The U.K. government has confirmed it will move forward on a major ex ante competition reform aimed at Big Tech, as it set out its priorities for the new parliamentary session earlier today.
However it has only said that draft legislation will be published over this period booting the prospect of passing updated competition rules for digital giants further down the road.
At the same time today it confirmed that a data reform bill will be introduced in the current parliamentary session.
This follows a consultation it kicked off last year to look at how the U.K. might diverge from EU law in this area, post-Brexit, by making changes to domestic data protection rules.
There has been concern that the government is planning to water down citizens data protections. Details the government published today, setting out some broad-brush aims for the reform, dont offer a clear picture either way suggesting well have to wait to see the draft bill itself in the coming months.
Read on for an analysis of what we know about the U.K.s policy plans in these two key areas
The government has been teasing a major competition reform since the end of 2020 putting further meat on the bones of the plan last month, when it detailed a bundle of incoming consumer protection and competition reforms.
But today, in a speech setting out prime minister Boris Johnsons legislative plans for the new session at the state opening of parliament, it committed to publish measures to create new competition rules for digital markets and the largest digital firms; also saying it would publish draft legislation to promote competition, strengthen consumer rights and protect households and businesses.
In briefing notes to journalists published after the speech, the government said the largest and most powerful platform will face legally enforceable rules and obligations to ensure they cannot abuse their dominant positions at the expense of consumers and other businesses.
A new Big Tech regulator will also be empowered to proactively address the root causes of competition issues in digital markets via interventions to inject competition into the market, including obligations on tech firms to report new mergers and give consumers more choice and control over their data, it also said.
However another key detail from the speech specifies that the forthcoming Digital Markets, Competition and Consumer Bill will only be put out in draft form over the parliament meaning the reform wont be speeding onto the statue books.
Instead, up to a year could be added to the timeframe for passing laws to empower the Digital Markets Unit (DMU) assuming ofc Johnsons government survives that long. The DMU was set up in shadow form last year but does not yet have legislative power to make the planned pro-competition interventions which policymakers intend to correct structural abuses by Big Tech.
(The governments Online Safety Bill, for example which was published in draft form in May 2021 wasnt introduced to parliament until March 2022; and remains at the committee stage of the scrutiny process, with likely many more months before final agreement is reached and the law passed. That bill was included in the 2022 Queens Speech so the governments intent continues to be to pass the wide-ranging content moderation legislation during this parliamentary session.)
The delay to introducing the competition reform means the government has cemented a position lagging the European Union which reached political agreement on its own ex ante competition reform in March. The EUs Digital Markets Act is slated to enter into force next Spring, by which time the U.K. may not even have a draft bill on the table yet. (While Germany passed an update to its competition law last year and has already designated Google and Meta as in scope of the ex ante rules.)
The U.K.s delay will be welcomed by tech giants, of course, as it provides another parliamentary cycle to lobby against an ex ante reboot thats intended to address competition and consumer harms in digital markets which are linked to giants with so-called Strategic Market Status.
This includes issues that the U.K.s antitrust regulator, the CMA, has already investigated and confirmed (such as Google and Facebooks anti-competitive dominance of online advertising); and others it suspects of harming consumers and hampering competition too (like Apple and Googles chokepoint hold over their mobile app stores).
Any action in the U.K. to address those market imbalances doesnt now look likely before 2024 or even later.
Recent press reports, meanwhile, have suggested Johnson may be going cold on the ex ante regime which will surely encourage Big Techs U.K. lobbyists to seize the opportunity to spread self-interested FUD in a bid to totally derail the plan.
The delay also means tech giants will have longer to argue against the U.K. introducing an Australian-style news bargaining code which the government appears to be considering for inclusion in the future regime.
One of the main benefits of the bill is listed as [emphasis ours]:
Ensuring that businesses across the economy that rely on very powerful tech firms, including the news publishing sector, are treated fairly and can succeed without having to comply with unfair terms.
The independent Cairncross Review in 2019 identified an imbalance of bargaining power between news publishers and digital platforms, the government also writes in its briefing note, citing a Competition and Markets Authority finding that publishers see Google and Facebook as must have partners as they provide almost 40 per cent of large publishers traffic.
Major consumer protection reforms which are planned in parallel with the ex ante regime including letting the CMA decide for itself when U.K. consumer law has been broken and fine violating platforms over issues like fake reviews, rather than having to take the slow route of litigating through the courts are also on ice until the bill gets passed. So major e-commerce and marketplace platforms will also have longer to avoid hard-hitting regulatory action for failures to purge bogus reviews from their U.K. sites.
Consumer rights group, Which?, welcomed the governments commitment to legislate to strengthen the U.K.s competition regime and beef up powers to clamp down on tech firms that breach consumer law. However it described it as disappointing that it will only publish a draft bill in this parliamentary session.
The government must urgently prioritise the progress of this draft Bill so as to bring forward a full Bill to enact these vital changes as soon as possible, added Rocio Concha, Which? director of policy and advocacy, in a statement.
In another major post-Brexit policy move, the government has been loudly flirting with ripping up protections for citizens data or, at least, killing off cookie banners.
Today it confirmed it will move forward with reforming the rules wrapping peoples data just without being clear about the exact changes it plans to make. So where exactly the U.K. is headed on data protection still isnt clear.
That said, in briefing notes on the forthcoming data reform bill, the government appears to be directing most focus at accelerating public sector data sharing instead of suggesting it will pass amendments that pave the way for unfettered commercial data-mining of web users.
Indeed, it claims that ensuring peoples personal data is protected to a gold standard is a core plank of the reform.
A section on the main benefits of the reform also notably lingers on public sector gains with the government writing that it will be making sure that data can be used to empower citizens and improve their lives, via more effective delivery of public healthcare, security, and government services.
But of course the devil will be in the detail of the legislation presented in the coming months.
Heres what else the government lists as the main elements of the upcoming data reform bill:
Discussing other main benefits for the reform, the government touts increased competitiveness and efficiencies for businesses, via a suggested reduction in compliance burdens (such as by creating a data protection framework that is focused on privacy outcomes rather than box ticking); a clearer regulatory environment for personal data use which it suggests will fuel responsible innovation and drive scientific progress; simplifying the rules around research to cement the U.K.s position as a science and technology superpower, as it couches it; and ensuring the data protection regulator (the ICO) takes appropriate action against organisations who breach data rights and that citizens have greater clarity on their rights.
The upshot of all these muscular-sounding claims boils down to whatever the government means by an outcomes-focused approach to data protection versus tick-box privacy compliance. (As well as what responsible innovation might imply.)
Its also worth mulling what the government means when it says it wants the ICO to take appropriate action against breaches of data rights. Given the U.K. regulator has been heavily criticized for inaction in key areas like adtechyou could interpret that as the government intending the regulator to take more enforcement over privacy breaches, not less.
(And its briefing note does list modernizing the ICO, as a purpose for the reform in order to [make] sure it has the capabilities and powers to take stronger action against organisations who breach data rules while requiring it to be more accountable to Parliament and the public.)
However, on the flip side, if the government really intends to water down Brits privacy rights by say, letting businesses overrule the need to obtain consent to mine peoples info via a more expansive legitimate interest regime for commercial entities to do what they like with data (something the government has been considering in the consultation) then the question is how that would square with a top-line claim for the reform ensuing U.K. citizens personal data is protected to a gold standard?
The overarching question here is whose gold standard the U.K. is intending to meet? Brexiters might scream for their own yellow streak but the reality is there are wider forces at play once youre talking about data exports.
Despite Johnsons governments fondness for Brexit freedom rhetoric, when it comes to data protection law the U.K.s hands are tied by the need to continue meeting the EUs privacy standards, which require the an equivalent level of protection for citizens data outside the bloc at least if the U.K. wants data to be able to flow freely into the country from the blocs ~447 million citizens, i.e., to all those U.K. businesses keen to sell digital services to Europeans.
This free flow of data is governed by a so-called adequacy decision which the European Commission granted the U.K. in June last year, essentially on account that no changes had (yet) been made to U.K. law since it adopted the blocs General Data Protection Regulation (GDPR) in 2018 by incorporating it into U.K. law.
And the Commission simultaneously warned that any attempt by the U.K. to weaken domestic data protection rules and thereby degrade fundamental protections for EU citizens data exported to the U.K. would risk an intervention. Put simply, that means the EU could revoke adequacy requiring all EU-U.K. data flows to be assessed for legality on a case-by-case basis, vastly ramping up compliance costs for U.K. businesses wanting to import EU data.
Last years adequacy agreement also came with a baked in sunset clause of four years meaning it will be up for automatic review in 2025. Ergo, the amount of wiggle room the U.K. government has here is highly limited. Unless its truly intent on digging ever deeper into the lunatic sinkhole of Brexit by gutting this substantial and actually expanding sunlit upland of the economy (digital services).
The cost in pure compliance terms of the U.K. losing EU adequacy has been estimated at between 1 billion-1.6 billion. But the true cost in lost business/less scaling would likely be far higher.
The governments briefing note on its legislative program itself notes that the U.K.s data market represented around 4% of GDP in 2020; also pointing out that data-enabled trade makes up the largest part of international services trade (accounting for exports of 234 billion in 2019).
Its also notable that Johnsons government has never set out a clear economic case for tearing up U.K. data protection rules.
The briefing note continues to gloss over that rather salient detail saying that analysis by the Department for Digital, Culture, Media and Sport (DCMS) indicates our reforms will create over 1 billion in business savings over 10 years by reducing burdens on businesses of all sizes; but without specifying exactly what regulatory changes its attaching those theoretical savings to.
And thats important because keep in mind if the touted compliance savings are created by shrinking citizens data protections that risks the U.K.s adequacy status with the EU which, if lost, would swiftly lead to at least 1 billion in increased compliance costs around EU-U.K. data flows thereby wiping out the claimed business savings from less privacy red tape.
The government does cite a 2018 economic analysis by DCMS and a tech consultancy, called Ctrl-Shift, which it says estimated that the productivity and competition benefits enabled by safe and efficient data flows would create a 27.8 billion uplift in U.K. GDP. But the keywords in that sentence are safe and efficient; whereas unsafe EU-U.K. data flows would face being slowed and/or suspended at great cost to U.K. GDP.
The whole data reform bill bid does risk feeling like a bad-faith PR exercise by Johnsons thick-on-spin, thin-on-substance government i.e., to try to claim a Brexit boon where there is, in fact, none.
See also this key fact which accompanies the governments spiel on the reform claiming:
The UK General Data Protection Regulation and Data Protection Act 2018 are highly complex and prescriptive pieces of legislation. They encourage excessive paperwork, and create burdens on businesses with little benefit to citizens. Because we have left the EU, we now have the opportunity to reform the data protection framework. This Bill will reduce burdens on businesses as well as provide clarity to researchers on how best to use personal data.
Firstly, the U.K. chose to enact those pieces of legislation after the 2016 Brexit vote to leave the EU. Indeed, it was a Conservative government (not led by Johnson at that time) that passed these highly complex and prescriptive pieces of legislation.
Moreover, back in 2017, the former digital secretary Matt Hancock described the EU GDPR as a decent piece of legislation suggesting then that the U.K. would, essentially, end up continuing to mirror EU rules in this area because its in its interests to do so to in order to keep data flowing.
Fast-forward five years and the Brexit bombast may have cranked up to Johnsonian levels of absurdity but the underlying necessity for the government to maintain unhindered data flows, as Hancock put it, hasnt gone anywhere or, well, assuming ministers havent abandoned the idea of actually trying to grow the economy.
But there again the government lists creating a pro-growth (and trusted) data protection framework as a key purpose for the data reform bill one which it claims can both reduce burdens for businesses and boosts the economy. It just cant tell you how itll pull that Brexit bunny out of the hat yet.
Read more from the original source:
UK opts for slow reboot of Big Tech rules, pushes ahead on privacy reforms - TechCrunch
