Data policy and regulation

Latest developments

Data (and not just personal data) continues to become and increasingly disruptive force across global markets, and the UK is no exception – unlocking the true value of the data economy remains one of the UK government’s key priorities. As part of this disruption, we’ve seen a huge surge in big data, biometrics, digital platforms and most prominently with the use of data in AI technology and its unparalleled impact across the ecosystem. *Source GlobalData

However, as the use of data to power these disruptive technologies has increased, so has the attention of regulators, policy makers and law makers. As the legislative process scrambles to keep up with the legal challenges posed by these new technologies, we have seen regulators in the interim attempt to use existing legislation to enforce against these companies (to greater and lesser extents of success). New legal frameworks are now beginning to emerge across the globe, with the Data Protection and Digital Information Bill forming the first elements of the UK’s strategy in this space.

Summary

Although the focus on data in the EU has been coined Europe’s “Digital Decade”, it is important to understand that similar motivation, attention and policies can be seen across UK regulators.

For instance, we have seen EU and UK data protection regulators take steps to address personal data practices in an attempt to police data practices more widely. In the UK we have seen this with the ICO’s policies and statements on AI in particular, but also more broadly at a regulatory level with the recent Data Protection and Digital Information Bill.

Notably, where the EU regulators are actively legislating for various data concerns, such as with the Data Act or AI Act, the UK is currently taking the approach of using existing legal frameworks to police these activities instead of developing specific new regulations. However, despite this variation in approach, it is widely anticipated that the UK will ultimately take a fundamentally similar position in its policy and enforcement attitude.

How could it be relevant for you?

Companies hold a vast amount of data, much of which can be used to analyse trends, strengthen margins and create opportunities. By understanding the data they hold and the regulatory frameworks (both legislative and enforcement-based), companies can ensure that they develop strategic and manageable data policies at the outset, minimise administrative burdens by streamlining processes, and intelligently use data to compliantly maximise competitive opportunities within the evolving regulatory landscape.

Next steps

Given the broader regulatory landscape in Europe combined with the focus of the UK government and regulators, UK companies are advised to anticipate increased regulatory activity, including guidance and enforcement, with additional frameworks to follow in the near future. As such, as an initial steps, companies need to understand the volumes and nature of data they hold, how each type of data is regulated (and how this evolves over time), and how the resultant compliance obligations interconnect in order to streamline processes and maximise commercial opportunities.

In practical terms this means that you as a legal function need work with your data team or those with knowledge of the data you hold. You need to work to audit your data stack to understand each type of data, how this data is communicated, siloed, stored and otherwise used by the business. In partnership with this team, you can work to understand if you are using this data optimally, map the intended future uses of this data and explore which further opportunities can be identified. This will then allow the company to develop a comprehensive data strategy that can evolve over time as the regulatory landscape shifts. 

*Information is accurate up to 27 November 2023

*Source GlobalData