When Suppliers Use AI: Contractual and Data Risks for Businesses
How suppliers’ use of AI can create IP, data protection, and contractual risks, and how businesses can manage them.
Read More
On 10 May 2022, Prince Charles announced in the Queen’s speech that the UK will be reforming its data protection laws, with a view to drive economic growth by increasing the competitiveness and efficiency of UK businesses, increasing clarity on data subject rights and focusing on privacy outcomes rather than ‘box-ticking’.
This article will explore the key areas the Government looks to address in the Data Reform Bill, the possible impacts the Data Reform Bill may have on the rights of individuals, as well as its impact on the UK’s data economy.
24 May 2022
Insight
Whilst the content of the Data Reform Bill has not yet been produced, a key issue the Government looks to address is reducing the administrative burden that the UK GDPR places on organisations by removing the red tape around data use. The exact form and extent of the Data Reform Bill remain unclear at this stage, however, some of the important areas the Government is looking to address are noted below:
It is clear that the Government is adopting a business-friendly approach by looking to ease the administrative constraints that the UK GDPR places on organisations in order to promote economic growth and efficiency. This is very much a positive for organisations that may no longer be bogged down with extensive and complex compliance requirements. Furthermore, the Data Reform Bill looks to simplify the regulatory environment around data privacy, giving organisations more clarity on their obligations, in turn reducing the risk of non-compliance.
Whilst these reforms are likely to be welcomed by businesses, the Government’s economic-facing reform may have an impact on the data rights of individuals. For example, the reform around automated decision-making could have an adverse effect on individuals, as artificial intelligence often has built-in bias which may lead to inadvertent discrimination, particularly in the context of employment-related decisions.
Under the current data protection regime, the level of protection for personal data is broadly the same in the UK as it is in the EU.
The Government must therefore be careful not to balance the scale too in favour of businesses as this could impact on the ‘adequacy’ of the UK’s data protection regime for the EU, which currently allows for data to flow freely between the two. The EU’s adequacy decision contains a ‘sunset’ clause, meaning the decision will expire in 2025 to account for the possibility of the UK’s further divergence from the GDPR post-Brexit. The proposed data reform could therefore lead to the EU withdrawing its adequacy decision for the UK, which in turn, could lead to highly extensive and costly compliance obligations on businesses transferring data from the UK to the EU and vice versa.
The Data Reform Bill is currently in the very early stages, and it will likely be subject to much debate over the coming months, meaning that its final form is currently unclear. However, what is clear is that the UK’s data protection regime is undergoing significant change, therefore, meaning that organisations within the UK must keep up-to-date with its evolution, particularly in the context of data transfers to the EU.
Contact Us
If you have any questions about the proposed reform, or any other data protection and commercial legal issues, our highly experienced Commercial team will be happy to help. Please contact Haroon Younis on 01332 226 466 or fill in the form below to request a no-obligation discussion.
Related Services
Knowledge
How suppliers’ use of AI can create IP, data protection, and contractual risks, and how businesses can manage them.
Read MoreDrop shipping is growing fast. Find out how the right contracts can protect your margins, brand and legal position.
Read MoreLearn about fiduciary duties, commission disclosure, and legal compliance after the Expert Tooling v Engie ruling.
Read MoreLearn how Rukhadze v Recovery Partners reinforces strict fiduciary duties and what it means for your business and governance.
Read MoreThe ICO and CMA's joint statement outlines new AI in finance regulations, focusing on data protection, competition, and consumer safeguards.
Read MoreA decade of progress – but the fight against modern slavery isn’t over, we highlight how businesses can meet stricter transparency rules.
Read MoreNavigate AI regulations in financial services. Key insights from the FCA & ICO on compliance, data protection, and innovation.
Read MoreExplore how to create an AI usage policy that mitigates risks and ensures responsible adoption for your business.
Read MoreEffective data safety and optimisation are key to business success, reducing risks and improving efficiency in a digital world.
Read MoreLandmark EU court ruling awards damages for unlawful data transfer. Learn what this means for GDPR compliance and safeguarding your business.
Read MoreProtect your SME from data breaches. Discover key tips for GDPR compliance and data security during Data Protection Week.
Read MoreBoost profitability with well-negotiated commercial contracts—learn essential terms to protect and grow your business.
Read MoreScroll to next section
Scroll back to the top
On Monday 29 September, Flint Bishop successfully completed the acquisition of the entire business of Lupton Fawcett LLP. You have been forwarded to the page most relevant to your visit.
Please feel free to explore our website and learn more about our legal services and professionals, including those who have recently joined us from Lupton Fawcett.