CIPL Responds to UK Digital Regulation Cooperation Forum (DRCF) Workplan 2023 to 2024 Call for Input

On
January
26,
2023,
the Centre
for
Information
Policy
Leadership (“CIPL”)
at
Hunton
Andrews
Kurth responded to
a

call
for
input
from
the
UK’s

Digital
Regulation
Cooperation
Forum
(DRCF)
on
its
workplan
for
2023
–
2024.

The
DRCF
is
a
voluntary
gathering
of
the
UK’s
regulators
with
a
digital
portfolio
–
namely,
the
Competition
and
Markets
Authority
(CMA),
the
Office
of
Communications
(Ofcom),
the
Information
Commissioner’s
Office
(ICO)
and
the
Financial
Conduct
Authority
(FCA)
–
to
develop
a
common
understanding
and
ensure
cross-sectoral
consistency
in
digital
regulation.

CIPL
identified
five
key
priority
areas
for
the
DRCF
to
take
into
consideration
as
it
develops
its
workplan
for
2023-2024:

1. 
   Digital
   assets
   in
   blockchain.
   As
   the
   nature
   of
   digital
   assets
   continues
   to
   evolve
   and
   develop,
   it
   is
   imperative
   that
   data
   privacy
   issues
   are
   considered
   and
   addressed
   in
   tandem
   with
   the
   development
   of
   financial
   services
   policy
   and
   regulation
   to
   ensure
   a
   coherent,
   comprehensive
   and
   practical
   regulatory
   approach
   that
   can
   support
   a
   trusted,
   open,
   innovative
   and
   competitive
   market.
2. 
   Privacy
   enhancing
   technologies
   (PETs)
   have
   the
   potential
   to
   mitigate
   privacy
   risks,
   aid
   and
   streamline
   legal
   compliance,
   and
   establish
   trust
   in
   the
   development
   and
   use
   of
   digital
   technology,
   and
   should
   therefore
   be
   further
   explored
   by
   the
   DRCF,
   especially
   where
   the
   DRCF
   regulatory
   disciplines
   interact
   with
   data
   privacy
   rules
   (e.g.,
   online
   safety,
   content
   moderation
   data
   security,
   competition
   law,
   children’s
   data
   privacy).
3. 
   Accountability
   frameworks
   have
   become
   a
   foundation
   of
   data
   privacy
   law,
   policy
   and
   best
   practice
   compliance
   among
   both
   private
   and
   public
   sector
   organizations.
   The
   ICO,
   for
   example,
   has
   already
   developed
   an
   accountability
   framework.
   The
   DRCF
   should
   now
   foster
   recognition
   of
   the
   importance
   of
   accountability
   across
   all
   of
   their
   respective
   regulatory
   competences;
   develop
   a
   common
   cross-regulatory
   framework
   on
   the
   risk-based
   and
   outcome
   based
   elements
   of
   accountability;
   and
   proactively
   incentivize
   and
   encourage
   the
   adoption
   of
   
   accountability
   frameworks
   by
   providing
   tangible
   benefits
   for
   organizations
   that
   can
   demonstrate
   their
   digital
   responsibility
   in
   the
   given
   regulatory
   area.
4. 
   Cross-regulatory
   sandboxes
   as
   developed
   by
   the
   FCA,
   the
   ICO
   and
   the
   CMA
   should
   be
   further
   developed
   and
   organizations’
   participation
   incentivised,
   especially
   in
   areas
   with
   interdisciplinary
   overlap.
5. 
   Transborder
   data
   flows
   form
   an
   essential
   part
   of
   all
   DRCF
   regulatory
   domains.
   CIPL
   proposes
   the
   establishment
   of
   a
   cross-disciplinary
   working
   group
   to
   identify
   essential
   and
   necessary
   data
   flows
   in
   the
   DRCF’s
   respective
   areas
   and
   consider
   how
   these
   can
   be
   enabled
   in
   compliance
   with
   the
   existing
   and
   potential
   future
   rules
   and
   transfer
   mechanisms.

You
can
read
CIPL’s
full
submission

here.