Info@NationalCyberSecurity
Info@NationalCyberSecurity

Looking Ahead in the UK – Technology, Data Privacy, Cybersecurity and IP developments in 2024 | Mayer Brown | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware


[co-author: Oli Jones]

In this update we outline some of the new technology, data privacy, cybersecurity and IP legal developments, or older developments still unfolding, to look out for in 2024.

See our 2023 predictions for other legal developments which are ongoing.

Intellectual Property

Generative AI – ongoing impacts

Since 2022, the popularity and availability of generative AI has continued to grow. It is estimated that 79% of internet users aged 13-17, and 31% of those aged 16 and above, use generative AI tools and services. However, the number of claims being brought against the developers of AI tools is also growing. Legal claims, concerning both large language models and image generation tools, have been brought in both the US and Europe in relation to alleged use of materials to train the AI models. The validity of these claims have not been decided.

In addition to potential intellectual property infringement claims in relation to the materials used to train AI models, AI will also continue to pose a challenge for those looking to protect technologies created or conceptualised through AI. On 20 December 2023 the UK Supreme Court ruled that UK patent legislation does not permit an AI system to be named as the “inventor” in a patent application. For further information see our previous client alert here.

Potential liability relates to input risk, arising from the material used to train the AI tools, and output risk, arising from the content generated by the AI tool (including inaccuracies and bias). Users of generative AI should be increasingly wary of such liability and undertake a diligence exercise before engaging with any third party providers. As the number of generative AI products continues to grow, customers may have greater power to ‘shop around’ for a more advantageous contractual allocation of risk. It is likely that the negotiation of contracts for AI-based products will become increasingly important as customers seek to reduce risk from AI systems.

UK Intellectual Property Office

In April 2023, the UK Intellectual Property Office (“IPO”) published its list of key priorities for the financial year (ending in April 2024). Specific goals identified for 2024 include:

  • The public launch of the One IPO service by the end of March 2024. The new service, in relation to patents, will include new online accounts for tracking and managing patent portfolios, a digital application service and APIs to link the One IPO service with existing services.
  • To begin the process of updating the Trademark, Designs and Tribunals Service for launch in 2025, this is expected to include digital hearings.
  • Following an internal culture audit, develop a detailed cultural change plan by January 2024 setting out how the IPO will move towards its ‘ideal culture’.

Other, broader, priorities included:

  • Making improvements to the core IP rights granting services and their timeframes.
  • To seek beneficial outcomes in retained EU law and trade negotiations.
  • To support SMEs in making the most of their IP assets.

Technology

Automated Vehicles Bill

The Automated Vehicles Bill, announced in the King’s Speech in November 2023, is currently at the committee stage in the House of Lords. The Bill seeks to lay down the legal framework for the regulation of automated vehicles on roads and in other places. The prospective legislation implements the recommendations of the Law Commission’s four year review into the regulation of automated vehicles.

The proposed Bill will apply to vehicles which have a feature or adaptation allowing ‘autonomous travel’ i.e. where (i) the travel can be controlled by the vehicle itself, and (ii) the vehicle and its surroundings are not being monitored by an individual.

In particular, the Bill requires the Secretary of State to publish safety principles and empowers them to authorise automated vehicles and operate a licensing scheme. There are also new criminal offences and penalties for licensed operators of automated vehicles and individuals, including senior managers of these operators and users-in-charge.

Similar to the hosting of the Global AI Safety Summit last year, the Bill represents another effort by the UK government to remain at the forefront of technological development. The UK government estimates that the self-driving industry could generate up to 38,000 new jobs in the UK and be worth an estimated £42 billion by 2035.

Online Safety Act

In October 2023, the Online Safety Act received royal assent and is becoming applicable in a phased approach. Ofcom has already begun consultations around children’s safety online, and publications are expected in 2024 including the thresholds for categorisation (which affect the relevant duties under the Act) and codes of practice and guidance for businesses. Further secondary legislation is also anticipated to give full effect to the Act.

Broadly, the Act imposes duties on service providers to identify, mitigate and manage the risk of harm (both in relation to illegal content, and content which is otherwise harmful). The Act will particularly affect operators of social media platforms, who will need to enforce age limits and age checking measures and prevent access to harmful content by children (including removing such content swiftly).

Digital Markets, Competition and Consumers Bill

In November 2023 the proposed Digital Markets, Competition and Consumers Bill was amended in order to provide more balance to new regulatory powers, including an appeals process which would allow eligible tech firms to challenge regulatory decisions on proportionality grounds and challenge fines. The Bill is intended to address the high level of market-power of a small number of tech firms and confers new powers on the Competition and Markets Authority’s Digital Markets Unit.

The Bill is currently in the committee stage within the House of Lords, and had its second reading on 5 December 2023.

Data Privacy and Cybersecurity

Data Protection and Digital Information Bill

The Data Protection and Digital Information Bill was introduced in the House of Commons on 8 March 2023 and has now had its second reading in the House of Lords on 20 December 2023. The Bill seeks to update and simplify the UK’s data protection framework with a wide-range of provisions. Key changes include:

  • Reducing barriers to responsible innovation including in relation to the processing of personal data for scientific or historical research.
  • Mitigating burdens on businesses by reducing record keeping requirements and introducing ‘senior responsible individuals’ to replace data protection officers.
  • Reducing barriers to data flows. The Secretary of State will have broader powers to recognise countries as providing an adequate level of data protection and establishing ‘data bridges’ with them.
  • Reforming the structure and powers of the Information Commissioner’s Office.
  • Increasing fines for nuisance calls and texts, from £500,000 to £17,500,000. Website operators will be able to place cookies without prior consent in broader circumstances.

Michelle Donelan, Secretary of State for Science, Innovation and Technology, stated that the Bill would seize the “post-Brexit opportunity to create a new UK data rights regime tailor-made for our needs.” However, businesses with operations in the EU will need to be aware of the differences under the UK and EU GDPR.

New ‘Data Bridges’

Data bridges are established with countries the UK Government has deemed to have ‘adequate’ data protection regimes, and allow the free flow of personal data to these countries from the UK (without additional safeguards). The UK Government announced the new UK-US data bridge on 21 September 2023, and it is anticipated that additional data bridges may also be implemented with Dubai International Financial Centre (“DIFC“) and Singapore in 2024. Both were listed by the UK government in August 2021 as top priorities for data partnerships.

Since then, on 15 December 2022, a joint statement was released on behalf of the UK government and the DIFC Authority on the shared commitment to deepening the UK-DIFC data partnership. The statement specifically underscored “commitment to the UK-DIFC data bridge“.

[View source.]

——————————————————-


Click Here For The Original Source.

National Cyber Security

FREE
VIEW