*/
When the UK Computer Misuse Act (CMA) received Royal Assent on 29 June 1990, Elton John was at Number One with the song Sacrifice. Mr John played 10 nights at the O2 Arena this spring and headlines Glastonbury in the summer. So maybe things haven’t really changed enough to require an amendment to computer misuse legislation in the UK?
Think again. The Cray 1 Supercomputer, widely considered to be the fastest and most powerful supercomputer in the world until 1990, had slightly less processing power than an iPhone 5. There have since been another nine iterations of the iPhone meaning that almost every person in Britain now is carrying a supercomputer in their pocket more powerful than that conceived of when the CMA came into force. It is therefore unsurprising that in February 2023 the Home Office outlined reforms to the 30-year-old cybercrime law and issued a consultation for reform.
There appears to be a real international consensus to improve cybercrime law. as well The Australian Federal Government announced plans, on 6 March 2023, to overhaul the country’s cybersecurity agenda in the wake of last year’s disastrous data breaches on Optus and Medibank, which compromised the personal information of almost 10 million Australians in two of the largest attacks in the nation’s history.
The Indian Ministry of Home Affairs is working on making existing cyber laws more stringent to tackle cybercrime. And, on 10 March 2023, the United Arab Emirates announced the introduction of the first UAE Cybercrime law which will attempt to address ‘cyberattacks’ and threats in the modern world. Cyberattack, as defined under the Act, includes every intentional and planned targeting of infrastructure, networks, information systems, or information technology methods.
But unless you are practising in cyber security law, or data breaches, why is this relevant to the Bar?
These proposed reforms constitute only part of the UK government’s approach towards cyber security. Another, following the UK’s exit from the European Union, is the recapitulation of the Data Protection and Digital Information Bill (DPDIB). Brexit’s answer to GDPR, the second attempt of DPDIB was unveiled on 8 March 2023 with the strong assertion that it would save £4bn over 10 years.
While this number may sound impressive, those who have just managed to come to terms with the data protection principles contained within GDPR may not feel ecstatic by the thought of new legislation. However, the government has suggested the following three benefits which could assist chambers. But will these really help us?
Unlike GDPR, which provides a prescriptive approach to data protection procedures that must be applied, the government is suggesting that DPDIB will cut down the amount of paperwork chambers will need to produce to show compliance. The caveat, though, is for organisations ‘whose processing activities are likely to pose a high risk to individual’s rights and freedoms’. These organisations will need to continue to keep processing records including, for example, the personal data which is held, where, the security measures in place and a clear policy for deletion.
The government press release suggested organisations ‘processing large volumes of sensitive data about people’s health’ would need to continue to maintain the higher level of record keeping. In that context, chambers which process large volumes about people’s legal rights are also likely to maintain the standards imposed by GDPR.
According to Science, Innovation and Technology Secretary Michelle Donelan, the new rules will give organisations more clarity about when they can process personal data without needing consent or weighing up their own interests in processing the data against an individual’s rights for certain public interest activities. This could include circumstances where there is a public interest in sharing personal data to prevent crime, safeguard national security or protect vulnerable individuals.
This clarity may provide assistance for companies that inadvertently receive personal information that is sensitive, but potentially harmful or criminal, and want to properly process this by raising with an appropriate authority or regulator. This is unlikely to positively impact upon the Bar, however, which has always had a clear understanding of legal professional privilege and did so prior to data protection legislation and GDPR.
The government has indicated a commitment to maintaining high data protection standards and continuing the ‘free flow of personal data between like-minded countries’. The updated DPDIB is purportedly designed so that businesses can continue to use existing international data transfer mechanisms to share personal data overseas if they are already compliant with current UK data laws. This will ensure that British businesses do not need to pay more costs or complete new checks to show they are compliant with the updated rules. Chambers providing advice into foreign jurisdictions will be able to continue to provide this service and could expand into new countries if they meet the new UK rules.
The problem is that the concept of DPDIB is divergent from GDPR. If the EU considers the UK system is different and lesser, then the current ‘data adequacy status’, which protects the flow of data between both jurisdictions, would be lost. At this point chambers’ compliance with UK legislation would not be enough to continue to advise EU individuals or companies.
Will the DPDIB provide an easier future? Or will the burden on chambers remain unchanged, and providing advice into the EU become significantly more difficult? Only time will tell. And will Elton John be at Number One when we find out?
The Cray Y 190A Supercomputer (pictured above at the NASA Ames Research Center in 1990) had slightly less processing power than an iPhone 5.
When the UK Computer Misuse Act (CMA) received Royal Assent on 29 June 1990, Elton John was at Number One with the song Sacrifice. Mr John played 10 nights at the O2 Arena this spring and headlines Glastonbury in the summer. So maybe things haven’t really changed enough to require an amendment to computer misuse legislation in the UK?
Think again. The Cray 1 Supercomputer, widely considered to be the fastest and most powerful supercomputer in the world until 1990, had slightly less processing power than an iPhone 5. There have since been another nine iterations of the iPhone meaning that almost every person in Britain now is carrying a supercomputer in their pocket more powerful than that conceived of when the CMA came into force. It is therefore unsurprising that in February 2023 the Home Office outlined reforms to the 30-year-old cybercrime law and issued a consultation for reform.
There appears to be a real international consensus to improve cybercrime law. as well The Australian Federal Government announced plans, on 6 March 2023, to overhaul the country’s cybersecurity agenda in the wake of last year’s disastrous data breaches on Optus and Medibank, which compromised the personal information of almost 10 million Australians in two of the largest attacks in the nation’s history.
The Indian Ministry of Home Affairs is working on making existing cyber laws more stringent to tackle cybercrime. And, on 10 March 2023, the United Arab Emirates announced the introduction of the first UAE Cybercrime law which will attempt to address ‘cyberattacks’ and threats in the modern world. Cyberattack, as defined under the Act, includes every intentional and planned targeting of infrastructure, networks, information systems, or information technology methods.
But unless you are practising in cyber security law, or data breaches, why is this relevant to the Bar?
These proposed reforms constitute only part of the UK government’s approach towards cyber security. Another, following the UK’s exit from the European Union, is the recapitulation of the Data Protection and Digital Information Bill (DPDIB). Brexit’s answer to GDPR, the second attempt of DPDIB was unveiled on 8 March 2023 with the strong assertion that it would save £4bn over 10 years.
While this number may sound impressive, those who have just managed to come to terms with the data protection principles contained within GDPR may not feel ecstatic by the thought of new legislation. However, the government has suggested the following three benefits which could assist chambers. But will these really help us?
Unlike GDPR, which provides a prescriptive approach to data protection procedures that must be applied, the government is suggesting that DPDIB will cut down the amount of paperwork chambers will need to produce to show compliance. The caveat, though, is for organisations ‘whose processing activities are likely to pose a high risk to individual’s rights and freedoms’. These organisations will need to continue to keep processing records including, for example, the personal data which is held, where, the security measures in place and a clear policy for deletion.
The government press release suggested organisations ‘processing large volumes of sensitive data about people’s health’ would need to continue to maintain the higher level of record keeping. In that context, chambers which process large volumes about people’s legal rights are also likely to maintain the standards imposed by GDPR.
According to Science, Innovation and Technology Secretary Michelle Donelan, the new rules will give organisations more clarity about when they can process personal data without needing consent or weighing up their own interests in processing the data against an individual’s rights for certain public interest activities. This could include circumstances where there is a public interest in sharing personal data to prevent crime, safeguard national security or protect vulnerable individuals.
This clarity may provide assistance for companies that inadvertently receive personal information that is sensitive, but potentially harmful or criminal, and want to properly process this by raising with an appropriate authority or regulator. This is unlikely to positively impact upon the Bar, however, which has always had a clear understanding of legal professional privilege and did so prior to data protection legislation and GDPR.
The government has indicated a commitment to maintaining high data protection standards and continuing the ‘free flow of personal data between like-minded countries’. The updated DPDIB is purportedly designed so that businesses can continue to use existing international data transfer mechanisms to share personal data overseas if they are already compliant with current UK data laws. This will ensure that British businesses do not need to pay more costs or complete new checks to show they are compliant with the updated rules. Chambers providing advice into foreign jurisdictions will be able to continue to provide this service and could expand into new countries if they meet the new UK rules.
The problem is that the concept of DPDIB is divergent from GDPR. If the EU considers the UK system is different and lesser, then the current ‘data adequacy status’, which protects the flow of data between both jurisdictions, would be lost. At this point chambers’ compliance with UK legislation would not be enough to continue to advise EU individuals or companies.
Will the DPDIB provide an easier future? Or will the burden on chambers remain unchanged, and providing advice into the EU become significantly more difficult? Only time will tell. And will Elton John be at Number One when we find out?
The Cray Y 190A Supercomputer (pictured above at the NASA Ames Research Center in 1990) had slightly less processing power than an iPhone 5.
The Chair of the Bar sets out how the new government can restore the justice system
In the first of a new series, Louise Crush of Westgate Wealth considers the fundamental need for financial protection
Unlocking your aged debt to fund your tax in one easy step. By Philip N Bristow
Possibly, but many barristers are glad he did…
Mental health charity Mind BWW has received a £500 donation from drug, alcohol and DNA testing laboratory, AlphaBiolabs as part of its Giving Back campaign
The Institute of Neurotechnology & Law is thrilled to announce its inaugural essay competition
How to navigate open source evidence in an era of deepfakes. By Professor Yvonne McDermott Rees and Professor Alexa Koenig
Brie Stevens-Hoare KC and Lyndsey de Mestre KC take a look at the difficulties women encounter during the menopause, and offer some practical tips for individuals and chambers to make things easier
Sir Geoffrey Vos, Master of the Rolls and Head of Civil Justice since January 2021, is well known for his passion for access to justice and all things digital. Perhaps less widely known is the driven personality and wanderlust that lies behind this, as Anthony Inglese CB discovers
The Chair of the Bar sets out how the new government can restore the justice system
No-one should have to live in sub-standard accommodation, says Antony Hodari Solicitors. We are tackling the problem of bad housing with a two-pronged approach and act on behalf of tenants in both the civil and criminal courts
-(1)-(002).tmb-carlisting79eb.png){kind=logo}
