UK GDPR Reform Is Back! Department of Science, Innovation and Technology Introduces New Data Protection and Digital Information Bill
On 8 March 2023, the newly created Department of Science, Innovation and Technology (“DSIT”) introduced the Data Protection and Digital Information (No. 2) Bill. The “Bill” is in substance a re-introduction of the previous Data Protection and Digital Information Bill which was withdrawn from Parliament on the same day as the new Bill was published. The Bill, which has been hailed by the UK Government as one that will “save billions” and “cut down pointless paperwork” is the UK’s latest attempt to create a more streamlined piece of data protection legislation for the UK whilst still “ensur[ing] data adequacy.” The Information Commissioner’s Office (“ICO”) also welcomed the re-introduction of the Bill, with the Commissioner stating that he would “support [the Bill’s] ambition.” While much of the Bill remains the same as its previous iteration, we set out the key provisions and notable amendments below.
UK’s New Pro-innovation Approach to Regulating Digital Technologies
On 15 March 2023, the UK Government published, alongside its Spring Budget, a report on the Pro-innovation Regulation of Technologies Review (the “Report”). The Report was led by the government’s Chief Scientific Advisor and National Technology Officer, Sir Patrick Vallance, who was tasked with “bringing together the best minds to advise how the UK can better regulate emerging technologies, enabling their rapid and safe introduction.” In response, the UK Government has accepted all of the Report’s recommendations, and set out some next steps for their implementation.
ICO Publishes Draft New Guidance on PETs
On 7 September 2022, the Information Commissioner’s Office (“ICO”) published draft guidance (“Guidance”) on privacy-enhancing technologies (“PETs”). It is hoped that the Guidance will help organizations have the confidence to utilize PETs to develop innovative applications without compromising on privacy concerns, or trust. The Guidance is divided into two sections: (i) how can PETs help with data protection compliance; and (ii) what are PETs. We consider the key learning points from the Guidance below. (more…)
Reflecting on the UK Inaugural DaTA Conference: Top Five Trends to Watch as Global Regulators Step up Enforcement in Digital Markets
Last week, the UK Competition and Markets Authority (CMA) hosted its inaugural Data, Technology, and Analytics (DaTA) Conference.
The CMA DaTa Conference has been hailed as a milestone as it convened for the first time regulators, data scientists, engineers, tech companies, and academics to discuss evolving challenges in digital markets. The conference coincided with London Tech Week, during which Chris Philp, UK Minister for Tech and the Digital Economy, unveiled a new UK Digital Strategy: the UK government’s vision for regulating digital markets, involving a monitoring framework and outcomes-focused regulation. The government has opened a public consultation, and stakeholders have until September 5, 2022, to offer their views on the proposed approach.
Against this background, here is our selection of the top five trends that stood out over the course of the CMA DaTa Conference. (more…)
UK Consults on Algorithmic Processing
Algorithms touch upon multiple aspects of digital life, and their use potentially falls within several separate – though converging – regulatory systems. More than ever, a ‘joined up’ approach is required to assess them, and the UK’s main regulators are working together to try to formulate a coherent policy, setting an interesting example that could be a template for global approaches to digital regulation. (more…)
National AI Strategy: The UK Government Publishes Its Artificial Intelligence Strategy for the Next Decade
On 22 September 2021, the UK Government (the “Government”) published its Artificial Intelligence (“AI”) strategy. The paper outlines the Government’s plan to make Britain a “global superpower” in the AI arena, and sets out an agenda to build the most “pro-innovation regulatory environment in the world”. This post highlights some of the key elements from the UK AI strategy. Significantly, the UK’s proposed approach may diverge in some respects from the EU’s GDPR. For example, the UK strategy includes consideration of whether to drop Article 22’s restrictions on automated decision-making, and whether to maintain the UK’s current sectoral approach to AI regulation. The UK will publish a White Paper on regulating AI in early 2022, which will provide a basis for further consultation and discussion with interested or affected groups before draft legislation is formally presented to the UK Parliament. (more…)
Digital Health in the UK: MHRA Bold New (Regulatory) World?
In his statement to the House of Lords on September 16, Lord Frost announced that “we will use the provisions of the Medicines and Medical Devices Act 2021 to overhaul our clinical trial frameworks, based on outdated EU legislation, giving a major boost to the UK’s world-class R&D sector and getting patients access to new lifesaving medicines more quickly. The MHRA which is a world class regulator as we know, is already reforming the medical devices regulations to create a world-leading regime in this area.” This provided a timely back-drop to the MHRA’s new publications on medical device software, and part of a broader agenda for regulatory change in the UK.
UK Government Publishes UK Approach to International Transfers, Including Data Adequacy
On August 26, 2021, the UK Government’s Department for Digital, Culture, Media and Sport (DCMS) published its mission statement setting out the UK approach to adequacy assessments and international data transfers, alongside a Manual Template and Manual Guidance for undertaking adequacy assessments and an infographic map illustrating ten priority countries forming part of that process. This release forms part of a broader package of measures announced by DCMS to “seize the opportunities of data to boost growth, trade and improve its public services” following the UK’s exit from the EU, which included an announcement that John Edwards (the current New Zealand Privacy Commissioner) is the Government’s preferred nominee to be the next UK Information Commissioner. (more…)
UK ICO Opens Consultation on Data Transfer Agreements and Guidance
On 11 August 2021, the UK Information Commissioner’s Office (ICO) launched a public consultation on its draft international data transfer agreement and guidance (Consultation). The Consultation comes two months after the European Commission’s adoption of new EU Standard Contractual Clauses (EU SCCs) and the European Data Protection Board’s publication of the final Schrems II guidance. The EU SCCs do not automatically apply in the UK since its exit from the EU. Moreover, the ICO has not yet formally acknowledged the EU SCCs, i.e., as a valid data transfer mechanism under the UK GDPR.