Data reform at last!

The Data (Use and Access) Bill was finally passed into law after a much-publicised back and forth between the two Houses of Parliament on the issue of AI copyright. The Information Commissioner’s Office has published various guidance to support organisations and the public as the changes are introduced. They will be phased in between now and June 2026, with regulations awaited for some areas such as smart data schemes.

£2 million+ ICO fine after cyberattack

The ICO fined genetic testing company 23andMe £2.31 million for failing to implement appropriate security measures to protect UK users’ personal information. This followed a large-scale cyberattack in 2023. The data regulator found that the company failed to take basic steps to protect its customers’ sensitive information and its response was inadequate.

ICO launches AI and biometrics strategy

The ICO recently launched its AI and biometrics strategy. The stated aim of the strategy is to make sure that organisations are developing and deploying new technologies lawfully, supporting them to innovate and grow while protecting the public.

The Information Commissioner confirmed at the launch event that, over the next year, the ICO will consult on an update to its automated decision making and profiling guidance, develop a statutory code of practice on AI and automated decision making, and produce a horizon scanning Tech Futures report on the data protection implications of agentic AI (something we’ve talked about in previous editions).

More legal and regulatory developments…

• The ICO is consulting until 7 September 2025 on new draft guidance for manufacturers and developers of smart products.
• Ofcom published its strategic approach to AI, setting out how it’s supporting the safe innovation and use of AI across the sectors it regulates.
• It’s been reported that the EU could postpone implementation of some parts of the EU AI Act if, among other things, expected standards and guidance are not ready in time. The next major implementation date is 2 August 2025, when obligations concerning general-purpose AI models come into effect. We’re currently awaiting publication of the final code of practice, which should have been ready by 2 May 2025.
• Meanwhile, the European Commission is consulting until 18 July 2025 on high-risk AI systems under the EU AI Act. The feedback, including practical examples, will be considered in upcoming Commission guidelines on classifying high-risk AI systems.
• Amazon has given undertakings to the Competition and Markets Authority to curb fake reviews which are now explicitly banned under the Digital Markets, Competition and Consumers Act.
• We’ve also seen the CMA issue guidance tips for businesses using dynamic pricing, and propose to designate Google with ‘strategic market status’ in general search and search advertising under the new digital markets competition regime.

…and in other news

• The government finally published the UK’s Modern Industrial Strategy, described as a 10-year plan to significantly increase business investment in eight growth-driving sectors, including digital and technologies. The details are set out in a separate Sector Plan. The government’s vision is to make the UK one of the top three places in the world to create, invest in and scale-up a fast-growing technology business. It will prioritise these frontier technologies with the greatest growth potential: advanced connectivity technologies; AI; cybersecurity; engineering biology; quantum technologies; and semiconductors.
• According to the government’s recent spending review, a Government Digital and AI Roadmap due in the autumn will set out the government’s digital priorities to deliver better public services.
• The spending review confirmed a £750 million investment for Scotland to host the UK’s national supercomputer.
• Ahead of the spending review, the government announced a £86 billion funding package for science and tech to turbocharge the economy.
• The government announced new plans to supercharge the UK’s cyber sector.
• We’ve seen a flurry of other recent announcements from the Department for Science, Innovation and Technology, including: the development of a digital marketplace to shake up how the UK public sector buys technology; an AI breakthrough to slash planning delays and help build 1.5 million homes; backing for ten AI innovations to help make the UK a clean energy superpower; and collaborative plans with leading tech firms to boost UK workers’ AI skills.
• The National Cyber Security Centre launched its cyber security culture principles – guidance to support organisations in creating the right cultural conditions to enable their people to carry out the right security behaviours.
• The BBC reported on Anglian Water saying that treated sewage, instead of drinking water, could be used to cool data centres. There are concerns that the growth of AI – powered by data centres – could lead to water shortages.
• And finally, a Guardian investigation revealed that thousands of UK university students have been caught cheating using AI.

How we can support you

If you have queries about any of the points covered in this edition of the Technology & Digital round-up, or need further advice or assistance, please get in touch with Sally, Andrew, Nick, Paul, Luke or one of our Technology & Digital experts.

Want to watch a previous webinar? Visit our digital academy, home to a library of digital content including webinars, our bite-sized video nuggets and podcasts, including our 60 second videos on what is an NFT and what is a blockchain.

Want to learn more from our Technology & Digital experts and be the first to receive important updates, developments and events from the team? Then visit our #WMTechTalk page or sign up for our newsletter, the Technology & Digital round-up here.