Commercial law bytes - March 2021

31 March 2021

Welcome to the latest edition of Bytes, your easy-to-read summary of the latest developments in commercial and digital law.

In this edition, we discuss the Digital Services Act's effect on the ad industry, key legal tech trends for 2021, a recent case on contract claims in IT agreements and more. 

Access the latest developments below.


Targeting the ad industry: will the Digital Services Act spell the end for targeted advertising?

In February, the European Data Protection Supervisor (EDPS) published two opinions on the Commission’s proposals for the Digital Services Act and Digital Markets Act. Roisín Cregan looks at the EDPS’s recommendations regarding digital advertising, including the phasing out of certain types of targeted advertising, which may be concerning to the industry. Read more

CMA continues its focus on digital markets with a call for evidence on the use of algorithms

Eleni Papadopoulos looks at the Competition & Market Authority’s (CMA) paper on the impact of algorithms on competition in digital markets. The paper requests that market participants, academics and industry experts provide evidence and examples of industry practices that may give rise to competition or consumer concerns. The paper also looks at specific issues with particular firms that the CMA could review and consider for future enforcement action. Read more

Ofcom updates NIS guidance

As the designated competent authority for the digital infrastructure subsector in the UK, Ofcom is tasked with providing statutory guidance to operators of essential services (OES) in respect of their security duties under the Network and Infrastructure Systems Regulations 2018 (NIS Regulations). On 5 February 2021, Ofcom published its latest statutory guidance to OES.

The guidance (updated following the government’s review of the NIS Regulations in 2020) sets out the minimum steps and requirements which OES in the digital infrastructure subsector must take in order to meet their relevant obligations. While covering a number of issues, the main highlights of the updated guidance include: (i) how organisations will be designated as OES in the digital infrastructure subsector, and the notification requirements of such designation to Ofcom; (ii) the reporting of security incidents to Ofcom; and (iii) the updated penalty regime and appeals process. Read more

What does Brexit mean for my EU trade marks?

Following the UK’s withdrawal from the EU, registered EU trade marks will remain in place, but will no longer grant holders rights in the UK. However, owners of existing EU trade marks will automatically be granted an identical UK trade mark which will give owners the same rights as those under existing UK registrations. In addition, owners of pending EU trade mark applications will have nine months from the Exit Day to file an equivalent UK trade mark application, and benefit from the same filing date and priority date as the original EU trade mark application. Martha Campbell sets out some initial observations in this article. Read more.

What will be the Legal Tech Trends of 2021? (and what will definitely not!) – (This article was published by the Legal Tech Institute on

Mark Lewis contributes to a discussion on legal tech trends in 2021. Read more.

Case law updates

Soriano v Forensic News LLC and Other

Sekou Taylor gives an overview of the Soriano v Forensic News case and what this means for the interpretation of the territorial scope of the GDPR. Read more

CIS General Insurance v IBM United Kingdom

The recent decision in CIS v IBM, is a timely reminder of the importance of paying careful attention to the drafting of exclusions of liability in IT agreements, especially where a party hopes to be able to recover reliance losses for breach of contract. Anne Todd reminds purchasers of the importance of understanding the different categories of losses which may be incurred if the contract is not performed and the extent to which the supplier’s exclusion clause may apply to those losses. Read more. 

Our thoughts on other news

European Commission publishes draft adequacy decisions for personal data transfers to the UK

The European Commission has started the process leading to the adoption of two adequacy decisions in respect of transfers of personal data from the EU to the UK. The draft decisions relate to separate pieces of legislation: the GDPR and the Law Enforcement Directive. Seeing these decisions through to full form adequacy decisions will be welcomed by companies and organisations in the UK and their trading partners. Read more

UK Gambling Commission launches new rules for the design on online slot games

The Gambling Commission has announced new rules targeting the design of online slot games by amending the Remote gambling and software technical standards (RTS). The new rules will come into effect on 31 October 2021. Read more

UK Information Commissioner provides view on the application and regulation of international data transfers as they apply to certain UK-based companies with US regulatory obligations

Some welcome guidance from the ICO on the circumstances where UK companies can rely on derogations for transfers of personal data to the US when requested to provide information to the SEC. Read more