As the Information Commissioner’s Office consults on the lawful basis for web scraping by AI developers to train generative AI models under the UK GDPR, Handley Gill’s specialist data protection and artificial intelligence (AI) consultants comment on the issues arising and share their consultation response.

Nicola Cain1 March 2024Data Protection, Personal Data, Data Privacy, UK GDPR, GDPR, UK GENERAL DATA PROTECTION REGULATION, General Data Protection Regulation, ARTICLE 6 UK GDPR, Article 6(1)(f) UK GDPR, Legitimate Interests, Legitimate Interests Assessment, Information Commissioner, Information Commissioner's Office, Consultation, Consultation Response, Artificial Intelligence, AI, Generative AI, Generative Artificial Intelligence, Intellectual Property, Intellectual Property Rights, Copyright, Copyright Infringement, Web Scraping, AI Training, AI Training Data, Intellectual Property Office, IPO, A pro-innovation approach to AI regulation, Voluntary code of practice on copyright and AI, Sir Patrick Vallance, Pro-Innovation Regulation for Digital Technologies Review, House of Lords Communications & Digital Committee, Report on Large Language Models (LLMs) and Generative AI, Data Mining, Copyright Designs and Patents Act 1988, AI Regulation, Joint statement on data scraping and data protection, Data scrapingComment

AI Bootcamp Part II

In Part 2 of our 5 part Artificial Intelligence (AI) Bootcamp, we consider the risks associated with developing artificial intelligence (AI) tools, including to intellectual property rights (IPR), data protection and privacy, cyber security, human rights and the existential risk to humanity. In Part 1 of our AI Bootcamp we considered the terms and concepts needed to understand what AI is and how it works. In Parts 3-4 we will consider the risks of using and even not using AI, while in Part 5 of our AI Bootcamp, we will focus on AI regulation.

Licence to hack?

Home Office Minister Lord Sharpe has confirmed that, following intensive lobbying by pockets of the cyber security industry, the government intends to pursue the introduction of a statutory public interest defence to the offences under the Computer Misuse Act 1990 (‘CMA’). Handley Gill Limited’s consultants consider the implications for cyber resilience, the protection of personal data and IP, and the ability of law enforcement to prosecute offences.

Nicola Cain4 July 2023Cyber Security, Cyber Resilience, Hack, Hacking, Computer Misuse Act 1990, CMA, CMA 1990, CMA offence, Home Office, Lord Sharpe, Lord Clement-Jones, Sir Patrick Vallance, Pro-Innovation Regulation for Digital Technologies Review, Data extraction, Public Interest, Public Interest Defence, Computer Misuse Act 1990 Call for Information, Computer Misuse Act 1990 Consultation, CMA working group, Computer Fraud and Abuse Act, CFAA, Department of Justice, US DoJ, Good-faith security activity, Legitimate cyber security activity, Section 170 Data Protection Act 2018, s.170 Data Protection Act 2018, S.170(2)(c) Data Protection Act 2018, S.170 DPA 2018, Unlawful obtaining of personal data, Copyright Designs and Patents Act 1988, Section 107 Copyright Designs and Patents Act 1988, S.107 Copyright Designs & Patents Act 1988, S.107 CDPA 1988, Copyright, Consultation Response, Statutory defence, Hansard Volume 831 Column 993 03 July 2023, Computer Misuse Act 1990 defence, CMA defenceComment

What's missing from the Computer Misuse Act 1990?

Handley Gill Limited’s consultants respond to the Home Office consultation on proposals to revise the Computer Misuse Act 1990 to introduce additional powers for law enforcement bodies to takedown and seize domains and IP addresses and, require the preservation of data, as well as to introduce new offences and stronger sentencing for the copying of data. We also call for stronger cyber resilience legislation, through the introduction of minimum cyber security standards, while rejecting lobbying efforts for a blanket public interest defence to CMA offences. Finally, we advocate for stronger extra-territoriality of CMA offences and stronger sentencing powers and associated guidance.

Nicola Cain10 April 2023Cyber Security, Cyber Resilience, Computer Misuse Act 1990, CMA, CMA 1990, Law Enforcement, Domain name registrars, Domain name registries, Internet Service Providers, ISPs, Hosting providers, Web hosts, Consultation, Consultation Response, Public Interest, Public Interest Defence, CyberUp campaign, Sir Patrick Vallance, Chief Scientific Adviser, HM Treasury, Home Office, Pro-Innovation Regulation for Digital Technologies Review, Computer Misuse Act 1990 Call for Information, Computer Misuse Act 1990 Consultation, Domain name takedown and seizure, IP address take down and seizure, Online intermediaries, Domain name and IP address takedown and seizure, Data preservation, Data copying, Crown Prosecution Service, CPS, Product Security and Telecommunications Infrastructure Act 2002, Hacking, Proposal for legislation to improve the UK's cyber resilience, DSIT, Department for Science Technology & Innovation, Copyright, Copyright Designs and Patents Act 1988, CDPA 1988, s107 Copyright Designs and Patents Act 1988, Section 107 Copyright Designs and Patents Act 1988, Section 170(1)(a) Data Protection Act 2018, Personal Data, Commercial Data, s170(1)(a) Data Protection Act 2018, Information Commissioner, Information Commissioner's Office, ICO, Data Breach, Data Protection, Data Protection Offences, Intellectual Property, Intellectual Property OffencesComment