UK Trends and Developments Contributed by: Janine Regan and Victor Mound, Charles Russell Speechlys
In April 2024, the DRCF published a Workplan (see here ) setting out its planned activities for 2024/2025. The Workplan centres around ten projects: • DRCF and digital hub; • AI; • online safety and data protection; • digital assets; • illegal online financial promotions; • promoting competition and data protection; • sharing the latest developments on cross- cutting digital issues; • horizon scanning and emerging technology; • supervising technologies; and • skills and capabilities. The Workplan provides a good indicator of where regulators are focusing their attention, and the areas in which they are trying to support busi - nesses. As discussed in more detail below, the dominant theme in this Workplan (which spans a number of projects) is AI, and especially how regulators can work together to promote respon - sible AI. The Data (Use and Access) Bill The Data (Use and Access) Bill (the “DUA Bill”) is the new government’s version of the former government’s Data Protection and Digital Infor - mation Bill (the “DPDI Bill”), which lapsed prior to the last general election. The DUA Bill introduces several amendments to existing data protec - tion laws, with the intention of making the legal framework more user-friendly and accessible for both individuals and businesses. Details of some of the notable changes can be found here , but a key theme is that the DUA Bill aims to facilitate data sharing, rather than prevent it. For example, the DUA Bill builds on the approach to open banking and creates a
framework that aims to ease information shar- ing between business and regulated/authorised third parties in key sectors such as utilities, transportation and real estate. The DUA Bill also removes some of the more controversial aspects of the DPDI Bill. Importantly, the DUA Bill does not depart sig - nificantly from the UK’s existing data protection regime. Therefore, organisations will only be required to make minor changes to their existing documentation and processes. However, organi - sations may need to reconsider their complaints procedure given the new requirement for peo - ple to complain directly to organisations before escalating to the ICO. Continued alignment with the EU GDPR also reduces the risk of the UK los - ing its European adequacy status, which was of concern to some commentators when the DPDI Bill was being debated. Consent or Pay Regulators and courts in the UK and EU spent 2024 considering the lawfulness of consent or pay business models (more commonly known as Pay or Okay). The ICO published its guidance on consent or pay models in January 2025. In its guidance, the ICO provided details about how the power balance between a service pro - vider and a user as well as the availability of equivalent alternatives impact on whether con - sent is freely given. Factors which impact the power balance include whether the consent or pay model is targeted at vulnerable groups of people, the impact of a model on existing users of a product or services or whether the business has a dominant position under competition law. Following the ICO and CMA’s co-operation in 2024 in relation to cookie, compliance, specific reference was made to the CMA’s framework to assess market power.
516 CHAMBERS.COM
Powered by FlippingBook