In the Queen’s Speech on 10 May 2022, the UK Government set out its legislative programme for the months ahead. This includes: reforms to UK data protection laws (no details yet); confirmation that the government will strengthen cybersecurity obligations for connected products and make it easier for telecoms providers to improve the UK’s digital infrastructure; and new rules to enable the use of self-driving cars on public roads. In addition, the government confirmed its plans to move forward with the Online Safety Bill. As part of the government’s broader agenda to “level up” the UK and provide a post-Brexit economic dividend, many of the legislative initiatives referenced in the Queen’s Speech are presented as seeking to encourage greater use of data and technology to support innovation and enable growth.

We summarize below the key digital policy announcements in the Queen’s Speech and how they fit into wider developments in the UK’s regulatory landscape.

Data Reform Bill

Last year, the government consulted on plans to amend the UK’s data protection regime post-Brexit, focusing on areas where it sees opportunities to reduce compliance burdens on businesses (see our previous blog here). Whilst we continue to await the government’s response to that consultation and further details of what the reforms entail, the government has now confirmed its intention to proceed with a Data Reform Bill over the next parliamentary year. According to information published alongside the Queen’s Speech, the government considers the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018 to be “highly complex and prescriptive” encouraging “excessive paperwork, and creat[ing] burdens on businesses with little benefit to citizens”. The government aims to change the law to require companies to focus on the outcomes of their practices “rather than ‘tick box’ exercises”, and intends to restructure the Information Commissioner’s Office.

Draft Digital Markets, Competition and Consumer Bill

A Draft Digital Markets, Competition and Consumer Bill was also announced with the aim of creating new competition rules for digital markets and the largest digital firms. This will include giving statutory powers to the Digital Markets Unit within the Competition and Markets Authority (CMA) to designate “a small number of firms who are very powerful in particular digital activities, such as social media and online search” and impose legally enforceable rules and obligations on them “to ensure they cannot abuse their dominant positions at the expense of consumers and other businesses.” The EU institutions recently finalized similar rules through the EU Digital Markets Act (see our blogs here and here for further details).

Online Safety Bill

On 17 March 2022, the UK Government introduced the Online Safety Bill (OSB) before Parliament, which contains several additions and amendments to the version first proposed in May 2021. The OSB places obligations on “user-to-user” services—essentially, content-sharing services—and search services that “have links” to the UK. The OSB imposes duties of care on services in relation to illegal content as well as content that is legal but “harmful”, as defined in the OSB. In the Queen’s Speech, the government confirmed its intention to move forward with the OSB in the forthcoming Parliamentary session. The bill is currently in the Committee Stage before the House of Commons. Some provisions could come into force as early as the final quarter of 2022.

Transport Bill

The government’s planned Transport Bill anticipates technological innovation in the automotive sector. Among other things, the Bill will include “new laws that safely enable self-driving and remotely operated vehicles and vessels, [and] support the roll-out of electric vehicle charge points”. This follows last month’s announcement that the government is seeking to amend the Highway Code to facilitate the use of self-driving vehicles on public roads in the UK.

Product Security and Telecommunications Infrastructure Bill

At the end of last year, the UK Government published its National Cyber Strategy 2022 policy paper, which  updates the 2016 – 2021 National Cyber Strategy. The new Cyber Strategy introduces a focus on “cyber power” and the “ability of a state to protect and promote its interests in and through cyber space”. It seeks to elevate cyber from a purely security issue to a “whole of society” concern, noting that collaboration between businesses, the public sector and citizens will be key to the UK’s success. The strategy is centred around five key pillars, including strengthening the UK cyber ecosystem, building a resilient and prosperous digital UK by reducing cyber risks, and taking the lead in the technologies vital to cyber power. Two action items the government will be taking to ensure cyber risks to UK critical infrastructure are effectively managed are launching a consultation on reforms to the Network and Information Systems (NIS) Regulations and implementing a new security framework for UK telecommunications providers. (As readers may be aware, the European Parliament and EU Member States announced a political agreement on NIS2 in the small hours of May 13; we will be monitoring UK proposals and the extent to which they mirror or diverge from the new EU law.)

As part of the broader drive to strengthen the UK’s cybersecurity, the Queen’s Speech includes plans to impose new baseline security requirements for the sale of internet-connected “smart” products through the Product Security and Telecommunications Infrastructure Bill. The Bill seeks to grant the Secretary of State the power to specify cybersecurity requirements relating to “internet-connectable” and “network-connectable” products. This is working its way through Parliament and is due to proceed to the House of Commons Report Stage during the 2022-23 session.

Consultation on Improving Security and Privacy for Apps and App Stores

Against the backdrop of driving the UK’s cyber resilience, on 4 May 2022, the Department for Digital, Culture, Media & Sport (DCMS) launched a public consultation on ensuring apps are developed with appropriate security and privacy protections, and that app stores implement processes to verify this. The consultation sets out DCMS’s proposed interventions, including a voluntary code of practice for app store operators designed to address privacy and security concerns. The government may also consider developing technical standards for app store operators and putting the code of practice on a regulatory footing in the future. The consultation closes on 29 June 2022, with a view to DCMS potentially publishing a final version of the code of practice later in the year. Companies operating in this space should consider contributing to the public consultation.

Tags: Legislative Roundup, Privacy and Digital Policy, Queen's Speech, UK
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Mark Young Mark Young

Mark Young is an experienced tech regulatory lawyer and a vice-chair of Covington’s Data Privacy and Cybersecurity Practice Group. He advises major global companies on their most challenging data privacy compliance matters and investigations. Mark also leads on EMEA cybersecurity matters at the…

Mark Young is an experienced tech regulatory lawyer and a vice-chair of Covington’s Data Privacy and Cybersecurity Practice Group. He advises major global companies on their most challenging data privacy compliance matters and investigations. Mark also leads on EMEA cybersecurity matters at the firm. In these contexts, he has worked closely with some of the world’s leading technology and life sciences companies and other multinationals.

Mark has been recognized for several years in Chambers UK as “a trusted adviser – practical, results-oriented and an expert in the field;” “fast, thorough and responsive;” “extremely pragmatic in advice on risk;” “provides thoughtful, strategic guidance and is a pleasure to work with;” has “great insight into the regulators;” and “is technologically sophisticated and advises on true issues of first impression, particularly in the field of AI.”

Drawing on over 20 years of experience, Mark specializes in:

Providing practical guidance and advising on potential exposure under GDPR and international data privacy laws in relation to innovative products and services.
Handling complex regulatory investigations and enforcement actions involving data privacy regulators in the UK, EU and globally, and advising on follow-on litigation risk.
Helping clients respond to cybersecurity incidents, including ransomware, supply chain incidents, state-sponsored attacks, insider threats, personal data breaches, and IP and trade secret theft.
Advising various clients on the EU NIS2 Directive, Cyber Resilience Act (CRA), and other emerging EU, UK, and global cybersecurity laws and regulations.
Advising life sciences companies on industry-specific data privacy issues, including clinical trials, pharmacovigilance, and digital health products and services.
Advising on data privacy compliance in relation to employees and international transfers of data in connection with white collar investigations.
Providing strategic advice and advocacy on a range of UK and EU technology law reform issues relating to data privacy, cybersecurity, eIDs, and software.
Representing clients in connection with references to the Court of Justice of the EU.

Read more about Mark YoungEmail
Show more Show less
Photo of Marianna Drake Marianna Drake

Marianna Drake counsels leading multinational companies on some of their most complex regulatory, policy and compliance-related issues, including data privacy and AI regulation. She focuses her practice on compliance with UK, EU and global privacy frameworks, and new policy proposals and regulations relating…

Marianna Drake counsels leading multinational companies on some of their most complex regulatory, policy and compliance-related issues, including data privacy and AI regulation. She focuses her practice on compliance with UK, EU and global privacy frameworks, and new policy proposals and regulations relating to AI and data. She also advises clients on matters relating to children’s privacy, online safety and consumer protection and product safety laws.

Her practice includes defending organizations in cross-border, contentious investigations and regulatory enforcement in the UK and EU Member States. Marianna also routinely partners with clients on the design of new products and services, drafting and negotiating privacy terms, developing privacy notices and consent forms, and helping clients design governance programs for the development and deployment of AI technologies.

Marianna’s pro bono work includes providing data protection advice to UK-based human rights charities, and supporting a non-profit organization in conducting legal research for strategic litigation.

Read more about Marianna DrakeEmail
Show more Show less
Photo of Shona O'Donovan Shona O'Donovan

Shóna O’Donovan is an associate in the technology regulatory group in the London office. She advises clients, particularly in the technology industry, on a range of data protection, e-privacy, intermediary liability and online content issues under EU, UK, and Irish law.

Shóna provides…

Shóna O’Donovan is an associate in the technology regulatory group in the London office. She advises clients, particularly in the technology industry, on a range of data protection, e-privacy, intermediary liability and online content issues under EU, UK, and Irish law.

Shóna provides strategic advice to companies on complying with data protection, e-privacy and online content laws, as well as defending organizations in cross-border, contentious investigations and regulatory enforcement before EU and UK regulators. In this context, she has represented clients in responding to regulatory requests relating to their compliance with the GDPR, the ePrivacy Directive, the Digital Services Act, the Audiovisual Media Services Directive and the Online Safety Act 2023. She also regularly advises clients on how these laws intersect with one another.

In her current role, Shóna gained experience on secondment to the data protection team of a global technology company. In a previous role, she spent seven months on secondment to the European data protection team of a global social media company.

Shóna co-leads Covington’s pro bono work with the Schools Consent Project, and regularly delivers workshops on sexual consent in schools across London. She also regularly provides pro bono advice to non-profits on complying with data protection laws.

Read more about Shona O'DonovanEmail
Show more Show less
Photo of Paul Maynard Paul Maynard

Paul Maynard is special counsel in the technology regulatory group in the London office. He focuses on advising clients on all aspects of UK and European privacy and cybersecurity law relating to complex and innovative technologies such as adtech, cloud computing and online…

Paul Maynard is special counsel in the technology regulatory group in the London office. He focuses on advising clients on all aspects of UK and European privacy and cybersecurity law relating to complex and innovative technologies such as adtech, cloud computing and online platforms. He also advises clients on how to respond to law enforcement demands, particularly where such demands are made across borders.

Paul advises emerging and established companies in various sectors, including online retail, software and education technology. His practice covers advice on new legislative proposals, for example on e-privacy and cross-border law enforcement access to data; advice on existing but rapidly-changing rules, such the GDPR and cross-border data transfer rules; and on regulatory investigations in cases of alleged non-compliance, including in relation to online advertising and cybersecurity.

Read more about Paul MaynardEmail
Show more Show less
Photo of Tomos Griffiths Tomos Griffiths

Tomos is an associate working across the firm’s technology regulatory and competition teams, based in the London office. His practice covers technology and digital markets regulation, competition law, and issues that span the two.

His recent experience includes providing regulatory advice on data…

Tomos is an associate working across the firm’s technology regulatory and competition teams, based in the London office. His practice covers technology and digital markets regulation, competition law, and issues that span the two.

His recent experience includes providing regulatory advice on data protection compliance, technology regulatory investigations, and transactional merger control and foreign direct investment screening matters, primarily in the technology and life sciences sectors.

Read more about Tomos GriffithsEmail
Show more Show less