Labour’s plans for data protection, cyber security and AI

July 2024

What we know so far about the Government’s agenda

Of the forty or so Bills announced in the Government’s first King’s Speech, some are specifically relevant for those working in the data protection, digital information and data security space. In a significant move, the Government has specifically appointed a Minister of State for Data Protection and Telecomms.

At this stage, the full scope of the Government’s plans is not known. However, the background briefing notes to the King’s Speech give us a little insight into what these Bills may cover.

Digital Information and Smart Data Bill (DISD)

Ready for a new acronym? The DISD Bill appears to resurrect some of the provisions in previous Government’s Data Protection and Digital Information Bill (DPDI) which was abandoned when the snap election was called. But those hoping for significant reform of UK GDPR and less onerous data protection obligations may be disappointed. It looks like the Government will take a different approach, focusing on enabling data sharing with the aim of facilitating economic growth.

The background briefing paper says the Bill “will enable new innovative uses of data to be safely developed and deployed and will improve people’s lives by making public services work better by reforming data sharing and standards; help scientists and researchers make more life enhancing discoveries by improving our data laws; and ensure your data is well protected by giving the regulator (the ICO) new, stronger powers and a more modern structure”. The Bill looks likely to focus on:

Digital identity verification (aka digital ID cards) aimed at enabling people to use digital identities to ease processes such as moving house, buying age-restricted products and pre-employment checks.

‘Smart data’ measures designed to facilitate the ability to share personal data across platforms and with third parties. This is likely to expand on the success of Open Banking which allows customers to easily share their account information with third parties to facilitate payments.

ICO reform to introduce a national Information Commission and move away from having all powers and functions resting with one Commissioner. A move supported by John Edwards, the current Information Commissioner.

■  Consent provisions for scientific research to enable scientists to ask for broad consent for legitimate scientific research.

It will be interesting to see whether industry lobbying can influence the shape of this Bill. The Data & Marketing Association (DMA) is advocating for twelve reforms which it says will make a difference to businesses and charities. These include greater certainty around the use of the Legitimate Interests lawful bases, reducing bureaucracy for small businesses, reducing the consent requirements for non-intrusive cookies and extending the use of the email soft opt-in for non-commercial organisations. Read more in the DMA statement  techUKuJ has also published an open letter to the Government on the need for data protection legislation to be modernised.

Cyber Security and Resilience Bill

The ‘Cyber Bill’ aims to introduce measures to strengthen the UK’s cyber defences. It’s likely to give regulators more powers to push organisations to bolster their cyber defence measures and we could see some form of mandatory cyber incident reporting. It’s likely this this Bill will expand on the existing Network and Information Systems Regulations 2018 and introduce rules which apply beyond essential services to include digital services and supply chains. In the EU, we’ve already seen NIS Regulations updated to NIS2, so this could be mirrored in the UK.

AI Approach

There was no official announcement of an AI Bill, in fact there was surprisingly little reference to AI in the speech itself, other than to state the Government will “seek to establish the appropriate legislation to place requirements on those working to develop the most powerful artificial intelligence models”. It was widely predicted there would be an AI Bill announced in the King’s Speech and that we’d see a Labour Government wanting to more closely align with the EU’s approach. The EU AI Act comes into force this year, but it’s now clear a comprehensive approach to regulating AI does not seem to be on the cards in the UK, at least not for the time being.

Meet the Ministerial Team

The Government has announced the following ministerial team:

□ Peter Kyle MP, Secretary of State for Science, Innovation and Technology
□ Lord Patrick Vallance KCB, Minister of State for Science, Research and Innovation
□ Sir Chris Bryant MP, Minister of State for Data Protection and Telecomms
□ Feryal Clark MP, Parliamentary Under-Secretary of State for AI and Digital Government
□ Baroness Jones, Parliamentary Under-Secretary of State for the Future Digital Economy and Digital Safety.

It’s noteworthy the Government has created a Minister of State for Data Protection and Telecomms, a move which may signal a greater emphasis on data protection matters and people’s privacy rights? Chris Bryant will have responsibility for digital infrastructure and telecomms, Building Digital UK, data protection, the ICO, digital inclusion, space sector growth and the UK Space Agency.