The DRCF: Priorities for UK Digital Regulation
By Lord Clement-Jones | Thu Apr 08 2021
Last July the Competition and Markets Authority (CMA), the Information Commissioner’s Office (ICO) and the Office of Communications (Ofcom) formed the Digital Regulation Cooperation Forum (DRCF) which last month outlined its priorities in a Workplan for 2021/22.
The creation of the DRCF is a significant move by these regulators in the coordination of regulation across digital and online services and, as they say, recognises the unique challenges posed by regulation of online platforms which are playing an increasingly important role in our lives.
The Workplan for 2021/22 is designed to set out what they fashionably call a roadmap for how Ofcom, the CMA, ICO and, from this month as a full member of the DRCF, the FCA, will increase the scope and scale of this coordination through “pooling expertise and resources, working more closely together on online regulatory matters of mutual importance, and reporting on results annually.”
In launching the Workplan, the DRCF invited comments and observations on its content. The challenge has been taken up by a number of Liberal Democrat colleagues in the Lords, coordinated by myself as Digital Spokesperson.
We wholly welcome the creation of the DRCF and the creation of a cross regulator Workplan. Cross collaboration between regulators is of great importance as technological, digital and online issues faced by regulators increasingly converge, especially in the light of the growing emergence of digital issues across the regulatory field, such as data use and access, consumer impact of algorithms and the advent of online harms legislation.
We suggested a number of additions to supplement what is essentially an excellent core plan with some other areas of activity which should be undertaken as part of the plan, resources permitting.
The context of the regulators’ work is provided by the overall aim of the Government to ensure “an inclusive, competitive and innovative digital economy” . To this we want to see the addition of the words “ethical, safe and trustworthy”.This is not only crucial in terms of public trust but very much in line with one of the announced three key pillars of the Government’s AI Strategy to be published later this year by the Government and other aspects of the government’s National Data Strategy.
The key areas of activity set out in the Workplan are:
- Responding strategically to industry and technological development;
- Developing joined up regulatory approaches;
- Building shared skills and capabilities
- Building clarity through collective engagement
- Developing the DRCF
Responding Strategically to industry and technological developments
A number of emerging trends and technological developments are referred to in the plan. These include broad areas such as design frameworks, algorithmic processing (and we must assume this includes algorithmic decision making), digital advertising technologies and end-to-end encryption.
There are significant implication from other emerging issues however which we also think require particular attention from the regulators such as Deepfakes, Live Facial Recognition, collection use and processing of behavioral data beyond advertising and devices (such as smart meters) which collect and share data and are part of the Internet of Things.
Developing joined up regulatory approaches
Here the Workplan suggests concentrating on Data Protection and Competition Regulation, the Age Appropriate Design Code (aka Children’s Code) introduced by the Data Protection Act, the regulation of video-sharing platforms and online safety and interactions in the wider digital regulation landscape.
We believe however, especially in the light of considerable debate about what are appropriate remedies for market dominance in the context of the digital economy and the growing power of Big Tech, that there should be cross regulator consideration of how proportionate but timely interim and ex ante intervention and structural versus behavioral remedies have application.
Given the importance of simultaneously encouraging innovation and trustworthy use and application of data and AI, we also thought there should be a focus on generic sandboxing approaches to innovative regulated services.
Building shared skills and capabilities
To some extent the Workplan in this area proposes a journey of exploration. It suggests building shared skills through, for instance, secondment programmes, collocated teams, building a shared centre of excellence and co-recruitment initiatives, but without specifying what those shared skills might be.
Last December, I chaired a House of Lords follow up enquiry to the AI Select Committee’s Report AI in the UK : Ready Willing and Able? and our report: AI in the UK: No Time for Complacency concluded and recommended as follows:
“60. The challenges posed by the development and deployment of AI cannot currently be tackled by cross-cutting regulation. The understanding by users and policymakers needs to be developed through a better understanding of risk and how it can be assessed and mitigated…..
61. The ICO must develop a training course for use by regulators to ensure that their staff have a grounding in the ethical and appropriate use of public data and AI systems, and its opportunities and risks. It will be essential for sector specific regulators to be in a position to evaluate those risks, to assess ethical compliance, and to advise their sectors accordingly….”
In addition to these proposals on upskilling on risk assessment and mitigation and the ethical and appropriate use of public data, we have now suggested that, as part of the Workplan, a wider set of skills could be built across the regulators, particularly in the AI space, such as assessments of use of behavioral data in advertising and of ethical compliance of AI systems, Algorithm inspection, AI audit and monitoring and evaluation of Digital ID and Age Verification solutions.
As regards technical expertise available to the DRCF we took the view that it is important that the Alan Turing Institute, the Centre for Data Ethics and Innovation and the Intellectual Property Office are closely involved with the work programme and the DRCF makes full use of their skills and knowledge.
Given the depth and technical nature of many of the skills required, the proposal for a centre of excellence to provide common expertise in digital and technological issues which could draw upon and be of service to all relevant regulators, is vital and should be a resource priority.
As regards the last two priority activities Building Clarity Through Collective Engagement and DRCF development we are strong supporters of the intention to draw upon international expertise. The EU, the Council of Europe and the OECD are all building valuable expertise in AI risk assessment by reference to ethical principles and human rights.
We also welcomed the regulators’ intention to update and review the current MOU’s between the regulators to ensure greater transparency and cooperation.
Other, non-statutory regulators,however, have a strong interest in the objectives and outcomes of the DRCF too. There is welcome reference in the Workplan to the Advertising Standards Authority involvement with the DRCF but as regards other relevant regulators such as the Press Representation Council and BBFC we want to see them included in the work of the DRCF given their involvement in digital platforms.
In addition, there is the question of whether other statutory regulators which have an interest in digital and data issues such as OFWAT or OFGEM with smart meters, or the CAA with drone technology for example will be included in the DRCF discussions and training.
We even think there is a good case for the DRCF to share and spread knowledge and expertise, as it develops, to the wider ADR and ombudsman ecosystem and even to the wider legal system in the light of the new Master of Rolls, Sir Geoffrey Vos’, recent espousal of AI in the justice system.
It may not yet have great public profile but how and the speed at which the work of the DRCF unfolds, matters to us all.