Skip to main content

Technology & Digital round-up: 26 May 2023

Welcome to our latest Technology & Digital round-up of legal and non-legal tech-related news stories. This edition covers: recent AI developments; the consumer connectable product security regime; Meta’s €1.2 billion GDPR fine; and much more.

If you would like to receive the Technology & Digital round-up and other similar updates direct to your inbox, please click here.

Get in touch with Sally Mewies or Luke Jackson if you have any queries or need advice or assistance.


The legal part…

  • We explained in last month’s Technology & Digital round-up that the government had published its long-awaited white paper on AI regulation. The Competition and Markets Authority has since launched an initial review of competition and consumer protection considerations in the development and use of AI foundation models, including large language models and generative AI.
  • A Private Member’s Bill to regulate the use of AI technologies in the workplace was introduced in the House of Commons. Labour MP Mick Whitley was realistic about the Bill’s chances of becoming law, but hoped that it could “at least begin a much-needed conversation” in Parliament about the steps needed to better protect workers. This follows Sir Patrick Vallance explaining to the Science, Innovation and Technology Committee that the impact of AI on jobs could be as big as the impact of the industrial revolution.
  • In other developments, OpenAI leaders published a blog post on the governance of superintelligence, and Rishi Sunak said that the UK will lead on limiting the dangers of AI.
  • The government announced that the UK’s consumer connectable product security regime will come into effect on 29 April 2024. From that date, manufacturers and others involved in these products’ supply chains will need to be compliant with the new legislative framework. Minimum security requirements will be based on the government’s Code of Practice for Consumer IoT Security.
  • In a speech to the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs, the Information Commissioner gave his reassurance that “I take my responsibility of protecting Europeans’ data in the United Kingdom very seriously, and that I will continue to do so through the process of law reform, and beyond”. The Commissioner explained that the ICO is able to support the Data Protection and Digital Information Bill as it currently stands, describing it as an ‘evolution’ not ‘revolution’.
  • Meta was fined €1.2 billion in connection with delivery of its Facebook service when it continued transferring personal data from the EU/EEA to the US following the 2020 judgment that invalidated the EU-US ‘Privacy Shield’ data transfer framework. The arrangements it put in place – which included using the European Commission’s updated standard contractual clauses – didn’t address the risks identified in the judgment. This is the largest GDPR fine to date. Meta intends to appeal and hopes that the Privacy Shield’s replacement will come into effect before it’s required to take remedial action.
  • But in related news, the European Parliament raised concerns about the adequacy of the new EU-US Data Privacy Framework as currently drafted and privacy activist Max Schrems said that the new deal has “maybe a ten percent chance of not being killed by the CJEU [Court of Justice of the European Union]”.
  • In a new report, the Treasury Committee said that consumer cryptocurrency trading should be regulated as gambling. It recognised that technologies underlying cryptoassets may bring benefits to financial services, and called on the government and regulators to keep pace with developments. The MPs also said that, given the future benefits of crypto remain unclear, the government should take a balanced approach to supporting the development of these technologies and avoid spending public resources on projects without a clear, beneficial use (“as appears to have been the case with its now-abandoned Royal Mint NFT” which we mentioned in last month’s Technology & Digital round-up).
  • The Medicines & Healthcare products Regulatory Agency published guidance for manufacturers on reporting adverse incidents involving Software as a Medical Device. This follows the earlier publication of guidance on Software and AI as a Medical Device, as part of wider plans to substantially reform the UK’s regulatory framework for medical devices. According to a recent update, core aspects of the future regime will apply from 1 July 2025.
  • The government published its National Fraud Strategy. It says it will make the tech sector put in place extra protections for their customers and introduce tough penalties for those who don’t through the Online Safety Bill which is currently going through Parliament. Among other things, user-to-user platforms will be required to implement systems to prevent fraudulent content appearing on their platforms, including scam adverts and fake celebrity endorsements.
  • The European Council announced that it has adopted the MiCA regulation on markets in cryptoassets, the final step in the legislative process. And the European Commission announced that the EU Digital Markets Act became applicable from 2 May 2023. See this Q&A document.

…and in other news

  • Trade association techUK published a report on charting a path for UK tech in a world of resurgent strategic competition. The report “highlights how the challenges of a radically different geopolitical world have exposed the vulnerabilities of the technology sector, including disruptions to supply chains and the manufacturing of semiconductors”.
  • The government finally unveiled its long-awaited National Semiconductor Strategy. Up to £200 million will be invested in the next two years, and up to £1 billion in the next decade.
  • It’s being reported that Jaguar Land Rover owner Tata has chosen the UK to host a £multi-billion electric car battery plant.
  • The National Cyber Security Centre published a major update to its cyber security Board Toolkit guidance.
  • In a joint blog post, the NCSC and ICO reflected on why it’s so concerning when cyber attacks go unreported, and looked at some of the misconceptions about how organisations respond to them. See this news story.
  • This blog post highlights accessibility as a cyber security priority.
  • The NCSC also published a joint advisory with its international partners revealing technical details about a sophisticated espionage tool used by Russian cyber actors against their targets.
  • It was reported that BT is to cut 55,000 jobs, with up to a fifth replaced by AI; while head teachers warned that UK schools are bewildered by AI advances.
  • And finally, Adobe announced that it’s bringing together Photoshop and generative AI. ‘Generative Fill’, which is powered by Adobe Firefly, is described as “the world’s first co-pilot in creative and design workflows”.

If you have queries about any of the points covered in this edition of the Technology & Digital round-up, or need further advice or assistance, please get in touch with SallyLuke or one of our Technology & Digital experts.

More from Walker Morris

Want to watch a previous webinar? Visit our digital academy, home to a library of digital content including webinars, our bite-sized video nuggets and podcasts, including our 60 second videos on what is an NFT and what is a blockchain.

Want to learn more from our Technology & Digital experts and be the first to receive important updates, developments and events from the team? Then visit our #WMTechTalk page or sign up for our newsletter, the Technology & Digital round-up here.



Head of Technology & Digital

Sally's contact details

Email me





Luke's contact details

Email me