In the Queen’s Speech on 10 May 2022, the UK Government set out its legislative programme for the months ahead. This includes: reforms to UK data protection laws (no details yet); confirmation that the government will strengthen cybersecurity obligations for connected products and make it easier for telecoms providers to improve the UK’s digital infrastructure; and new rules to enable the use of self-driving cars on public roads. In addition, the government confirmed its plans to move forward with the Online Safety Bill. As part of the government’s broader agenda to “level up” the UK and provide a post-Brexit economic dividend, many of the legislative initiatives referenced in the Queen’s Speech are presented as seeking to encourage greater use of data and technology to support innovation and enable growth.
We summarize below the key digital policy announcements in the Queen’s Speech and how they fit into wider developments in the UK’s regulatory landscape.
Data Reform Bill
Last year, the government consulted on plans to amend the UK’s data protection regime post-Brexit, focusing on areas where it sees opportunities to reduce compliance burdens on businesses (see our previous blog here). Whilst we continue to await the government’s response to that consultation and further details of what the reforms entail, the government has now confirmed its intention to proceed with a Data Reform Bill over the next parliamentary year. According to information published alongside the Queen’s Speech, the government considers the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018 to be “highly complex and prescriptive” encouraging “excessive paperwork, and creat[ing] burdens on businesses with little benefit to citizens”. The government aims to change the law to require companies to focus on the outcomes of their practices “rather than ‘tick box’ exercises”, and intends to restructure the Information Commissioner’s Office.
Draft Digital Markets, Competition and Consumer Bill
A Draft Digital Markets, Competition and Consumer Bill was also announced with the aim of creating new competition rules for digital markets and the largest digital firms. This will include giving statutory powers to the Digital Markets Unit within the Competition and Markets Authority (CMA) to designate “a small number of firms who are very powerful in particular digital activities, such as social media and online search” and impose legally enforceable rules and obligations on them “to ensure they cannot abuse their dominant positions at the expense of consumers and other businesses.” The EU institutions recently finalized similar rules through the EU Digital Markets Act (see our blogs here and here for further details).
Online Safety Bill
On 17 March 2022, the UK Government introduced the Online Safety Bill (OSB) before Parliament, which contains several additions and amendments to the version first proposed in May 2021. The OSB places obligations on “user-to-user” services—essentially, content-sharing services—and search services that “have links” to the UK. The OSB imposes duties of care on services in relation to illegal content as well as content that is legal but “harmful”, as defined in the OSB. In the Queen’s Speech, the government confirmed its intention to move forward with the OSB in the forthcoming Parliamentary session. The bill is currently in the Committee Stage before the House of Commons. Some provisions could come into force as early as the final quarter of 2022.
The government’s planned Transport Bill anticipates technological innovation in the automotive sector. Among other things, the Bill will include “new laws that safely enable self-driving and remotely operated vehicles and vessels, [and] support the roll-out of electric vehicle charge points”. This follows last month’s announcement that the government is seeking to amend the Highway Code to facilitate the use of self-driving vehicles on public roads in the UK.
Product Security and Telecommunications Infrastructure Bill
At the end of last year, the UK Government published its National Cyber Strategy 2022 policy paper, which updates the 2016 – 2021 National Cyber Strategy. The new Cyber Strategy introduces a focus on “cyber power” and the “ability of a state to protect and promote its interests in and through cyber space”. It seeks to elevate cyber from a purely security issue to a “whole of society” concern, noting that collaboration between businesses, the public sector and citizens will be key to the UK’s success. The strategy is centred around five key pillars, including strengthening the UK cyber ecosystem, building a resilient and prosperous digital UK by reducing cyber risks, and taking the lead in the technologies vital to cyber power. Two action items the government will be taking to ensure cyber risks to UK critical infrastructure are effectively managed are launching a consultation on reforms to the Network and Information Systems (NIS) Regulations and implementing a new security framework for UK telecommunications providers. (As readers may be aware, the European Parliament and EU Member States announced a political agreement on NIS2 in the small hours of May 13; we will be monitoring UK proposals and the extent to which they mirror or diverge from the new EU law.)
As part of the broader drive to strengthen the UK’s cybersecurity, the Queen’s Speech includes plans to impose new baseline security requirements for the sale of internet-connected “smart” products through the Product Security and Telecommunications Infrastructure Bill. The Bill seeks to grant the Secretary of State the power to specify cybersecurity requirements relating to “internet-connectable” and “network-connectable” products. This is working its way through Parliament and is due to proceed to the House of Commons Report Stage during the 2022-23 session.
Consultation on Improving Security and Privacy for Apps and App Stores
Against the backdrop of driving the UK’s cyber resilience, on 4 May 2022, the Department for Digital, Culture, Media & Sport (DCMS) launched a public consultation on ensuring apps are developed with appropriate security and privacy protections, and that app stores implement processes to verify this. The consultation sets out DCMS’s proposed interventions, including a voluntary code of practice for app store operators designed to address privacy and security concerns. The government may also consider developing technical standards for app store operators and putting the code of practice on a regulatory footing in the future. The consultation closes on 29 June 2022, with a view to DCMS potentially publishing a final version of the code of practice later in the year. Companies operating in this space should consider contributing to the public consultation.