The Data Protection and Digital Information (No. 2) Bill was first introduced to Parliament by the UK Government on March 8, 2023. Following consultation and progress through Parliament, the UK Government unveiled a raft of changes to the proposal in November 2023, renaming the legislation the Data Protection and Digital Information Bill (the Bill), all of which it deemed 'commonsense.' In its 'Changes to data protection laws to unlock post-Brexit opportunity' press release of the same date, the UK Government indicated that the changes would 'safeguard the public, prevent fraud, and unlock Brexit opportunities' creating an 'innovative data protection regime' that will 'allow the country to realize new post-Brexit freedoms which are expected to deliver new economic opportunities…of at least £4 billion.' This is all part of the UK's ambition to be a business-friendly jurisdiction for technology innovation. 

The Bill is expected to become law this spring. In a prior piece, we scrutinized the impact of some of the Government's pro-business ambitions for the prior version of the Bill. Below, Natalie Farmer, Director and Foreign Legal Consultant at Fieldfisher (Silicon Valley) LLP, examines a number of the latest changes and whether they can deliver the innovation and opportunities promoted by the UK Government's press release. It is worth keeping in mind that changes to the UK data protection regime that result in a watering down of protections for the individual may cause the UK to lose its adequacy status, restricting the free flow of data between the EU and the UK. Such a result is unlikely to translate to 'economic opportunities' for UK businesses trading with the bloc. 

In this Insight article, Sarah Cameron and Krish Khanna, from Pinsent Masons LLP, delve into the intricacies of global artificial intelligence (AI) regulation, examining diverse national approaches and their implications for businesses, standards, and international collaboration.

In this Insight article, Emily Jones and Vishal Patel, from Simmons & Simmons LLP, highlight the key proposals affecting providers of Part 3 Services, arising from the Office of Communications (Ofcom) proposals included within its Illegal Harms Consultation (IHC) published on November 9, 2023, on elements of the UK's Online Safety Act (OSA). 

It was obvious from the start that the internet would transform how individuals interacted. What perhaps wasn't taken into account at the time (understandably given those early online interfaces) was how important design would become to the online experience – both for positive and for harmful reasons. The online user experience and digital environments available in 2023 are light years away from the early years of the internet from the mid-1990s. As the design methods became more sophisticated, companies realized they could produce websites that wooed customers to spend more money (and time) on their platforms. Likewise, there are business benefits for targeted advertising or building insights where website interfaces are designed to encourage users to provide their personal data.   

It has taken some time for European law to establish requirements around good design in digital markets. It wasn't until the application of the General Data Protection Regulation (GDPR) from May 2018 that there has been a legal requirement to build online interfaces in a way that promotes data protection by Design and Default (Article 25) – itself a concept that reflects pioneering work from regulators in Canada. Alongside this data protection by design requirement, failing to design online interfaces properly can impact wider data protection principles such as fairness and transparency. It is much harder to argue that the use of personal data is fair when its collection is carried out in a way that is opaque to individuals. Victoria Hordern, from Taylor Wessing LLP, discusses what this joint paper covers on harmful design and contemplates whether we will see further enforcement in this area. 

On October 2, 2023, the Information Commissioner's Office (ICO) announced that its draft Data Protection Fining Guidance (Guidance) is open for consultation. In this Insight article, Luke Dixon and Josh Day, from leading national law firm Freeths LLP, provide an overview of the key features of the Guidance and what this means for organizations.