Walker Morris LLP | Andrew Northage | Nick Stubbs | Sally Mewies | Luke Jackson
“In this edition of the Technology & Digital round-up we look at the increasing focus on quantum technologies, long-awaited proposed legislation on data, and the latest on product safety reform in the UK and the EU. This is followed by a selection of other interesting legal and non-legal tech stories from the past month.”
Here’s your top three
#1: The ‘quantum-enabled future’
The previous government’s National Quantum Strategy published in March 2023 said that, ‘Over the next ten years, quantum technologies will revolutionise many aspects of life in the UK and bring enormous benefits to the UK economy, society and the way we can protect our planet’.
There have been a number of recent developments in relation to quantum tech. The government responded to recommendations made by the Regulatory Horizons Council on the regulation of quantum technology applications. And the ICO published a blog post – ‘Preparing for the quantum-enabled future’ – which links to a new report exploring the emerging possibilities for quantum tech involving personal data. We’ve also seen the G7 Cyber Expert Group publish guidance for the finance sector on planning for quantum computing.
“Quantum technologies have the potential to revolutionise our daily lives. While some quantum technologies are at a more advanced stage of development than others, it’s not surprising that we’re starting to see an increasing amount of commentary and buzz around this exciting topic. Watch this space.”
– Sally Mewies, Partner and Head of Technology & Digital
#2: Data reform at last?
A Data (Use and Access) Bill was finally introduced to Parliament, three years after the conclusion of a consultation on post-Brexit reforms to the UK’s data protection regime. This appears to be the ‘Digital Information and Smart Data Bill’ mentioned in the King’s Speech.
“While this new Bill retains some of the elements of the previous government’s Data Protection and Digital Information Bill, the focus is on the introduction of smart data schemes, unlocking the power of data to improve public services, and legislating on digital verification services, rather than on any major overhaul of the existing data protection regime. This is supported by the government’s press release, where the only reference to data protection is to a revamped Information Commissioner’s Office.
“As usual, the devil will be in the detail. We’ll be analysing this new piece of proposed legislation and reporting on what it means for businesses.”
– Andrew Northage, Partner, Regulatory & Compliance
#3: Update on product safety reform
A new Product Regulation and Metrology Bill recently had its second reading in the House of Lords and has some way to go before it passes into law. Over in Europe, the Council of the EU adopted the Cyber Resilience Act to boost the security of digital products – the equivalent of the UK’s product security regime which came into effect on 29 April 2024. And the EU’s product liability rules have also been updated in line with the digital age and circular economy.
“The Product Regulation and Metrology Bill is very short on detail. This is because it gives the Secretary of State wide powers to make future regulations on the marketing and use of products, including marketing through online marketplaces. This means that we won’t know specific details, including timings, until we have sight of these regulations.
“We know that regulations can be made which correspond to relevant EU law, to reduce or mitigate products’ environmental impact. Surprisingly, the Bill says nothing about technological advances such as AI, with ‘product’ defined as ‘a tangible item that results from a method of production’ – although reference is made to requirements concerning intangible components of products.
“In contrast to the EU, it seems unlikely that we’ll see immediate changes to the UK’s product liability rules. As the Bill is currently drafted, future regulations would not repeal Part 1 of the Consumer Protection Act 1987, which is the basis of our current product liability regime.”
– Luke Jackson, Director, Commercial
More legal and regulatory developments…
- The Information Commissioner’s Office launched a new audit framework designed to help organisations assess their own compliance with key requirements under data protection law. There are nine toolkits covering topics including information and cybersecurity, and AI.
- The ICO published a statement in response to the government’s plans for NHS digital transformation.
- The government confirmed that the Cyber Security and Resilience Bill announced in the King’s Speech will be introduced to Parliament in 2025.
- In the meantime, over in Europe, the European Commission adopted new rules to boost the cybersecurity of the EU’s critical entities and networks.
- The government launched a new Regulatory Innovation Office to speed up public access to new technologies. The Office will initially support the growth of the following fast-growing areas: engineering biology; space; AI and digital in healthcare; and connected and autonomous tech.
- Ofcom provided a progress update on implementation of the new Online Safety Act. Tech firms must start to act from December. The regulator also published a webpage on responding to its requests for information under the Act.
- The Irish Data Protection Commission fined LinkedIn Ireland €310 million for GDPR infringements. They concerned the lawfulness, fairness and transparency of the processing of personal data for the purposes of behavioural analysis and targeted advertising of users who had created LinkedIn profiles.
- The Office for Nuclear Regulation fined Sellafield Limited £332,500 for significant cybersecurity shortfalls during a 4-year period. An investigation found that the company failed to meet the standards, procedures and arrangements set out in its own approved plan for cybersecurity and protecting sensitive nuclear information.
- The Commercial Court ruled that a time-limited software-as-a-service subscription is not a ‘sale of goods’ under the Commercial Agents (Council Directive) Regulations 1993.
- The Office for Product Safety and Standards is consulting until 4 December 2024 on the introduction of a common charger for mobile phones and other portable electrical and electronic devices across the UK.
…and in other news
- The National Cyber Security Centre published guidance to help Chief Information Security Officers communicate with boards to improve oversight of cyber risk, and guidance to help organisations manage their communications strategy before, during and after a cybersecurity incident.
- We’ve also seen the NCSC: publish updated guidance recommending that organisations use techniques that give better protection against phishing attacks; publish advice to help organisations guard against online attacks by Russia’s Foreign Intelligence Service; and encourage organisations to take immediate action to mitigate a vulnerability affecting Fortinet FortiManager.
- The government announced that four US tech firms will invest a total of £6.3 billion in UK data centres.
- The AI Safety Institute launched a new grants scheme to support impactful research that takes a systemic approach to AI safety. The Institute says that it wants to see applications that could enhance understanding of how government could intervene where needed – with new infrastructure and technical innovations – to make society more resilient to AI-related risks.
- The government announced a series of tech deals to boost research into faster diagnosis and personalised treatment of cancer.
- The government published a research report analysing the UK’s AI sector and providing key findings as to its size and scale.
- We’ve also seen a research report highlighting the state of the UK’s geospatial market, valued at over £6 billion.
- And finally, the BBC reported on the fall in Tesla’s share price after the company’s robotaxi ‘Cybercab’ was unveiled in California.
This article first appeared on Lexology. You can find the original version here.