On the Horizon: What's Next for Data Protection, AI and Leading Edge Tech?

The government sees data as key to economic growth in the UK and is planning regulation and legislation to help. Leading data experts at Freeths, Luke Dixon and Will Richmond-Coggan, tell you what to look out for in the coming months and what to do right now. 

On the horizon

Future changes for the Information Commissioner’s Office (ICO)

The King’s Speech included a Digital Information and Smart Data Bill. The Bill included  giving the ICO a more modern regulatory structure as well as more and stronger powers. This could mean bigger fines, more fines, or different types of action.  

New Digital Verification Services

These aim to save people time and money by providing convenient and reliable options to prove who they are. The new services will make online transactions smoother and more secure and help businesses by reducing costs, time and data leakage. 

More Smart Data Schemes

Smart data is the secure sharing of customer data on the customer’s request with authorised third party providers (TPPs). It’s already used in open banking and the idea is to roll it out further, enabling TPPs to provide customers with innovative services, improve decision making and increase engagement. 

Regulation of AI

Labour intends to ensure the safe development and use of AI models. It's most likely that regulation will be in relation to the highest risk forms of AI and that legislation will take a risk based approach. The ICO has produced a number of chapters of draft consultation which are a good indication of where its guidance notes around AI use and deployment might go.

National security and cyber resilience

The King's Speech acknowledged that the digital economy is increasingly threatened by cyber criminals and hostile state actors. The government will look at legislation that addresses the vulnerabilities and protects the digital economy, but also that delivers growth and strengthens the UK’s cyber defences. Expect the legislation to build on cyber security laws, expand regulation and increase the requirements for reporting.

What to do now?

Consider Data Protection Impact Assessments (DPIAs)

Where a type of processing, in particular using new technologies, is likely to result in a high risk to the rights and freedoms of natural persons, you must carry out a DPIA. It’s a relatively lengthy process and there’s no “one size fits all” approach. There are a number of templates available, but none are wholly satisfactory. At Freeths we use our own document to support clients in assessing and addressing risks. If a risk can't be mitigated, we advise consulting with the data subjects affected so that you can demonstrate to the ICO that they’re comfortable with the risk involved. 

Carry out Algorithmic Impact Assessments (AIAs)

AIAs might include a DPIA, but are wider, assessing everything from individual impacts, impacts on the business’s reputation and competitive position, and the wider societal impacts of a system, such as on the environment. An AIA can, for example, identify the increased energy and water use of an AI or cloud based tool, or unintended adverse implications which could damage your reputation, such as biases within AI large language models. 

Use system cards

The key characteristics, risks and impacts of an AI tool are often written up on “system cards” which can help with assess the fairness and reliability of particular software tools. When Open AI published its latest iteration of ChatGPT, system cards very quickly appeared showing all of the ways in which they were still unreliable and produced unexpected or problematic outcomes. 

Look ahead and overseas

Anyone with overseas operations, or who is potentially processing the data of people overseas, needs to be aware of the rules developing in the US, China and Europe. Sooner or later, the UK will have to follow suit. 

Understand supply chain liability

AI or other leading edge tech is often embedded somewhere within your supply chain. It's important to understand exactly where the risk sits within the supply chain, and what your liability is compared to the liability of the people that are supplying you. If you can show that you really understand the complex liability and risk landscape that some of this new technology involves, and which often your competitors don't understand or have a good grip on, it can improve customer trust and help you to win work.