The U.K. government formed a novel approach to governing digital regulation with the July 2020 launch of the Digital Regulation Cooperation Forum. The initiative comprised four of the country's major digital regulators: The Competition and Markets Authority, Information Commissioner's Office, Office of Communications and Financial Conduct Authority.
The aim was and continues to be the establishment of robust cooperation among the regulators in an increasingly complex digital landscape.
Kate Jones, the DRCF's CEO, told privacy and digital responsibility professionals attending the IAPP Data Protection Intensive: UK 2025 that this year marks an inflection point. With tech companies working toward artificial general intelligence and the digital space increasing becoming more complex, government and private-sector governance "may have a lasting impact ... for generations to come."
"My key question for you all, as the privacy community, is this: How are you using the brilliant skills and expertise you have today, to prepare and implement frameworks ready for this transition?" She asked.
For Jones, "privacy has never been more important," as AI and the ability to track individuals grows more robust by the day. But at the same time, she noted the governments around the world, including the U.K., are "looking to data, technology and AI to drive innovation and growth." Data can now be used to improve medicine, create efficiency in the workplace and beyond.
"As the governance community," Jones said, "our role is not to try to prevent the harnessing of data, and not to be a brake on innovation, but to ensure that it's done in responsible ways." That means the goal for the governance community should be about protecting privacy while enabling innovation.
Achieving that objective will take three "essential" governance developments, according to Jones. They include "a new focus on data; the ending of siloed governance; and harnessing regulation to embrace innovation."
Big business — whether a bank or supermarket — are morphing into "data management companies" in this new economy. That change raises the stakes and additional duties for privacy professionals, who will be required to "think creatively about how we can enable business use of data while protecting individual people's privacy in ways that are meaningful and aren't intrusive," Jones opined.
Removing the siloes around digital governance is another imperative, whether in regulation or in private practice. "New technologies often engage multiple regulatory remits at the same time," Jones said. AI governance often "engages privacy and data protection, equality and human rights, online safety, consumer protection, competition" and more.
As an example, Jones cited children's online safety and privacy, noting that Ofcom is working to implement the Online Safety Act, which involves the Children's Code and age assurance guidance. Simultaneously, the ICO aims to ensure that children's personal data is protected and used responsibly. Jones said those intersections will only increase in the near future.
The DRCF's work is removing the digital divides among regulators, but U.K. businesses should be following a similar cross-disciplinary path. Jones outlined the DRCF's "unique perspective" and its "lens on the impact of multiple regulatory remits on the digital and AI landscape."
"Harnessing that birdseye perspective, I see you, the privacy community, as vital to the responsible implementation of AI," she said. "The AI governance picture sometimes looks messy: There are lots of building blocks. You — the privacy experts — should be the mortar that holds all those bricks together, creating a smooth, weight-bearing wall of shared responsibility for digital and AI governance; one that's strong enough for your board to rely on."
Professionals overseeing the foundations of AI governance also have the opportunity to enable innovation. "As we work, as regulators, to become more agile," Jones said. "We are looking for a more evaluative approach from you in industry, too."
Jones added industry professionals can become "strategy enablers" to "promote innovative approaches" that will help organizations "meet ongoing requirements of privacy and safety by design." She also emphasized practitioners "should be closer to board-level decision-making than ever before, finding ways to enable innovations and mitigate risks."
"In my view, this is the significant contribution you can make at this AI inflection point of 2025," Jones said.
You can read Jones' full speech here.
Jedidiah Bracy is the editorial director for the IAPP.
