IPO’s consultation on domestic enforcement of the EU Portability Regulation and other portability requirements
On 1 April 2018, European Regulation 2017/1128 on cross-border portability of online content services in the internal market (the ‘Regulation’) came into force in all EU member states. This has made it easier for subscribers based in the UK to access their online content services (such as Netflix and HBO) when they are temporarily located in another member state. A useful FAQ sheet provided by the European Commission can be found here.
In January 2018, the Intellectual Property Office (IPO) consulted service providers, subscribers and rightholders on proposed enforcement mechanisms for the Regulation and topics for guidance. It also asked for views on portability in the context of the UK’s exit from the EU. The response to this consultation was published on 15 March 2018.
What happens after the UK leaves the EU?
All respondents stated that in the absence of a reciprocal agreement between the UK and the EU, it would not be possible to provide portable services once the UK leaves the EU. This will leave consumers dissatisfied if the portability service ceases to operate so soon after its implementation. The Government agreed, although it stopped short of promising reciprocal agreements, saying merely that it will amend UK legislation to reflect the UK-EU relationship.
How will the Regulation be enforced?
The Government identified six means of enforcing the various aspects of the Regulation:
- No new criminal sanctions will be introduced, since the government believes that civil sanctions are the most appropriate enforcement mechanism. Contractual provisions that are contrary to the Regulations will be unenforceable e.g. where service providers implement an additional charge to provide portable services.
- Private remedies are appropriate when the action is of personal interest rather than public e.g. a service provider fails to provide portable content or reduces the quality of the service offered.
- The Information Commissioner’s office will enforce the data protection provisions of the Regulation.
- Content online may be protected by IP rights e.g. if effective verification of a subscriber’s member state of residence isn’t carried out, an infringement of copyright may have occurred and a rightholder could bring an infringement action against the online service provider.
- Unfair or misleading trading practices may constitute criminal offences under the Consumer Protection from Unfair Trading Regulations e.g. where an online service provider gives misleading information regarding the price, quality or availability of a service.
- Further enforcement is required where acts or omissions are not fair or misleading but would have a detrimental effect on consumers. The Enterprise Act 2002 allows for state civil enforcement of the Regulation. Enforcers include the Competition and Markets Authority, Ofcom and local authorities. They may seek undertakings or orders prohibiting infringements.
There were no objections to the means of legal enforcement and enforcement bodies identified above. Although a few of the respondents said the Government’s proposed enforcement mechanisms should be proportionate given the implications of UK exit. The Government agreed that any enforcement mechanisms should be put in place with a light touch, and as a result chose to make Article 9.2 of the EU Regulation (the requirement for service providers to verify their subscribers' member states of residence by 21 May 2018) an actionable breach by a subscriber, rather than enforceable under the Enterprise Act 2002.
One respondent suggested that infringement under the Copyright, Designs and Patents Act 1988 could be applied more widely; for example, there is no specific obligation for service providers to inform right holders of portability of content, and this could be addressed by copyright law. The Government acknowledged and agreed with this.
The Government deemed the five-year review provision as sufficient to allow effective assessment of the enforcement mechanisms.
Respondents wished to see further guidance from the Government on:
- Enforceability of contract terms under Article 7
- The verification process of a subscriber’s Member State of residence under Article 5
- Clarification of the definitions and scope of “temporarily present”, “learning mobility”, “service provider”, “subscriber”.
The IPO has said the government is intent on publishing guidance on what the new rules mean for businesses in the coming months.
Update 9 May 2018
It is important to note that this legislation is part of the EU's wider digital single market initiatives. Data portability is also included in the GDPR under Article 20. The Article 29 Working Party has recently published guidance on the right to portability which requires close review by data controllers and processors. Click here to read the guidance.
The right to portability in GDPR is obviously designed to prevent lock in) to services. It is not clear the extent to which the Article 29 Working Party has taken technical guidance on how the right will in fact work for suppliers of technology services - but careful technical analysis will be required.
The right gives data subjects the right to post personal data from a service or "where technically feasible" from one controller to another (for example two cloud providers offering a software as a service such as CRM or social networking). The GDPR is silent as to the cost of effecting the transfer.
This article was written by Haneen Khan. For more information, contact Haneen on +44 (0)20 7438 2112 or at email@example.com.