![Digital concept of data flow](https://www.nortonrosefulbright.com/-/media/images/nrf/hero/digital-concept-flow-lights.jpg?w=265&revision=2bcb14f7-5897-4d72-b329-f54ecf1859a8&revision=5250201361707387904&hash=1DBB7BD88F7D40EFEAB403B51B115D8F)
Publication
Generative AI: A global guide to key IP considerations
Artificial intelligence (AI) raises many intellectual property (IP) issues.
United Kingdom | Publication | September 2023
There is significant interest among investment funds in investing in the roll-out and take up of fibre-to-the-home (FTTH) networks in the UK which, along with incentives from the UK government, has resulted in a boom of regional and national fibre network providers and internet service providers (ISPs), with now over 150 broadband providers in the market, according to USwitch.
Growth in the sector is in large part due to a demand for higher broadband speeds arising from a shift towards remote working and customers’ media usage, as well as a conscious push from the UK government (which has included grant funding in the form of the Building Digital UK voucher scheme).
While investment has slowed recently due to lower than anticipated uptake in customer connections, higher costs of capital and concerns regarding over-build, we are nonetheless seeing a number of new equity and debt financings, as well as a likely uptick in consolidations in the market.
Here we set out the key regulatory and data protection considerations that investors in this sector should bear in mind when investing in the UK fibre space and that should be borne in mind in the context of consolidations in the space, in the following parts:
While a full overview of data protection requirements is outside the scope of this publication, the data protection implications should be given consideration to the extent that the assets involve the use (“processing”) of any form of any form of “personal data”, which is defined widely as any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier.
This will include IP addresses, post codes, etc. and so is relevant to ISPs (particularly those providing retail business-to-consumer - B2C - broadband connections). Where personal data is processed, the data protection regime will apply.
The data protection regime applies to controllers (organisations that determine the purpose and means of processing of personal data) and processors (organisations which act on behalf of controllers and process personal data in accordance with their instructions).
Key requirements include the following:
Data protection implications can be particularly significant where there is a requirement to access (or a risk of unauthorised access to) the data transmitted by individuals across the internet or telephone.
Fines under the data protection regime can be as high as £17.5m or 4% of the total annual worldwide turnover in the preceding financial year, whichever is higher.
It is therefore important that due diligence is conducted into the target company’s data protection compliance to understand the risks and potential liabilities (and what actions may be required to address non-compliance).
The relevant provisions of PECR apply specifically to organisations that provide a public electronic communications network or service. Under PECR, public electronic communications service providers (including telecoms providers) are expected to put in place measures to protect data against accidental or unlawful destruction, accidental loss or alteration.
Telecoms providers should be prepared to comply with the expectations of both Ofcom under the TSA, and the ICO in respect of PECR should they suffer a security incident or personal data breach.
Public electronic communications service providers are required to notify a personal data breach to the ICO within 24 hours of becoming aware of the breach (note that this is a shorter timescale than that applicable under the UK GDPR outlined above).
The ICO may take into account any failure to report on time when considering any wider enforcement action.
Fines under PECR are capped at £500,000, but it should be noted that, where there is a breach under PECR, there is often a breach under the data protection regime as well, which can give rise to exposure to the higher fines mentioned above.
Publication
Artificial intelligence (AI) raises many intellectual property (IP) issues.
Publication
The UK remains a world leader in offshore wind, accounting for roughly 20 percent of global offshore wind capacity, with 11.3 GW operational. It is forecast that installed capacity will rise to 19.5 GW by mid 2020s.
Publication
The Energy Performance of Buildings Directive (the Recast EPBD) entered into force on 28 May 2024. The Recast EPBD repeals the Energy Performance of Buildings Directive 2010 (the Repealed EPBD). The Repealed EPBD will remain as transposed in the laws of England and Wales, and the Recast EPDB will only be transposed into the national legislation of EU Member States. The overarching aims of the revisions set out in the Recast EPBD reflect the common themes of European climate legislation to speed up the transition to renewables and rapidly reduce energy consumption. We set out below a summary of the key provisions under the Recast EPBD, when the provisions take effect and a comparison with the Repealed EPBD.
Subscribe and stay up to date with the latest legal news, information and events . . .
© Norton Rose Fulbright LLP 2023