2023 will see updates and reforms related to data protection and cybersecurity in the UK. It is expected that the proposed changes will increase restrictions on digital content. Better protection for the Internet of Things and connected products. And the good news is that it eases the compliance burden for personal data. Here are some highlights to watch out for:
1. online safety bill
Billed to provide a “triple shield” of online protection, the Online Safety Bill will impose new duty of care obligations on companies that serve online communications, including user-generated content and large-scale online platforms. It’s a UK step towards global surveillance. Services (social networks, search engines, hosting service providers, etc.). Entities within scope must (i) remove illegal content (similar to the EU Digital Services Act currently under consideration); (ii) remove any material that violates your terms of use; (iii) provide more choices for the content displayed; This scheme is regulated by his Ofcom. Ofcom is also responsible for publishing the Code of Conduct and Guidance in a timely manner.
progress: The Online Safety Bill has passed the House of Representatives and is expected to receive a third reading by the end of 2022, before proceeding to the Senate. The royal assent is expected sometime in his 2023, and two months later his Ofcom mandate came into force, publishing a document on its intended approach to online safety regulation, and setting further requirements for the regime. It will show early. His intentions for Ofcom during the first 100 days after taking power include releasing the draft code on the harm of illegal content, providing guidance on various drafts, and providing the highest risk services to initiate engagement. It includes targeting.
2. Digital protection and digital information bill
The Digital Protection and Digital Information Bill offers data protection reforms, but in many ways does not depart significantly from familiar EU measures under the GDPR. Rather than replace the GDPR and the UK Data Protection Act 2018, it aims to update, amend and simplify the UK data protection framework and a key point of the bill is that if you need to comply with the GDPR , new however, the burden of compliance may be reduced if compliance with the UK regime is required. Proposals include replacing the data protection officer with a “senior officer” to oversee compliance. Ability to more easily decline “intrusive or excessive” data subject requests. Extend soft opt-in for direct marketing to nonprofits. Reduce requirements for the use of cookie banners. Amending ICO notifications to a more voluntary regime in case of high-risk transactions that cannot be mitigated. See the previous overview on this topic for more details.
progress: The Digital Protection and Digital Information Bill was scheduled for a second reading on 5 September 2022, but this has been postponed and further types of consultation talks are now taking place. So while we expect movement in 2023, we do not believe the law will be fully developed. Until 2023 (or maybe he’s 2024) at the latest.
3. The Product Security and Telecommunications Infrastructure Act of 2022
On September 15, 2022, the European Commission published proposals for a Cyber Resilience Act (“CRA”), which sets out new obligations and responsibilities for hardware and software products and their remote data processing solutions. Similar to the CRA, a key focus of the Product Security and Telecommunications Infrastructure Act 2022 is the creation of regulatory schemes to enhance security from threats associated with consumer-facing, connectable products. Connected products are divided into “Internet-connected products” (products that can connect to the Internet) and “Network-connected products” (products that can connect to Internet-connected products). Simply put, this covers ‘smart devices’ or ‘Internet of Things’ such as smartphones, connectable children’s toys, baby monitors, smart home assistants and connected appliances such as refrigerators and washing machines. Compliance obligations are imposed on manufacturers, importers and distributors and apply to all relevant connectable products offered to UK consumers. Primary duties and obligations include obligations to comply with security requirements. compliance statement requirements; obligations to take steps toward compliance and to investigate non-compliance; The Secretary of State is responsible for enforcement under this Act, but he also has the power to delegate this enforcement function, including investigative powers.
progress: The Product Security and Telecommunications Infrastructure Bill recently became the Product Security and Telecommunications Infrastructure Act 2022 after receiving Royal Assent on 6 December 2022. Certain provisions are effective immediately, such as the power of the Secretary of State to make regulations under this Act and key background functions such as the ability to delegate executive functions and the territorial scope of the Act, while the remaining provisions are Enforced immediately. It shall come into force pursuant to the provisions contained in regulations made by the Secretary of State. Further updates on these regulations are planned for 2023.
