Regulation regeneration?
Between October 2023 and January 2024, the Department for Business and Trade ran a consultation on ‘Smarter Regulation and the Regulatory Landscape’, to inform the Smarter Regulation regulatory reform programme and improve outcomes for businesses and consumers. The Smarter Regulation programme defines ‘Smarter Regulation’ as “only using regulation where necessary, and ensuring its design and use is both proportionate and future-proof”. The programme has the aims of:
reforming existing regulations to minimise regulatory burden and ensure regulations are contemporary and forward looking;
making regulation a last resort, not a first choice. This includes making use of alternatives to regulation wherever beneficial; and,
ensuring a well-functioning regulatory landscape.
The consultation was not specific to any one regulator, but could impact regulators including the Information Commissioner, Ofcom and the Competition and Markets Authority, all of whom have remits touching upon data protection, content regulation, online safety, artificial intelligence (AI) and human rights and ESG.
The government’s positioning of the UK as a “a business-friendly regulatory environment” was apparent in the questions posed, which included whether “UK regulators are supportive of the individual businesses they regulate” but not whether UK regulators secure appropriate outcomes for consumers and the wider public.
The call for evidence addressed topics including: Complexity and Ease of Understanding the Regulatory System; Regulator Agility, Responsiveness and Skills; Proportionality in Implementing Regulation; Process and Governance; and, Regulator Performance.
Handley Gill Limited submitted a response to the consultation, which may be accessed here:
So, what should smart regulation look like? In our consultation response we argued:
In favour of proportionate, risk-based regulation.
Consistent, transparent regulation increases public confidence in regulators and regulated entities.
Supportive regulation should not mean failing to enforce the law.
Failure to take enforcement action, in any form, is anti-competitive.
Regulators have an important role in educating consumers as to what compliance and good practice looks like, to enable them to exercise judgement and proactively choose compliant and trusted organisations.
The role of educators in educating consumers should not forego accuracy or over-simplify to the point of mis-statement.
The outcome of effective regulation should be that compliance pays.
Regulatory transparency is imperative: regulators should take steps to ensure that their priorities and regulatory focus are communicated to all regulated entities, not merely to professional advisors or interest groups, or to the largest organisations with whom they have most frequent contact.
While regulators, as public authorities, are obliged to have regard to the rights espoused in the Human Rights Act 1998, it would be valuable to reiterate this in legislation establishing their role and functions.
It could be valuable to clarify in the role and functions of regulators whether and the extent to which they are to have regard to wider public interests in fulfilling their role.
We anticipate that regulatory overlap will only increase, for example in relation to the new obligations under the Online Safety Act 2023 and artificial intelligence (AI), and there should therefore be formal, statutory structures and procedures for co-operation between regulators.
Where regulators consult each other in the context of ongoing investigations or enforcement action, this should be formalised and transparent with appropriate structures for complainants and regulated entities to understand and input into the questions posed.
The powers and restrictions on regulators engaging with international counterparts should be codified in statute.
Guidance issued by regulators should do more than merely regurgitate legislation and should identify acceptable and best practice.
Regulators must enforce the law as it is, not as they wish it to be.
Public and private positions taken by regulator must be consistent with greater transparency, for example here advice is given to a regulated entity consideration should be given as to whether that advice is appropriate for publication, particularly where it builds upon, introduces nuance to existing guidance or demonstrates an intention not to enforce the law as it stands.
Statutory timeframes for regulators to consider and adjudicate upon complaints should be introduced, with regulators required to be transparent about their compliance with such timeframes.
Regulators must be adequately resourced to fulfil their obligations, and this most likely requires that the largest or highest risk organisations pay far more in fees than is currently the case (in relation to the Information Commissioner, for example, the largest organisations pay just £2,900 per annum).
Regulators should provide early public indications of how they consider existing law and regulation apply to emerging issues and, if they consider that they don’t or shouldn’t apply, a clear public statement to the effect that they intend to apply law and regulation in a particular way. At present, we are concerned that certain regulators pick and choose what to enforce and when, preferring commercial convenience for a regulated entity over the law, with little clarity for other regulated entities or the public, risking confusion, diminished confidence and dissuading organisations from compliance.
Regulators should deploy a wide range of interventions, from publishing advice without identifying the regulated entity to which it relates, to naming and shaming non-compliant organisations, to formal enforcement action and ultimately imposing fines.
When regulators fail to take any enforcement action, a vacuum is created which serves to encourage non-compliance.
Where the threshold for affected individuals to bring legal proceedings to enforce their rights is too high or too expensive, the role of the regulator is enhanced with the concomitant need for them to be appropriately resourced to fulfil that role.
Certain regulators’ systems and processes appear to be designed for obscurity and the inability to interrogate them for relevant information, inhibiting transparency and compliance with statutory and common law obligations on the right of access.
A focus on regulating/enforcing only the most harmful conduct results in ex post-facto regulation, to the ignorance of high volume, lower risk non-compliance.
At present, much unlawful data processing goes unchallenged due to the stance of the Information Commissioner’s Office and the challenges in bringing legal proceedings.
Regulators should be required to publish guidance prior to legislation becoming enforceable, with appropriate changes to the approach to Ministers issuing statutory instruments to bring legislation into force.
Regulators should be focused on securing effective regulation and on doing so fairly and transparently, and less focused on securing positive media coverage. Any press release regarding an outcome should be accompanied by the underlying documentation and where provisional decisions are issued, their status should be emphasised.