ARTICLE
2 August 2024

New Government, New Developments In Digital Law

FH
Finnegan, Henderson, Farabow, Garrett & Dunner, LLP

Contributor

Finnegan, Henderson, Farabow, Garrett & Dunner, LLP is a law firm dedicated to advancing ideas, discoveries, and innovations that drive businesses around the world. From offices in the United States, Europe, and Asia, Finnegan works with leading innovators to protect, advocate, and leverage their most important intellectual property (IP) assets.
The new UK Labour government, in the King's Speech on 17 July 2024, outlined legislative plans for the digital sector, including the Digital Information and Smart Data Bill, Cyber Security and Resilience Bill, and potential future AI regulation.
United Kingdom Technology

In July 2024, the UK elected a new Labour government. With this new government comes new proposals for legislation, outlined in the King's Speech on 17 July 2024, which opened the first session of the new parliament since the general election. Below, we outline the key legislative plans in the digital sector.

The Digital Information and Smart Data Bill

The UK data economy represents an estimated 6.9 per cent of the country's GDP. In recent years, data-enabled UK service exports accounted for 85 per cent of total service exports and were estimated to be worth £259 billion. Given the enormous impact of data on the economy, it is no surprise that the UK's new government has set out proposals for a new Digital Information and Smart Data Bill.

The UK Government proposes to give statutory footing to three uses of data, including through establishing:

  1. Digital Verification Services: We can expect measures that support the development and adoption of digital identity products and services from certified providers. The stated purpose of developing such digital verification services is to save time and money in day-to-day processes, as well as to minimize data leakages. Whilst the economic benefits of secure digital identities being in widespread use around the UK are estimated to be around £600 million per year, in practice there are risks associated with such data repositories. In particular, we can expect the heightened risk of cyberattacks targeting any repository of government-issued digital identities.
  2. Smart Data Schemes: The government is looking to allow the secure sharing of a customer's data with authorised third-party providers ("ATPs") in order to enhance the customer data with broader, contextual 'business' data. This proposal is similar to, but goes further than, the right to portability Article 20 of the GDPR, which allows individuals to obtain and reuse their personal data for their own purposes across different services. This is intended to allow customers to make more informed choices and provides businesses with a toolkit to facilitate innovation. By empowering consumers to share their data with sectors, the government anticipates that we will see economic growth in markets where customer engagement is low, or where businesses hold more information and data than the customer.
  3. A National Underground Asset Register: This is a new digital map that gives planners and excavators standardised, secure, instant access to the data they need, when they need it, to carry out their work effectively and safely in relation to how they install, maintain, operate, and repair the pipes and cables underground.

More generally, the government is looking to confer a more modern regulatory structure onto the Information Commissioner's Office ("ICO") by appointing a CEO, board, and chair. The ICO will also be given stronger powers, accompanied by targeted reforms to data laws, where there is currently a lack of clarity impeding the safe development and deployment of some new technologies. At present, which data laws will be targeted by the reforms remains to be seen.

The Cyber Security and Resilience Bill

The total cost of cyberattacks to the UK is estimated to be at least £27 billion annually, and key institutions, including the NHS, have recently been targeted by cybercriminals. Government bodies are of course not the only victims of cyberattacks, as half of UK businesses have reported cyber breaches over the last year alone.

There are currently twelve regulators responsible for implementing the UK's cyber security regulations which cover the transport, energy, drinking water, health, and digital infrastructure sectors, as well as some digital services such as online marketplaces, online search engines, and cloud computing services. The Cyber Security and Resilience Bill aims to update the current regulatory framework by:

  1. Expanding the remit of the regulation to protect more digital services and supply chains.
  2. Enhancing regulators' ability to ensure essential cyber safety measures are being implemented. This would include potential cost-recovery mechanisms to provide resources to regulators and providing powers to proactively investigate potential vulnerabilities.
  3. Mandating increased incident reporting to give government better data on cyberattacks, including where a company has been held to ransom.

Artificial Intelligence?

The Labour government has not proposed any specific legislation to address artificial intelligence, only noting that they "will harness the power of artificial intelligence as we look to strengthen safety frameworks."

In a separate statement however, the UK government announced that it has commissioned an "Action Plan" to identify how AI can drive economic growth and deliver better outcomes for people across the country. The action plan started on 26 July 2024, with the aim of delivering a set of recommendations in September and will engage key figures across industry and civil society to help in its development. It is therefore anticipated that recommendations for AI legislation will follow in due course.

Next steps

It is anticipated that we will begin to see draft legislation as well as further details on the proposed legislation over the next year. While the King's Speech includes setting out legislative plans for the parliament, the government has flexibility to later introduce bills that were not included in the speech.

In particular, we anticipate the UK will eventually introduce AI regulation — whether the government will be adopting the comprehensive regulatory route taken by the EU or whether it will continue the light touch approach taken by the legacy Conservative government remains to be seen.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More