The U.K. government Monday introduced a pair of post-Brexit data reform initiatives aimed at guiding responsible use of data while promoting innovation in the economy, according to two government releases.
In the House of Commons, the government released the Data Protection and Digital Information Bill. In a separate statement, Minister for Media, Data and Digital Infrastructure Matt Warman said the data protection reform bill will help "transform the UK's independent data laws."
In parallel with the new legislation, the government is also unveiling a set of proposals to regulate the use of artificial intelligence. "The Bill will seize the benefits of Brexit to keep a high standard of protection for people's privacy and personal data while delivering around (1 billion pounds) in savings for businesses," the U.K. Department for Digital, Culture, Media & Sport press release stated.
Data protection reform
The U.K. last month issued a final response to its data consultation after public comment last year. With proposed reforms to the U.K.'s data protection laws, the future of its adequacy deal with the EU has been top of mind.
Warman, however, addressed that in comments released today. "The EU does not require countries to have the same rules to grant adequacy," he said, "so it is our belief that these reforms are compatible with maintaining a free flow of personal data from the European Economic Area." He said the bill will allow the U.K. to "strike partnerships with some of the world's fastest growing economies" and "ensure that the mechanisms to transfer personal data internationally are secure and flexible to help British businesses grow."
The 192-page bill is broken up into six parts: data protection; digital verification services; customer data and business data; other provisions about digital information; regulation and oversight; and final provisions.
Warman detailed some of the high-level reforms in the proposal, which, he said, will lead to "around 1 billion (pounds) in business savings over ten years." The bill would increase fines for non-compliant nuisance calls and texts and require telecommunications providers to notify the U.K. Information Commissioner's Office if there are unsolicited communications taking place on their networks.
The reform would also ease requirements for cookie banner popups, notably those for "low risk activities, such as audience measurement," and "pave the way for the removal of irritating banners for other types of cookies when browser-based or similar solutions are sufficiently developed," Warman said.
Digital identity reform is also included in the proposal, which would "give people more choice and greater security when they want to prove things about themselves online of via apps instead of with physical documents."
The bill would also relax some of the rules around the use of personal data in scientific research. Warman said, "We will simplify the legal requirements around research, which will provide scientists the clarity and confidence they need to get on with life enhancing and life saving research."
Reform of the ICO has been a concern among privacy advocacy organizations, such as the Open Rights Group, which, last month, warned the moves could alter the independence of the regulator, potentially exposing it to "political direction."
In his statement Monday, Warman said the reform would modernize the ICO "so that it remains an internationally renowned regulator, including increased investigatory powers to help it keep pace with changing practices," adding, "The ICO will remain operationally independent while enabling the public and parliament to more effectively hold it to account through key performance indicators."
The bill would address the use of data by politicians and elected representatives and, separately, the sharing of data with law enforcement and national security agencies. "They will provide agencies with clarity on their obligations, boosting the confidence of the public on how their data is being used," Warman said.
Though the proposed data protection bill includes a section on automated decision-making, the U.K. government is proposing a second set of rules and regulations for AI and machine learning. Part of its national strategy on AI, the new AI proposals are meant to live alongside the data protection bill and involve regulators like Ofcom and the Competition and Markets Authority.
Included with the release is a new AI paper, which "outlines the government's approach to regulating the technology in the UK, with proposed rules addressing future risks and opportunities so businesses are clear how they can develop and use AI systems and consumers are confident they are safe and robust," the DCMS press release states.
Digital Minister Damian Collins said, "It is vital that our rules offer clarity to businesses, confidence to investors and boost public trust. Our flexible approach will help us shape the future of AI and cement our global position as a science and tech superpower."
Monday's AI proposal features six core principles: ensure AI is used safely, that it's technically secure as designed, transparent and explainable, considers fairness, identifies "a legal person to be responsible for AI," and clarifies avenues for redress.
Several regulators — including Ofcom, the CMA, the ICO, the Financial Conduct Authority, and the Medicine and Healthcare Products Regulatory Authority — would interpret and implement the principles, according to the statement. The regulators "will be encouraged to consider lighter touch options," including regulatory sandboxes and guidance.
For interested stakeholders, the U.K. government has opened a call for evidence (more information can be found under the "Next Steps" portion of the policy paper). Stakeholders can send views to firstname.lastname@example.org. The 10-week call for evidence runs until Sept. 26.
Separately, the Alan Turing Institute published an independent report, citing the "need for greater coordination between regulators to meet the challenge of regulating the use of AI."
If you want to comment on this post, you need to login.