Database

UK's National Cyber Security Centre has warned the public institutions in the UK against using the Russia anti-virus software Kapersky on grounds of national security. This is following concern about Kaspersky Lab's connections with Russian security services. Britain's NCSC hasn't issued a blanket warning to the public against using Kaspersky software, although it has warned the Government not to use it in networks that hold official secrets. It has been reported that members of the UK Parliament have suggested this warning be extended to the private sector as well.

Following an agreement between the UK Government and Huawei, the Cyber Security Evaluation Centre (HCSEC) has been established in 2010 with the aim to test whether the use of Huawei equipment would pose cyber security threats. The centre is managed by Huawei, but it collaborates with GCHQ (the security and intelligence agency of the Government) and telecom operators.

There have been users complaints that mobile operators in the United Kingdom restrict the access to VoIP services and peer-to-peer file sharing networks.

The European Court of Justice has interpreted in 2014 that Internet Service Providers (ISPs) may be ordered by national courts to block customer access to a copyright-infringing website. This ruling aims to limit online piracy.

United Kingdom courts have been ordered ISPs to block Newbiz and other websites offering peer-to-peer or live streaming services. The blocking of these websites is an injuction against Copyright infrigement based on section 97A of the Copyright, Designs and Patents Act 1998.

The Directive 2000/31/EC (E-Commerce Directive) is the legal basis governing the liability of Internet Services Providers (ISPs) in the EU Member States and includes a conditional safe harbor. The Directive covers any type of infringement of third-party rights, including intellectual and industrial property rights and personality rights.

The limitations on liability in the Directive apply to clearly delimited activities (mere conduit, caching and hosting) carried out by internet intermediaries, rather than to categories of service providers or types of information. While it was not considered necessary to cover hyperlinks and search engines in the Directive, the Commission has encouraged Member States to further develop legal security for Internet intermediaries.

Since not all Member States have transposed the relevant articles consistently, the national case law is divergent and leads to legal insecurity on an EU level.

The E-Commerce Regulations implement the E-Commerce Directive into the UK law in an almost mirrored manner with one potentially noteworthy difference in the language. While the Directive uses the expression “should not be liable” (in relation to intermediaries), the Regulations expand this phrase into protection from liability “for damages or for any other pecuniary remedy or for any criminal sanction”. As a result, various forms of injunctive relief are excluded from the implemented provision.

Passed in November 2016, the Investigatory Powers Act requires ISPs and some other communications providers to inform the government in advance of any new services. The law allows the government to issue a technical capacity notice which can include a requirement to make technical changes to software and systems. One of the itemized list of options to be considered is the removal of “electronic protection” on encrypted communications.
This requirement essentially means that UK authorities are allowed to install backdoors into the networks of ISPs, which would allow them to access any data at their discretion.

In November 2015, the Secretary of State for the Home Department presented the 'Draft Investigatory Powers Bill' to the Parliament. Clause 71 of the Bill requires web and phone companies to store records of websites visited by every citizen for 12 months for access by police, security services and other public bodies. The Investigatory Powers Act received Royal Assent in November 2016.

According to the Companies Act 2006, "if accounting records are kept at a place outside the United Kingdom, accounts and returns (...) must be sent to, and kept at, a place in the United Kingdom, and must at all times be open to such inspection".

In the United Kingdom, there are no legal prohibitions on exporting NHS patient data outside the country. However, the NHS and associated institutions are bound by strong legal, ethical and regulatory obligations of confidentiality. The location outside the UK of the data recipient is considered a risk factor by the NHS information governance rules and therefore might result in localisation of data.

There are restrictions on foreign employees related to: occupations eligible for migrant visas; higher immigration fees; a reduction in number of non-EU work visas; an introduction of minimum salaries for settlement permits to foreign workers; and targeted migration policy for Bulgarians and Romanians.

For contract service suppliers (CSS) and independent service suppliers (ISS), there is a limitation of stay of six months in any 12 months, or the time given on certification plus 14 days.

In the European Union, there is no general principle for the use of copyright protected material comparable to the fair use/fair dealing principle in the US. Directive 2001/29/EC defines an optional, but exhaustive set of limitations from the author´s exclusive rights under the control of the “three-step test”. This is a clause in the Berne Convention that establishes three cumulative conditions to the limitations and exceptions of a copyright holder’s rights. The Directive has been transposed by Member States with significant freedom.

In the UK, there is a list of exceptions. Certain exceptions only apply if the use of the work is a ‘fair dealing’. Factors that have been identified by the courts as relevant in determining whether a particular dealing of a work is fair include: whether the use of a work affects the market for the original work and whether the amount of the work taken is reasonable and appropriate.

The Enterprise Act provides for the regulatory control of mergers. It includes provision for the Secretary of State for Trade and Industry to require an investigation into public interest concerns that she/he considers may be raised by a merger.

Where such an investigation subsequently finds that the merger operates against the stated public interest consideration, the Secretary of State may take any of the remedial measures specified in Schedule 7 to the Act. Such measures might include blocking the merger altogether or allowing it to proceed subject to certain conditions. To date, there are no cases of mergers of companies in the information and communications technology sector having been blocked on public interest grounds.

According to the Enterprise Act, foreign investments in the form of acquisitions may be blocked on public interest grounds. However, to date, there are no cases of investments in the information and communications technology sector having been blocked on these grounds.

All government bodies must comply with Open Standards Principles for software interoperability data and document formats in government IT and they must apply for an exemption if they do not comply with these requirements.

Furthermore, the Government has mandated a preference for using open source software for future developments and has issued a manual that lays out the standards that must be used for all new digital public services developed across the British central governmental administration.

The manual mandates to “use open source software in preference to proprietary or closed source alternatives, in particular for operating systems, networking software, web servers, databases and programming languages.” Proprietary products must only be used in “rare” circumstances.