family: "Times New Roman",serif; font-size: medium; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB; mso-font-kerning: 0pt; mso-ligatures: none;">AI systems may reveal training data and
actual copyright material and privacy information under a ‘divergence
attack’ or merely unusual requests that causes the AI to break its
‘alignment’ (e.g. <a href="https://www.youtube.com/watch?v=0M9Edie8tYc" target="_blank">asking ChatGPT 3.5 to repeat the word ‘poem'</a>). </span></li>
<li class="MsoNormal" style="background: white; color: black; line-height: normal; mso-list: l4 level1 lfo4; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; tab-stops: list 36.0pt; text-align: justify;"><span style="font-family: "Times New Roman",serif; font-size: medium; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB; mso-font-kerning: 0pt; mso-ligatures: none;">Some users <a href="https://www.theguardian.com/commentisfree/2024/jan/12/chatgpt-problems-lazy?CMP=share_btn_tw" target="_blank">complain</a> that chatbots can be lazy,
or fail to perform requested tasks without prompts (or maybe even at all). </span></li>
</ol>
<p class="MsoNormal"><span style="font-family: "Times New Roman",serif; font-size: medium;">The House
of Lords committee (<a href="https://www.ianbrown.tech/2024/02/20/ftc-tech-summit-on-ai/" target="_blank">like the FTC in the US</a>) found that AI poses credible threats to public safety,
societal values, copyright, privacy, open market competition and UK economic
competitiveness. <o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left: 36pt;"><i><span style="font-family: "Times New Roman",serif; font-size: medium;">LLMs
may amplify any number of existing societal problems, including inequality,
environmental harm, declining human agency and routes for redress, digital
divides, loss of privacy, economic displacement, and growing concentrations of
power. <o:p></o:p></span></i></p>
<p class="MsoNormal" style="margin-left: 36pt;"><i><span style="font-family: "Times New Roman",serif; font-size: medium;">LLMs
might entrench discrimination (for example in recruitment practices, credit
scoring or predictive policing); sway political opinion (if using a system to
identify and rank news stories); or lead to casualties (if AI systematically
misdiagnoses healthcare patients from minority groups).</span></i></p>
<p class="MsoNormal"><b><i><span style="font-family: "Times New Roman",serif; font-size: medium;">Unacceptable
Uses for AI<o:p></o:p></span></i></b></p>
<p class="MsoNormal"><span style="font-family: "Times New Roman",serif; font-size: medium;">From all
these challenges one can deduce and infer acceptable and unacceptable use-cases.
For instance, it now seems obvious to use an AI system to trawl through a
closed set of discovered documents and other data, seeking evidence on a
certain issue. <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family: "Times New Roman",serif; font-size: medium;">An AI
might be allowed to run in a fully automated way where commercial parties are
able to knowingly accept a certain level of inaccuracy and bias and losses of a
quantifiable scale (though we’ve seen disasters arise through algorithmic
trading and where markets for some instruments suddenly grind to a halt through
human distrust of the outputs).<o:p></o:p></span></p>
<p class="MsoNormal" style="background: white; line-height: normal; margin-bottom: 0cm; text-align: justify;"><span style="font-size: medium;"><span style="color: black; font-family: "Times New Roman",serif; mso-color-alt: windowtext;">But an AI should not be used to fully
automate decisions that affect an individual’s fundamental rights and freedoms,
grant benefits claims, approve loan applications, invest a person’s pension pot,
individual pricing or predict, say, criminal conduct. It is also probably
unacceptable to simply overlay a right to human intervention in such cases – or
rely on human intervention by staff – since the Post Office/Horizon scandal has
demonstrated that human intervention is no panacea! AI might be used to some degree
in steps along the way to a decision, but the decision itself should be
consciously human. In other words, a human should be able to explain why and
how the decision was reached, the parameters and so on, to be able to re-take
the decision if necessary. </span><span style="font-family: "Times New Roman",serif;"><o:p></o:p></span></span></p>
<p class="MsoNormal" style="background: white; line-height: normal; margin-bottom: 0cm; text-align: justify;"><span style="font-family: "Times New Roman", serif; font-size: medium; text-align: left;">The default position among many AI technologists
is that AI development should free-ride on human creativity and personal data. This
has implications for copyright, trade marks and privacy.</span></p>
<p class="MsoNormal" style="background: white; line-height: normal; margin-bottom: 0cm; text-align: justify;"><b><i><span style="color: black; font-family: "Times New Roman",serif; font-size: medium; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB; mso-font-kerning: 0pt; mso-ligatures: none;">Copyright<o:p></o:p></span></i></b></p>
<p class="MsoNormal" style="background: white; line-height: normal; margin-bottom: 0cm; text-align: justify;"><span style="font-family: "Times New Roman", serif; font-size: medium;">OpenAI has admitted that their
platforms would not exist without access to copyright materials:</span></p>
<p class="MsoNormal" style="background: white; line-height: normal; margin-bottom: 0cm; text-align: justify;"><span style="font-family: "Times New Roman",serif; font-size: medium; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB; mso-font-kerning: 0pt; mso-ligatures: none;"></span></p><blockquote><span style="font-family: "Times New Roman",serif; font-size: medium; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB; mso-font-kerning: 0pt; mso-ligatures: none;"><o:p style="color: black;"> </o:p><span style="color: black; font-family: "Times New Roman",serif; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB; mso-font-kerning: 0pt; mso-ligatures: none;">“Because
copyright today covers virtually every sort of human expression – including
blogposts, photographs, forum posts, scraps of software code, and government
documents – it would be impossible to train today’s leading AI models without
using copyrighted materials,” said OpenAI in its </span><span style="font-family: "Times New Roman",serif; mso-color-alt: windowtext;"><a href="https://committees.parliament.uk/writtenevidence/126981/pdf/" style="color: black;"><span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 1pt none windowtext; mso-border-alt: none windowtext 0cm; padding: 0cm;">submission to the House of Lords communications
and digital select committee</span></a><span style="color: #121212;"> (as <a href="https://www.theguardian.com/technology/2024/jan/08/ai-tools-chatgpt-copyrighted-material-openai" target="_blank">also covered in the The Guardian</a>). </span></span></span></blockquote><p></p>
<p class="MsoNormal" style="background: white; line-height: normal; margin-bottom: 0cm; text-align: justify;"><span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; color: black; font-family: "Times New Roman",serif; font-size: medium; mso-color-alt: windowtext;">Meta’s new AI image
generator <a href="https://arstechnica.com/information-technology/2023/12/metas-new-ai-image-generator-was-trained-on-1-1-billion-instagram-and-facebook-photos/" target="_blank">was trained on 1.1 billion Instagram and Facebook photos</a>.</span></p>
<p class="MsoNormal" style="background: white; line-height: normal; margin-bottom: 0cm; text-align: justify;"><span style="font-size: medium;"><span style="font-family: "Times New Roman", serif;">Midjourney founder David Holz
<a href="https://petapixel.com/2022/12/21/midjourny-founder-admits-to-using-a-hundred-million-images-without-consent/" target="_blank">has admitted</a> that his company did not receive consent for the hundreds of
millions of images used to train its AI image generator, outraging
photogarphers and artists. And a</span><span style="color: black; font-family: "Times New Roman",serif; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB; mso-font-kerning: 0pt; mso-ligatures: none;"> spreadsheet submitted as evidence in a copyright lawsuit against Midjourney
<a href="https://www.theregister.com/2024/01/04/midjourney_artists_spreadsheet/" target="_blank">allegedly</a> lists thousands of artists whose images the startup's AI picture
generator "can successfully mimic or imitate." </span></span></p>
<p class="MsoNormal" style="background: white; line-height: normal; margin-bottom: 0cm; text-align: justify;"><span style="color: black; font-family: "Times New Roman",serif; font-size: medium; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB; mso-font-kerning: 0pt; mso-ligatures: none;">Illustrators
Sarah Andersen, Kelly McKernan, and Karla Ortiz <a href="https://news.artnet.com/art-world/class-action-lawsuit-ai-generators-deviantart-midjourney-stable-diffusion-2246770" target="_blank">filed suit</a> in the Northern
District of California against Midjourney Inc, DeviantArt Inc (DreamUp), and
Stability A.I. Ltd (Stable Diffusion). They term these text-to-image platforms
“21st-century collage tools that violate the rights of millions of artists.” </span></p>
<p class="MsoNormal" style="background: white; line-height: normal; margin-bottom: 0cm; text-align: justify;"><span style="font-size: medium;"><span style="color: black; font-family: "Times New Roman",serif; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB; mso-font-kerning: 0pt; mso-ligatures: none;">The New York Times <a href="https://nytco-assets.nytimes.com/2023/12/NYT_Complaint_Dec2023.pdf" target="_blank">has sued</a>
OpenAI and Microsoft for allegedly building LLMs by copying and using millions of The
Times’s copyright works through Microsoft’s “Copilot” and OpenAI’s ChatGPT, seeking
to free-ride on The Times’s investment in journalism by using it to build
substitutive products without permission or payment.</span><span style="color: black; font-family: "Times New Roman",serif; mso-color-alt: windowtext;"> </span></span></p>
<p class="MsoNormal" style="background: white; line-height: normal; margin-bottom: 0cm; text-align: justify;"><span style="font-size: medium;"><span style="color: black; font-family: "Times New Roman",serif; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB; mso-font-kerning: 0pt; mso-ligatures: none;">Getty Images <a href="https://www.theverge.com/2023/1/17/23558516/ai-art-copyright-stable-diffusion-getty-images-lawsuit" target="_blank">claims</a> Stability AI
‘unlawfully’ scraped millions of images from its site. </span><span style="color: black; font-family: "Times New Roman",serif; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB; mso-font-kerning: 0pt; mso-ligatures: none;"> . </span><span style="color: black; font-family: "Times New Roman",serif; mso-color-alt: windowtext;">Getty Images argued before a UK’s House of Lords
committee that “ask for forgiveness later” opt‑out mechanisms were “contrary to
fundamental principles of copyright law, which requires permission to be
secured in advance”.</span></span></p>
<p class="MsoNormal" style="background: white; line-height: normal; margin-bottom: 0cm; text-align: justify;"><b style="background-color: transparent; text-align: left;"><i><span style="font-family: "Times New Roman",serif; font-size: medium;">Trade
marks</span></i></b></p>
<p class="MsoNormal"><span style="font-family: "Times New Roman",serif; font-size: medium;">AI has
revolutionised advertising and marketing in terms of how products are searched
for and/or ‘found’. This depends on:<o:p></o:p></span></p>
<p class="MsoListParagraphCxSpFirst" style="mso-list: l9 level1 lfo6; text-indent: -18pt;"><span style="font-size: medium;"><!--[if !supportLists]--><span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;"><span style="mso-list: Ignore;"></span></span></span></p><blockquote><p class="MsoListParagraphCxSpFirst" style="mso-list: l9 level1 lfo6; text-indent: -18pt;"><span style="font-size: medium;"><span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;"><span style="mso-list: Ignore;">·<span style="font-family: "Times New Roman"; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-style: normal; font-variant: normal; font-variation-settings: normal; font-weight: normal; line-height: normal;">
</span></span></span><!--[endif]--><span style="font-family: "Times New Roman",serif;">which
search methods customers use to find your products and services and how those
engines select their results;<o:p></o:p></span></span></p>
<p class="MsoListParagraphCxSpMiddle" style="mso-list: l9 level1 lfo6; text-indent: -18pt;"><span style="font-size: medium;"><!--[if !supportLists]--><span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;"><span style="mso-list: Ignore;">·<span style="font-family: "Times New Roman"; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-style: normal; font-variant: normal; font-variation-settings: normal; font-weight: normal; line-height: normal;">
</span></span></span><!--[endif]--><span style="font-family: "Times New Roman",serif;">how
voice-controlled personal assistants select products if the user asks it to buy
items from a shopping list but without specifying brands (they may use buying
history or prioritise products under paid promotional schemes); and<o:p></o:p></span></span></p>
<p class="MsoListParagraphCxSpLast" style="mso-list: l9 level1 lfo6; text-indent: -18pt;"><span style="font-size: medium;"><!--[if !supportLists]--><span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;"><span style="mso-list: Ignore;">·<span style="font-family: "Times New Roman"; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-style: normal; font-variant: normal; font-variation-settings: normal; font-weight: normal; line-height: normal;">
</span></span></span><!--[endif]--><span style="font-family: "Times New Roman",serif;">your
brand's presence in search engine results (keywords) or other AI-controlled
marketing programmes.</span></span></p></blockquote><p class="MsoListParagraphCxSpLast" style="mso-list: l9 level1 lfo6; text-indent: -18pt;"><span style="font-family: "Times New Roman",serif; font-size: medium;"><o:p></o:p></span></p>
<p class="MsoNormal"><b><i><span style="font-family: "Times New Roman",serif; font-size: medium;">AI
and data protection<o:p></o:p></span></i></b></p>
<p class="MsoNormal"><span style="font-family: "Times New Roman",serif; font-size: medium;">The Information
Commissioner’s Office has identified AI as a priority area and is focusing in
particular on the following aspects: (i) fairness in AI; (ii) dark patterns;
(iii) AI as a Service (AIaaS); (iv) AI and recommender systems; (v) biometric
data and biometric technologies; and (vi) privacy and confidentiality in
explainable AI.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family: "Times New Roman",serif; font-size: medium;">In
addition to the basic principles of UK GDPR and EU GDPR compliance at Articles
5 and 6 (lawfulness through consent, contract performance, legitimate
interests; fairness and transparency; purpose limitation; data minimisation,
accuracy; storage limitation; and integrity and confidentiality), AI raises a
number of further issues. These include:<o:p></o:p></span></p>
<p class="MsoListParagraphCxSpFirst" style="margin-left: 18pt; mso-add-space: auto; mso-list: l3 level1 lfo1; tab-stops: list 18.0pt; text-indent: -18pt;"><span style="font-size: medium;"><!--[if !supportLists]--><span style="font-family: Symbol; line-height: 107%; mso-bidi-font-family: Symbol; mso-bidi-font-size: 11.0pt; mso-fareast-font-family: Symbol;"><span style="mso-list: Ignore;">·<span style="font-family: "Times New Roman"; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-style: normal; font-variant: normal; font-variation-settings: normal; font-weight: normal; line-height: normal;">
</span></span></span><!--[endif]--><span style="font-family: "Times New Roman",serif;">The
AI provider’s role as data processor or data controller.<o:p></o:p></span></span></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 18pt; mso-add-space: auto; mso-list: l3 level1 lfo1; tab-stops: list 18.0pt; text-indent: -18pt;"><span style="font-size: medium;"><!--[if !supportLists]--><span style="font-family: Symbol; line-height: 107%; mso-bidi-font-family: Symbol; mso-bidi-font-size: 11.0pt; mso-fareast-font-family: Symbol;"><span style="mso-list: Ignore;">·<span style="font-family: "Times New Roman"; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-style: normal; font-variant: normal; font-variation-settings: normal; font-weight: normal; line-height: normal;">
</span></span></span><!--[endif]--><span style="font-family: "Times New Roman",serif;">Anonymisation,
pseudonymisation and other AI compliance tools:<o:p></o:p></span></span></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 72pt; mso-add-space: auto; mso-list: l3 level2 lfo1; text-indent: -36pt;"><span style="font-size: medium;"><!--[if !supportLists]--><span style="font-family: "Times New Roman",serif; mso-fareast-font-family: "Times New Roman";"><span style="mso-list: Ignore;">•<span style="font-family: "Times New Roman"; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-style: normal; font-variant: normal; font-variation-settings: normal; font-weight: normal; line-height: normal;">
</span></span></span><!--[endif]--><span style="font-family: "Times New Roman",serif;">Taking
a risk-based approach when developing and deploying AI.<o:p></o:p></span></span></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 72pt; mso-add-space: auto; mso-list: l3 level2 lfo1; text-indent: -36pt;"><span style="font-size: medium;"><!--[if !supportLists]--><span style="font-family: "Times New Roman",serif; mso-fareast-font-family: "Times New Roman";"><span style="mso-list: Ignore;">•<span style="font-family: "Times New Roman"; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-style: normal; font-variant: normal; font-variation-settings: normal; font-weight: normal; line-height: normal;">
</span></span></span><!--[endif]--><span style="font-family: "Times New Roman",serif;">explain
decisions made by AI systems to affected individuals.<o:p></o:p></span></span></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 72pt; mso-add-space: auto; mso-list: l3 level2 lfo1; text-indent: -36pt;"><span style="font-size: medium;"><!--[if !supportLists]--><span style="font-family: "Times New Roman",serif; mso-fareast-font-family: "Times New Roman";"><span style="mso-list: Ignore;">•<span style="font-family: "Times New Roman"; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-style: normal; font-variant: normal; font-variation-settings: normal; font-weight: normal; line-height: normal;">
</span></span></span><!--[endif]--><span style="font-family: "Times New Roman",serif;">Only
collecting the data needed to develop the AI system and no more.<o:p></o:p></span></span></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 72pt; mso-add-space: auto; mso-list: l3 level2 lfo1; text-indent: -36pt;"><span style="font-size: medium;"><!--[if !supportLists]--><span style="font-family: "Times New Roman",serif; mso-fareast-font-family: "Times New Roman";"><span style="mso-list: Ignore;">•<span style="font-family: "Times New Roman"; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-style: normal; font-variant: normal; font-variation-settings: normal; font-weight: normal; line-height: normal;">
</span></span></span><!--[endif]--><span style="font-family: "Times New Roman",serif;">Addressing
the risk of bias and discrimination at an early stage.<o:p></o:p></span></span></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 72pt; mso-add-space: auto; mso-list: l3 level2 lfo1; text-indent: -36pt;"><span style="font-size: medium;"><!--[if !supportLists]--><span style="font-family: "Times New Roman",serif; mso-fareast-font-family: "Times New Roman";"><span style="mso-list: Ignore;">•<span style="font-family: "Times New Roman"; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-style: normal; font-variant: normal; font-variation-settings: normal; font-weight: normal; line-height: normal;">
</span></span></span><!--[endif]--><span style="font-family: "Times New Roman",serif;">Investing
time and resource to prepare data appropriately.<o:p></o:p></span></span></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 72pt; mso-add-space: auto; mso-list: l3 level2 lfo1; text-indent: -36pt;"><span style="font-size: medium;"><!--[if !supportLists]--><span style="font-family: "Times New Roman",serif; mso-fareast-font-family: "Times New Roman";"><span style="mso-list: Ignore;">•<span style="font-family: "Times New Roman"; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-style: normal; font-variant: normal; font-variation-settings: normal; font-weight: normal; line-height: normal;">
</span></span></span><!--[endif]--><span style="font-family: "Times New Roman",serif;">Ensuring
AI systems are secure.<o:p></o:p></span></span></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 72pt; mso-add-space: auto; mso-list: l3 level2 lfo1; text-indent: -36pt;"><span style="font-size: medium;"><!--[if !supportLists]--><span style="font-family: "Times New Roman",serif; mso-fareast-font-family: "Times New Roman";"><span style="mso-list: Ignore;">•<span style="font-family: "Times New Roman"; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-style: normal; font-variant: normal; font-variation-settings: normal; font-weight: normal; line-height: normal;">
</span></span></span><!--[endif]--><span style="font-family: "Times New Roman",serif;">Ensuring
any human review of AI decisions is meaningful.<o:p></o:p></span></span></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 72pt; mso-add-space: auto; mso-list: l3 level2 lfo1; text-indent: -36pt;"><span style="font-size: medium;"><!--[if !supportLists]--><span style="font-family: "Times New Roman",serif; mso-fareast-font-family: "Times New Roman";"><span style="mso-list: Ignore;">•<span style="font-family: "Times New Roman"; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-style: normal; font-variant: normal; font-variation-settings: normal; font-weight: normal; line-height: normal;">
</span></span></span><!--[endif]--><span style="font-family: "Times New Roman",serif;">Working
with external suppliers to ensure AI use will be appropriate.<o:p></o:p></span></span></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 18pt; mso-add-space: auto; mso-list: l3 level1 lfo1; tab-stops: list 18.0pt; text-indent: -18pt;"><span style="font-size: medium;"><!--[if !supportLists]--><span style="font-family: Symbol; line-height: 107%; mso-bidi-font-family: Symbol; mso-bidi-font-size: 11.0pt; mso-fareast-font-family: Symbol;"><span style="mso-list: Ignore;">·<span style="font-family: "Times New Roman"; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-style: normal; font-variant: normal; font-variation-settings: normal; font-weight: normal; line-height: normal;">
</span></span></span><!--[endif]--><span style="font-family: "Times New Roman",serif;">Profiling
and automated decision-making – important to consider that human physiology is
‘normally’ distributed but human behaviour is not<o:p></o:p></span></span></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 72pt; mso-add-space: auto; mso-list: l3 level2 lfo1; text-indent: -36pt;"><span style="font-size: medium;"><!--[if !supportLists]--><span style="font-family: "Times New Roman",serif; mso-fareast-font-family: "Times New Roman";"><span style="mso-list: Ignore;">•<span style="font-family: "Times New Roman"; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-style: normal; font-variant: normal; font-variation-settings: normal; font-weight: normal; line-height: normal;">
</span></span></span><!--[endif]--><span style="font-family: "Times New Roman",serif;">Right
to object to solely auto decision, except in certain situations where you must
at least have the right to human intervention anyway, with further restrictions
on special categories of personal data.<o:p></o:p></span></span></p>
<p class="MsoListParagraphCxSpLast" style="margin-left: 18pt; mso-add-space: auto; mso-list: l3 level1 lfo1; tab-stops: list 18.0pt; text-indent: -18pt;"><span style="font-size: medium;"><!--[if !supportLists]--><span style="font-family: Symbol; line-height: 107%; mso-bidi-font-family: Symbol; mso-bidi-font-size: 11.0pt; mso-fareast-font-family: Symbol;"><span style="mso-list: Ignore;">·<span style="font-family: "Times New Roman"; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-style: normal; font-variant: normal; font-variation-settings: normal; font-weight: normal; line-height: normal;">
</span></span></span><!--[endif]--><span style="font-family: "Times New Roman",serif;">The
lawful basis for web-scraping (also being considered by the IPO in terms of
copyright protection).<o:p></o:p></span></span></p>
<p class="MsoNormal" style="background: white; line-height: normal; margin-bottom: 0cm; text-align: justify;"><b><i><span style="color: black; font-family: "Times New Roman",serif; font-size: medium; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB; mso-font-kerning: 0pt; mso-ligatures: none;">How to govern the use of AI?</span></i></b></p>
<p class="MsoNormal" style="background: white; line-height: normal; margin-bottom: 0cm; text-align: justify;"><span style="background-color: transparent; font-family: "Times New Roman", serif; font-size: medium; text-align: left;">Given the
scale of the players involved in creating AI systems, and the challenges around
competition and lack of explainability, there’s a very real risk of regulatory
capture by Big Tech.</span></p>
<p class="MsoNormal"><span style="font-family: "Times New Roman",serif; font-size: medium;">For
evidence of Big Tech involvement in governance issues, witness the boardroom
psychodrama over the governance of OpenAI and who should be its CEO, a battle
won by Microsoft as a shareholder over the concerns of OpenAI’s board of
directors.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family: "Times New Roman",serif; font-size: medium;">To date, the
incentives to achieve scale over rivals or for start-ups to get rich quick have
obviously favoured early release of AI systems over concerns about the other
challenges, though that may have changed with the recent decision by Google to
pull the Gemini text to image system.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family: "Times New Roman",serif; font-size: medium;">There’s also
a cult among certain high profile venture capitalists and others in Silicon
Valley, self-styled as ‘techno-optimism’. They’ve published a 'manifesto'
asserting the dominance of their own self-interest, backed by a well-funded
'political action committee' making targeted political donations, supporting
candidates who back their tech agenda and blocking those who don’t.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: medium;"><span style="font-family: "Times New Roman",serif;">To chart a
safe route for the development and deployment of AI there’s a need prioritize
the public interest, and align technology with widely shared human values
rather than the self-interest of a few tech enthusiasts, no matter how wealthy
they are. That means uniting the AI industry, researchers and civil society
around the public perspective, as <a href="https://filab.uk/4a1vP3P" target="_blank">advocated by The Finance Innovation Lab</a> (of
which I’m a Fellow).</span> <span style="font-family: "Times New Roman",serif;"> <span style="mso-spacerun: yes;"> </span><o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="font-family: "Times New Roman",serif; font-size: medium;">In this
respect AI should be treated like aviation, health and safety, and medicines
and it seems unwise for the next generation of AI to launch into unregulated
territory.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family: "Times New Roman",serif; font-size: medium;">There are
key liability issues to be solved and mechanism for attributing and apportioning
causation and liability upstream and downstream among developers, deployers and
end-users.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family: "Times New Roman",serif; font-size: medium;">To address
concentration risk and barriers to entry there needs to be easier portability
and the ability to switch among cloud providers.<o:p></o:p></span></p>
<p class="MsoNormal" style="background: white; line-height: normal; margin-bottom: 0cm; text-align: justify;"><span style="font-size: medium;"><span style="color: black; font-family: "Times New Roman",serif; mso-color-alt: windowtext;">In the absence of regulation,
participants (and victims) will look to contract and tort law (negligence, nuisance
and actions for breaches of any existing statutory duties). </span><span style="color: black; font-family: "Times New Roman",serif; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB; mso-font-kerning: 0pt; mso-ligatures: none;"><o:p></o:p></span></span></p>
<p class="MsoNormal"><b><i><span style="font-family: "Times New Roman",serif; font-size: medium;">Regulatory
Measures</span></i></b></p>
<p class="MsoNormal"><span style="font-family: "Times New Roman",serif; font-size: medium;">Outside
the EU, the UK is a rule taker when it comes to regulating issues that have any
global scale, China, EU and the US will all drive regulation, but geography and
trade links means the trade bloc on the UK’s doorstep is the most important.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: medium;"><span style="font-family: "Times New Roman", serif;">Examples
of regulatory measures from the EU, US and China (summarised at the end of this
note) </span><span style="font-family: "Times New Roman", serif; mso-spacerun: yes;"> </span><span style="font-family: "Times New Roman", serif;">seek to draw some red lines in
areas impacted by AI to at least force the industry to engage with legislators
and regulators if the law is not to overly restrict development and deployment
of AI. You might question the flexibility of this approach but given the risks
it does seem reasonable. After all, it’s a very common tension within
organisations as to whether the business units, tech developers or support
teams can move more quickly on a given change project, depending on the
challenges involved. So, why should the world outside AI development businesses
move at the speed of the tech developers as opposed to other stakeholders (without
holding AI businesses to account)? As pointed out to the House of Lords
committee, developers have greatest insight into, and control over, an AI’s
base model, yet downstream deployers and users may have no idea what data an AI
was trained on, the nature of any testing and potential limitations on its use.</span></span></p>
<p class="MsoNormal" style="margin-bottom: 0cm;"><span style="font-size: medium;"><span style="font-family: "Times New Roman",serif;">Meanwhile,
<a href="https://www.gov.uk/government/consultations/ai-regulation-a-pro-innovation-approach-policy-proposals/outcome/a-pro-innovation-approach-to-ai-regulation-government-response" target="_blank">the UK government’s do-nothing position</a> is dressed up as being ‘pro-innovation’
but is at the very least a fig leaf for us being a rule-taker, and at worst
demonstrates a dereliction of duty and/or regulatory capture. </span><span class="MsoHyperlink"><span style="background: white; font-family: "Times New Roman",serif;"> </span></span><span style="font-family: "Times New Roman",serif;">Some of
the UK’s 90 regulatory bodies are using their current powers to address the
risks of AI (such as the ICO’s focus on the implications for privacy, as
mentioned above). But the UK’s Intellectual Property Office has shelved a
long-awaited code setting out rules on the training of artificial intelligence
models using copyrighted material, dealing a blow to the creative industry.</span></span></p>
<p class="MsoNormal" style="margin-bottom: 0cm;"><b><i><span lang="EN-US" style="font-family: "Times New Roman",serif; font-size: medium; mso-ansi-language: EN-US;">How to Approach AI risk management</span></i></b></p>
<p class="MsoNormal"><span style="font-size: medium;"><span lang="EN-US" style="font-family: "Times New Roman",serif; mso-ansi-language: EN-US;">The following steps are involved in the process of understanding
and managing the risks relating to AI:</span><span style="font-family: "Times New Roman",serif;"><o:p></o:p></span></span></p>
<p class="MsoNormal" style="margin-left: 36pt; mso-list: l0 level1 lfo10; tab-stops: list 36.0pt; text-indent: -18pt;"><span style="font-size: medium;"><!--[if !supportLists]--><span style="font-family: "Lato",serif; mso-bidi-font-family: Lato; mso-fareast-font-family: Lato;"><span style="mso-list: Ignore;">●<span style="font-family: "Times New Roman"; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-style: normal; font-variant: normal; font-variation-settings: normal; font-weight: normal; line-height: normal;">
</span></span></span><!--[endif]--><span lang="EN-US" style="font-family: "Times New Roman",serif; mso-ansi-language: EN-US;">Perspective: developer, deployer or end-user?</span><span style="font-family: "Times New Roman",serif;"><o:p></o:p></span></span></p>
<p class="MsoNormal" style="margin-left: 36pt; mso-list: l0 level1 lfo10; tab-stops: list 36.0pt; text-indent: -18pt;"><span style="font-size: medium;"><!--[if !supportLists]--><span style="font-family: "Lato",serif; mso-bidi-font-family: Lato; mso-fareast-font-family: Lato;"><span style="mso-list: Ignore;">●<span style="font-family: "Times New Roman"; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-style: normal; font-variant: normal; font-variation-settings: normal; font-weight: normal; line-height: normal;">
</span></span></span><!--[endif]--><span lang="EN-US" style="font-family: "Times New Roman",serif; mso-ansi-language: EN-US;">Context and end-to-end activity/processes affected</span><span style="font-family: "Times New Roman",serif;"><o:p></o:p></span></span></p>
<p class="MsoNormal" style="margin-left: 36pt; mso-list: l0 level1 lfo10; tab-stops: list 36.0pt; text-indent: -18pt;"><span style="font-size: medium;"><!--[if !supportLists]--><span style="font-family: "Lato",serif; mso-bidi-font-family: Lato; mso-fareast-font-family: Lato;"><span style="mso-list: Ignore;">●<span style="font-family: "Times New Roman"; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-style: normal; font-variant: normal; font-variation-settings: normal; font-weight: normal; line-height: normal;">
</span></span></span><!--[endif]--><span lang="EN-US" style="font-family: "Times New Roman",serif; mso-ansi-language: EN-US;">Nature of AI system(s) involved</span><span style="font-family: "Times New Roman",serif;"><o:p></o:p></span></span></p>
<p class="MsoNormal" style="margin-left: 36pt; mso-list: l0 level1 lfo10; tab-stops: list 36.0pt; text-indent: -18pt;"><span style="font-size: medium;"><!--[if !supportLists]--><span style="font-family: "Lato",serif; mso-bidi-font-family: Lato; mso-fareast-font-family: Lato;"><span style="mso-list: Ignore;">●<span style="font-family: "Times New Roman"; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-style: normal; font-variant: normal; font-variation-settings: normal; font-weight: normal; line-height: normal;">
</span></span></span><!--[endif]--><span lang="EN-US" style="font-family: "Times New Roman",serif; mso-ansi-language: EN-US;">Use/purpose of AI </span><span style="font-family: "Times New Roman",serif;"><o:p></o:p></span></span></p>
<p class="MsoNormal" style="margin-left: 36pt; mso-list: l0 level1 lfo10; tab-stops: list 36.0pt; text-indent: -18pt;"><span style="font-size: medium;"><!--[if !supportLists]--><span style="font-family: "Lato",serif; mso-bidi-font-family: Lato; mso-fareast-font-family: Lato;"><span style="mso-list: Ignore;">●<span style="font-family: "Times New Roman"; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-style: normal; font-variant: normal; font-variation-settings: normal; font-weight: normal; line-height: normal;">
</span></span></span><!--[endif]--><span lang="EN-US" style="font-family: "Times New Roman",serif; mso-ansi-language: EN-US;">Sources, rights, integrity of training data</span><span style="font-family: "Times New Roman",serif;"><o:p></o:p></span></span></p>
<p class="MsoNormal" style="margin-left: 36pt; mso-list: l0 level1 lfo10; tab-stops: list 36.0pt; text-indent: -18pt;"><span style="font-size: medium;"><!--[if !supportLists]--><span style="font-family: "Lato",serif; mso-bidi-font-family: Lato; mso-fareast-font-family: Lato;"><span style="mso-list: Ignore;">●<span style="font-family: "Times New Roman"; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-style: normal; font-variant: normal; font-variation-settings: normal; font-weight: normal; line-height: normal;">
</span></span></span><!--[endif]--><span lang="EN-US" style="font-family: "Times New Roman",serif; mso-ansi-language: EN-US;">Tolerances for inaccuracy/bias</span><span style="font-family: "Times New Roman",serif;"><o:p></o:p></span></span></p>
<p class="MsoNormal" style="margin-left: 36pt; mso-list: l0 level1 lfo10; tab-stops: list 36.0pt; text-indent: -18pt;"><span style="font-size: medium;"><!--[if !supportLists]--><span style="font-family: "Lato",serif; mso-bidi-font-family: Lato; mso-fareast-font-family: Lato;"><span style="mso-list: Ignore;">●<span style="font-family: "Times New Roman"; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-style: normal; font-variant: normal; font-variation-settings: normal; font-weight: normal; line-height: normal;">
</span></span></span><!--[endif]--><span lang="EN-US" style="font-family: "Times New Roman",serif; mso-ansi-language: EN-US;">Sense-check for proposed human oversight/intervention</span><span style="font-family: "Times New Roman",serif;"><o:p></o:p></span></span></p>
<p class="MsoNormal" style="margin-left: 36pt; mso-list: l0 level1 lfo10; tab-stops: list 36.0pt; text-indent: -18pt;"><span style="font-size: medium;"><!--[if !supportLists]--><span style="font-family: "Lato",serif; mso-bidi-font-family: Lato; mso-fareast-font-family: Lato;"><span style="mso-list: Ignore;">●<span style="font-family: "Times New Roman"; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-style: normal; font-variant: normal; font-variation-settings: normal; font-weight: normal; line-height: normal;">
</span></span></span><!--[endif]--><span lang="EN-US" style="font-family: "Times New Roman",serif; mso-ansi-language: EN-US;">Governance/oversight function (steering committee?)</span><span style="font-family: "Times New Roman",serif;"><o:p></o:p></span></span></p>
<p class="MsoNormal" style="margin-left: 36pt; mso-list: l0 level1 lfo10; tab-stops: list 36.0pt; text-indent: -18pt;"><span style="font-size: medium;"><!--[if !supportLists]--><span style="font-family: "Lato",serif; mso-bidi-font-family: Lato; mso-fareast-font-family: Lato;"><span style="mso-list: Ignore;">●<span style="font-family: "Times New Roman"; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-style: normal; font-variant: normal; font-variation-settings: normal; font-weight: normal; line-height: normal;">
</span></span></span><!--[endif]--><span lang="EN-US" style="font-family: "Times New Roman",serif; mso-ansi-language: EN-US;">Testing, testing, testing</span><span style="font-family: "Times New Roman",serif;"><o:p></o:p></span></span></p>
<p class="MsoNormal" style="margin-left: 36pt; mso-list: l0 level1 lfo10; tab-stops: list 36.0pt; text-indent: -18pt;"><span style="font-size: medium;"><!--[if !supportLists]--><span style="font-family: "Lato",serif; mso-bidi-font-family: Lato; mso-fareast-font-family: Lato;"><span style="mso-list: Ignore;">●<span style="font-family: "Times New Roman"; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-style: normal; font-variant: normal; font-variation-settings: normal; font-weight: normal; line-height: normal;">
</span></span></span><!--[endif]--><span lang="EN-US" style="font-family: "Times New Roman",serif; mso-ansi-language: EN-US;">Data licensing</span><span style="font-family: "Times New Roman",serif;"><o:p></o:p></span></span></p>
<p class="MsoNormal" style="margin-left: 36pt; mso-list: l0 level1 lfo10; tab-stops: list 36.0pt; text-indent: -18pt;"><span style="font-size: medium;"><!--[if !supportLists]--><span style="font-family: "Lato",serif; mso-bidi-font-family: Lato; mso-fareast-font-family: Lato;"><span style="mso-list: Ignore;">●<span style="font-family: "Times New Roman"; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-style: normal; font-variant: normal; font-variation-settings: normal; font-weight: normal; line-height: normal;">
</span></span></span><!--[endif]--><span lang="EN-US" style="font-family: "Times New Roman",serif; mso-ansi-language: EN-US;">GDPR impact assessment, record of processing, privacy
policy (data collected, purpose, lawful basis) and any consents</span><span style="font-family: "Times New Roman",serif;"><o:p></o:p></span></span></p>
<p class="MsoNormal" style="margin-left: 36pt; mso-list: l0 level1 lfo10; tab-stops: list 36.0pt; text-indent: -18pt;"><span style="font-size: medium;"><!--[if !supportLists]--><span style="font-family: "Lato",serif; mso-bidi-font-family: Lato; mso-fareast-font-family: Lato;"><span style="mso-list: Ignore;">●<span style="font-family: "Times New Roman"; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-style: normal; font-variant: normal; font-variation-settings: normal; font-weight: normal; line-height: normal;">
</span></span></span><!--[endif]--><span lang="EN-US" style="font-family: "Times New Roman",serif; mso-ansi-language: EN-US;">Commercial contracts, addressing upstream and
downstream rights, obligations, liability</span><span style="font-family: "Times New Roman",serif;"><o:p></o:p></span></span></p>
<p class="MsoNormal" style="margin-left: 36pt; mso-list: l0 level1 lfo10; tab-stops: list 36.0pt; text-indent: -18pt;"><span style="font-size: medium;"><!--[if !supportLists]--><span style="font-family: "Lato",serif; mso-bidi-font-family: Lato; mso-fareast-font-family: Lato;"><span style="mso-list: Ignore;">●<span style="font-family: "Times New Roman"; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-style: normal; font-variant: normal; font-variation-settings: normal; font-weight: normal; line-height: normal;">
</span></span></span><!--[endif]--><span lang="EN-US" style="font-family: "Times New Roman",serif; mso-ansi-language: EN-US;">Controls (defect/error detection), fault analysis,
complaints handling, dispute resolution</span><span style="font-family: "Times New Roman",serif;"><o:p></o:p></span></span></p>
<p class="MsoNormal" style="margin-left: 36pt; mso-list: l0 level1 lfo10; tab-stops: list 36.0pt; text-indent: -18pt;"><span style="font-size: medium;"><!--[if !supportLists]--><span style="font-family: "Lato",serif; mso-bidi-font-family: Lato; mso-fareast-font-family: Lato;"><span style="mso-list: Ignore;">●<span style="font-family: "Times New Roman"; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-style: normal; font-variant: normal; font-variation-settings: normal; font-weight: normal; line-height: normal;">
</span></span></span><!--[endif]--><span lang="EN-US" style="font-family: "Times New Roman",serif; mso-ansi-language: EN-US;">Feedback loop for improvements</span><span style="font-family: "Times New Roman",serif;"><o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="font-family: "Times New Roman",serif; font-size: medium;">If you
would like advice on any aspects of this post, <a href="https://www.keystonelaw.com/lawyers/simon-deane-johns" target="_blank">please let me know</a>.<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom: 0cm;"><b><i><span style="font-family: "Times New Roman",serif; font-size: medium;"><br /></span></i></b></p><p class="MsoNormal" style="margin-bottom: 0cm;"><b><span style="font-family: "Times New Roman",serif; font-size: medium;">Examples of regulatory measures from the EU, US and
China</span></b></p>
<p class="MsoNormal"><b><span style="font-family: "Times New Roman",serif; font-size: medium;"><i>EU</i></span></b></p>
<p class="MsoNormal" style="line-height: normal; margin-bottom: 0cm; mso-layout-grid-align: none; mso-pagination: none; text-align: justify; text-autospace: none;"><span style="font-size: medium;"><u><span style="font-family: "Times New Roman",serif; mso-font-kerning: 0pt;">EU Artificial
Intelligence Act</span></u><b><span style="font-family: "Times New Roman",serif; mso-font-kerning: 0pt;"> </span></b><span style="color: black; font-family: "Times New Roman",serif; mso-font-kerning: 0pt;">is expected to enter into force early in 2024
with a 2 year transition period. It proposes a risk-based framework for AI
systems, with AI systems presenting unacceptable levels of risk being
prohibited. The AI Act identifies, defines and creates detailed obligations and
responsibilities for several new actors involved in the placing on the market,
putting into service and use of AI systems. Perhaps the most significant of
these are the definitions of “providers” and “deployers” of AI systems. The Act
covers any AI output which is available within the EU and so would cover UK
companies providing AI services in the EU. There is expected to be a transition
period of two years before the Act is fully in force, but some provisions may
come into effect earlier: six months for prohibited AI practices and 12 months
for general purpose AI.</span></span></p>
<p class="MsoNormal" style="line-height: normal; margin-bottom: 0cm; mso-layout-grid-align: none; mso-pagination: none; text-align: justify; text-autospace: none;"><span style="color: black; font-family: "Times New Roman",serif; font-size: medium; mso-font-kerning: 0pt;"><o:p>The AI Act defines an AI system as:</o:p></span></p><p class="MsoNormal" style="line-height: normal; margin-bottom: 0cm; margin-left: 36.0pt; margin-right: 0cm; margin-top: 0cm; margin: 0cm 0cm 0cm 36pt; mso-layout-grid-align: none; mso-pagination: none; text-align: justify; text-autospace: none;"><span style="color: black; font-family: "Times New Roman",serif; font-size: medium; mso-font-kerning: 0pt;"><br /></span></p><p class="MsoNormal" style="line-height: normal; margin-bottom: 0cm; margin-left: 36.0pt; margin-right: 0cm; margin-top: 0cm; margin: 0cm 0cm 0cm 36pt; mso-layout-grid-align: none; mso-pagination: none; text-align: justify; text-autospace: none;"><span style="color: black; font-family: "Times New Roman",serif; font-size: medium; mso-font-kerning: 0pt;">”...a machine-based system
designed to operate with varying levels of autonomy and that may exhibit
adaptiveness after deployment and that, for explicit or implicit objectives,
infers, from the input it receives, how to generate outputs such as
predictions, content, recommendations, or decisions that can influence physical
or virtual environments.”</span></p>
<p class="MsoNormal" style="line-height: normal; margin-bottom: 0cm; mso-layout-grid-align: none; mso-pagination: none; text-align: justify; text-autospace: none;"><span style="font-size: medium;"><span><o:p><span style="font-family: Times New Roman, serif;">The AI Act prohibits
‘placing on the market’ AI systems that: use subliminal techniques, exploit
vulnerabilities of specific groups of people, create a social score for a
person that leads to certain types of detrimental or unfavourable treatment, or
which categorise a person based on classification of their biometric data;
assess persons for their likelihood to commit a criminal offence based on an
assessment of their personality traits; as well as the use of real-time, remote
biometric identification systems in publicly accessible spaces by or on behalf
of law enforcement authorities (except to preserve life). There are also co</span></o:p></span><span style="font-family: "Times New Roman",serif; text-indent: -18pt;">mpliance
requirements for high risk AI systems.</span></span></p>
<p class="MsoNormal" style="line-height: normal; margin-bottom: 0cm; mso-layout-grid-align: none; mso-pagination: none; text-align: justify; text-autospace: none;"><span style="font-size: medium;"><u><span style="font-family: "Times New Roman",serif;">The draft AI Liability Directive
and revised Product Liability Directive</span></u><span style="font-family: "Times New Roman",serif;"> will clarify the rules on making claims for damage
caused by an AI systemand impose a rebuttable presumption of causality on an AI
system, subject to certain conditions. The two directives are intended to
operate together in a complementary manner. The Directive is likely to be
formally approved in early 2024 and will apply to products placed on the market
24 months after it enters into force. <o:p></o:p></span></span></p>
<p class="MsoNormal" style="line-height: normal; margin-bottom: 0cm; mso-layout-grid-align: none; mso-pagination: none; text-align: justify; text-autospace: none;"><span style="font-size: medium;"><u style="text-align: left;"><span style="font-family: "Times New Roman",serif;">EU
Digital Services Act</span></u><span style="font-family: "Times New Roman",serif; text-align: left;">
entered into force on 16 November 2022 and imposes obligations on providers of
various online intermediary services, such as social media and online
marketplaces. It is aimed at ensuring a safer and more open digital space for
users and a level playing field for companies, including provisions banning
dark patterns.</span></span></p>
<p class="MsoNormal"><span style="font-size: medium;"><u><span style="font-family: "Times New Roman",serif;">EU
Digital Markets Act </span></u><span style="font-family: "Times New Roman",serif;">became
fully applicable on 2 May 2023 and the European Commission has received
notifications from seven companies who consider that they meet the gatekeeper
thresholds <o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="font-size: medium;"><u><span style="font-family: "Times New Roman",serif;">EU
Machinery Products Regulation</span></u><span style="font-family: "Times New Roman",serif;">
covers emerging technologies (for example, internet of things (IoT)). Although
AI system risks will be regulated by the proposed AI Act (see EU Artificial
Intelligence Act), the Machinery Regulation will look at whether the machinery
as a whole is safe, taking into account the interactions between machinery
components including AI systems. In-scope machinery and products imported into
the EU from third countries (such as the UK) will need to adhere to the
Machinery Regulation.<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="font-size: medium;"><u><span style="font-family: "Times New Roman",serif;">EU
General Product Safety Regulation</span></u><span style="font-family: "Times New Roman",serif;">
will apply from apply from 13 December 2024. <o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="font-size: medium;"><u><span style="font-family: "Times New Roman",serif;">EU Data
Governance Act</span></u><span style="font-family: "Times New Roman",serif;">, with
effect from 23 September 2023, establishes mechanisms to enable the reuse of
some public sector data. The availability of data within a controlled mechanism
will be of benefit to the development of AI solutions. <o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="font-size: medium;"><u><span style="font-family: "Times New Roman",serif;">The EU
Data Act</span></u><span style="font-family: "Times New Roman",serif;"> requires
providers of products and related services to make the data generated by their
products (for example, IoT devices) or services easily accessible to the user,
regardless of whether the user is a business or a consumer. The user will then
be able to provide the data to third parties or use it for their own purposes,
including for AI purposes. The EU Data Act was published in the Official
Journal on 22 December 2023 and applies from 12 September 2025.<o:p></o:p></span></span></p>
<p class="MsoNormal"><b><i><span style="font-family: "Times New Roman",serif; font-size: medium;">US <o:p></o:p></span></i></b></p>
<p class="MsoNormal" style="margin-bottom: 0cm;"><span style="font-size: medium;"><span style="font-family: "Times New Roman",serif;">In
October the White House published <a href="https://www.whitehouse.gov/briefing-room/statements-releases/2023/10/30/fact-sheet-president-biden-issues-executive-order-on-safe-secureand-trustworthy-artificial-intelligence/" target="_blank">mandatory requirements for sharing safety testing information</a> before “the most powerful AI systems” are made public; and there are s</span><span style="font-family: "Times New Roman",serif;">ome <a href="https://www.ianbrown.tech/2024/02/20/ftc-tech-summit-on-ai/" target="_blank">very interesting remedies</a> are coming out of the Federal Trade Commission such as:</span><span style="font-family: "Times New Roman",serif; mso-font-kerning: 0pt;"> </span><span style="mso-spacerun: yes;"> </span></span></p><p class="MsoNormal"><span style="font-size: medium;"><o:p></o:p></span></p>
<blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px; text-align: left;"><p class="MsoListParagraphCxSpFirst" style="mso-list: l8 level1 lfo8; text-indent: -18pt;"><span style="font-size: medium;"><span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;"><span style="mso-list: Ignore;">·<span style="font-family: "Times New Roman"; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-style: normal; font-variant: normal; font-variation-settings: normal; font-weight: normal; line-height: normal;">
</span></span></span><!--[endif]--><span style="font-family: "Times New Roman",serif;">inquiries
into Big AI activity;<o:p></o:p></span></span></p><p class="MsoListParagraphCxSpMiddle" style="mso-list: l8 level1 lfo8; text-indent: -18pt;"><span style="font-size: medium;"><span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;"><span style="mso-list: Ignore;">·<span style="font-family: "Times New Roman"; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-style: normal; font-variant: normal; font-variation-settings: normal; font-weight: normal; line-height: normal;">
</span></span></span><!--[endif]--><span style="font-family: "Times New Roman",serif;">aligning
liability with ability and control (upstream liability);<o:p></o:p></span></span></p><p class="MsoListParagraphCxSpMiddle" style="mso-list: l8 level1 lfo8; text-indent: -18pt;"><span style="font-size: medium;"><span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;"><span style="mso-list: Ignore;">·<span style="font-family: "Times New Roman"; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-style: normal; font-variant: normal; font-variation-settings: normal; font-weight: normal; line-height: normal;">
</span></span></span><!--[endif]--><span style="font-family: "Times New Roman",serif;">Remedies
to address incentives, ‘bright line’ rules on data/purposes:<o:p></o:p></span></span></p></blockquote><p class="MsoListParagraphCxSpFirst" style="mso-list: l8 level1 lfo8; text-indent: -18pt;"><span style="font-size: medium;"><!--[if !supportLists]--></span></p>
<p class="MsoListParagraphCxSpMiddle" style="mso-list: l8 level1 lfo8; text-indent: -18pt;"><span style="font-size: medium;"><!--[if !supportLists]--></span></p>
<p class="MsoListParagraphCxSpMiddle" style="mso-list: l8 level1 lfo8; text-indent: -18pt;"><span style="font-size: medium;"><!--[if !supportLists]--></span></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 54pt; mso-add-space: auto; mso-list: l5 level1 lfo7; text-indent: -18pt;"><span style="font-size: medium;"><!--[if !supportLists]--><span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;"><span style="mso-list: Ignore;">·<span style="font-family: "Times New Roman"; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-style: normal; font-variant: normal; font-variation-settings: normal; font-weight: normal; line-height: normal;">
</span></span></span><!--[endif]--><span style="font-family: "Times New Roman",serif;">AI
trained on illegal data to be deleted; <o:p></o:p></span></span></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 54pt; mso-add-space: auto; mso-list: l5 level1 lfo7; text-indent: -18pt;"><span style="font-size: medium;"><!--[if !supportLists]--><span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;"><span style="mso-list: Ignore;">·<span style="font-family: "Times New Roman"; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-style: normal; font-variant: normal; font-variation-settings: normal; font-weight: normal; line-height: normal;">
</span></span></span><!--[endif]--><span style="font-family: "Times New Roman",serif;">action
on voice impersonation fraud and models that harm consumers; and<o:p></o:p></span></span></p>
<p class="MsoListParagraphCxSpLast" style="margin-left: 54pt; mso-add-space: auto; mso-list: l5 level1 lfo7; text-indent: -18pt;"><span style="font-size: medium;"><!--[if !supportLists]--><span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;"><span style="mso-list: Ignore;">·<span style="font-family: "Times New Roman"; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-style: normal; font-variant: normal; font-variation-settings: normal; font-weight: normal; line-height: normal;">
</span></span></span><!--[endif]--><span style="font-family: "Times New Roman",serif;">cannot
retain children’s data indefinitely, especially to train models.<o:p></o:p></span></span></p>
<p class="MsoNormal"><b><i><span style="font-family: "Times New Roman",serif; font-size: medium;">China<o:p></o:p></span></i></b></p><p class="MsoNormal"><span style="font-family: "Times New Roman",serif; font-size: medium;">China has addressed generative AI by requiring:</span></p>
<blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px; text-align: left;"><p class="MsoListParagraphCxSpFirst" style="mso-list: l6 level1 lfo9; text-indent: -18pt;"><span style="font-size: medium;"><span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;"><span style="mso-list: Ignore;">·<span style="font-family: "Times New Roman"; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-style: normal; font-variant: normal; font-variation-settings: normal; font-weight: normal; line-height: normal;">
</span></span></span><!--[endif]--><span style="font-family: "Times New Roman",serif;">license
to provide gen AI to the public<o:p></o:p></span></span></p><p class="MsoListParagraphCxSpMiddle" style="mso-list: l6 level1 lfo9; text-indent: -18pt;"><span style="font-size: medium;"><span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;"><span style="mso-list: Ignore;">·<span style="font-family: "Times New Roman"; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-style: normal; font-variant: normal; font-variation-settings: normal; font-weight: normal; line-height: normal;">
</span></span></span><!--[endif]--><span style="font-family: "Times New Roman",serif;">security
assessment if public opinion attributes or social mobilization capabilities in
the model <o:p></o:p></span></span></p><p class="MsoListParagraphCxSpMiddle" style="mso-list: l6 level1 lfo9; text-indent: -18pt;"><span style="font-size: medium;"><span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;"><span style="mso-list: Ignore;">·<span style="font-family: "Times New Roman"; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-style: normal; font-variant: normal; font-variation-settings: normal; font-weight: normal; line-height: normal;">
</span></span></span><!--[endif]--><span style="font-family: "Times New Roman",serif;">uphold
integrity of state power, not incite secession, safeguard national unity,
preserve economic/social order, align with socialist values<o:p></o:p></span></span></p><p class="MsoListParagraphCxSpMiddle" style="mso-list: l6 level1 lfo9; text-indent: -18pt;"><span style="font-size: medium;"><span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;"><span style="mso-list: Ignore;">·<span style="font-family: "Times New Roman"; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-style: normal; font-variant: normal; font-variation-settings: normal; font-weight: normal; line-height: normal;">
</span></span></span><!--[endif]--><span style="font-family: "Times New Roman",serif;">Additional
interim measures that also focus on other countries’ concerns around AI impact:
<o:p></o:p></span></span></p></blockquote><p class="MsoListParagraphCxSpFirst" style="mso-list: l6 level1 lfo9; text-indent: -18pt;"><span style="font-size: medium;"><!--[if !supportLists]--></span></p>
<p class="MsoListParagraphCxSpMiddle" style="mso-list: l6 level1 lfo9; text-indent: -18pt;"><span style="font-size: medium;"><!--[if !supportLists]--></span></p>
<p class="MsoListParagraphCxSpMiddle" style="mso-list: l6 level1 lfo9; text-indent: -18pt;"><span style="font-size: medium;"><!--[if !supportLists]--></span></p>
<p class="MsoListParagraphCxSpMiddle" style="mso-list: l6 level1 lfo9; text-indent: -18pt;"><span style="font-size: medium;"><!--[if !supportLists]--></span></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 72pt; mso-add-space: auto; mso-list: l6 level2 lfo9; text-indent: -18pt;"><span style="font-size: medium;"><!--[if !supportLists]--><span style="font-family: "Courier New"; mso-fareast-font-family: "Courier New";"><span style="mso-list: Ignore;">o<span style="font-family: "Times New Roman"; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-style: normal; font-variant: normal; font-variation-settings: normal; font-weight: normal; line-height: normal;">
</span></span></span><!--[endif]--><span style="font-family: "Times New Roman",serif;">IP
protection <o:p></o:p></span></span></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 72pt; mso-add-space: auto; mso-list: l6 level2 lfo9; text-indent: -18pt;"><span style="font-size: medium;"><!--[if !supportLists]--><span style="font-family: "Courier New"; mso-fareast-font-family: "Courier New";"><span style="mso-list: Ignore;">o<span style="font-family: "Times New Roman"; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-style: normal; font-variant: normal; font-variation-settings: normal; font-weight: normal; line-height: normal;">
</span></span></span><!--[endif]--><span style="font-family: "Times New Roman",serif;">Transparency,
and <o:p></o:p></span></span></p>
<p class="MsoListParagraphCxSpLast" style="margin-left: 72pt; mso-add-space: auto; mso-list: l6 level2 lfo9; text-indent: -18pt;"><span style="font-size: medium;"><!--[if !supportLists]--><span style="font-family: "Courier New"; mso-fareast-font-family: "Courier New";"><span style="mso-list: Ignore;">o<span style="font-family: "Times New Roman"; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-style: normal; font-variant: normal; font-variation-settings: normal; font-weight: normal; line-height: normal;">
</span></span></span><!--[endif]--><span style="font-family: "Times New Roman",serif;">Non-discrimination<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="font-family: "Times New Roman",serif; font-size: medium;">While we
might not agree with the sort of cultural control being imposed by Chinese
legislators in the context of generative AI, they perhaps point to a model for
how to introduce western civil society concepts into our legislation.<o:p></o:p></span></p><p class="MsoNormal"><span style="font-family: "Times New Roman",serif;"><br /></span></p><p></p></div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-5052063230340348434.post-3412560720976927832024-03-05T15:11:00.001+00:002024-03-05T15:11:37.121+00:00Pay-or-Consent Ignores the Elephant-in-the-Room<p style="text-align: justify;"></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiHgSRzgI9ayeteajB6lCGTAANZY4RGWpVoM_22KmPMAmp9MH7crU6drIxQfp0OWDUYIOA7FSYWae4O_h6xREKNN7ztFnVOIekOEkfMDSgyi5JvT5cSZjB8p1pXY5E-tnkix2RG2KyaHn6fxADKT7X4IUh36e7w4S0ihmtJD_tQuVvEmgSRG9bPxUNb-Mk/s252/complaints.jpg" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" data-original-height="252" data-original-width="200" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiHgSRzgI9ayeteajB6lCGTAANZY4RGWpVoM_22KmPMAmp9MH7crU6drIxQfp0OWDUYIOA7FSYWae4O_h6xREKNN7ztFnVOIekOEkfMDSgyi5JvT5cSZjB8p1pXY5E-tnkix2RG2KyaHn6fxADKT7X4IUh36e7w4S0ihmtJD_tQuVvEmgSRG9bPxUNb-Mk/w159-h200/complaints.jpg" width="159" /></a></div><p style="text-align: justify;">European consumer bodies have <a href="https://www.beuc.eu/sites/default/files/publications/BEUC-X-2024-020_How_Meta_is_breaching_consumers_fundamental_rights.pdf" target="_blank">united to file 8 local data protection complaints</a> against Meta, claiming that "to ask
consumers using Facebook and Instagram to give
their consent to the processing of their personal
data for advertising purposes or alternatively to pay
a fee of up to €311 per year" does not cure various problems under the General Data Protection Regulation in the way it processes their customers' personal data. This also likely affects the status of training data that Meta has drawn from Facebook and Instagram to power it artificial intelligence systems. Previous complaints have resulted in changes to Meta privacy policies, but no real change in the underlying data collection and processing. Customers' investment of time and effort in their accounts and Meta's market dominance makes switching unrealistic. If the complaints are successful, it would suggest both free and paid-for functionality will be much more limited in future, but perhaps subscription revenue might make up for any lost ad revenue. Meta obviously disputes the claims.</p><p></p><p style="text-align: justify;">The consumer bodies say that Meta collects way more personal data about its users than is necessary for the purposes claimed, such as performing its contracts with users, and this also fails to meet the GDPR requirement to minimise the personal data collected. </p><p style="text-align: justify;">In addition, there is too little transparency and explanation of the use or purpose for collecting each type of personal data, and the legal basis relied upon. That would mean Meta isn't clear what types of data must be processed for contractual purposes and which types are covered by user consent, for example. It would also mean that any consent relied upon was not fully informed and therefore was not validly given.</p><p style="text-align: justify;">While this calls into question the ability for Facebook and Instagram can use their customer's personal data to power behavioural advertising and the related revenues, it would also taint the use of such personal data as training data for Meta's AI tools and systems.</p><p style="text-align: justify;">The claims in more detail (which Meta obviously would deny strenuously) are:</p><p></p><ul style="text-align: left;"><li style="text-align: justify;">Meta’s personal data processing for advertising purposes lacks a valid legal basis because it relies
on consent which has not been validly collected for the purposes of the GDPR; </li><li style="text-align: justify;">Some of Meta’s processing for advertising purposes appears to rely invalidly on contract; </li><li style="text-align: justify;">Meta cannot account for the lawfulness of its processing for content personalisation since it is not
clear – and there is no way to verify – that all of Meta’s profiling for that purpose is (a) necessary
for the relevant contract and (b) consistent with the principle of data minimisation; </li><li style="text-align: justify;">It is not clear – and there is no way to verify – that all of Meta’s profiling for advertising purposes is
necessary for that purpose and therefore consistent with the principle of data minimisation; </li><li style="text-align: justify;">Meta’s processing in general is not consistent with the principles of transparency and purpose
limitation; and </li><li style="text-align: justify;">Meta’s lack of transparency, unexpected processing, use of its dominant position to force consent,
and switching of legal bases in ways which frustrate the exercise of data subject rights, are not
consistent with the principle of fairness.</li></ul><p></p><p><span style="text-align: justify;">Previous complaints have resulted in changes to privacy policies, to try to clarify the purpose and legal basis of processing, but the consumer bodies say this has not interrupted the underlying processing that they say is illegal. Meta would obviously dispute this. </span></p><p><span style="text-align: justify;">While it's tempting to think users can simply vote with their feet, the amount of time consumers have invested in their accounts - and Meta's market dominance - means that is not a realistic option.</span></p><p><span style="text-align: justify;">If the complaints are successful, it would suggest both free and paid-for functionality will be much more limited in future, but perhaps subscription revenue might make up for any lost ad revenue...</span></p><p><span style="text-align: justify;">What this space.</span></p><p><span style="text-align: justify;"><br /></span></p><p></p>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-5052063230340348434.post-6494827962471915662023-12-12T16:56:00.003+00:002024-03-11T10:36:16.379+00:00Anti-Greenwashing Guidance<table cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: right;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEi7KfHNVBP59u0mAVDFip_IZbsaIvGQbzXqhHmIlPTQ76pEwRAKixztpx0JOzXTU98_gVt2RN_xRtI6asR6XEWZ6h2-Yx8h8QlAAE9cvjK65P7qhpdUsUdFTM4ow3cz1kpXJEt6SxIvTCRQlyQ_niNYF4zRPGAtncXBUo3QbVCqcelZ40GYNn71V7hgnAM" style="clear: right; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img alt="" data-original-height="180" data-original-width="260" height="124" src="https://blogger.googleusercontent.com/img/a/AVvXsEi7KfHNVBP59u0mAVDFip_IZbsaIvGQbzXqhHmIlPTQ76pEwRAKixztpx0JOzXTU98_gVt2RN_xRtI6asR6XEWZ6h2-Yx8h8QlAAE9cvjK65P7qhpdUsUdFTM4ow3cz1kpXJEt6SxIvTCRQlyQ_niNYF4zRPGAtncXBUo3QbVCqcelZ40GYNn71V7hgnAM=w177-h124" width="177" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><i><a href="https://repurpose.global/blog/post/5-ways-to-tell-when-brands-are-greenwashing" target="_blank">Source</a></i></td></tr></tbody></table><p style="text-align: justify;">The UK's Financial Conduct Authority is <a href="https://www.fca.org.uk/publication/guidance-consultation/gc23-3.pdf">proposing guidance</a> for firms making sustainability claims in their promotional material, to avoid exaggerated and misleading messages. This includes situations where non-FCA authorised firms are getting promotions approved by FCA-authorised firms. The guidance will be finalised in Q1 2024, to take effect with the <a href="https://www.fca.org.uk/publication/policy/ps23-16.pdf" target="_blank">anti-greenwashing rule</a> on 31 May 2024.</p><p style="text-align: justify;">References to 'sustainability' must be:</p><p></p><ol style="text-align: left;"><li>Correct and capable of substantiation;</li><li>Clear and presented so as to be understood;</li><li>Complete and not omit/hide key information;</li><li>Take into account the full lifecycle of the product;</li><li>Fair and meaningful in relation to any comparisons made.
</li></ol><p></p><p>The Anti-greenwashing rule provides:</p><blockquote><p><i>ESG 4.3.1
R
(1)
This rule applies to a firm (whether it is undertaking sustainability in-scope business or not) which: </i></p></blockquote><blockquote><p><i>(a)
communicates with a client in the United Kingdom in relation to a product or service; or </i></p></blockquote><blockquote><p><i>(b)
communicates a financial promotion to, or approves a financial promotion for communication to, a person in the United Kingdom.
</i></p></blockquote><blockquote><p><i>(2)
A firm must ensure that any reference to the sustainability characteristics of a product or service is: </i></p></blockquote><blockquote><p><i>(a)
consistent with the sustainability characteristics of the product or service; and </i></p></blockquote><blockquote><p><i>(b)
fair, clear and not misleading.</i></p></blockquote>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-5052063230340348434.post-60680114809605914832023-11-13T09:02:00.005+00:002023-11-13T09:02:51.151+00:00Anti-fraud and Complaints Handling in UK Payment Service Providers<p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEho_QfFaRWsZSZQHREZS1PatotPEPxM8e9Q3RPxv5vvPSNl7U0Q5ztOZtvIasajVA1CdFTyJPVjbhVG30Q5s6gd5mhVCp5xYaFsNmJ8ItHGsZGbwOMaFOOjV0BAFmmWrjXYDB-ivPFRcMuDhRhtnNK65L4X-qpviZpF8R4y6A05-do9aVb4hjLO4zAB5xY/s264/complaints.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" data-original-height="264" data-original-width="191" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEho_QfFaRWsZSZQHREZS1PatotPEPxM8e9Q3RPxv5vvPSNl7U0Q5ztOZtvIasajVA1CdFTyJPVjbhVG30Q5s6gd5mhVCp5xYaFsNmJ8ItHGsZGbwOMaFOOjV0BAFmmWrjXYDB-ivPFRcMuDhRhtnNK65L4X-qpviZpF8R4y6A05-do9aVb4hjLO4zAB5xY/w145-h200/complaints.jpg" width="145" /></a></div><div style="text-align: justify;">The UK's Financial Conduct Authority has <a href="https://www.fca.org.uk/publications/multi-firm-reviews/anti-fraud-controls-complaint-handling-firms-focus-app-fraud" target="_blank">published a summary of its findings</a> of its review of anti-fraud controls of UK payment service providers, particularly focused on Authorised Push Payment (APP) fraud. <a href="https://www.keystonelaw.com/lawyers/simon-deane-johns" target="_blank">Let me know</a> if you need assistance in this area.</div><p></p><p style="text-align: justify;">E-money and payment institutions should at least consider these findings and recommendations as part of their continuing work on staying ahead of fraudsters, even if they consider their systems to be already robust. There is more detail in the FCA web page, but in summary, they found: </p><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px; text-align: left;"><p style="text-align: justify;"><i>• an insufficient focus on delivering good consumer outcomes in many of the firms we reviewed </i></p><p style="text-align: justify;"><i>• management information and actions often focused on commercial risk appetite, rather than customer impact and treatment </i></p><p style="text-align: justify;"><i>• significant scope in many firms to improve the support provided to victims of fraud including from the first point of contact. In many cases, firms need to do more to enable customers to report fraud easily and promptly </i></p><p style="text-align: justify;"><i>• poor complaint handling including firms often taking too long to respond to customer complaints </i></p><p style="text-align: justify;"><i>• customers provided with decision letters that were sometimes unclear, confusing, or included unhelpful and, on occasion, accusatory language </i></p><p style="text-align: justify;"><i>• limited evidence that firms are appropriately taking account of characteristics of customer vulnerability when making decisions about fraud claims and complaints.
</i></p></blockquote><p><a href="https://www.keystonelaw.com/lawyers/simon-deane-johns" target="_blank">Let me know</a> if you need assistance in this area.</p>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-5052063230340348434.post-30858942380199294992023-10-19T16:33:00.009+01:002023-10-19T16:38:47.865+01:00Do Payment Account Balances Held By A Payment Institution Without A Payment Order Constitute E-money?<p style="text-align: justify;"></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7p1AVokBJTmHZbtyZvb5Jnz0UIpYWUUpNfaRsR1gX-E1RVpzgbe7FpxRJiYG-nC3HgGxZizjGbZcND6ZX3SMsI1fGHGpsbITGzJ3-DCHOGFiCgIhB6qTTR0ya-u0Y39DOZfiJmUaE3HT_x-1Mxpr-kjM-cBlDPybKtulcGJJz7oHFG_h_jclUQ4vUc1Q/s160/scepticism.jpg" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" data-original-height="160" data-original-width="160" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7p1AVokBJTmHZbtyZvb5Jnz0UIpYWUUpNfaRsR1gX-E1RVpzgbe7FpxRJiYG-nC3HgGxZizjGbZcND6ZX3SMsI1fGHGpsbITGzJ3-DCHOGFiCgIhB6qTTR0ya-u0Y39DOZfiJmUaE3HT_x-1Mxpr-kjM-cBlDPybKtulcGJJz7oHFG_h_jclUQ4vUc1Q/s16000/scepticism.jpg" /></a></div><div style="text-align: justify;">Interesting opinion in <a href="https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:62022CC0661" target="_blank">ABC Projektai UAB v Bank of Lithuania</a>, where the regulator had said that a payment institution had engaged in e-money issuance merely by holding funds for which it had received no payment orders. I've advised on this issue before, but this post is not legal advice, so let me know if you need it. </div><p></p><p style="text-align: justify;">The Advocate General's view is that a payment institution which holds funds without executing a payment order will infringe Articles 78 and 83 of PSD2 (as locally implemented) which govern the timing of receipt and execution of payment orders; potentially breach the service contractual for the operation of the payment account; and may trigger liability for non-/late execution under Article 89. </p><p style="text-align: justify;">But the funds would not be somehow converted into e-money "merely because funds have been transferred to a payment account and are kept in that account for the execution of future payment orders." </p><p style="text-align: justify;">There was also no e-money involved because the steps required for issuance of e-money under the E-money Directive (as implemented locally) were neither contemplated by the parties nor actually followed. </p><p style="text-align: justify;">It's worrying that there were in fact no payment orders (rather than, for example, existing payment orders that were not yet deemed to have been received by virtue of article 78(2) PSD2). The PSP had said that it had warned customers to provide payment orders or their funds would be returned (though the firm had not actually returned them...😬). Consistent with the AG's overall reasoning, however, the view must be that this will only amount to a breach of PSD2, rather than somehow convert the payment account balances into e-money. </p><p style="text-align: justify;"><br /></p>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-5052063230340348434.post-67831772964312812112023-10-02T16:46:00.000+01:002023-10-02T16:46:41.590+01:00FCA's Final Warning To Crypto Firms On Marketing and Money Laundering<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhHf-rLV78pyz1Cv08Gt2MO-yfZPuWAlfQRDFdfcJd6gd3teBKXBaDXLa3MwYdIAia5diAwk6P2sPAEtk3dHF3uZDy67DtDmh4JUKxwJEF5nT6Qb1t_n1O5Q6PgtALR6NT2wCNEuC1vcpV5RMREjd9Ya64tjMk1g7wHx4l1lrhZv6WErt9j9HRSCI4vjkM/s275/virtual%20currencies.jpg" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" data-original-height="183" data-original-width="275" height="133" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhHf-rLV78pyz1Cv08Gt2MO-yfZPuWAlfQRDFdfcJd6gd3teBKXBaDXLa3MwYdIAia5diAwk6P2sPAEtk3dHF3uZDy67DtDmh4JUKxwJEF5nT6Qb1t_n1O5Q6PgtALR6NT2wCNEuC1vcpV5RMREjd9Ya64tjMk1g7wHx4l1lrhZv6WErt9j9HRSCI4vjkM/w200-h133/virtual%20currencies.jpg" width="200" /></a></div><p style="text-align: justify;"></p><div style="text-align: justify;">The UK's Financial Conduct Authority <a href="https://www.fca.org.uk/publication/correspondence/final-warning-cryptoasset-firms-marketing-consumers.pdf" target="_blank">has issued a "final warning"</a> to all firms marketing cryptoassets to UK consumers, including firms based overseas, that it will strictly enforce the new 'financial promotions' restrictions that take effect on 8 October 2023. Among <a href="https://www.fca.org.uk/publications/good-poor-practice/firms-preparations-cryptoasset-financial-promotions-regime" target="_blank">the FCA's concerns</a>, in particular, is the fact that overseas firms with UK customers have failed to engage with the process of introducing the restrictions. Of 150 overseas firms surveyed by the FCA, only 24 responded. The FCA has updated its <a href="https://www.fca.org.uk/consumers/warning-list-unauthorised-firms" target="_blank">Warning List</a> accordingly. In addition to criminal prosecutions for breaching the restrictions, the FCA envisages actions to recover the proceeds of crime from those who receive money from offending firms, as well as prosecutions for related money laundering offences. I've summarised the FCA's concerns below for information purposes. This note does not constitute legal advice. If you need advice on any of the matters raised, <a href="https://www.keystonelaw.com/lawyers/simon-deane-johns" target="_blank">please get in touch</a>.</div><p style="text-align: justify;"><b><i>What is a financial promotion?</i></b></p><p style="text-align: justify;">A 'financial promotion' basically means any invitation or inducement to engage in a regulated activity. This could be a feature of any customer communications, marketing activity, social media posts, advertising or part of sponsorship arrangements, for example. </p><p style="text-align: justify;"><b><i>What is the main restriction?</i></b></p><p style="text-align: justify;">Firms lacking the appropriate authorisation or registration must only communicate to UK residents financial promotions that either fit an exemption or have been approved by an FCA authorised firm (who have to comply with their own financial promotions rules). </p><p style="text-align: justify;">The FCA expects authorised firms who are considering approving cryptoasset financial promotions to notify the FCA before doing so. </p><p style="text-align: justify;">Depending on the type of product and related activity involved, there may be different promotional rules that the approving firm must check that the promotion complies with before giving approval.</p><p style="text-align: justify;">Crypto firms which cannot legally communicate financial promotions to UK consumers will be expected to have robust processes to prevent UK consumers accessing and responding to their financial promotions, including geo-blocking UK consumers, clear statements that their services are not available to UK residents, on-boarding and KYC/AML checks for UK addresses, preventing the use of UK-based payment methods, and ongoing monitoring. </p><p style="text-align: justify;"><b><i>What happens if there's a breach?</i></b></p><p style="text-align: justify;">Breaching the financial promotions restrictions is a criminal offence. </p><p style="text-align: justify;">In turn, the FCA considers that any benefits obtained from illegal financial promotions could be criminal property, so anyone receiving or dealing with such proceeds of crime may be implicated in money laundering. Some may also commit an offence where they breach requirements to report suspicious activity. In this context, the FCA will be looking at funds flows such as: </p><p></p><ul style="text-align: left;"><li style="text-align: justify;">the fees generated by app stores, social media platforms, search engines and domain name registrars from hosting illegal financial promotions; </li><li style="text-align: justify;">investments made due to illegal financial promotions; </li><li style="text-align: justify;">receipt of payments under advertising, co-marketing and sponsorship deals; and </li><li style="text-align: justify;">fees charged by payments firms or other intermediaries for services to unregistered cryptoasset businesses that generate income through illegal financial promotions. </li></ul><div><div style="text-align: justify;">The FCA would likely begin its enforcement activity with an alert on the FCA website and by seeking to remove or block offending promotions, in addition to targeting intermediaries, social media platforms, search engines, app stores, domain name registrars, hosting providers and payment service providers who support the activities of offending firms.</div></div><div style="text-align: justify;"><br /></div><div style="text-align: justify;"><b><i>What if I have UK residents as customers right now?</i></b></div><div style="text-align: justify;"><br /></div><div style="text-align: justify;">The FCA explains that firms who are at risk of non-compliance may communicate with their existing UK consumers for a limited time but only to allow those customers to transfer, withdraw or sell their existing assets, which must be communicated in a way that does not breach the financial promotion requirements and clearly explain how consumers can use each option and any associated fees, costs and charges. The FCA considers it unsustainable for unregistered cryptoasset firms to maintain a longer-term relationship with UK consumers who cannot be shown financial promotions. </div><div style="text-align: justify;"><br /></div><div style="text-align: justify;">This note does not constitute legal advice. If you need advice on any of the matters raised, <a href="https://www.keystonelaw.com/lawyers/simon-deane-johns" target="_blank">please get in touch</a>.</div><div><br /></div><div><br /></div><div><p><br /></p><p><br />. </p></div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-5052063230340348434.post-81555743027240722232023-08-24T15:06:00.005+01:002023-11-20T09:48:51.046+00:00Reverse Solicitation<p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEjApcF4dmNuRR7PRPP5crIktqB_r4sCxTUAl8ZYwN1Vd0SgvVXTyINtFYCYryomGAE0jm64RK0MkjAFMWCnjescw6qxI4VeQCc_2yj7FcN4gVlyoW4iYXg-1n6U1fC-NQHTLe4XaDAfeon8hZKd0p-BJ4-btQmq-5Sp2fQyq_mV0XpLlSzOgi3sNmesgJQ" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img alt="" data-original-height="830" data-original-width="860" height="193" src="https://blogger.googleusercontent.com/img/a/AVvXsEjApcF4dmNuRR7PRPP5crIktqB_r4sCxTUAl8ZYwN1Vd0SgvVXTyINtFYCYryomGAE0jm64RK0MkjAFMWCnjescw6qxI4VeQCc_2yj7FcN4gVlyoW4iYXg-1n6U1fC-NQHTLe4XaDAfeon8hZKd0p-BJ4-btQmq-5Sp2fQyq_mV0XpLlSzOgi3sNmesgJQ=w200-h193" width="200" /></a></div><br />My piece for Ogier Leman on 'reverse solicitation' is <a href="https://thoughtleadership.leman.ie/post/102ik9z/reverse-solicitation" target="_blank">here</a>.<p></p><div><p style="text-align: justify;">Any business dealing with residents of another country faces the potential risk that the authorities in the other country might decide that it is somehow actively operating in that other country, rather than only dealing with foreign customers in or from its home territory after being approached by them ('reverse solicitation'). This could mean action being taken by a foreign consumer, ombudsman or regulator, including action in the civil or criminal courts of another country. A recent Irish case has added some colour to the factors that the European Court of Justice ('CJEU' or 'ECJ') has previously said may show that a business is actively doing business in another country; and I've added a list gleaned from guidance applicable to financial services in particular. This post is for information purposes only. If you need advice, <a href="https://leman.ie/theteam/5753-2/" rel="noopener noreferrer" target="_blank">please get in touch</a>.</p><p style="text-align: justify;">The ECJ has held that a firm based in one EU Member State won't be doing business in another Member State just because its website is accessible in the other country. Nor will it be enough for the firm's website to display its own email/ geographical address, or phone number (without an international dialing code), because that information is needed by consumers in the firm's own home country. </p><p style="text-align: justify;">Instead, a firm must have somehow 'manifested' or demonstrated its intention to establish a commercial relationship (contract) with consumers in the other country. There must be clear expression of the intention to solicit custom from those foreign consumers. </p><p style="text-align: justify;">The sort of objective factors that the ECJ held to be relevant to that question include: the international nature of the business activity (e.g. tourism); telephone numbers with the relevant country code; a web address with the other country's top-level domain name (e.g. “.de” or ".fr"); itineraries to get to the foreign place where the relevant service is provided; mentions/testimonials of clients based in other countries; and using a foreign language and/or currency not also commonly used in the firm's home country.</p><p style="text-align: justify;">The Irish courts have also pointed to these factors in various cases with unsurprising results. But a recent Irish case adds a bit more colour... </p><p style="text-align: justify;">A UK-based firm organised group cycling tours in foreign countries, but not the travel to those countries. So the consumers were never going to be using the firm's service in the UK. Customers had to make their own way to where the tours operated locally. The firm stipulated that it was only responsible for the tour from the appointed start time at the meeting point, but it did also arrange the transport of customers from the foreign/local airport to the meeting point. </p><p style="text-align: justify;">While there was evidence that the booking process did not target a customer's specific country of residence (e.g. Ireland), the firm was aware of the country they had come from and this did not have to be from the UK. The website/email addresses ended in ".co.uk" but the contact phone number carried the international "+44" country code. Customer testimonials also stated the customer's nationality, including one from Ireland. Prices were stated in currencies other than GBP, including the Euro, and there was a currency conversion feature on the website, to enable customers to figure out how much they would have to pay in their own currency when paying the price in GBP. Prior to booking, a customer also had to create an online account, giving details of their city, country of residence and post code (not just provide those details in the form to verify the payment card details being used, for example, which may only go to the card acquirer rather than the merchant). </p><p style="text-align: justify;">So, the Irish court held that, before the conclusion of any contract with the consumer, it was apparent from the firm's website and overall activity that the defendant intended to do business with - and enter into contracts with - consumers in Ireland (among other places).</p><p style="text-align: justify;">These are not the only factors to consider, of course. For example, the EU's financial services 'passporting' requirements and Brexit have provided opportunities for UK and EU authorities to consider what factors - alone or together in a specific context - could mean that an EU financial services provider may be wrongfully targeting the UK market or vice versa:</p><ul><li style="text-align: justify;">firms must have a 'head office' and hold board meetings in their country/territory of residence/authorisation, so any of those features that are instead based in the other jurisdiction would be problematic from that standpoint alone (i.e. those who decide the firm’s direction, make material management decisions on a day-to-day basis; the finance, settlement and compliance functions - ‘central administrative functions’ - and their systems and records),</li><li style="text-align: justify;">the website should be hosted on local servers in the 'home' territory (and certainly not in any other country where foreign customers are resident);</li><li style="text-align: justify;">no marketing, advertising or services should be directed specifically at other countries/territories or their residents;</li><li style="text-align: justify;">there should not be a foreign language version of the website or customer communications or support specifically for the relevant foreign customers;</li><li style="text-align: justify;">management and staff should not visit any foreign customers or service providers for operational or marketing purposes or to resolve disputes;</li><li style="text-align: justify;">foreign customers should only be able to approach the firm's website or staff in its 'home' territory;</li><li style="text-align: justify;">the firm should not set cookies on the devices of of foreign customers or otherwise monitor their behaviour outside the firm's home territory;</li><li style="text-align: justify;">the firm should not provide services beyond the scope requested by the foreign customer approaching the firm and they should have to request the service each time they wish to use it;</li><li style="text-align: justify;">the firms should keep records (not just a tickbox or contractual provision) showing that it was approached by the customers, not the other way around; </li><li style="text-align: justify;">the firm should have no agents, intermediaries or outsourced/delegated services outside its home territory or be a member of a foreign payment system, trading exchange/venue or trade body - or vice versa - but could use services in other countries (e.g. hold foreign bank accounts or rely on advice from foreign professional firms);</li><li style="text-align: justify;">being part of a wider corporate group based outside the territory or being funded from outside the territory may also be problematic; </li><li style="text-align: justify;">customer contracts must not be subject to any law of a country other than the firm's home state or specifically refer disputes to any other jurisdiction;</li><li style="text-align: justify;">a firm should not deposit its clients' money/assets in any institution outside its home territory, or safeguard customer funds outside its home territory (other than as incidental to dealing appropriately with foreign customers in or from the home home territory, supported by correspondent services outside the country where necessary for that purpose).</li></ul><p style="text-align: justify;">This post is for information purposes only. If you need advice, <a href="https://leman.ie/theteam/5753-2/" rel="noopener noreferrer" target="_blank">please get in touch</a>.</p></div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-5052063230340348434.post-79705076600719194402023-08-05T12:02:00.002+01:002023-08-05T12:06:01.577+01:00APCOA's Parking Problem<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhSFxT3J-CgoZOBR23vjiFZB1PRYMiG00N1hL43hQx2fd6xNVgzXdQn89GV6wh2UFkxH7m2ije_aJwRTBevbKBmbZT5cw16JC5I6QAWCeQRKaI2tuuDcfDn44jVYp_mO9rfNhMfxuu7jimyQVi8B2XNmwhyGHSW6_3s-EnhVGa4CCsAgbvSaNLTnX0wQjc/s252/complaints.jpg" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" data-original-height="252" data-original-width="200" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhSFxT3J-CgoZOBR23vjiFZB1PRYMiG00N1hL43hQx2fd6xNVgzXdQn89GV6wh2UFkxH7m2ije_aJwRTBevbKBmbZT5cw16JC5I6QAWCeQRKaI2tuuDcfDn44jVYp_mO9rfNhMfxuu7jimyQVi8B2XNmwhyGHSW6_3s-EnhVGa4CCsAgbvSaNLTnX0wQjc/w159-h200/complaints.jpg" width="159" /></a></div><p style="text-align: justify;">Imagine my surprise when I received a £140 debt recovery notice for a £1 parking charge that I'd paid via APCOA's parking app, alleging “parking without a valid payment or permit”. I called the collection agency (Debt Recovery Plus) and explained that both the app and my credit card statement show that I paid the £1 to park my car at the relevant location (for the second year running, I might add). But, "Aha!" they said. We can see that the registration number entered in your version of the APCOA app has <i>one letter different</i> to your car's actual registration number (an "O" instead of a "P"), so neither the payment APCOA took from your credit card nor the permit it issued to you were valid. That means APCOA can now charge you a £140 penalty!</p><p style="text-align: justify;">There are so many things wrong with this that I'm actually kind of hoping it goes to court. Here's the gist of what I've written to all concerned (yet their processes grind on): </p><p></p><ol style="text-align: left;"><li style="text-align: justify;">APCOA knew of the mistake (through its licence plate recognition system), yet had proceeded to charge my credit card by submitting the payment to its card acquirer as a valid transaction; and duly issued the parking permit for my vehicle, regardless of the typo in the app (for the second year running). My contract debt of £1 was discharged. The end. Everything that followed was of no legal consequence at all, void, unenforceable. You cannot somehow revive or rely on a contract debt once it is discharged. It's irrelevant that I missed a deadline in a later document APCOA wasn't entitled to issue in the first place. The “terms and conditions of use” at the location don't entitle APCOA to collect a parking fee of £1 and then seek payment of further charges as if it had not already been paid. If English contract law were to allow that, the wheels of commerce would come to an abrupt halt. </li><li style="text-align: justify;">If APCOA regarded the typo in the app as a problem at all, then it had elected not to take the point and reject my payment, so it could not later claim that the typo somehow rendered the attempted transaction invalid.</li><li style="text-align: justify;">APCOA had suffered no loss, because they had received the £1 charge and not refunded it.</li><li style="text-align: justify;">APCOA is also estopped by its conduct from claiming that the payment/permit was invalid, issuing the parking charge notice and other enforcement activity. By issuing the notice with the correct registration at my address, APCOA (and later the collection agency) demonstrated that it was on notice that I was the registered keeper of the relevant vehicle at the relevant location on the day in question and that I had paid a £1 parking charge using my card (also registered to the app).</li><li style="text-align: justify;">To charge 140 times the amount of a contract debt is extravagant and unconscionable in comparison with any legitimate interest, particularly in circumstances where APCOA had in fact accepted payment for a £1 charge and both it and its collection agency were aware of an obvious mistake. The charge is also not a genuine pre-estimate of any loss, since there is no loss!</li><li style="text-align: justify;">The debt recovery firm is also on notice of the obvious mistake and is similarly estopped, but has no better claim to payment than APCOA in any event.</li><li style="text-align: justify;">To the extent that APCOA seeks to rely on the “terms and conditions of use” as the basis for additional charges, those terms and conditions fail the fairness and transparency tests and/or are otherwise unenforceable under the Consumer Rights Act 2015. </li><li style="text-align: justify;">Any contract formed on the day for the use of the car park would be rectifiable for obvious mistake to cure the minor typographical error in the reference to the registration number. Alternatively, APCOA breached the contract by collecting my payment but failing to apply it to the vehicle that it knew to be the one I had parked, for which the damages are at least equal to the amount they subsequently try to claim from me in charges (plus my costs). </li><li style="text-align: justify;">The debt collection agency has also misrepresented that the UK Supreme Court decision in <i>Cavendish Square Holding BV v Makdessi [2015] UKSC 67; [2016] AC 1172</i> entitles APCOA or the agency to act as they have. </li><li style="text-align: justify;">Both APCOA and the debt recovery agency have acted wrongfully on several occasions in pursuing the amount of the charge. In all of the circumstances, APCOA and its collections agency are in breach of their duty not to trade unfairly under The Consumer Protection from Unfair Trading Regulations 2008. </li></ol><p></p><p style="text-align: justify;">While some of the remedies to which I am entitled may well be beyond the jurisdiction of the small claims court, they would include:</p><p></p><ul style="text-align: left;"><li style="text-align: justify;">judgment in my favour on any attempt to recover the charges;</li><li style="text-align: justify;">An order that each of the parking charge notice and debt recovery notices are void and/or unenforceable. </li><li style="text-align: justify;">An order that any contract formed by my App and the terms and conditions of use of the car park at the Location should be rectified by the court to cure the minor typographical error in the reference to the registration number. </li><li style="text-align: justify;">Damages equivalent to all amounts sought by APCOA and its collections agent and my costs and expenses incurred, including (where recoverable under the relevant court rules) legal fees and expenses in defending any proceedings. </li></ul><p></p><p>I have written to APCOA, the debt collection agency and APCOA's Managing Director for UK and Ireland, putting them on notice of the above and reserving all my rights and remedies. So far, their highly automated processes grind on...</p><p><br /></p><p></p>Unknownnoreply@blogger.com2tag:blogger.com,1999:blog-5052063230340348434.post-62831625519193840212023-07-25T09:36:00.004+01:002023-11-20T09:50:28.421+00:00EU Expands Open Banking to Open Finance<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEjUFiQ5ypFgbXk1tykg2r2y1rLrF9smtvIM2PaZVear78D8nA2po41AZUqf0PUdFLEa-8NS2Nj36wn5vJPqOGgTpI-tiidhe5cZZDoIom02YcVn6624oWifZjA0vXn7T6X-WxTE7nRCExbhk9gyy1pOsBE2yoZlp6viUGxwF_a-cpxbRMqGmfJYfwP2Moc" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img alt="" data-original-height="168" data-original-width="299" height="113" src="https://blogger.googleusercontent.com/img/a/AVvXsEjUFiQ5ypFgbXk1tykg2r2y1rLrF9smtvIM2PaZVear78D8nA2po41AZUqf0PUdFLEa-8NS2Nj36wn5vJPqOGgTpI-tiidhe5cZZDoIom02YcVn6624oWifZjA0vXn7T6X-WxTE7nRCExbhk9gyy1pOsBE2yoZlp6viUGxwF_a-cpxbRMqGmfJYfwP2Moc=w200-h113" width="200" /></a></div><p>My piece for Ogier Leman on the EU's proposed Open Finance Regulation is <a href="https://thoughtleadership.leman.ie/post/102ijqw/open-banking-goes-open-finance" target="_blank">here</a>.</p><p style="text-align: justify;">As part of its review of the second Payment Services Directive (PSD2), the EU <a href="https://finance.ec.europa.eu/regulation-and-supervision/consultations/finance-2022-open-finance_en" rel="noopener noreferrer" target="_blank">consulted on</a> whether to expand the concept of 'account information services' to other types of online financial services. As a result, the EU is now proposing a <a href="https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:52023PC0360" rel="noopener noreferrer" target="_blank">financial data access regulation (Open Finance Regulation)</a> that will give a wider range of financial services customers new ways to extract, use and share their account data independently of the service provider who holds their account. For instance, you could get an independent adviser to analyse all your finances - savings, pensions and mortgages/loans - in detail at any time, including creditworthiness data, rather than rely on periodic summaries from the primary service providers. As a regulation, it will apply directly applicable in all Member States to ensure consistency, without needing to be 'transposed' under local law. Firms will have 2 years to prepare, although 'financial data sharing schemes' will have an earlier window in which to notify the local regulator of their activities. The Regulation is summarised below for information purposes, if you require advice on its application <a href="https://leman.ie/theteam/5753-2/" rel="noopener noreferrer" target="_blank">please let us know</a>. </p><p style="text-align: justify;"><i><strong>Barriers to Data Access</strong></i></p><p style="text-align: justify;">Most financial service providers rely on knowing more than you about your use of their services, so they don't give you the same access to your data or convenient ways to share that data with advisers or other service providers. Without secure ways to share the data, you won't do it or can't figure out how to do it - which is costly and not standardised.</p><p style="text-align: justify;"><i><strong>Consistent with other EU legislation</strong></i></p><p style="text-align: justify;">The Open Finance Regulation not only builds on 'open banking' under PSD2, but is consistent with data access and portability rights under GDPR, the Data Governance Act (improving interoperability between data platforms), <a href="https://thoughtleadership.leman.ie/post/102hzt9/how-the-digital-markets-act-protects-consumers-businesses-publishers-and-advert" rel="noopener noreferrer" target="_blank">the Digital Markets Act</a> (tackling the power of gatekeeper platforms), the proposed Data Act to provide data access rights to Internet of Things (IoT) data for users and providers of related services), the EU retail investment strategy (to provide safeguards in the use of retail investor data) and the Digital Operational Resilience Act (rules on cybersecurity and operational resilience in the financial sector).</p><p style="text-align: justify;"><i><strong>Preferred Approach</strong></i></p><p style="text-align: justify;">The EU has chosen the following approach from a wide range of options considered by an experts group and other stakeholders. The Open Finance Regulation will:</p><ul><li style="text-align: justify;">require data holders to provide customers with 'permission dashboards' to grant access to selected customer datasets;</li><li style="text-align: justify;">set eligibility rules on who can access customer data;</li><li style="text-align: justify;">empower European authorities to issue guidelines to protect consumers against unfair treatment or exclusion;</li><li style="text-align: justify;">require common standards for customer data and interfaces (APIs) for access to that data; and</li><li style="text-align: justify;">require agreement on compensation and contractual liability.</li></ul><p style="text-align: justify;"><i><strong>Cost/Benefit</strong></i></p><p style="text-align: justify;">The Regulation is considered to be a necessary transition that will pay off in the medium to long term. Big providers will lose some of their 'hold' over customers, while providing new entrants access to data that will promote more customer activity and help grow the overall financial services market. </p><p style="text-align: justify;">A key example would be enabling you and your finance providers to figure out how to fund a sustainable lifestyle and retirement, make the decisions to meet your goals and obtain the relevant services to achieve them. </p><p style="text-align: justify;">Creating standard ways to efficiently share data will enable less form filling for customers and better productivity for service providers. </p><p style="text-align: justify;">The estimated total annual benefits from Open Finance for the EU economy ranges from €4.6bn to €12.4bn, including a direct impact on the financial data sector of €663m to €2bn. The overall estimated cost could be €2.2bn to €2.4bn initially and ongoing annual costs of €147m to €465m.</p><p style="text-align: justify;"><strong>Specific Features of the Open Finance Regulation</strong></p><p style="text-align: justify;"><i><strong>Scope</strong></i></p><p style="text-align: justify;">In this context 'customer data' means personal and non-personal data that is collected, stored and otherwise processed by a financial institution as part of their normal course of business, whether provided by a customer or generated as a result of customer interaction with the institution. So it includes access to, and processing of, business-to-business as well as business-to-consumer data, at the customer's request.</p><p style="text-align: justify;">Certain categories of customer data may be accessed, shared, and used; with specific rights and obligations of defined data users/holders and authorised 'financial information service providers' (who provide information services as a regular occupation or business activity). </p><p style="text-align: justify;">The specific sets of data relate to mortgages, savings, investments, pensions, credit information and so on; and the types of firms in scope are regulated financial institutions - as well as authorised financial information service providers - when acting as holders or users of those types of data. </p><p style="text-align: justify;">A 'data holder' must make available the specified type of data to customers and their nominated 'data users' at the customer's request, in real time. </p><p style="text-align: justify;">Where personal data is involved, the request must also align with a valid legal basis for that data holder to undertake the requested processing under the General Data Protection Regulation (GDPR). </p><p style="text-align: justify;">Data users receiving data at the request of customers should only access the customer data made available to them, and only for the purposes and the conditions agreed with the customer. </p><p style="text-align: justify;">The customer’s personalised security credentials must not be accessible to other parties, nor can the data be stored longer than necessary.</p><p style="text-align: justify;"><i><strong>Responsible data use and security </strong></i></p><p style="text-align: justify;">The Regulation also guides firms on how they should use data for given use cases, and prohibits any discrimination or restriction in the access to services as a result of the use of the data. </p><p style="text-align: justify;">Customers can't be refused access to financial products just because they refuse to grant permission to use their data. </p><p style="text-align: justify;">Data holders must provide the customer with a 'permission dashboard' that meets certain criteria to monitor, manage and withdraw permissions the customer's gives to data users.</p><p style="text-align: justify;"><i><strong>Creation and governance of financial data sharing schemes </strong></i></p><p style="text-align: justify;">Financial data schemes are those whose aim is to bring together data holders, data users and consumer organisations. A scheme should develop data and interface standards, 'coordination mechanisms' for the operation of permission dashboards and a standardised contractual framework governing access to specific datasets and rules on governance, transparency, compensation, liability, and dispute resolution. </p><p style="text-align: justify;">Such data-sharing schemes must be notified to the local regulator; and benefit from a passport for operations across the EU. </p><p style="text-align: justify;">Data holders must be entitled to compensation for making the data available to data users, according to the terms of the scheme of which they are members. </p><p style="text-align: justify;"><i><strong>Financial information service providers. </strong></i></p><p style="text-align: justify;">Financial information providers must apply for authorisation and meet various operational requirements, appoint a legal representative and may passport their services throughout the EU/EEA.</p><p style="text-align: justify;">The Regulation will apply 24 months after its entry into force, except that 'financial data sharing schemes' will be able to apply 6 months in advance months to be ready for the Regulation to go live.</p><p style="text-align: justify;">This note summarises the Regulation for information purposes, if you require advice on its application <a href="https://leman.ie/theteam/5753-2/" rel="noopener noreferrer" target="_blank">please let us know</a>. </p><p></p><p></p>Unknownnoreply@blogger.com5tag:blogger.com,1999:blog-5052063230340348434.post-88761533612185284152023-07-19T15:18:00.004+01:002023-07-19T15:22:32.492+01:00FCA Updates Social Media Guidance To Cover Crypto, New Platforms And Influencers<p style="text-align: justify;"></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEjJN-Km4uqjfc4jg207ocVyuJMmYxbklREY0S9ND0cdAJSBy7vY0jQiah2L8WFpmDNjA8_fKUd-meJxoukN2u_ngLzfgZu1ZsKRZ_shSBduG1XH8ytgdBMgcJPQ3vP_ZmJI_ShUY5kFABIJ9uWDsA6DjNLvUq9Pqx-_S_Fm7L2lThoHwfDIhI_sJyGyvo8" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img alt="" data-original-height="168" data-original-width="300" height="112" src="https://blogger.googleusercontent.com/img/a/AVvXsEjJN-Km4uqjfc4jg207ocVyuJMmYxbklREY0S9ND0cdAJSBy7vY0jQiah2L8WFpmDNjA8_fKUd-meJxoukN2u_ngLzfgZu1ZsKRZ_shSBduG1XH8ytgdBMgcJPQ3vP_ZmJI_ShUY5kFABIJ9uWDsA6DjNLvUq9Pqx-_S_Fm7L2lThoHwfDIhI_sJyGyvo8=w200-h112" width="200" /></a></div><p>Hard on the heels of the EU <a href="https://thoughtleadership.leman.ie/post/102ii0f/online-financial-services-to-be-covered-by-consumer-rights-directive" target="_blank">adding a chapter on online marketing of financial services (including 'dark patterns' and influencers) to the Consumer Rights Directive</a>, the UK's Financial Conduct Authority is also <a href="https://www.fca.org.uk/publication/guidance-consultation/gc23-2.pdf" target="_blank">updating its 2015 guidance on financial promotions in the social media</a> to address influencer marketing. This post summarises the FCA's proposed new social media guidance for information purposes only. If you require legal advice, <a href="https://www.keystonelaw.com/lawyers/simon-deane-johns" target="_blank">please get in touch</a>.</p><p></p><p style="text-align: justify;">In substance, the FCA's guidance remains the same but adds specific guidance on 'new' design features and channels, such as influencers; and explains the impact of the <a href="https://www.keystonelaw.com/keynotes/implementing-the-new-consumer-duty-what-is-considered-good-practice" target="_blank">new Consumer Duty</a>.</p><p style="text-align: justify;">The core principles of the FCA's view of social media remains, of course, that financial promotions must be fair, clear and not misleading as well as "standalone compliant": each stage of a financial promotion must comply with the financial promotion rules relevant to the type of business being promoted. Certain features of the social media have always raised issues, whether it be character limits, small or scrolling banners: </p><p></p><blockquote style="text-align: justify;"><i>When assessing the compliance of a promotion that is viewed via a dynamic medium (such as Instagram stories), we assess the promotion as a whole and take a proportionate view based on the number of frames and where information about risk is displayed within the promotion. To meet our expectations regarding prominence, firms should aim to display the key information about risk upon a consumer’s first interaction with the promotion and the warning should be displayed for a sustained period.</i></blockquote><p>Complex services, like debt counselling may not lend themselves to social media promotion at all.</p><p>Use of memes may also be inappropriate or impracticable, given the nature of the invitation or inducement in the meme and/or the need for risk warnings and other information to be prominent and 'balanced'.</p><p>The Consumer Duty raises fresh considerations:</p><p></p><blockquote><i>Firms advertising using social media must consider how their marketing strategies align with acting to deliver good outcomes for retail customers. All the cross-cutting rules will be relevant to social media promotions, and firms should take into account how promotions that do not support consumer understanding may cause consumers to buy products that are unsuitable for them, leading to foreseeable harm...</i> </blockquote><blockquote><i>Firms’ communications should support and enable informed decision-making, equipping consumers with the right information in a timely way. Firms must also consider how they tailor communications to account, for example, for the likely audience on social media and the features of different platforms.</i></blockquote><p>Firms remain responsible for any original non-compliance, even if a promotion is forwarded or shared (whether as part of a formal affiliate programme or by random recipients). This can itself trigger a breach of financial promotions rules (e.g. forwarding to the wrong type of investor). For that reason, the social media may not be an appropriate channel at all.</p><p>And just because somebody 'likes' an ad or 'follows' the firm in the social media does not mean they are no longer protected from 'cold calling':</p><blockquote><p style="text-align: justify;"><i>...a financial promotion is likely to be non-real time if it is made or directed at more than one recipient in identical terms, creates a record which is available to the recipient at a later time, and is made by way of a system which in the normal course does not enable or require the recipient to respond immediately. This means channels like live-streams or gaming steams are likely to be considered a non-real time promotion and be subject to the full scope of our financial promotion rules.</i></p></blockquote><p style="text-align: justify;">A specific chapter of the guidance covers influencers, who have also been the target of the <a href="https://www.fca.org.uk/multimedia/fca-and-asa-team-warn-finfluencers-risks-promoting-illegal-get-rich-quick-schemes" target="_blank">Advertising Standards Authority</a>.</p><p style="text-align: justify;">This post summarises the FCA's proposed new social media guidance for information purposes only. If you require legal advice, <a href="https://www.keystonelaw.com/lawyers/simon-deane-johns" target="_blank">please get in touch</a>.</p><p></p><p></p><p></p>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-5052063230340348434.post-34182530755839991412023-07-13T20:56:00.003+01:002023-11-20T09:46:12.842+00:00EU Payments Regulation: Updating EMD2 and PSD2<p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhm4dDGKR2oAQpR2of8sMrbLDbOsS-fapme4ivl1G1cGnv2k39MnifnQ4UG5c4Yvu_2RRR-mfLZhjNrVhVDT2UfgkPQDqakF_qh5-p-zl9hhYB9BoT_qreNkchPm6HQzJVAs1ejfIWd9Je9oQbKvtibN7bOhRwh5JRzQhOxmkJUSL1gjd7Ukgm1TcajhSw/s120/change.jpg" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" data-original-height="120" data-original-width="120" height="120" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhm4dDGKR2oAQpR2of8sMrbLDbOsS-fapme4ivl1G1cGnv2k39MnifnQ4UG5c4Yvu_2RRR-mfLZhjNrVhVDT2UfgkPQDqakF_qh5-p-zl9hhYB9BoT_qreNkchPm6HQzJVAs1ejfIWd9Je9oQbKvtibN7bOhRwh5JRzQhOxmkJUSL1gjd7Ukgm1TcajhSw/s1600/change.jpg" width="120" /></a></div><br />My piece for Ogier Leman on the EU's proposal to replace existing directives on e-money and payment services is <a href="https://thoughtleadership.leman.ie/post/102ija8/update-on-proposed-changes-to-eu-e-money-and-payments-regulation" target="_blank">here</a>.<p></p><div><p style="text-align: justify;">As <a href="https://thoughtleadership.leman.ie/post/102hsd8/eba-proposes-changes-to-psd2" rel="noopener noreferrer" target="_blank">reported last July</a>, the EU has been reviewing the way it regulates payment services. That process has now resulted in a proposal for a new legislative approach: a directly applicable <a href="https://eur-lex.europa.eu/resource.html?uri=cellar:04cc5bd5-196f-11ee-806b-01aa75ed71a1.0001.02/DOC_1&format=PDF" rel="noopener noreferrer" target="_blank">Regulation (PSR3) governing how payment services must operate</a> and a <a href="https://www.europarl.europa.eu/RegData/docs_autres_institutions/commission_europeenne/com/2023/0366/COM_COM(2023)0366_EN.pdf" rel="noopener noreferrer" target="_blank">Directive (PSD3) governing the licensing and supervision of payment service providers</a>, which will need to be transposed into local law. There is also a proposal to regulate the sharing of financial data, which we'll cover separately. The differences in approach are broadly summarised below for information purposes. It is not yet fully clear when the proposed legislation will be finalised or take effect. If you require legal advice on the potential impact, <a href="https://leman.ie/the-4-departments/corporate/leman-e-money-and-payment-services/" rel="noopener noreferrer" target="_blank">please let us know</a>.</p><p style="text-align: justify;"><strong>How does the EU regulated payment services now?</strong></p><p style="text-align: justify;">Payment services are currently regulated under a single Payment Services Directive (PSD2) that is applied by local legislation in each Member State. Electronic money issuers are regulated partly under the second Electronic Money Directive (EMD2), also implemented in each Member State, and their services must also comply with PSD2. These are 'maximum harmonisation' directives, meaning that Member States may only deviate when regulating within their scope to the extent they are expressly permitted to do so.</p><p style="text-align: justify;"><i><strong>Has PSD2 been successful?</strong></i></p><p style="text-align: justify;">PSD2 has helped with fraud prevention, via the Strong Customer Authentication (SCA); and has improved efficiency, transparency, competition and choice for customers. </p><p style="text-align: justify;">Problems remain, however:</p><ul><li style="text-align: justify;">an imbalance between bank and non-bank PSPs (e.g. in terms of direct access to key payment systems); </li><li style="text-align: justify;">limited uptake of payment initiation and account information services (‘open banking’ or OB); </li><li style="text-align: justify;">many services remain national rather than cross-border; </li><li style="text-align: justify;">anticipated cost reductions have not fully materialised;</li><li style="text-align: justify;">consumers are still at risk of fraud and lack confidence;</li><li style="text-align: justify;">open banking needs work;</li><li style="text-align: justify;">local regulators have inconsistent powers and obligations;</li><li style="text-align: justify;">a fragmented internal market for payments results in “forum shopping”.</li></ul><p style="text-align: justify;">As a result, the EU has four main objectives in relation to payment services:</p><p style="text-align: justify;">1. Strengthen user protection and confidence in payments;</p><p style="text-align: justify;">2. Improve the competitiveness of open banking services;</p><p style="text-align: justify;">3. Improve enforcement and implementation in Member States;</p><p style="text-align: justify;">4. Improve (direct or indirect) access to payment systems and bank accounts for non-bank PSPs.</p><p style="text-align: justify;">The EU plans to meet these objectives through a directly applicable Regulation and a Directive that must be implemented in each Member State. </p><p style="text-align: justify;"><strong><u>Specific proposals - New Regulations (PSR3)</u></strong></p><p style="text-align: justify;"><i><strong>Scope and definitions</strong></i></p><p style="text-align: justify;">PSR3 won't change the list of payment services in PSD2 and leaves the exclusions largely unchanged (although there are potential issues relating to the commercial agent's exclusion, given the addition that the agreement appointing the agent must give the payer or payee "a real margin to negotiate with the commercial agent or conclude the sale or purchase of goods or services"). There is also an addition to the group company exclusion to also allow for one company to collect funds from others within the group to pay them away to a third party PSP.</p><p style="text-align: justify;">There are more definitions and clarifications of certain terms (new definitions of Merchant Initiated Transactions (MITs) and of Mail Orders or Telephone Orders (MOTOs)). </p><p style="text-align: justify;">There's an attempt to differentiate between ‘initiation of a payment transaction’ and ‘remote initiation of a payment transaction’.</p><p style="text-align: justify;"><i><strong>PSP Access to Payment Systems/Accounts</strong></i></p><p style="text-align: justify;">Payment system operators must grant access to PSPs on proportionate, objective and non-discriminatory grounds. </p><p style="text-align: justify;">Rules concerning PSP rights to account with a credit institution are reinforced (given the importance for them to have a bank account to obtain their license) for institutions and their agents and distributors. </p><p style="text-align: justify;"><i><strong>Transparency of conditions and information requirements</strong></i></p><p style="text-align: justify;">Member states will no longer be able to flex the limits for exempting low-value payment instruments and e-money from certain information requirements.</p><p style="text-align: justify;">Customers must be given notice of Alternative Dispute Resolution procedures in contract terms that apply to single payment transactions.</p><p style="text-align: justify;">PSPs must unambiguously identify the payee, including any commercial trade name in payment account statements. </p><p style="text-align: justify;">Where payment services are offered jointly with supporting technical services any termination fees that apply to the technical services must also be in the payment services contract.</p><p style="text-align: justify;">There are additional information requirements for domestic ATM withdrawals.</p><p style="text-align: justify;">PSPs must provide customers sending money from the EU to non-EU countries with the estimated time funds will be received by payee's PSPs; and the estimated currency conversion charges must be expressed in the same way as for credit transfers within the EU (a percentage mark-up over the latest available euro foreign exchange reference rates issued by the ECB).</p><p style="text-align: justify;"><i><strong>Rights and obligations </strong></i></p><p style="text-align: justify;">The prohibition on surcharging customers for using certain consumer payment methods extended to credit transfers and direct debits in all currencies of the EU (though member states - and the UK - have implemented such bans with differing scope in any event).</p><p style="text-align: justify;">The rules for merchant-initiated transactions (MITs) and direct debits will have the same consumer protection, such as refund rights.</p><p style="text-align: justify;"><i><strong>Open banking (account information services and payment initiation services)</strong></i></p><p style="text-align: justify;">Key changes here include: </p><ul><li style="text-align: justify;">a dedicated interface for open banking data access;</li><li style="text-align: justify;">removing the requirement on account servicing PSPs (ASPSPs) to maintain a ‘fallback’ interface. </li><li style="text-align: justify;">ASPSPs must offer customers a “dashboard” allowing the withdrawal of data access from any given open banking provider.</li><li style="text-align: justify;">confirmation on the availability of funds has been removed as a stand-alone open banking service, due to lack of demand.</li></ul><p style="text-align: justify;"><i><strong>Authorisation of payment transactions and 'push payment' fraud</strong></i></p><p style="text-align: justify;">A payee's PSP must, on request, provide the customer with a service that checks that the unique identifier of the payee matches the name of the payee as provided by the payer, notifying the payer's PSP of any discrepancy, so it can alert the payer. Under SEPA, a similar provision is proposed for discrepancies between the name and unique identifier of a payee for instant credit transfers denominated in euro. </p><p style="text-align: justify;">For consistency, the new provision will also apply to ordinary credit transfers in all currencies of the Union and <i>instant credit transfers</i> in currencies which are not in euro. </p><p style="text-align: justify;">The notification must be given before the payer finalises the payment order and before the PSP executes the credit transfer. The user remains free to decide whether to submit the payment order for a credit transfer in all cases.</p><p style="text-align: justify;">PSPs must not unilaterally increase the spending limits on payment instruments.</p><p style="text-align: justify;">Where funds are blocked on a payment instrument for payment transactions where the amount isn't known in advance, the amount blocked must be proportionate to the amount reasonably expected at the time of blocking; and the payee must inform the blocking PSP of the exact amount of the payment transaction immediately after delivery of the service or goods to the payer. </p><p style="text-align: justify;">A PSP can only refuse to refund an unauthorised payment transaction for which it is liable where it has reasonable grounds for suspecting fraud by the payer, in which case the PSP must provide the justification and indicate the bodies to which the payer may complain. </p><p style="text-align: justify;">A payer's PSP will be liable for the full amount of a credit transfer where the PSP has failed to notify the payer of a detected discrepancy between the unique identifier and the name of the payee provided by the payer. </p><p style="text-align: justify;">A PSP will be liable where a consumer has been manipulated into authorising a payment transaction by a third party pretending to be an employee of the consumer’s PSP using lies or deception. </p><p style="text-align: justify;">An obligation for electronic communications services providers to cooperate with PSPs is introduced, with a view to preventing such fraud. Where the liability is attributable to the payee's PSP, it must refund the financial damage incurred by the payer's PSP. </p><p style="text-align: justify;"><i><strong>Strong Customer Authentication (SCA)</strong></i></p><p style="text-align: justify;">Technical service providers and operators of payment schemes will be liable where they fail to support SCA.</p><p style="text-align: justify;">A payer shall not bear any financial losses where either their PSP or the payee's PSP applies any of the exemptions from the need for SCA (e.g. for up to 5 contactless transactions).</p><p style="text-align: justify;">PSPs must have transaction monitoring mechanisms for the application of SCA and to improve the prevention and detection of fraudulent transactions. The monitoring must take into account the customer's normal use of the personalised security credentials, including environmental and behavioural characteristics related to the customer's location, time of transaction, device being used, spending habits and the online store where the purchase is carried out.</p><p style="text-align: justify;">PSPs may exchange personal data, like unique identifiers of a payee, subject to information sharing arrangements, subject to a data protection impact assessment and, where necessary, prior consultation with the local regulator.</p><p style="text-align: justify;">SCA is needed for MITs at set-up of the mandate, but not for subsequent MITs. </p><p style="text-align: justify;">Only the non-digital initiation of a payment transaction can escape the SCA obligations, so some MOTO transactions could be caught. But payment transactions based on paper-based payment orders, mail orders or telephone orders placed by the payer should still be subjected to security standards and checks by the payer's PSP to prevent circumvention of SCA requirements. </p><p style="text-align: justify;">The scope of SCA exemption for direct debits has been narrowed; while a new obligation requires SCA where a mandate is placed through a remote channel with the direct involvement of a PSP.</p><p style="text-align: justify;">SCA is only required for account information services on the occasion of the first data access; but must be applied , at least every 180 days where customers access aggregated account data on the AISP’s domain.</p><p style="text-align: justify;">Provisions have been added to improve the accessibility of SCA, including for persons with disabilities, older persons, persons with low digital skills and those who don't have access to digital channels or a smartphone.</p><p style="text-align: justify;">There is a provision requiring payment service providers and technical service providers to enter into outsourcing agreements in cases where the latter provide and verify the elements of SCA (note that such outsourcing agreements, if regarded as 'critical or important' must include certain provisions under EBA guidelines).</p><p style="text-align: justify;"><i><strong>Execution of payment transactions</strong></i></p><p style="text-align: justify;">In cases where a payment initiation service provider (PISP) provides an incorrect unique identifier of a payee, the PISP is liable for the amount of the transaction.</p><p style="text-align: justify;"><i><strong>Data protection</strong></i></p><p style="text-align: justify;">A new provision defines the substantial public interest for which processing special categories of personal data could be necessary in this context.</p><p style="text-align: justify;"><i><strong>Product intervention powers of the European Banking Authority</strong></i></p><p style="text-align: justify;">The EBA may temporarily ban the sale of certain payment products that present certain risks on the basis of specific criteria.</p><p style="text-align: justify;"><i><strong>Transition</strong></i></p><p style="text-align: justify;">Basically, the PSR3 will apply 18 months and 20 days after publication in the Official Journal.</p><p style="text-align: justify;"><strong><u>Specific Proposals - New Directive (PSD3)</u></strong></p><p style="text-align: justify;"><i><strong>Scope and definitions</strong></i></p><p style="text-align: justify;">The new Directive repeals EMD2 and integrates E-money institutions (EMIs) as a sub-category of payment institutions (PIs). </p><p style="text-align: justify;">PSD3 contains provisions relating to cash withdrawal services provided by retailers (without a purchase) or by independent ATM deployers will.</p><p style="text-align: justify;">PSD3 governs access to the offer of payment services and electronic money services by PIs but not by credit institutions (banks). </p><p style="text-align: justify;"><i><strong>Licensing and supervision of PSPs</strong></i></p><p style="text-align: justify;">The procedures for application for authorisation vs registration and controls on ownership are mostly unchanged but consistent for all types of PI (including ex-EMIs) and a winding-up plan ('living will') must be submitted on application. </p><p style="text-align: justify;">PISPs/AISPs may hold initial capital instead of a professional indemnity insurance (which can be hard to obtain). </p><p style="text-align: justify;">Requirements for initial capital are updated for inflation since 2015 (except for PISPs): €150,000 for most PIs and €400,000 for those issuing e-money. Ongoing capital ('own funds') calculations remain the same (even for ex-EMIs).</p><p style="text-align: justify;">Safeguarding rules for PIs are unchanged (and apply to e-money issuers) except for the extra option of safeguarding in an account of a central bank (at the CB's discretion); and PSPs must endeavour to avoid concentration risk (with EBA regulatory technical standards on risk management of safeguarded funds). </p><p style="text-align: justify;">There are more detailed provisions on internal governance, including EBA guidelines.</p><p style="text-align: justify;">Provisions regarding agents, branches and outsourcing are unchanged, but with a new definition of e-money 'distributors' and related provisions aligned with those applicable to agents.</p><p style="text-align: justify;">Provisions on cross-border provision of services by PIs, and the supervision of such services are broadly unchanged except for specific provisions where three Member States are involved (where the PI is established in one state, has an agent in another which provides services in a third Member State on a cross-border basis).</p><p style="text-align: justify;"><i><strong>Cash Withdrawals</strong></i></p><p style="text-align: justify;">There's an exemption from PI licensing for operators of retail stores that offer voluntary cash withdrawal services without a purchase on their premises up to EUR 50 (to avoid unfair competition with ATM deployers).</p><p style="text-align: justify;">Distributors of cash via ATMs who do not service payment accounts (“independent ATM deployers”) only need to register rather than be fully licensed as PIs.</p><p style="text-align: justify;"><i><strong>Transition arrangements</strong></i></p><p style="text-align: justify;">Existing licenses for PIs and EMIs are “grandfathered” for 30 months after PSD3 enters into force (i.e. one year after the deadline for Member States to transpose the directive into local law on condition that they apply for a license under PSD3 no more than 24 months after entry into force).</p><p style="text-align: justify;">PSD3 is a full harmonisation directive. The deadline for Member States to transpose it will be 18 months after entry into force. A review report must be presented 5 years after the entry into force, looking specifically at the possible extension to 'payment systems' (which are regulated by the UK, for example) and 'technical services', as well as the impact of the safeguarding rules on deposit guarantee schemes.</p><p style="text-align: justify;">The differences in approach are broadly summarised for information purposes. If you require legal advice on the potential impact, <a href="https://leman.ie/the-4-departments/corporate/leman-e-money-and-payment-services/" rel="noopener noreferrer" target="_blank">please let us know</a>.</p></div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-5052063230340348434.post-23331938959954356182023-07-11T14:55:00.003+01:002023-11-20T09:55:00.684+00:00A New Framework For Transferring Personal Data From the EU to the US<p>My piece for Ogier Leman on this is available <a href="https://thoughtleadership.leman.ie/post/102ij0u/a-new-framework-for-transferring-personal-data-to-the-us" target="_blank">here</a>.</p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEixY8VRKhP8TzPHl5MLdWvXBKgHhWqmTyzER1xSH2xUI7E8c3Etaopn50C6C-fmPnjvLnen6IvtO53utR7HKk8Lvy3-9pmBAxMz0M39L7hKYv77SCdRZ4UIwJj1MYUCaqHY5ErDxSbFoL3ykFB_4uYohsnQ0DKmwj0WVaI-vKni9rHBI60xxJM2UrouY4k/s334/Copy%20of%20New%20Picture%20(7).bmp" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" data-original-height="334" data-original-width="240" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEixY8VRKhP8TzPHl5MLdWvXBKgHhWqmTyzER1xSH2xUI7E8c3Etaopn50C6C-fmPnjvLnen6IvtO53utR7HKk8Lvy3-9pmBAxMz0M39L7hKYv77SCdRZ4UIwJj1MYUCaqHY5ErDxSbFoL3ykFB_4uYohsnQ0DKmwj0WVaI-vKni9rHBI60xxJM2UrouY4k/w144-h200/Copy%20of%20New%20Picture%20(7).bmp" width="144" /></a></div><div><span style="text-align: justify;">From 1 January 2021, any EEA-based organisation wishing to transfer personal data from the EEA to any non-EEA country will need to be able to show that the processing will receive the same protection as under EU's General Data Protection Regulation (GDPR). Many firms might consider this to be impracticable from a cost and administration standpoint, particularly in light of certain new recommendations on which the EU data protection authorities are </span><a href="https://edpb.europa.eu/our-work-tools/public-consultations-art-704/2020/recommendations-012020-measures-supplement-transfer_en" style="text-align: justify;">now consulting</a><span style="text-align: justify;">. These are briefly explained below. This will affect "thousands" of firms and could prove severely disruptive for cross-border services ranging from payroll and benefits, to e-commerce marketplaces to social media services. If you need assistance in </span><a href="https://leman.ie/theteam/5753-2/" style="text-align: justify;">Ireland/EEA</a><span style="text-align: justify;"> please let us know.</span></div><div><p style="text-align: justify;"><i><strong>Options for transferring personal data from the EEA </strong></i></p><p style="text-align: justify;">An EEA-based business can only transfer personal data to a non-EEA country, if one of three situations apply: </p><ol><li style="text-align: justify;">the European Commission has ruled that country's personal data protection laws to be ‘adequate’;</li><li style="text-align: justify;">there are appropriate safeguards or 'transfer tools' in place to protect the rights of data subjects (including 'Standard Contractual Clauses'); or</li><li style="text-align: justify;">certain 'derogations' or exemptions apply to allow the processing as of right. </li></ol><p style="text-align: justify;"><i><strong>No adequacy decision for the UK in the near term</strong></i></p><p style="text-align: justify;">Like the US, the UK as a key example of a non-EEA country without an adequacy finding. For many reasons it is best to assume there will not be an EU adequacy decision relating to the UK’s data protection regime by 1 January 2021, as that process is long and complex, and there are some features of the UK regime which present significant problems, including: </p><ul><li style="text-align: justify;">the UK’s use of mass surveillance techniques;</li><li style="text-align: justify;">intelligence sharing with other countries such as the US;</li><li style="text-align: justify;">the questionable validity of the UK immigration control exemption;</li><li style="text-align: justify;">the lack of a ‘fundamental right’ to data protection under UK law; </li><li style="text-align: justify;">UK adequacy findings for other countries’ personal data regimes that the EU does not deem adequate; and </li><li style="text-align: justify;">the potential for future divergence from EU data protection standards if the UK GDPR is further modified post Brexit. </li></ul><p style="text-align: justify;"><i><strong>The Problem with Standard Contractual Clauses</strong></i></p><p style="text-align: justify;">As a result of the decision of the European Court of Justice in the case against Facebook (‘<a href="https://thoughtleadership.leman.ie/post/102gc3i/privacy-shield-permanently-lowered-by-the-european-court-of-justice-are-compani" rel="noopener noreferrer" target="_blank">Schrems II</a>’), a data exporter relying on Standard Contractual Clauses (or other contractual 'transfer tools') must first verify that the law of the third country ensures a level of protection for personal data that is equivalent to GDPR. If that level is considered sub-standard, the data exporter may be able to use certain measures to plug the gaps, but this process would need to be carefully documented and is the subject of the main recommendations from the European data protection authorities, discussed below. </p><p style="text-align: justify;">The extent to which you can usefully rely on the derogations, either before considering the other appropriate safeguards or 'transfer tools', or if those other options are not available, is also somewhat doubtful, as I will explain.</p><p style="text-align: justify;"><i><strong>Assessing whether personal data transfers outside the EEA are appropriate </strong></i></p><p style="text-align: justify;">To help data exporters evaluate whether the use of transfer tools will be appropriate, the forum of all the EEA data protection authorities (the European Data Protection Board or 'EDPB'), is <a href="https://edpb.europa.eu/our-work-tools/public-consultations-art-704/2020/recommendations-012020-measures-supplement-transfer_en">now consulting</a> on recommendations for: </p><ul><li style="text-align: justify;"><a href="https://edpb.europa.eu/sites/edpb/files/consultation/edpb_recommendations_202001_supplementarymeasurestransferstools_en.pdf">measures</a> that supplement transfer tools to ensure compliance with the EU level of protection of personal data; and</li><li style="text-align: justify;">certain <a href="https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_recommendations_202002_europeanessentialguaranteessurveillance_en.pdf">European Essential Guarantees for evaluating surveillance measures</a>. </li></ul><p style="text-align: justify;">The EDPB's first set of recommendations contain steps outlined below. The European Essential Guarantees enable data exporters to determine if the rights for public authorities to access personal data for surveillance purposes can be regarded as a justifiable interference with the rights to privacy and the protection of personal data. Basically:</p><p style="text-align: justify;">A. Processing should be based on clear, precise and accessible rules;</p><p style="text-align: justify;">B. Necessity and proportionality with regard to the legitimate objectives pursued need to be demonstrated;</p><p style="text-align: justify;">C. An independent oversight mechanism should exist;</p><p style="text-align: justify;">D. Effective remedies need to be available to the individual.</p><p style="text-align: justify;">The steps involved in assessing the appropriateness of transfer tools must be documented. These involve:</p><ul><li style="text-align: justify;">mapping the proposed transfers;</li><li style="text-align: justify;">choosing the basis for transfer (adequacy decision, 'transfer tool' or derogation);</li><li style="text-align: justify;">unless an adequacy decision has been made by the EU, working with the data importer to assess whether the law or practice of the third country may impinge on the effectiveness of the appropriate safeguards of the transfer tools you are relying on, in the context of your specific transfer (legislation, especially where ambiguous or not publicly available; and/or certain reputable third party findings such as those in Annex 3), and not rely on subjective factors such as the perceived likelihood of public authorities’ access to your data in a manner not in line with EU standards;</li><li style="text-align: justify;">considering whether any supplementary tools might avoid any problems with the third country's laws (various use-cases and suggested tools are explained in the Annex 2 to the recommendations);</li><li style="text-align: justify;">taking any formal steps to implement the relevant tool;</li><li style="text-align: justify;">re-evaluate the assessment periodically or on certain triggers, such as changes in the law (which you should also oblige the data importer to keep you informed about).</li></ul><p></p><div style="text-align: justify;">Data exporters must thoroughly record their assessment process in the context of the transfer, the third country law and the transfer tool on which they propose to rely. But it may not be possible to implement sufficient supplementary measures in every case, meaning the transfer must not proceed. As the Commission points out, there are "no quick fixes, nor a one-size-fits-all solution for all transfers."<i><strong> </strong></i></div><div style="text-align: justify;"> </div><p></p><p style="text-align: justify;"><i><strong>The problem with relying on 'derogations' </strong></i></p><p style="text-align: justify;">The EDPB's first set of recommendations state (at para 27) that "If your transfer can neither be legally based on an adequacy decision, nor on an Article 49 derogation, you need to continue with... ” assessing whether the proposed transfer tool is effective. However, that order of approach is not consistent with Article 49, which provides that:</p><p style="margin-left: 40px; text-align: justify;"><i>1. In the absence of an adequacy decision pursuant to Article 45(3), or of appropriate safeguards pursuant to Article 46, including binding corporate rules, a transfer or a set of transfers of personal data to a third country or an international organisation shall take place only on one of the following conditions:</i></p><p style="text-align: justify;"> </p><p style="margin-left: 40px; text-align: justify;"><i>(a) the data subject has explicitly consented to the proposed transfer, <strong>after having been informed of the possible risks of such transfers for the data subject due to the absence of an adequacy decision and appropriate safeguards</strong>;</i></p><p style="margin-left: 40px; text-align: justify;"><i>(b) the transfer is necessary for the performance of a contract between the data subject and the controller or the implementation of pre-contractual measures taken at the data subject's request; </i></p><p style="margin-left: 40px; text-align: justify;"><i>(c) the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the data subject between the controller and another natural or legal person;</i></p><p style="margin-left: 40px; text-align: justify;"><i>...</i></p><p style="margin-left: 40px;"></p><div style="text-align: justify;"><i>Where a transfer could not be based on a provision in Article 45 or 46, including the provisions on binding corporate rules, and none of the derogations for a specific situation referred to in the first subparagraph of this paragraph is applicable, a transfer to a third country or an international organisation may take place only if the transfer is not repetitive, concerns only a limited number of data subjects, is necessary for the purposes of compelling legitimate interests pursued by the controller which are not overridden by the interests or rights and freedoms of the data subject, and the controller has assessed all the circumstances surrounding the data transfer and has on the basis of that assessment provided suitable safeguards with regard to the protection of personal data. The controller shall inform the supervisory authority of the transfer. The controller shall, in addition to providing the information referred to in Articles 13 and 14, inform the data subject of the transfer and on the compelling legitimate interests pursued. </i></div><div style="text-align: justify;"> </div><p></p><p style="text-align: justify;">In addition, the <a href="https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_guidelines_2_2018_derogations_en.pdf">EDPB's own guidance on article 49</a> itself points out (on pages 3-4) that: </p><p style="margin-left: 40px; text-align: justify;"><i>“Article 44 requires all provisions in Chapter V to be applied in such a way as to ensure that the level of protection of natural persons guaranteed by the GDPR is not undermined. This also implies that recourse to the derogations of Article 49 should never lead to a situation where fundamental rights might be breached…Hence, data exporters should first endeavor possibilities to frame the transfer with one of the mechanisms included in Articles 45 </i>[adequacy] <i>and 46 </i>[transfer tools]<i> GDPR, and only in their absence use the derogations provided in Article 49 (1)” </i>[but even then the use of the derogations would imply the need for an assessment of the third country’s personal data protection regime by virtue of article 44]<i>.</i></p><p style="text-align: justify;">[explore?]</p><p style="text-align: justify;">Accordingly, there seems to be no alternative to running through the steps to assess whether the relevant 'transfer tools' will work (with or without supplementary measures) in the context of the transfer and the third country's law. Yet, as we've seen, many firms will likely find that process impracticable from a cost and administration standpoint, so transferring the personal data out of the EEA will not be an option.</p><p> </p></div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-5052063230340348434.post-91500719533283816902023-06-28T15:43:00.007+01:002023-06-28T15:43:55.516+01:00Digital Objects: A New Class of Personal Property in English Law<p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEiiExF_aNgxpNSjvgfQgrECZqxXhXvV7pnfnxxOY5jRooOEqFNtcOTG6G5fK2jxAfuOxVqTNDjjoYw0OncMSrk4hHFCKRy7SANqEcBUrlhw19srv9g0KWb3I81Bm2E0jVITD227NImRn4atKAmk8GpOdDek4vtBjTEv3eNX5USxjIjlqwGwxFE0wMNe_ok" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img alt="" data-original-height="137" data-original-width="366" height="75" src="https://blogger.googleusercontent.com/img/a/AVvXsEiiExF_aNgxpNSjvgfQgrECZqxXhXvV7pnfnxxOY5jRooOEqFNtcOTG6G5fK2jxAfuOxVqTNDjjoYw0OncMSrk4hHFCKRy7SANqEcBUrlhw19srv9g0KWb3I81Bm2E0jVITD227NImRn4atKAmk8GpOdDek4vtBjTEv3eNX5USxjIjlqwGwxFE0wMNe_ok=w200-h75" width="200" /></a></div><div style="text-align: justify;">Following the Law Commission consultation paper <a href="http://sdj-thefineprint.blogspot.com/2022/08/data-objects-new-class-of-personal.html" target="_blank">published in August 2022</a>, which I later <a href="https://www.scl.org/articles/12798-digital-assets-what-is-the-law-commission-considering" target="_blank">summarised</a> for the SCL, the Commission has now published its <a href="https://s3-eu-west-2.amazonaws.com/lawcom-prod-storage-11jsxou24uy7q/uploads/2023/06/Final-digital-assets-report-FOR-WEBSITE.pdf" target="_blank">report on the consultation process</a> and a related <a href="https://s3-eu-west-2.amazonaws.com/lawcom-prod-storage-11jsxou24uy7q/uploads/2023/06/14.294_LC_Digital-assets-summary_v5_WEB.pdf" target="_blank">summary</a>. I'm yet to dig into the report fully, but here's a quick run-down on the summary. Professor Sarah Green and her team are to be commended on their consultation paper, the manner in which they conducted the consultation process and the report itself. Theirs is a colossal and momentous achievement that will no doubt form the basis of considerable legal evolution in the years to come.</div><p></p><p style="text-align: justify;">The Commission has found that English law has recognised "certain digital assets as things to which personal property rights can relate" as a distinct legal category, but that certain complex areas of legal uncertainty remain that law reform could reduce. For instance, there are "difficult boundary issues" in distinguishing between digital 'assets' such as crypto-tokens; private, permissioned blockchain systems; voluntary carbon credits; in-game digital assets; and digital files. These assets may be based on very different technologies and whether they can or should attract personal property rights may depend on particular sets of facts.</p><p style="text-align: justify;">Overall, the Commission recommends that this uncertainty would be best met through the evolution of case law and some targeted legislation, with support from a panel of industry-specific
technical experts, legal practitioners, academics and judges.</p><p style="text-align: justify;">More specifically (but by no means exhaustively), the Commission concludes that, under the law of England & Wales ("English law"): </p><p></p><ol style="text-align: left;"><li style="text-align: justify;">a 'thing' should not be deprived of legal status as an object of personal property rights merely because it is neither 'a thing in action' nor 'a thing in possession' (the main traditional forms of personal property);</li><li style="text-align: justify;">personal property rights should relate to a thing that is rivalrous (i.e. where the use or consumption of the thing by one person (or specific group) necessarily prejudices the use or consumption of that thing by others);</li><li style="text-align: justify;">factual control (plus intention) can found a legal proprietary interest in a digital object, and in certain circumstances such an interest can be separate from (but less than) a superior legal title;</li><li style="text-align: justify;">it is possible (with the requisite intention) to effect a legal transfer of a crypto-token either off-chain (by a change of control) or on-chain (by a transfer operation that effects a state change);</li><li style="text-align: justify;">a special defence of 'good faith purchaser for value without notice' can be recognised and developed in common law (i.e. via the courts) in relation to crypto-tokens and other 'third category things';</li><li style="text-align: justify;">crypto-token intermediated holding arrangements can be characterised and structured as trusts, with rights of co-ownership by way of an 'equitable tenancy in common' (rather than necessarily joint and several interests);</li><li style="text-align: justify;">recognising a control-based legal proprietary interest could provide the basis for an alternative legal structure for custodial intermediated holding arrangements in addition to trusts, whereby certain holding intermediaries acquire a control-based proprietary interest in crypto-token entitlements that is subject to superior legal title retained by users;</li><li style="text-align: justify;">the courts could develop principles of tortious liability for wrongful interference with 'third category things' by analogy with the tort of conversion;</li><li style="text-align: justify;">The Financial Collateral Arrangements (No 2) Regulations 2003 (FCARs) should be amended to confirm and clarify their applicability to crypto-tokens, cryptoassets (including central bank digital currencies (CBDCs) and fiat currency-linked stablecoins) and/ or mere record/register tokens, including where a financial instrument or a credit claim is tokenised and effectively linked or stapled to a crypto-token; </li><li style="text-align: justify;">UK company law should be reviewed to assess the merits of reforms to confirm the validity and/or use of crypto-token networks for the issuance/transfer of equities and other registered corporate securities, including the extent to which applicable laws might support the use of public permissionless ledgers for such purposes; and</li><li style="text-align: justify;">the UK government should establish a multi-disciplinary project to create a bespoke statutory legal framework to facilitate the certain crypto-token and cryptoasset collateral arrangements.</li></ol><p></p><p style="text-align: justify;">Again, the consultation and report represent a colossal and momentous achievement by the Professor Sarah Green and her team, who should be commended for their efforts. I'm sure their work will form the basis of a great deal of legal evolution in the coming years.</p><p><br /></p><p><br /></p>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-5052063230340348434.post-20521767940968694002023-06-25T20:22:00.002+01:002023-06-27T10:16:30.723+01:00The Payments Industry Required To Cover 'Push Payment' Scams<p style="text-align: justify;"></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEg-zrhwPVzJKByRyRfpzUZ5KKAOtRxtGWGrSLFn76Qjm6CKor7tXkcTjcrD5K6AnQYCW9EJS5ra5h4sl-3pVtyjTRbuq8CHsZ562H-6YiawQqDt6QcEmYSxqePs6hYt8FlYD6AizLhJMwBh4IbjDtWxuwmQ4WGYxtz4xeOZ8It65njkcMVgflzr9Nqmh08" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img alt="" data-original-height="155" data-original-width="324" height="96" src="https://blogger.googleusercontent.com/img/a/AVvXsEg-zrhwPVzJKByRyRfpzUZ5KKAOtRxtGWGrSLFn76Qjm6CKor7tXkcTjcrD5K6AnQYCW9EJS5ra5h4sl-3pVtyjTRbuq8CHsZ562H-6YiawQqDt6QcEmYSxqePs6hYt8FlYD6AizLhJMwBh4IbjDtWxuwmQ4WGYxtz4xeOZ8It65njkcMVgflzr9Nqmh08=w200-h96" width="200" /></a></div><div style="text-align: justify;">The UK’s Payment Systems Regulator (PSR) <a href="https://www.psr.org.uk/media/rxtlt2k4/ps23-3-app-fraud-reimbursement-policy-statement-june-2023.pdf" target="_blank">has announced</a> it will impose a new reimbursement requirement for ‘authorised push payment fraud’ (APP fraud) involving the Faster Payments system from 2024, with a further review in 2026. APP fraud occurs where a fraudster tricks someone into sending a payment to a payment account controlled by the fraudster (or a ‘mule’). I've summarised the requirements below for information purposes, but if you need advice on the scope or application of the new requirements, <a href="https://www.keystonelaw.com/lawyers/simon-deane-johns" target="_blank">please let me know</a>.</div><p></p><p style="text-align: justify;"><b><i>What is APP fraud?</i></b></p><p style="text-align: justify;">APP fraud involves payments where the victim is deceived into allowing or authorising a payment from their account with a bank or other payment service provider (PSP), including where they intend to transfer the funds to someone else but are deceived into transferring the funds to the fraudster instead (or the fraudster's associate or ‘mule’), or where the victim is deceived as to the purpose of transferring the funds to the account outside their control. </p><p style="text-align: justify;"><a href="https://www.ukfinance.org.uk/system/files/Fraud The Facts 2021- FINAL.pdf" target="_blank">Examples of APP fraud</a> involve impersonation, investment, romance, purchase, invoice and mandate, CEO fraud and advance fees.</p><p style="text-align: justify;"><i><b>How much APP fraud is there?</b></i></p><p style="text-align: justify;"><a href="https://www.ukfinance.org.uk/system/files/2023-05/Annual Fraud Report 2023_0.pdf" target="_blank">According to UK Finance</a>, there were approximately 207,000 reported cases on personal accounts in 2022 (up 6%) worth £485m, but “many cases” go unreported. Most (97%) involve the Faster Payment system (though APP fraud payments make up only 0.1% of all Faster Payments. </p><p style="text-align: justify;">Mandatory reimbursement will be on top of the voluntary <a href="https://www.lendingstandardsboard.org.uk/crm-code/#:~:text=The%20CRM%20Code%20sets%20out,belongs%20to%20a%20legitimate%20payee." target="_blank">Contingent Reimbursement Model (CRM) Code</a> launched in 2019, which covered 66% of APP fraud losses within its scope in 2022; and some other initiatives by individual firms. </p><p style="text-align: justify;"><b><i>What about other payment methods?</i></b></p><p style="text-align: justify;">The Bank of England is also <a href="https://committees.parliament.uk/publications/40547/documents/197730/default/" target="_blank">committed to achieving</a> similar reimbursement for consumers making larger 'CHAPS' transactions. </p><p style="text-align: justify;">The PSR will also consider whether the new reimbursement requirement should apply to other payment systems in due course, but it will apply to the <a href="https://www.psr.org.uk/our-work/new-payments-architecture-npa/" target="_blank">New Payments Architecture (NPA)</a> that will replace existing inter-bank payment systems by 1 July 2026. </p><p style="text-align: justify;"><b><i>Which customers are covered?</i></b></p><p style="text-align: justify;">The new reimbursement requirement applies to consumers, microenterprises and small charities (which are all treated as ‘consumers’ under the Payment Services Regulations and is the same coverage as the CRM Code). </p><p style="text-align: justify;">The sending PSP processing an APP fraud claim should assess the customer’s situation and any potential vulnerability in line with the <a href="https://www.fca.org.uk/publication/finalised-guidance/fg21-1.pdf" target="_blank">FCA’s guidance for PSPs on the fair treatment of vulnerable customers</a>. </p><p style="text-align: justify;">A vulnerable customer is someone who, due to their personal circumstances, is especially susceptible to harm, particularly when a firm is not acting with appropriate levels of care. </p><p style="text-align: justify;">If a customer is deemed vulnerable for a specific APP fraud, the sending PSP must not apply the customer standard of caution (gross negligence) or claim excess. </p><p style="text-align: justify;"><b><i>Which firms are liable for a reimbursement?</i></b></p><p style="text-align: justify;">The new requirement will mean payment firms must reimburse all in-scope customers who fall victim to APP fraud, sharing the cost of reimbursing victims 50:50 between sending and receiving payment firms, with extra protections for vulnerable customers. PSPs must reimburse customers within 5 business days. There will also be a deadline for firms reimbursing each other, where one pays the customer first. </p><p style="text-align: justify;">The regulator will consult later this year on a potential maximum limits for reimbursements, and claims must be made within 13 months after the final payment to the fraudster. </p><p style="text-align: justify;">Only the PSP that operates the sending payment account and the PSP that operates the receiving payment account for a qualifying transaction are both required to provide reimbursements. This means that a ‘payment initiation service provider’ will not need to provide reimbursements unless it is also acting as the receiving PSP. </p><p style="text-align: justify;"><b><i>Which payments are covered?</i></b></p><p style="text-align: justify;">Only payments made using Faster Payments where the victim is deceived into allowing or authorising a payment from their account with a PSP to another account outside the victim's control at another PSP.</p><p style="text-align: justify;">Where fraudster persuades the victim to go through several steps - first transferring their money from the sending account at one PSP to another account that <i>the victim has</i> at a different PSP, before then transferring the funds to an account outside the victim’s control at another PSP (‘multi-step APP fraud’), the reimbursement requirement only applies to the Faster Payment made from the victim's last sending account to the receiving account outside the victim’s control.</p><p style="text-align: justify;"><b><i>Which payments are not covered?</i></b></p><p style="text-align: justify;">The reimbursement requirement does not apply to: </p><p></p><ul style="text-align: left;"><li>civil disputes, such as those relating to the quality of goods/services which are mainly covered by consumer rights legislation; </li><li>payments which take place across other payment systems; </li><li>international payments; or </li><li>payments made for unlawful purposes. </li></ul><p></p><p style="text-align: justify;">There will also be no reimbursement where the customer has acted fraudulently (‘first-party fraud’) or with gross negligence, which the PSP must prove. </p><p style="text-align: justify;">The PSR has no regulatory power to require reimbursements for ‘on us’ payments, where the fraudster uses a receiving account with the same PSP where the victim holds the sending account. However, the regulator is seeking to persuade the FCA that this must be the case. The PSR also suggests the same result should apply for users of Bacs and payment cards. </p><p style="text-align: justify;"><b><i>How will the PSR enforce the requirements?</i></b></p><p style="text-align: justify;">The Regulator will direct Pay.UK to put the new reimbursement requirement into Faster Payments rules and give a general direction to create a regulatory obligation on in-scope PSPs to comply with the requirement in the Faster Payments rules. The regulator will also issue guidance on what constitutes ‘gross negligence’ by customers. </p><p style="text-align: justify;">This post does not constitute legal advice. If you need advice on the scope or application of the new requirements, <a href="https://www.keystonelaw.com/lawyers/simon-deane-johns" target="_blank">please let me know</a>.</p><p style="text-align: justify;"><br /></p>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-5052063230340348434.post-45184481286881969582023-06-13T18:49:00.003+01:002023-06-13T18:49:48.196+01:00UK Authorities To Slam Stable Door On Crypto Promotions In October. <p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi9qJg_Uh0Yow_AZujdn6m3bqVRwIo6RBAxcN8ZqXvQ0XiAPyVELtgNSF79I6Vwh4BAaTcg1w5nDmofLh6m6tMbyByhttVj8GtSVHoeCW4sQ3dfjLXnD2X3NBxQPyVxbkjKqmrWT1qRdkLg0hXapmBaKiiZQmp5LPGvX9-VnAfI57wYjIUsmNzEvdaP/s200/virtual%20currencies.jpg" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" data-original-height="133" data-original-width="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi9qJg_Uh0Yow_AZujdn6m3bqVRwIo6RBAxcN8ZqXvQ0XiAPyVELtgNSF79I6Vwh4BAaTcg1w5nDmofLh6m6tMbyByhttVj8GtSVHoeCW4sQ3dfjLXnD2X3NBxQPyVxbkjKqmrWT1qRdkLg0hXapmBaKiiZQmp5LPGvX9-VnAfI57wYjIUsmNzEvdaP/s16000/virtual%20currencies.jpg" /></a></div><div style="text-align: justify;">You may have noticed that the UK government has been somewhat distracted (since, oh, 2016), but the FCA has finally received the legislative support to publish its <a href="https://www.fca.org.uk/publication/policy/ps23-6.pdf">near-final financial promotion rules for cryptoassets</a> and related <a href="https://www.fca.org.uk/publication/guidance-consultation/gc23-1.pdf" target="_blank">guidance</a>. These follow final rules for other high-risk investments(i.e. excluding cryptoassets) published in August 2022. The new rules classify currently unregulated cryptoassets as ‘Restricted Mass Market Investments’ and restrict how they can be marketed to UK consumers. The rules take effect from 8 October 2023, with a 4 month transition period thereafter (any comments on the related Guidance should be submitted by 10 August). The FCA promises "robust" enforcement action against firms in breach, such as take down requests, adding firms to the FCA's <a href="https://www.fca.org.uk/consumers/warning-list-unauthorised-firms" target="_blank">warning list of unauthorised firms</a> and criminal prosecutions that could result in an unlimited fine and/or 2 years in jail... </div><p></p><p style="text-align: justify;">The rules apply to ‘qualifying cryptoassets’ - basically cryptographically secured digital representations of value or contractual rights that are transferable and <a href="http://sdj-thefineprint.blogspot.com/2022/03/are-nfts-really-non-fungible.html" target="_blank">fungible</a>, but does not include cryptoassets that are regulated as electronic money or an existing 'controlled investment' for financial promotions purposes (since the promotion of those is already regulated).</p><p style="text-align: justify;">This means that 'invitations' or 'inducements' to engage in the following activities in relation to the newly qualifying cryptoassets will be caught by the rules: </p><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px; text-align: left;"><p>• dealing </p><p>• arranging deals </p><p>• managing </p><p>• advising </p><p>• agreeing to carry on specified kinds of activity in relation to these qualifying cryptoassets.</p></blockquote><p style="text-align: justify;">However, cryptoasset exchanges and custodian wallet providers who are registered with the FCA under money laundering regulations and not otherwise authorised
firms will be able to communicate their own cryptoasset
financial promotions to UK consumers; while firms that are only authorised under the Electronic Money Regulations, or
the Payment Services Regulations will not be able to communicate or approve cryptoasset financial promotions at all under the law as it stands.</p><p style="text-align: justify;">The result is that there will only be 4 routes for legally promoting cryptoassets to UK consumers: </p><p></p><ul style="text-align: left;"><li style="text-align: justify;">by an authorised person; </li></ul><ul style="text-align: left;"><li style="text-align: justify;">by an unauthorised person with the approval of an authorised
person (a process that will get tougher when authorised firms have to pass through a new regulatory 'gateway' before they can approve financial promotions for unauthorised persons);</li></ul><ul style="text-align: left;"><li style="text-align: justify;">by a cryptoasset business
registered with the FCA for money laundering purposes;</li></ul><ul style="text-align: left;"><li style="text-align: justify;">under a specific exemption (but exemptions for 'high net worth' or 'self-certified sophisticated' investors or for the sale of goods or supply of services are <u>not</u> available). </li></ul><div style="text-align: justify;">This post only summarises some of the rules and does not constitute legal advice. If you need assistance with any of this, <a href="https://www.keystonelaw.com/lawyers/simon-deane-johns" target="_blank">please let me know</a>.</div><div><br /></div><p></p>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-5052063230340348434.post-91777527746566621892023-06-13T17:49:00.003+01:002023-11-20T09:52:17.733+00:00European Consumer Groups Move Against Social Media Platforms Over Crypto Ads and Influencers<p>Here's a <a href="https://thoughtleadership.leman.ie/post/102ignt/european-consumer-groups-move-against-social-media-platforms-over-crypto-ads-and" target="_blank">link</a> to my post on this for Ogier Leman.</p><p style="text-align: justify;">The Consumer Association of Ireland was not listed among the members of the European consumer group (BEUC) <a href="https://www.beuc.eu/press-releases/beuc-acts-against-social-media-platforms-facilitating-misleading-crypto-asset" rel="noopener noreferrer" target="_blank">calling for action</a> against social media platforms for facilitating misleading crypto asset promotions. In the report, <a href="https://www.beuc.eu/sites/default/files/publications/BEUC-X-2023-073_Hype_or_harm_The_great_social_media_crypto_con.pdf"><i>Hype or Harm: The Great Social Media Crypto Con</i></a>, BEUC and member consumer organisations in Denmark, France, Greece, Italy, Lithuania, Portugal, Slovakia and Spain filed a complaint with the European Commission and EU consumer authorities against Instagram, YouTube, TikTok and Twitter for facilitating the misleading promotion of crypto assets in violation of those platforms' own policies.</p><p style="text-align: justify;">BEUC points out that under the EU’s Unfair Commercial Practices Directive, social media platforms need to exercise a certain level of care to ensure their users are not harmed by others, including influencers. BEUC alleges that by allowing misleading crypto ads to "multiply" on their platforms through advertising and influencers, the platform operators have engaged in unfair commercial practice, exposing consumers to serious harm, in terms of losing significant amounts of money.</p><p style="text-align: justify;">BEUC is also calling on the <a href="https://ec.europa.eu/info/live-work-travel-eu/consumers/enforcement-consumer-protection/consumer-protection-cooperation-network_en">Consumer Protection Cooperation (CPC) Network</a> of authorities responsible for enforcing EU consumer protection laws to request the following action from the platforms:</p><p style="text-align: justify;">Stricter advertising policies (and enforcement of them) on the advertising of crypto;</p><p style="text-align: justify;">The adoption of measures to prevent influencers from misleading consumers as to the nature of crypto;</p><p style="text-align: justify;">To inform the European Commission about the effectiveness of their measures to protect consumers against unfair crypto practices;</p><p style="text-align: justify;">In addition, BEUC calls on European consumer authorities to cooperate with European financial supervisory authorities to ensure the platforms adapt their advertising policies to prevent the misleading promotion of crypto.</p><div class="separator" style="clear: both; text-align: center;"><br /></div><br /><p></p>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-5052063230340348434.post-38629512035331155342023-05-30T16:01:00.000+01:002023-05-30T16:01:29.305+01:00Dealing With Cryptoassets: UNIDROIT Principles on Digital Assets and Private Law <div style="text-align: justify;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi58yc0Ds2TB9hiAJJkvuLD_sxY4fCy20QvHu-ntHhw4JlpJw0JdCxcyZQ7WRm4p4dda9wFbX2JUF58E8aVZBpinlQ0-hGG_Agx1dgEffrwFwItsNHjuQi_S5Rtc_JC3sxEfjohzXdj6P64WOLaXCivNv0oOcWn0Mz8WjyxKk9bJD46aw9Jg_h0Ps3U/s279/UNIDROIT%20digital%20assets.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" data-original-height="181" data-original-width="279" height="130" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi58yc0Ds2TB9hiAJJkvuLD_sxY4fCy20QvHu-ntHhw4JlpJw0JdCxcyZQ7WRm4p4dda9wFbX2JUF58E8aVZBpinlQ0-hGG_Agx1dgEffrwFwItsNHjuQi_S5Rtc_JC3sxEfjohzXdj6P64WOLaXCivNv0oOcWn0Mz8WjyxKk9bJD46aw9Jg_h0Ps3U/w200-h130/UNIDROIT%20digital%20assets.jpg" width="200" /></a></div>The International Institute for the Unification of Private Law (UNIDROIT) has <a href="https://www.unidroit.org/unidroit-principles-on-digital-assets-and-private-law-adopted-at-the-102nd-session-of-the-governing-council/" target="_blank">adopted</a> legal guidance on how to approach private law transactions involving "digital assets", with examples. The principles are intended to be "guidelines for States to enable their private laws to
be consistent with best practice and international standards in relation to the holding, transfer and
use as collateral of digital assets", rather than covering financial or other ‘regulation’
or ‘regulatory law’, such as whether a
person must be authorised to engaging in activities relating to digital assets or how digital assets should be 'held' for regulatory purposes. This is one of a number of such initiatives (such as the <a href="http://sdj-thefineprint.blogspot.com/2022/08/data-objects-new-class-of-personal.html" target="_blank">UK Law Commission consultation on "digital objects"</a>) that have been running in parallel for some time. There are some differences in approach, a key one being whether 'control' should be a distinguishing criteria for the purpose legal status or treatment.</div><p>The UNIDROIT <a href="https://www.unidroit.org/wp-content/uploads/2023/04/C.D.-102-6-Principles-on-Digital-Assets-and-Private-Law.pdf" target="_blank">Principles</a> set out:</p><p></p><ul style="text-align: left;"><li>The scope of private law principles in dealing a subset of digital assets that are capable of being subject to 'control', including definitions;</li></ul><ul style="text-align: left;"><li>the principal that a digital asset can be the subject of proprietary rights (without addressing whether they are considered ‘property’
under local law);</li></ul><ul style="text-align: left;"><li>the concept of linked assets;</li></ul><ul style="text-align: left;"><li>applicable private international law; </li></ul><ul style="text-align: left;"><li>the concept of "control" of a digital asset and the factual 'abilities' needed to demonstrate control;</li></ul><ul style="text-align: left;"><li>identifying a person in control of a digital asset; </li></ul><ul style="text-align: left;"><li>the rights of innocent acquirers who have 'control' and meet certain additional requirements;</li></ul><ul style="text-align: left;"><li>the rights of transferees from innnocent acquirers ('shelter rule');</li></ul><ul style="text-align: left;"><li>custody, including duties owed by a custodian to its client;</li></ul><ul style="text-align: left;"><li>insolvency of a custodian and related creditor claims;</li></ul><ul style="text-align: left;"><li>secured transactions, including control as a security method;</li></ul><ul style="text-align: left;"><li>priority of security rights (a secured creditor
who has control of a digital asset will have priority over other secured creditors with a security right
in the same digital asset who do not have control of the digital asset);</li></ul><ul style="text-align: left;"><li>enforcement of security;</li></ul><ul style="text-align: left;"><li>the application of laws to address procedural matters, including enforcement; and</li></ul><ul style="text-align: left;"><li>the effect of insolvency on proprietary rights in digital assets.
</li></ul><div style="text-align: justify;">The UNIDROIT principles are aimed at gaps in typical state laws and stop short of addressing issues such as intellectual property rights, consumer protection, contract and property law, such as whether a
proprietary right in a digital asset has been validly transferred, a security
right validly created.</div><div><br /></div><div><br /></div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-5052063230340348434.post-41170443884162889742023-02-14T13:06:00.002+00:002023-02-27T15:24:27.439+00:00UK Consults On BNPL Regulation
<p style="text-align: justify;"></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgtKnD8-pZJBZjUjd3VFoz86S1WyDfAjgl4InXlsYl0mZ3n5YmlX7Bdw0RTA01u3k7Fg3YBZi0elbHIMW2MKSGbfszKMZ2wkcEPxxwGm19kylEafg4YyEQU0JdaJVpSjFSnldM8k4XMyO6mx4hHJ4IJF8eA55IWDy5F38jYIQ2OLFAv9phVoEFhuLoJ/s120/change.jpg" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" data-original-height="120" data-original-width="120" height="120" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgtKnD8-pZJBZjUjd3VFoz86S1WyDfAjgl4InXlsYl0mZ3n5YmlX7Bdw0RTA01u3k7Fg3YBZi0elbHIMW2MKSGbfszKMZ2wkcEPxxwGm19kylEafg4YyEQU0JdaJVpSjFSnldM8k4XMyO6mx4hHJ4IJF8eA55IWDy5F38jYIQ2OLFAv9phVoEFhuLoJ/s1600/change.jpg" width="120" /></a></div><p style="text-align: justify;">Further to my <a href="https://www.keystonelaw.com/keynotes/government-expands-proposals-to-regulate-bnpl" target="_blank">note in June</a>, the UK Treasury is <a href="https://www.gov.uk/government/consultations/regulation-of-buy-now-pay-later-consultation-on-draft-legislation" target="_blank">now consulting on the enabling legislation necessary to narrow the exemption for Buy Now Pay Later (BNPL) products</a>, paving the way for greater supervision of the sector by the Financial Conduct Authority. I've included a quick summary of the provisions below. If you need assistance in understanding the potential impact of the proposed regulatory changes, <a href="https://www.keystonelaw.com/lawyers/simon-deane-johns" target="_blank">please let me know</a>.</p><p></p><p style="text-align: justify;">Basically, the scope of consumer credit regulation is being expanded to include BNPL agreements offered by lenders but not by suppliers directly. The government had intended to regulate all BNPL agreements provided by suppliers either online or at a distance, but this was found to disproportionately impact many types of arrangement where there is little, if any, evidence of consumer detriment.</p><p style="text-align: justify;">In effect BNPL agreements will be regulated where they are 'borrower-lender-supplier' agreements for fixed-sum credit (the existing 'running accounts exemption' is not affected) to individuals, small partnerships etc., which are: </p><p style="text-align: justify;"></p><ul><li>interest-free; </li><li>repayable in 12 or fewer instalments within 12 months or less; </li><li>the credit is provided by a person that is not the provider of goods or services which the credit agreement finances (i.e. third-party lenders); and </li><li>not specifically exempt under other consumer credit exemptions (plus a new, related exemption). </li></ul><p></p><p style="text-align: justify;">There's an 'anti-avoidance' measure to capture agreements where the merchant has an arrangement with the third-party lender to sell the goods to the lender at the point when the agreement is taken out (seeking to turn the lender into a supplier). </p><p style="text-align: justify;">Trade credit and invoicing arrangements will remain exempt, but new specific carve-outs have had to be made to finance insurance contracts/premiums; registered social landlords to their tenants to finance the provision of goods and services; and where the borrowers are employees and which result from an arrangement between their employer and the lender or supplier.</p><p style="text-align: justify;">The relevant agreements will qualify as regulated credit agreements within the consumer credit regime under the Regulated Activities Order (RAO). Firms offering those agreements and related regulated activities will need to be authorised and supervised by the FCA, with complaints referable to the Financial Ombudsman Service. </p><p style="text-align: justify;">These agreements will not benefit from lighter regulation that applies to 'small agreements' but will be spared certain pre-contract explanations under the Consumer Credit Act 1974 (CCA) in favour of more proportionate FCA disclosure rules. Consumers are also spared a deluge of information because certain other distance marketing disclosures won't need to be made for these agreements by unauthorised brokers where the information has already been provided by the authorised lender.</p><p style="text-align: justify;">Those introducing borrowers to lenders to obtain regulated BNPL agreements will not need to be authorised for credit broking unless conducting that activity in the borrower's home. </p><p style="text-align: justify;">Advertisements and other 'financial promotions' communicated by unauthorised firms for regulated BNPL agreements will need to be pre-approved by an FCA authorised firm (which will not include a firm acting as a payment or e-money institution).</p><p style="text-align: justify;">The new regulations won't apply to relevant agreements entered into prior to the changes taking effect; and there are transitional arrangements to enable firms to carry on certain regulated activities in relation to regulated BNPL agreements for a limited time to allow them to get properly authorised, but the duration is a matter for the FCA. It's worth noting, however, that any business that does take advantage of the 'temporary permission regime' must comply with the law and FCA rules applicable to consumer lending (or exercising a lender's rights) and credit broking (if visiting borrowers' homes). That is unlike previous 'grandfathering' type arrangements, where firms could continue as they were until authorised; and potentially problematic, as any unregulated lender offering BNPL today would likely face a very steep climb to operating on a regulated basis. </p><p style="text-align: justify;">It is also left to the FCA to determine how its rules on credit checks, which could prove a thorny issue to the extent we are focusing on borrowers who can't afford the price of fairly low value consumer items. </p><p style="text-align: justify;">But there remains uncertainty over the extent to which the form of agreements and post-contractual notices will be prescribed.</p><p style="text-align: justify;">The limits for the application of 'section 75' CCA liability for suppliers will not be altered (£100 to £30,000).</p><p style="text-align: justify;">If you need assistance in understanding the potential impact of the proposed regulatory changes, <a href="https://www.keystonelaw.com/lawyers/simon-deane-johns" target="_blank">please let me know</a>.</p><p style="text-align: justify;"><br /></p><p></p>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-5052063230340348434.post-58905982127720638212023-02-13T11:39:00.002+00:002023-02-13T11:39:51.064+00:00UK Regulatory Warns Again On Cryptoasset Promotions<div style="text-align: justify;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiC4DjZznffc7MmIJWzMEsuBrrvgwvwVilklv7EcdH8E53VMtPD9Q6X8w3Og-6GOgINg7POCC_HqW8rc6zUFDJ83fJYiwHOyPtYWvtygdrOq3ooy9OGJtSwWbfCSYeuoW-Y77Jo7-TJbpkWXaUCy3DgvR5AvCfQwUyWVrdNXQsS8c1-yfeukuqPoM-1/s275/virtual%20currencies.jpg" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" data-original-height="183" data-original-width="275" height="133" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiC4DjZznffc7MmIJWzMEsuBrrvgwvwVilklv7EcdH8E53VMtPD9Q6X8w3Og-6GOgINg7POCC_HqW8rc6zUFDJ83fJYiwHOyPtYWvtygdrOq3ooy9OGJtSwWbfCSYeuoW-Y77Jo7-TJbpkWXaUCy3DgvR5AvCfQwUyWVrdNXQsS8c1-yfeukuqPoM-1/w200-h133/virtual%20currencies.jpg" width="200" /></a></div>The FCA has <a href="https://www.fca.org.uk/news/statements/cryptoasset-firms-marketing-uk-consumers-must-get-ready-financial-promotions-regime" target="_blank">explained</a> again that there are currently only three ways to communicate cryptoasset promotions to UK consumers, with a fourth channel pending:</div><div><ol style="text-align: left;"><li style="text-align: justify;">via an FCA/FSMA authorised firm [which does not include an e-money or payment institution for these purposes]. </li><li style="text-align: justify;">via an unauthorised firm but approved by an FCA authorised firm [the govt is proposing a regulatory 'gateway' for authorised firms that wish to approve financial promotions for unauthorised firms]. </li><li style="text-align: justify;">a cryptoasset business registered under money laundering regulation with the FCA (cryptoasset exchange and custodian wallet providers), communicating its own promotions [under a pending exemption].</li><li style="text-align: justify;">the promotion otherwise complies with the terms of an exemption in the Financial Promotion Order.</li></ol></div><div style="text-align: justify;">Even with the new route, promotions not made using one of these channels will constitute a criminal offence punishable by up to 2 years imprisonment.</div><div style="text-align: justify;"><br /></div><div style="text-align: justify;">This post is for information purposes and does not constitute legal advice. <a href="https://www.keystonelaw.com/lawyers/simon-deane-johns" target="_blank">Please let me know</a> if you need legal assistance in this area.</div><div style="text-align: justify;"><br /></div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-5052063230340348434.post-17899160076049383952023-02-01T15:29:00.001+00:002023-02-01T15:29:25.256+00:00UK Marketing Rules For Crypto: Muddy Waters?<p style="text-align: justify;"></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjffF24OvNV-C5HqHhFlGhzqUpl45LRztRxlKs4i0NL7EoFnIYQdqMHZ11DRqVleW9W9cExbtVC8xE350oGAvJKmitiTQUdbxxRoW_eWabwVffvLYR3PCKEGwM-ZC3eLmdbaiulguxWux19Ln1x5KokokuFOFP0ndX5un7EX3SBfuYMMFvXYadPYi4L/s355/muddy%20waters.jpg" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" data-original-height="142" data-original-width="355" height="80" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjffF24OvNV-C5HqHhFlGhzqUpl45LRztRxlKs4i0NL7EoFnIYQdqMHZ11DRqVleW9W9cExbtVC8xE350oGAvJKmitiTQUdbxxRoW_eWabwVffvLYR3PCKEGwM-ZC3eLmdbaiulguxWux19Ln1x5KokokuFOFP0ndX5un7EX3SBfuYMMFvXYadPYi4L/w200-h80/muddy%20waters.jpg" width="200" /></a></div><p style="text-align: justify;">Amid the sound and fury of crashing crypto businesses you could be forgiven for having forgotten that the UK government was 'busy' consulting on <a href="http://sdj-thefineprint.blogspot.com/2022/01/tougher-marketing-rules-for-fintech.html" target="_blank">extending its rules for marketing financial services to cover certain 'cryptoassets'</a>. Those rules are still not published, but <a href="https://www.gov.uk/government/consultations/cryptoasset-promotions" target="_blank">we are told today they are on the way</a>. There will then be a six month transition period before they take effect. But beware a few twists...</p><p></p><p style="text-align: justify;"><b><i>Qualifying cryptoassets</i></b></p><p style="text-align: justify;">This might change, but for now the government has broadened the scope of ‘qualifying cryptoasset’ to mean 'any cryptographically secured digital representation of value or contractual rights which is fungible and transferable'. It will not matter, therefore, whether or not the cryptoasset is based on distributed ledger technology (DLT). That technology-neutral approach is consistent with the <a href="http://sdj-thefineprint.blogspot.com/2022/08/what-is-stablecoin-used-as-means-of.html" target="_blank">proposed regulatory treatment of stablecoins used as a means of payment</a> (or 'digital settlement asset').</p><p style="text-align: justify;">The definition will specifically exclude: </p><p></p><ul style="text-align: left;"><li style="text-align: justify;">investments already 'controlled' under financial promotions rules;</li><li style="text-align: justify;">electronic money under the Electronic Money Regulations 2011;</li><li style="text-align: justify;">central bank (digital) money; and</li><li style="text-align: justify;">cryptoassets that are only transferable to one or more vendors or merchants in payment for goods or services, such as tokens used as travel passes, lunch passes, and supermarket loyalty schemes which happen to be cryptographically secure. </li></ul><p></p><p style="text-align: justify;">The government has decided to retain the requirement for a qualifying cryptoasset to be 'fungible', on the basis that non-fungible tokens (NFTs) may represent non-financial services products, the NFT market is evolving rapidly and "the government does not yet have sufficient information on risks and use-cases". But it might act later. </p><p style="text-align: justify;">'Wrapping' a fungible token inside an NFT is risky because that might not remove its fungibility and involves a case-by-case assessment - <a href="http://sdj-thefineprint.blogspot.com/2022/03/are-nfts-really-non-fungible.html" target="_blank">fungibility is not a feature of the asset itself but the context</a> (in some circumstances they might be treated as interchangeable). </p><p style="text-align: justify;">Whether tokens that might have several uses (‘hybrid tokens’) have at least one use that meets the test of a 'qualifying cryptoasset' (or another controlled investment) will be judged at the time the promotion is issued: </p><blockquote><p style="text-align: justify;">"<i>unregulated cryptoassets such as utility and exchange tokens into the scope of the financial promotions regime (provided they fall within the definition of ‘qualifying cryptoasset’), and security tokens are already captured as controlled investments."</i> </p></blockquote><p>Note that if a token will qualify as a security token <u>at any time in its lifecycle</u> then it must be treated as one from the outset. </p><p style="text-align: justify;"><i><b>Controlled activities </b></i></p><p style="text-align: justify;">A relevant 'financial promotion' is one that induces someone to engage in a 'controlled activity' in relation to a qualifying cryptoasset. For this purpose there will be no new specific "controlled activities" that will apply only to qualifying cryptoassets. So the activities that promotions must relate to are: </p><p></p><ul style="text-align: left;"><li style="text-align: justify;">dealing in securities and contractually based investments </li><li style="text-align: justify;">arranging deals in investments </li><li style="text-align: justify;">managing investments </li><li style="text-align: justify;">advising on investments </li><li style="text-align: justify;">agreeing to carry on specified kinds of activity </li></ul><p></p><p style="text-align: justify;">The government considers the restrictions would not apply to promotions that simply say that a retailer/seller is willing to accept (or offer) qualifying cryptoassets in exchange for goods and services (e.g. a sign at a retail checkout that says ‘we accept crypto’). Since that is not an investment activity of the "controlled" kind listed above, it is simply out of scope entirely and it is unnecessary to specifically exempt it. </p><p style="text-align: justify;"><b><i>Exemptions</i></b></p><p style="text-align: justify;">Whether the usual array of exemptions apply to qualifying cryptoassets and related controlled activities will be consistent with the way that the usual exemptions apply more broadly, so there will be no different approach specifically for cryptoassets.</p><p>This post does not constitute legal advice. If you need any assistance, <a href="https://www.keystonelaw.com/lawyers/simon-deane-johns" target="_blank">please let me know</a>. </p><p></p>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-5052063230340348434.post-91784154982560006902023-01-27T16:58:00.000+00:002023-01-27T16:58:40.008+00:00FCA Consumer Duty Implementation: Are Firms Trying To Wing It?<p style="text-align: justify;"></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJnFw_uM-0i4gq85Q3p7nSxTRjWQ0nU2z4qjVRGIucd80ztOpSnOHx32xeK38MA815Y7wM4T8pAkj7Ec8iFcgdbPNBDDvHOXXG3nlhogXI5yB25IXpoaWuzPC-_Mxv_Z0zOj8imyDlN4fZg4a8C3CN1KR4xPP8VFZYkhiOeTaYM2wsCTACx_PAfzuw/s140/Challenge-sticker.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" data-original-height="138" data-original-width="140" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJnFw_uM-0i4gq85Q3p7nSxTRjWQ0nU2z4qjVRGIucd80ztOpSnOHx32xeK38MA815Y7wM4T8pAkj7Ec8iFcgdbPNBDDvHOXXG3nlhogXI5yB25IXpoaWuzPC-_Mxv_Z0zOj8imyDlN4fZg4a8C3CN1KR4xPP8VFZYkhiOeTaYM2wsCTACx_PAfzuw/s16000/Challenge-sticker.png" /></a></div><div>The UK's Financial Conduct Authority has <a href="https://www.fca.org.uk/publications/multi-firm-reviews/consumer-duty-implementation-plans" target="_blank">conducted a review</a> of firms' progress in implementing <a href="http://sdj-thefineprint.blogspot.com/2022/02/the-new-consumer-duty-for-uk-financial.html" target="_blank">the new Consumer Duty</a> for new or existing products by 31 July 2023 (and for closed products with existing customers by 31 July 2024). Firms had until 31 October 2022 for their board to approve their implementation plan and show that it has scrutinised and challenged the plans to ensure they are deliverable and robust. Since then, the FCA has checked on larger firms with dedicated FCA supervision teams and found that: </div><p></p><p></p><blockquote style="text-align: justify;"><i>"some firms may be further behind in their thinking and planning for the Duty. This brings a risk that they may not be ready in time, or they may struggle to embed the Duty effectively throughout their business."</i></blockquote><p></p><div style="text-align: justify;">Aside from my February blog post here, I summarised the Consumer Duty requirements and key steps for implementation in a <a href="https://www.keystonelaw.com/keynotes/fca-consumer-duty-the-final-rules-and-start-dates-firms-need-to-know-2" target="_blank">Keynote last September</a>. That explains there is another recommended milestone at the end of April and the board must also oversee progress to ensure deadlines are met...</div><div style="text-align: justify;"> </div><div style="text-align: justify;">However, the FCA has published <a href="https://www.fca.org.uk/publications/multi-firm-reviews/consumer-duty-implementation-plans" target="_blank">detailed findings across six aspects of the implementation process</a> which shows where firms may be falling short. Generally, in the remaining six months to the end of July, the FCA wants firms to: </div><p></p><ul style="text-align: left;"><li style="text-align: justify;">ensure they are prioritising efforts where they are likely to be furthest away from the requirements; </li><li style="text-align: justify;">carefully consider the substantive requirements in reviewing products, services, communications, customer journeys and identify/make the changes needed; and </li><li style="text-align: justify;">work on all this with other firms in their distribution chain. </li></ul><div><a href="https://www.keystonelaw.com/lawyers/simon-deane-johns" target="_blank">Please let me know</a> if you need assistance.</div><p></p>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-5052063230340348434.post-84455381683703882082023-01-16T18:53:00.010+00:002023-01-17T09:28:51.330+00:00UK Review of the Payment Services (and E-money) Regulations<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjH0SSA2Qzu4vqc4oUazNAHEo64BXw3kZ7L5w58CVRKYn6n9zWoszuoiW4UOG5igIN-wDoCHAltOeC4l1CrqxQLjASF_ziKN3Aj1xSai_fboIKV5seaaTZfEKG7WyG5ugt2yqmlJ1rqRfQWNXhsIxRrA1MsDuzIDqrRQGm2Ec0JlACYQopCNJB2BUGU/s140/Challenge-sticker.png" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" data-original-height="138" data-original-width="140" height="138" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjH0SSA2Qzu4vqc4oUazNAHEo64BXw3kZ7L5w58CVRKYn6n9zWoszuoiW4UOG5igIN-wDoCHAltOeC4l1CrqxQLjASF_ziKN3Aj1xSai_fboIKV5seaaTZfEKG7WyG5ugt2yqmlJ1rqRfQWNXhsIxRrA1MsDuzIDqrRQGm2Ec0JlACYQopCNJB2BUGU/s1600/Challenge-sticker.png" width="140" /></a></div><p style="text-align: justify;">The Treasury is <a href="https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/1128749/Payment_Services_Regulations_Review_and_Call_for_Evidence.pdf" target="_blank">calling for evidence</a> to assist in its review of the Payment Services Regulations 2017. This also necessarily involves consideration of the Electronic Money Regulations 2011, since e-money institutions are subject to both. Those regulations implemented corresponding EU directives that are also being reviewed (which the Treasury ignores). You have until 7 April 2023 to submit responses to the UK process. <a href="https://www.keystonelaw.com/lawyers/simon-deane-johns" target="_blank">Please let me know</a> if you would like assistance.</p><p></p><p style="text-align: justify;">Of course, 'elephant in the room' is whether the UK regulations should remain harmonised with the EU directives that they implemented, particularly as most UK payment service providers will have EEA aspirations, at least, if not their own regulated firms within the trade bloc. Indeed, the UK review will seem eerily familiar to many, because the European Commission <a href="https://thoughtleadership.leman.ie/post/102hoqu/ec-review-of-psd2" target="_blank">embarked on its own review</a> of the second Payment Services Directive (PSD2) in May 2022; and in July the European Banking Authority <a href="https://thoughtleadership.leman.ie/post/102hsd8/eba-proposes-changes-to-psd2" target="_blank">proposed numerous changes that I summarised for Ogier Leman in Ireland</a>, including the merger of PSD2 and the second E-money Directive (EMD2). I suspect the UK review is timed to coincide with likely changes arising from the EU's review process. The timing might not work perfectly, so the UK might make any changes that seem settled or non-controversial in the EU process, then mop up the rest in due course.</p><p style="text-align: justify;">The UK government believes that its e-money and payment services regulation should address: </p><p style="text-align: justify;"></p><ul><li style="text-align: justify;">'authorised push payment' (APP) fraud; </li><li style="text-align: justify;">whether 'strong customer authentication' requirements are too prescriptive and should be 'outcome-based' including delaying payments where APP fraud is suspected to allow for communication with a potentially affected customer;</li><li style="text-align: justify;">the use of cryptoassets or cryptocurrencies as payment methods.</li></ul><p></p><p style="text-align: justify;">There is no mention of the European Commission or EBA proposals relating to the review of PSD2 and EMD2, let alone consideration of whether those proposals should be addressed in the UK. I guess that is left to the rest of us to consider and submit.</p><p style="text-align: justify;">The UK has already <a href="http://sdj-thefineprint.blogspot.com/2021/11/new-insolvency-rules-for-uk-e-money-and.html" target="_blank">made changes to its insolvency regime</a> to cater for the more orderly and efficient wind-down of payment and e-money institutions, as this was something that the EU directives did not really address (aside from the 'pooling' provisions relating to safeguarded funds). The UK government is also inviting evidence on whether these additional arrangements are adequate (and the EBA has urged greater clarity on wind-down arrangements under the EU directive(s).</p><p style="text-align: justify;">The government persists in its tediously jingoistic claims that the UK somehow pioneered 'Open Banking' through the <a href="https://www.openbanking.org.uk/news/cma-publishes-approved-roadmap-for-the-final-stages-of-open-banking-implementation/" target="_blank">API requirements proposed by the Competition and Markets Authority</a> in 2016 (among other remedies to improve competition for retail banking). However, that happened <a href="https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX%3A52013PC0547" target="_blank"><b><i>three years after</i></b> the specific open banking requirements were proposed in the first version of PSD2</a>. In fact, such 'open data' and <a href="http://sdj-thefineprint.blogspot.com/2011/06/counter-regulation-and-consumer.html" target="_blank">'midata'</a> initiatives were fully developed by 2012 common across Europe and, indeed, <a href="http://sdj-thefineprint.blogspot.com/2012/06/rethinking-personal-data.html" target="_blank">globally within the context of the World Economic Forum</a>, as I posted at the time. It cites unspecified plans to ‘develop’ and ‘progress’ such services through a Joint Regulatory Oversight Committee after the CMA found that its mandated <a href="https://www.gov.uk/government/news/cma-publishes-findings-of-lessons-learned-review-into-open-banking" target="_blank">Open Banking Implementation Entity was improperly managed and lacked corporate governance</a>. </p><p style="text-align: justify;">While omitting a focus on whether banks <a href="https://cointelegraph.com/news/the-uk-s-retail-banks-hate-crypto-and-lawmakers-should-act" target="_blank">unfairly withhold payment accounts</a> from innovative financial services businesses, the consultation also includes highly irregular claims that the government is concerned about whether payment service providers might be terminating customer relationships in reaction to the customers' right wing, 'libertarian' political views. The paper concedes that there is no evidence at all that this is a genuine issue, merely citing <a href="https://hansard.parliament.uk/Commons/2022-11-03/debates/6a317503-9a76-414d-8406-2fabb36c09f6/FinancialServicesAndMarketsBill(TenthSitting)" target="_blank">assertions from a Conservative MP based on speculation by a conservative pundit about why PayPal might have regarded his accounts as suspicious</a>. That such nonsense has found its way into a Treasury consultation paper is deeply worrying. It smacks of the <a href="https://www.theguardian.com/politics/2022/oct/20/mps-condemn-nadine-dorries-for-claims-channel-4-faked-tv-show" target="_blank">false claims about Channel 4's activities by the then Culture Secretary</a>, ironic given the government's <a href="https://www.standard.co.uk/news/uk/nadine-dorries-government-conservative-party-lbc-channel-b1007057.html" target="_blank">decision to boycott and later sell Channel 4</a> in reaction to what it believed was unwarranted scrutiny of its activities by journalists. Just as the government has been forced to row back on the sale of Channel 4, it would seem unwise to politicise payment services regulation...</p><p style="text-align: justify;">Though maybe the drafts-person was fully aware of the irony in referring to the 'Daily Sceptic' and the 'Free Speech Union' in the context of better ways to combat APP fraud. </p><p style="text-align: justify;"><br /></p><p></p>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-5052063230340348434.post-31101900374511485712022-12-13T15:16:00.011+00:002022-12-13T15:19:25.686+00:00Overdue Reform of the UK Consumer Credit Act <div style="text-align: justify;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEivvXOCgvnEzcVA7-UBv1Ob1hABbI8V5viPLCe7q0GM6bvHXEsrzurCdFDDfKgm5InwyUDW-tDlQaTqO1mY8hmrqK8ZP_nmGv-rehNHp5qaUpMBn39EHZVBVL8YM3W17SeBQQT5gQUtX3oF2cGvaLJh-Lllof2I4OsvRjAA34QeIlKbIHYwpQoNs1Wb/s140/Challenge-sticker.png" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" data-original-height="138" data-original-width="140" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEivvXOCgvnEzcVA7-UBv1Ob1hABbI8V5viPLCe7q0GM6bvHXEsrzurCdFDDfKgm5InwyUDW-tDlQaTqO1mY8hmrqK8ZP_nmGv-rehNHp5qaUpMBn39EHZVBVL8YM3W17SeBQQT5gQUtX3oF2cGvaLJh-Lllof2I4OsvRjAA34QeIlKbIHYwpQoNs1Wb/s16000/Challenge-sticker.png" /></a></div>The Treasury is <a href="https://www.gov.uk/government/consultations/reform-of-the-consumer-credit-act-consultation" target="_blank">consulting on a long overdue overhaul of the Consumer Credit Act 1974 (CCA)</a> which covers the UK’s £200bn non-mortgage consumer credit industry, including personal loans, credit cards, hire purchase and pawn-broking. I'm waiting on publication of a longer note summarising the detail, and will post a link to that here. You have until 17 March 2023 to respond. <a href="https://www.keystonelaw.com/lawyers/simon-deane-johns" target="_blank">Let me know</a> if I can help you in understanding the proposals and likely impact. <br /><i><b><br /></b></i></div><div style="text-align: justify;"><i><b>Brexit<br /></b></i><br /></div><div style="text-align: justify;"><a href="http://sdj-thefineprint.blogspot.com/2022/06/the-suspicious-timing-of-uk-government.html" target="_blank">As previously mentioned</a>, the current consultation was actually proposed in June, just prior to the European Commission proposal for a new Consumer Credit Directive (CCD2). Extensive changes were made to the CCA in 2010 to implement CCD1, which had considerable input from the UK. <br /><br /></div><div style="text-align: justify;">Supervision of the CCA transferred from the Office of Fair Trading to the Financial Conduct Authority in 2014 under the Financial Services and Markets Act 2000 (FSMA). This meant adding consumer credit and hire agreements, and related activities, to the FSMA (Regulated Activities) Order 20012 (RAO); and transferring some CCA regulations to the FCA’s rules. The Treasury now wishes to transfer “the majority” of the CCA to FCA rules, which seem likely to align with CCD2. </div><div style="text-align: justify;"><br /></div><div style="text-align: justify;">Some aspects that are specific to Scotland and Northern Ireland will be addressed later in the review process.<br />
<b><i><br /></i></b></div><div style="text-align: justify;"><b><i>Scope and Impact<br /></i></b><br /></div><div style="text-align: justify;">The CCA regulates consumer credit and consumer hire, although the latter has less protection.
<a href="https://www.keystonelaw.com/keynotes/government-expands-proposals-to-regulate-bnpl" target="_blank">The government has already announced plans to regulate many Buy-Now Pay-Later (BNPL) products</a> that are currently unregulated. <br /><br /></div><div style="text-align: justify;">Broadly, the activities of entering into regulated credit and hire agreements require FCA authorisation and specific permission when carried on by way of business, as do the activities of exercising the rights of a lender (or owner, for hire purposes) and various ‘ancillary services’ such as credit broking, debt collection, debt counselling, debt adjusting, debt administration, operating an electronic system in relation to lending (peer to peer lending), credit information services. <br /><br /></div><div style="text-align: justify;">Advertising credit and hire products is also regulated, even for unauthorised firms. <br /><br /></div><div style="text-align: justify;"><a href="https://www.keystonelaw.com/keynotes/fca-consumer-duty-the-final-rules-and-start-dates-firms-need-to-know-2" target="_blank">The FCA’s new Consumer Duty</a> does not apply to unregulated or exempt individuals or products in the same way as the CCA regime, but that new duty changes the context in which the CCA protections operate; and makes authorised firms liable for certain activities of unauthorised firms in the product 'distribution chain'.<br /><br /></div><div style="text-align: justify;">About 6,000 authorised firms have permission to enter into consumer credit or consumer hire agreements; and 36,000 FCA firms have credit permissions (mainly credit broking). <br /><br /></div><div style="text-align: justify;">I will update this post with a link to the more detailed note shortly.</div><p style="text-align: justify;"><br /></p>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-5052063230340348434.post-13635257946590776462022-12-09T11:38:00.000+00:002022-12-09T11:38:04.128+00:00Treasury Tinkers With Payment Account Transparency<p style="text-align: justify;"></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhXNZIUtw6v2k5G_ofH69FNSI-TXFoPiW54RGyGDjk3QQF-OXv_z7CrTRRyyqgH1GxTogOPS-NPFbJgNMWxqyMXld1rElg0vF5RjqHOPiIYtcpWcmc7vJtG2RAGEV9D9f2DYzcE6G6TfHR3MVTV0J3R_x43cnIn_5cFnaZ9YViUQEsMVoJgu3LUe1pg/s140/Challenge-sticker.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" data-original-height="138" data-original-width="140" height="138" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhXNZIUtw6v2k5G_ofH69FNSI-TXFoPiW54RGyGDjk3QQF-OXv_z7CrTRRyyqgH1GxTogOPS-NPFbJgNMWxqyMXld1rElg0vF5RjqHOPiIYtcpWcmc7vJtG2RAGEV9D9f2DYzcE6G6TfHR3MVTV0J3R_x43cnIn_5cFnaZ9YViUQEsMVoJgu3LUe1pg/s1600/Challenge-sticker.png" width="140" /></a></div><div style="text-align: justify;">When the UK government finally acted to improve transparency in retail banking fees and charges, it sparked <a href="https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/477200/PAD_consultation_responses.pdf" target="_blank">a similar effort in Brussels that the UK negotiated to align with its own initiatives</a>. This resulted in the Payment Accounts Directive <a href="http://sdj-thefineprint.blogspot.com/2015/07/more-sunlight-on-payment-accounts.html" target="_blank">which the UK implemented via the Payment Accounts Regulations 2015 (PARs)</a>. Unfortunately (<a href="http://sdj-thefineprint.blogspot.com/2016/03/are-your-payment-accounts-caught-by.html" target="_blank">as the FCA later pointed out</a>) the Treasury 'gold-plated' the implementation, by simply cutting and pasting the Directive. The EU was due to review the Directive in 2019, though that is yet to complete. Meanwhile, the Treasury completed its own review in 2021. Struggling to find any 'Brexit benefits', the Treasury has come up with the wheeze of timing its consultation on how payment account fees are presented to consumers with the <a href="https://www.gov.uk/government/collections/financial-services-the-edinburgh-reforms" target="_blank">political gestures announced by the Chancellor today</a> as some kind of post-Brexit renaissance for Britain's financial services industry, now starved of access to its biggest market. You have until 23 February to have your say on these particular changes [yawns].</div><p></p><div style="text-align: justify;">Among other things required by the PARs, payment service providers must: </div><p></p><ul style="text-align: left;"><li style="text-align: justify;">provide customers with a fee information document that sets out the fees associated with the payment account in a specific form (FID);</li><li style="text-align: justify;">provide each customer with a statements of fees incurred on the payment account in a given period (SoFs) in a specific form; </li><li style="text-align: justify;">inform customers of whether it is possible to purchase a payment account separately, where it's offered as part of a package, and provide the consumer with separate information regarding the costs and fees associated with each of the other products in the package.</li></ul><p></p><div style="text-align: justify;">The Money and Pensions Service (MaPS) is also required to provide consumers with access to a website comparing fees charged by payment service providers (I challenge you to find this!).</div><div style="text-align: justify;"><br /></div><div style="text-align: justify;">The Treasury now wants to know your thoughts on the following questions:</div><p></p><blockquote><p style="text-align: justify;"><b>Question 1</b> Do you consider the requirement for payment service providers to provide consumers with FIDs to have any positive impacts (e.g. supporting transparency and comparability of fee information related to payment accounts)? </p><p style="text-align: justify;"><b>Question 2</b> Do you consider the requirement for payment service providers to provide consumers with FIDs to have any negative impacts (e.g. admin costs or duplication of information already provided)? </p><p style="text-align: justify;"><b>Question 3</b> Do you consider the requirement for payment service providers to provide consumers with SoFs to have any positive impacts (e.g. supporting transparency and comparability of fee information)? </p><p style="text-align: justify;"><b>Question 4</b> Do you consider the requirement for payment service providers to provide consumers with SOFs to have any negative impacts (e.g. administration costs or duplication of information already provided)? </p><p style="text-align: justify;"><b>Question 5</b> Do you consider the presentational requirements (under Schedules 1 and 2 of the PARs) to be necessary? Could consumers be provided with the same or equivalent information by simpler or alternative means? </p><p style="text-align: justify;"><b>Question 6</b> Do you consider the requirements for the FCA to maintain a linked services list, and for payment service providers to provide customers with a glossary of related definitions, to have any positive impacts (towards supporting transparency and comparability of fee information)? </p><p style="text-align: justify;"><b>Question 7</b> Do you consider the requirement for the FCA to maintain a linked services list, and for payment service providers to provide customers with a glossary of related definitions, to have any negative impacts? </p><p style="text-align: justify;"><b>Question 8</b> Do you consider the requirements for the Money and Pensions Service (MaPS) to provide consumers with access to a website comparing fees charges by payment service providers to have any positive impacts towards supporting transparency and comparability of fee information beyond private sector providers? Or could the same objectives be fulfilled without these specific requirements? </p><p style="text-align: justify;"><b>Question 9</b> Where relevant, what are the costs to your organisation of adhering to Part 2 and Schedules 1 and 2 of the PARs? </p><p style="text-align: justify;"><b>Question 10 </b>Can you foresee any potential unintended consequences or negative impacts of removing any requirements under Part 2 and Schedules 1 and 2 of the PARs? </p><p style="text-align: justify;"><b>Question 11</b> Do you have any other views on Part 2 and Schedules 1 and 2 of the PARs that you wish to share?</p></blockquote><p></p>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-5052063230340348434.post-17964979105294088272022-12-05T12:14:00.004+00:002022-12-05T12:22:51.616+00:00FCA To Allow Simpler Advice On 'Mainstream' Investments<p style="text-align: justify;"></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhSGXRxvkziqgsRGTR-fxA57zpL7Unv0V8DvPIWv2TGTFCTJHSxVTJCVtpbPU6N7awagN8gjEuh2gg56CsAbFSIp-cjqoPvLtswojQAznfscRBO6rKreRW7js6QbNzVDx6eBu1i4d6ukcvpzcikyNmzk6DTwX_JKVBEpNgpwk8uRM7HwzgTvGqgPeWM/s140/Challenge-sticker.png" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" data-original-height="138" data-original-width="140" height="138" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhSGXRxvkziqgsRGTR-fxA57zpL7Unv0V8DvPIWv2TGTFCTJHSxVTJCVtpbPU6N7awagN8gjEuh2gg56CsAbFSIp-cjqoPvLtswojQAznfscRBO6rKreRW7js6QbNzVDx6eBu1i4d6ukcvpzcikyNmzk6DTwX_JKVBEpNgpwk8uRM7HwzgTvGqgPeWM/s1600/Challenge-sticker.png" width="140" /></a></div><div style="text-align: justify;">The UK's Financial Conduct Authority is <a href="https://www.fca.org.uk/publication/consultation/cp22-24.pdf" target="_blank">consulting</a> on a new investment advice regime to allow consumers to access simplified advice on investments that qualify for stocks and shares ISAs from April 2024, and reflecting the fact that the new Consumer Duty will apply. </div><p></p><div style="text-align: justify;">The FCA's research revealed that "less wealthy" consumers do not access professional support where they want it to make financial decisions like investing in stocks and shares ISAs. Those who receive advice are those who already hold investment products. Investors are more confident in a personal recommendation and value human interaction in the advice process. If offered a free consultation, only 6% of adults would choose a robo-adviser, whereas 51% would choose to meet face-to-face with an adviser (Mintel, 2021).</div><p style="text-align: justify;">The FCA plans to:</p><p></p><ul style="text-align: left;"><li style="text-align: justify;">Cut the existing qualification requirements to reflect the
lower risk of the narrower scope of advice (the necessary technical and
regulatory understanding to advise on mainstream investments and where clients have straightforward needs). </li></ul><ul style="text-align: left;"><li style="text-align: justify;">Reframe the suitability requirements to reflect the narrower scope and less complexity of the advice relevant to the more limited decision consumers will be making, with new guidance on minimum information expected for the 'fact find' to reduce time and liability consequences for firms not doing a more fulsome inquiry.</li></ul><ul style="text-align: left;"><li style="text-align: justify;">Limit the range of investments advisers can recommend to a set of mainstream investments and excluding any recommendations to invest in
high‑risk investments. </li></ul><ul style="text-align: left;"><li style="text-align: justify;">Allowing consumers to pay for
transactional advice in instalments.</li></ul><p></p><p style="text-align: justify;">You have until 28 February 2023 to respond to the FCA's consultation.</p><p><br /></p>Unknownnoreply@blogger.com0