The United Kingdom Data Protection and Digital Information Bill to be introduced to House of Commons and Government publishes proposed AI regulation for consultation

July 19, 2022 |

By   ministerial statement made by Minister for Media, Data and Digital Infrastructure, Matt Warman, on 18 July 2022,  the Government announced that it will introduce the Data Protection and Digital Information Bill to the House of Commons.  The Government has also published proposed AI regulation for consultation. 

The proposed Data Protection and Digital Information Bill will mark a departure from the EU GDPR.  The Government states that countries are not required to have the same rules in order to be granted adequacy and they will be compatible with maintaining free flow of personal data from the European Economic Area. How much of a departure will become apparent when the Bill is introduced.

The statement provides:

Today, the Government is introducing the Data Protection and Digital Information Bill in the House of Commons. The Bill is being introduced after the Government published its response to the Data: A New Direction consultation on 17th June 2022.

We now have the opportunity to seize the benefits of Brexit and transform the UK’s independent data laws. We have designed these new updates to our data protection framework so it works in our interests, protects our citizens, and unburdens our businesses..

Through this Bill we will realise the opportunities of responsible data use whilst maintaining the UK’s high data protection standards. The EU does not require countries to have the same rules to grant adequacy, so it is our belief that these reforms are compatible with maintaining a free flow of personal data from the European Economic Area.

Our Bill will improve people’s lives in many different ways. Firstly, we are increasing fines for nuisance calls and texts that break the rules. Telecoms network providers will also be required to notify the ICO when they have reasonable grounds for believing that unsolicited direct marketing is occurring on their networks.

Reforms to the Privacy and Electronic Communications Regulations will also remove the need for cookie banner pop ups for low risk activities, such as audience measurement, so it’s easier for businesses to use information to improve their services. The Bill will also pave the way for the removal of irritating banners for other types of cookies when browser-based or similar solutions are sufficiently developed.

The Bill will bring some everyday physical processes into the 21st century. It will be easier and more secure to use digital identities, which give people more choice and greater security when they want to prove things about themselves online or via apps instead of with physical documents. We will improve government data sharing to improve public services for businesses, and the Bill will also update the way births and deaths are registered by clerks, moving from a paper based system to an electronic register used by officials.

Our reforms to data protection laws will mean that UK scientists are no longer needlessly impeded by overcautious, unclear rules on how they can use people’s personal data. We will simplify the legal requirements around research, which will provide scientists the clarity and confidence they need to get on with life enhancing and life saving research.

We are reducing the burdens on businesses that have held the UK back from the benefits of greater personal data use before now. By focussing on outcomes not box-ticking, we will unburden businesses from prescriptive requirements and empower them to protect personal data in the most proportionate and appropriate way. Our changes could create around £1 billion in business savings over ten years.

The Bill will sustain and scale the UK’s approach to supporting international data flows by capitalising on its independent status to strike partnerships with some of the world’s fastest growing economies. Reforms will ensure that the mechanisms to transfer personal data internationally are secure and flexible to help British businesses grow.

The structure and objectives of the Information Commissioner’s Office (ICO) will be modernised so that it remains an internationally renowned regulator, including increased investigatory powers to help it keep pace with changing practices. New strategic objectives will have an emphasis on economic growth and innovation, while ensuring the ICO continues to produce high-quality codes of practice, and has the flexibility to allocate its resources appropriately. The ICO will remain operationally independent while enabling the public and parliament to more effectively hold it to account through key performance indicators.

Reforms will also confirm that elected representatives may process general personal data where necessary for the purposes of democratic engagement activities. The intent is to allow MPs, councillors and political parties to undertake the democratic engagement activities they have done for decades (such as opinion surveys of local residents, and targeted letters to constituents), without the unnecessary complexity and confusion of the EU’s GDPR. This builds on measures in the Data Protection Act 2018 which received broad cross-party support at the time.

The Bill will improve the efficiency of data protection for law enforcement and national security partners – encouraging better use of personal data where appropriate to help protect the public. Our proposed reforms create greater consistency between general, law enforcement and national security data processing. They will provide agencies with clarity on their obligations, boosting the confidence of the public on how their data is being used. These changes are vitally important for the work of our law enforcement and national security agencies who process personal data in the public interest, to prevent crime and safeguard national security.

New information standards for IT products and services supplied to the health and adult social care sector will ensure these are interoperable to make it easier for staff to access the information they need to help their patients.

The powers included in the Bill allow Government departments to establish sector based Smart Data schemes with supporting regulation, to ensure consumer and business protection. This is the secure and consented sharing of customer data with authorised third-party providers. These approved providers then use this data to deliver innovative services for the consumer or business, such as automatic bank account switching. This saves time, money and effort for customers who can more easily find and choose better-suited deals.

The Government has highlighted the following reforms in the Bill that will be introduced.

  • increasing fines for nuisance calls and texts;
  • notification to the ICO by telecommunication network providers;
  • removing the need for cookie banner pop-ups for low risk activities such as audience measurement;
  • facilitating use of digital identities; and
  • new structure and objectives of the Information Commissioner’s Office (‘ICO’).

The Government is also taking tentative steps toward the complicated task of AI regulation with the Department for Digital, Culture, Media & Sport (‘DCMS’) announcing, also on 18 July 2022, that it had presented to Parliament, a policy paper entitled ‘Establishing a pro-innovation approach to regulating AI: Policy Statement’.  The paper outlines the UK Government’s approach to regulating AI.

The press release relevantly provides:


New plans for regulating the use of artificial intelligence (AI) will be published today to help develop consistent rules to promote innovation in this groundbreaking technology and protect the public.

It comes as the Data Protection and Digital Information Bill is introduced to Parliament which will transform the UK’s data laws to boost innovation in technologies such as AI. The Bill will seize the benefits of Brexit to keep a high standard of protection for people’s privacy and personal data while delivering around £1 billion in savings for businesses.

Artificial Intelligence refers to machines which learn from data how to perform tasks normally performed by humans. For example, AI helps identify patterns in financial transactions that could indicate fraud and clinicians diagnose illnesses based on chest images.

The new AI paper published today outlines the government’s approach to regulating the technology in the UK, with proposed rules addressing future risks and opportunities so businesses are clear how they can develop and use AI systems and consumers are confident they are safe and robust.

The approach is based on six core principles that regulators must apply, with flexibility to implement these in ways that best meet the use of AI in their sectors.

The proposals focus on supporting growth and avoiding unnecessary barriers being placed on businesses. This could see businesses sharing information about how they test their AI’s reliability as well as following guidance set by UK regulators to ensure AI is safe and avoids unfair bias.

Digital Minister Damian Collins said:

We want to make sure the UK has the right rules to empower businesses and protect people as AI and the use of data keeps changing the ways we live and work.

It is vital that our rules offer clarity to businesses, confidence to investors and boost public trust. Our flexible approach will help us shape the future of AI and cement our global position as a science and tech superpower.

The UK is already home to a thriving AI sector, leading Europe and third in the world for levels of private investment after domestic firms attracted $4.65 billion last year. AI technologies have unlocked benefits across the economy and the country – from tracking tumours in Glasgow and improving animal welfare on dairy farms in Belfast to speeding up property purchases in England. Research this year predicted more than 1.3 million UK businesses will be using artificial intelligence and investing over £200 billion in the technology by 2040.

The extent to which existing laws apply to AI can be hard for organisations and smaller businesses to navigate. Overlaps, inconsistencies and gaps in the current approaches by regulators can also confuse the rules, making it harder for organisations and the public to have confidence where AI is used.

If rules around AI in the UK fail to keep up with fast moving technology, innovation could be stifled and it will become harder for regulators to protect the public.

Instead of giving responsibility for AI governance to a central regulatory body, as the EU is doing through its AI Act, the government’s proposals will allow different regulators to take a tailored approach to the use of AI in a range of settings. This better reflects the growing use of AI in a range of sectors.

This approach will create proportionate and adaptable regulation so that  AI continues to be rapidly adopted in the UK to boost productivity and growth. The core principles require developers and users to:

    • Ensure that AI is used safely
    • Ensure that AI is technically secure and functions as designed
    • Make sure that AI is appropriately transparent and explainable
    • Consider fairness
    • Identify a legal person to be responsible for AI
    • Clarify routes to redress or contestability

Regulators – such as Ofcom, the Competition and Markets Authority, the Information Commissioner’s Office, the Financial Conduct Authority and the Medicine and Healthcare Products Regulatory Agency – will be asked to interpret and implement the principles.

They will be encouraged to consider lighter touch options which could include guidance and voluntary measures or creating sandboxes – such as a trial environment where businesses can check the safety and reliability of AI tech before introducing it to market.

Industry experts, academics and civil society organisations focusing on this technology can share their views on putting this approach into practice through a call for evidence launching today.

Responses will be considered alongside further development of the framework in the forthcoming AI White Paper which will explore how to put the principles into practice.

The government will consider ways to encourage coordination between regulators as well as looking at their capabilities to ensure that they are equipped to deliver a world leading AI regulatory framework.

Professor Dame Wendy Hall, Acting Chair of the AI Council, said:

We welcome these important early steps to establish a clear and coherent approach to regulating AI. This is critical to driving responsible innovation and supporting our AI ecosystem to thrive. The AI Council looks forward to working with government on the next steps to develop the White Paper.

The government is today also publishing the first AI Action Plan to show how it is delivering against the National AI Strategy and identifying new priorities for the year ahead.

The government has invested more than £2.3 billion in AI since 2014. Since publishing the National AI Strategy last year, the government has announced new investment in the long term needs of the sector, including funding for up to 2,000 new AI and data science scholarships, and opened up new visa routes so the industry has the skills and talent to continue to thrive.

As part of the strategy, the AI Standard Hub was unveiled at the start of the year. The Hub will provide users across industry, academia and regulators with practical tools and educational materials to effectively use and shape AI technical standards.  The interactive hub platform, led by the Alan Turing Institute with the support of the British Standards Institution and National Physical Laboratory, will launch in Autumn 2022.

The policy paper entitled ‘Establishing a pro-innovation approach to regulating AI: Policy Statement’ and the National AI Strategy Action Plan outlines the Government’s approach to regulating AI.  The policypaper highlights the challenges of regulating AI with issues of lack of clarity, inconsistency, and inaduacy of the current legislation and regulation which has not contemplated AI technology. The paper recommends cross-sectoral principles such as a requirement that AI is used safely, that it is technically secure and that it is transparent and explainable with considerations of fairness incorporated. Of interest to lawyers is the cross-sectoral principles which defines legal persons’ responsibility for AI governance and options for redress and contestability.

Interestingly AI governance will be undertaken by multiple regulators.  This differs from the EU’s proposed model in its AI Act. The rationale is that AI is used in a range of sectors so regulation will be calibrated to different levels of risk.

The aim of the proposed AI framework is that will be:

  • context-specific;
  • pro-innovation and risk-based ;
  • coherent ; and
  • proportionate and adaptable .

The consultation will be open until 26 September 2022. 


Leave a Reply

Verified by MonsterInsights