In-house lawyers are likely to be taking stock of the impact on their organisations of the significant changes to the UK government’s net zero targets and commitments this month. Two reports on the development of artificial intelligence and the imposition of a large fine by Ireland’s data protection regulator for a breach of the GDPR are also noteworthy.
Climate change and sustainability
Prime Minister, Rishi Sunak, has made a speech in which he set out some significant changes to the UK government’s net zero targets and commitments, including:
- Delaying the ban on new petrol and diesel cars from 2030 to 2035.
- Delaying the ban on installation of off-grid oil and LPG boilers, and of new coal heating for off-gas grid homes to 2035, instead of phasing them out from 2026.
- Scrapping requirements on homeowners and landlords to meet energy efficiency targets by making insulation upgrades.
The government will make further green policy announcements in the run up to COP 28 in November 2023.
The Taskforce on Nature-related Financial Disclosures (TNFD) has published the final version of its recommendations for a disclosure framework. The 14 TNFD Recommendations provide guidance for organisations to report on nature-related financial risks and opportunities, to support a shift in global financial flows away from nature-negative outcomes and towards nature-positive outcomes. They are designed for organisations of all sizes, across all sectors and along value chains.
Artificial intelligence
The Competition and Markets Authority (CMA) has published a report in its initial review of competition and consumer protection considerations in the development and use of artificial intelligence (AI) foundation models. AI foundation models (which include large language models and generative AI) that have emerged over the past five years have the potential to transform much of what people and businesses do. The CMA’s initial review focuses on, among other things:
- How foundation models are developed.
- The key inputs the models require and how they are deployed.
- Potential outcomes for competition in the development of foundation models.
The House of Commons Science, Innovation and Technology Committee has published an interim report setting out 12 governance challenges that must be addressed to secure public safety and confidence in AI and makes recommendations regarding UK AI governance. The government’s response to the interim report is due by 31 October.
Data protection
The Data Protection Commission, Ireland’s data protection regulator, has fined TikTok EUR345 million. The decision relates to a finding that TikTok infringed the GDPR’s principle of fairness and requirements for data protection by default and design when processing personal data relating to children. Earlier this year, the UK’s Information Commissioner’s Office (ICO) fined TikTok for the misuse of children’s personal data.
The ICO has joined other data protection authorities from around the world to publish a joint statement highlighting the data privacy risks from publicly accessible personal data being exposed online to unlawful data scraping. The statement makes recommendations on preventative measures to be adopted by social media organisations and other public facing website operators too.
The ICO has also published detailed guidance on processing workers’ health data to help employers comply with their obligations under the UK GDPR and Data Protection Act 2018 (DPA 2018). The first part of the guidance explains how the UK GDPR and DPA 2018 applies to the employer. The second part focuses on how data protection law applies to specific workplace scenarios such as:
- Managing sick absence records and occupational health schemes.
- Conducting drugs and alcohol testing.
- How to approach sharing employee health data.
Cyber security
The House of Commons Science and Technology Committee has launched an inquiry into the cyber resilience of the UK’s critical national infrastructure. The inquiry recognises that the UK is the third most targeted country for cyber-attacks, after the United States and Ukraine. The committee has published a call for evidence to the inquiry and invites written submissions by 10 November.
Dates for your diary
1 October
Entry into force of most changes under the 158th Practice Direction Update and Pre-Action Protocol Update.
Changes to the fixed recoverable costs regime enter into force.
5 October
Deadline for Ofcom to publish a market study on cloud services in the UK.
6 October
Deadline for responses to European Commission consultation on amending delegated directive on adjustments to the size criteria for micro, small, medium-sized and large companies.
Deadline to respond to the government’s consultation on the proposed 2023 to 2024 Disability Action Plan.
Department for Business and Trade consultation on the draft statutory Code of Practice on the “reasonable steps” a trade union must take to comply with the Strikes (Minimum Service Levels) Act 2023 closes.
8 October
Environment Agency consultation on amending its Enforcement and Sanctions Policy closes.
9 October
Consultation on packaging extended producer responsibility closes.
Consultation on draft regulations to delay reporting of salary advances closes.
11 October
Deadline for responses to FRC call for evidence regarding endorsement of IFRS Sustainability Disclosure Standards.
12 October
Foreign Subsidies Regulation notification obligations start to apply.
DWP consultation on occupational health provision closes.
Joint HMT-HMRC consultation on tax incentives for occupational health closes.
20 October
ICO consultation on its draft guidance on biometric data and biometric technologies ends.
24 October
Consultation on proposals to overhaul the UK product safety regime closes.