Privacy & Information Security Law Blog

On January 26, 2023, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth responded to a call for input from the UK’s Digital Regulation Cooperation Forum (DRCF) on its workplan for 2023 – 2024.

The DRCF is a voluntary gathering of the UK’s regulators with a digital portfolio – namely, the Competition and Markets Authority (CMA), the Office of Communications (Ofcom), the Information Commissioner’s Office (ICO) and the Financial Conduct Authority (FCA) – to develop a common understanding and ensure cross-sectoral consistency in digital regulation.

CIPL identified five key priority areas for the DRCF to take into consideration as it develops its workplan for 2023-2024:

1. Digital assets in blockchain. As the nature of digital assets continues to evolve and develop, it is imperative that data privacy issues are considered and addressed in tandem with the development of financial services policy and regulation to ensure a coherent, comprehensive and practical regulatory approach that can support a trusted, open, innovative and competitive market.
2. Privacy enhancing technologies (PETs) have the potential to mitigate privacy risks, aid and streamline legal compliance, and establish trust in the development and use of digital technology, and should therefore be further explored by the DRCF, especially where the DRCF regulatory disciplines interact with data privacy rules (e.g., online safety, content moderation data security, competition law, children’s data privacy).
3. Accountability frameworks have become a foundation of data privacy law, policy and best practice compliance among both private and public sector organizations. The ICO, for example, has already developed an accountability framework. The DRCF should now foster recognition of the importance of accountability across all of their respective regulatory competences; develop a common cross-regulatory framework on the risk-based and outcome based elements of accountability; and proactively incentivize and encourage the adoption of accountability frameworks by providing tangible benefits for organizations that can demonstrate their digital responsibility in the given regulatory area.
4. Cross-regulatory sandboxes as developed by the FCA, the ICO and the CMA should be further developed and organizations' participation incentivised, especially in areas with interdisciplinary overlap.
5. Transborder data flows form an essential part of all DRCF regulatory domains. CIPL proposes the establishment of a cross-disciplinary working group to identify essential and necessary data flows in the DRCF's respective areas and consider how these can be enabled in compliance with the existing and potential future rules and transfer mechanisms.

You can read CIPL's full submission here.