Introduction and Overview

The year 2022 is one of major changes to consumer protection laws in Germany and the EU, namely:

  • Changes in connection with digital products and corresponding new provisions for the sale of consumer goods took effect on 1 January 2022 (see our earlier Reed Smith Client Alert Part I).
  • New consumer protection rules regarding automatic renewal and notice periods took effect in March 2022.
  • Requirements regarding termination buttons will come into force on 1 July 2022 (see our earlier Reed Smith Client Alert Part II).


Continue Reading New rules to strengthen and better enforce consumer rights in Germany and the EU

The European Court of Justice (ECJ) ruled on 6 October 2021 in Top System SA v. Belgian State (Case C‑13/20) EU:C:2021:811 that, under article 5(1) of the Software Directive (Council Directive 91/250/EEC) (the Directive), lawful purchasers of software are permitted to decompile programs (in whole or in part) in order to correct errors affecting the

The European Commission is considering amending the existing rules for the financial sector regarding digital operational resilience, with a view to unifying and strengthening the legal framework in this area.

The proposed change to legislation would amend the existing Network and Information Security (NIS) Directive and create a new regulation on digital operational resilience, known

In this episode, Sarah Bruno and LiLing Poh discuss recent trends as organizations invest more in technology through the acquisition of new platforms or programs, or by working with a vendor to bring a product to market. Exploring a case study involving a global pharmaceutical company on the rollout of a health-related digital app,

At the end of 2019, the UK Prudential Regulation Authority (PRA) released its consultation paper (link here) setting out its proposals on a regulatory framework to modernise outsourcing and third-party risk management. The original deadline for responding to the proposals was 3 April 2020, but this has now been extended to 1 October 2020, which was announced as part of the Bank of England’s and the PRA’s measures to respond to the economic shock caused by COVID-19.

Background

In response to the growing dependency on third-party technology solutions (e.g. cloud outsourcing), the PRA wants to highlight the new risks associated with such an increasingly complex and constantly evolving area. As firms find themselves increasingly dependent on such services, any major disruption or outage could result in adverse consequences for financial stability. The consultation seeks to modernise the PRA’s expectations and sets out how firms should comply with existing requirements on such risks.

Continue Reading PRA extends deadline for responses to consultation on outsourcing and third-party risk management

On 12 June 2020, Enterprise Singapore and the Singapore Standards Council launched Technical Reference 76: the first-ever guidelines to set out a national standard for e-commerce transactions. The standard is aimed at boosting the digitalisation of SMEs, as well as the burgeoning e-commerce sector in Singapore.

Technical Reference 76 serves as a practical reference for e-retailers and online marketplaces. The guidelines cover a wide range of functions, from the pre-purchase activities of browsing and selection, to purchasing and payment processes, as well as post-purchase fulfilment, delivery, product tracking, returns, refunds and exchanges. They provide best practices for businesses looking to develop and implement the necessary operational procedures, customer support, merchant verification controls, as well as processes to ensure that consumer-facing communications are clear and enable customers to make informed choices.

Continue Reading Singapore launches national e-commerce standard

All businesses are concerned with whether their revenue and custom will continue during a crisis.

When their services (more importantly those involving technology) depend on the use of third party suppliers, businesses should also think about their own ability to deliver.

Questions that business managers will be agonising over during a crisis include:

Will our

On 4 November 2019, Singapore’s Parliament published a draft amendment to the Banking Act.

Under the amendment, all banks will be required to evaluate the ability of their service providers (whether these be a branch or office, or an external party) to:

(a) safeguard the confidentiality and integrity, and ensure the availability, of the banks’ information; and

(b) protect all customer information against unauthorised disclosure, retention, or use.

Where the service provider is a branch or office of the bank, specific provisions covering the above must be included in the branch or office’s policies and procedures.

Where the service provider is an external party, however, then the relevant provisions must be included in the contract between the bank and the provider.

Such policies and procedures, or contract, as the case may be, must also confer on the bank, the regulator (the Monetary Authority of Singapore or MAS), or an auditor appointed by the bank, the right to audit the books of the service provider to ensure that the above requirements have been complied with.

Continue Reading New requirements for Singapore banks to include provisions in service contracts on protection of customer data

An international cybersecurity advisory panel formed by the Monetary Authority of Singapore (MAS) has recommended that all financial institutions in Singapore ensure that data stored on the public cloud is kept secure, and that they perform cybersecurity risk assessments on their third-party providers.

These proposals were raised at the panel’s second annual meeting, after its members had met with representatives from the Standing Committee on Cyber Security from the Association of Banks in Singapore, Life Insurance Association Singapore and General Insurance Association of Singapore.

The panel also noted that there had been an increase in use by financial institutions of application programming interfaces (APIs) to build software and applications. As use of such APIs could pose a greater risk of cyber threats, the panel suggested specific ways in which the institutions should combat such risk; for instance:

  • conducting “red-teaming” cyberattack simulations
  • securing network connections with any third party providers
  • monitoring for any suspicious cyber activity.


Continue Reading Monetary Authority of Singapore panel urges financial institutions to adopt cybersecurity measures

Earlier this month, the UK Department of Health and Social Care published an initial Code of Conduct for data-driven health and care technology. The code builds on the Department for Digital, Culture, Media and Sport’s Data Ethics Framework.

The code encourages the United Kingdom’s health and care system to form partnerships with suppliers of data-driven technologies, in order to deliver improved health care and position the United Kingdom as a “great place to do business on technology”.

Four key group stakeholders are identified by the code: patients and citizens, health and care professionals, commissioners, and innovators. The code aims to meet the “most important need” for each of these groups, which consist of those experiencing improved care, those delivering better care, those providing services that better meet users’ needs, and those working to make the United Kingdom become a centre for innovation.

Continue Reading UK Code of Conduct for data-driven health and care technology