UK Trends and Developments Contributed by: Janine Regan and Victor Mound, Charles Russell Speechlys
Charles Russell Speechlys 5 Fleet Place London EC4M 7RD United Kingdom Tel: +44 020 7203 5000 Email: www.charlesrussellspeechlys.com/en/get-in-touch Web: www.charlesrussellspeechlys.com/en/
The UK’s data protection law and regulatory pri - orities continue to evolve, reflecting its position outside the EU, advancements in technology and the rise of AI. This article explores regula - tory priorities in the UK and how technology is impacting on those priorities. It also examines how and why the UK is changing its data pro - tection laws. Regulatory Enforcement and Collaboration The Information Commissioner’s Office’s (ICO) approach to enforcement continues to receive significant scrutiny. Critics, such as the Open Rights Group, argue that the ICO is not fulfill - ing its role effectively, citing a lack of significant action against major tech companies and a slow pace in handling complaints. The ICO has con - tinued its policy of not issuing monetary penal - ties against public bodies (except in the most serious cases), and during 2024 most fines that were issued concerned spam messages and calls where the maximum fines available remain at GBP500,000. However, in August 2024, the ICO published a provisional decision to impose a GBP6 million fine, which drew significant attention. This was against a software provider following a ransom - ware attack that disrupted NHS and social care
services. As the ICO has generally prioritised enforcement against data controllers, rather than data processors, this case demonstrates that processors are not at all immune from regulatory scrutiny and that they will also be held account - able if they do not comply with the UK General Data Protection Regulation (GDPR). In March 2024, the ICO published its updated Data Protection Fining Guidance. It provides a detailed framework that will be applied when the ICO is determining levels of fines. It also exam - ines certain technical aspects, such as inter - preting the concept of “undertaking”, which is a term referred to in the penalty regime of the UK GDPR. The guidance has generally been wel - comed as providing transparency for organisa - tions, and is particularly helpful for organisations in better understanding risk exposure. The ICO continues to work closely with other regulators as part of the Digital Regulation Cooperation Forum (DRCF, which comprises the ICO, the Competition and Markets Authority (CMA), Ofcom (the communications regulator in the UK, responsible for regulating the TV, radio, telecommunications and postal industries) and the Financial Conduct Authority).
515 CHAMBERS.COM
Powered by FlippingBook