« Back to Blog Homepage

The General Election and Compliance: What are Labour’s plans for GDPR, data protection and AI?

The General Election and Compliance: What are Labour’s plans for GDPR, data protection and AI?

When the election was called for 4 July, 2024, it came as a relative surprise. Both for the country, and for data protection watchers who had been preparing for the seemingly assured passage of the Data Protection and Digital Information (DPDI) Bill. 

But the legislation has not made it through the parliamentary ‘wash-up’ procedure which takes place in the final days of a parliament, so the bill will not be passed and no changes to the UK’s data protection regime will come into force in the near future. 

How did the Conservatives want to alter GDPR?

The DPDI bill was set to fundamentally alter the UK’s version of GDPR. The plans would have made it easier for most businesses to use data and moved on from the “one-size-fits-all” approach and allow organisations to demonstrate compliance in ways more appropriate to their circumstances, while still protecting citizens’ personal data to a high standard. 

Many of the proposals were controversial. Fees could have been charged for subject access requests, and changes to the legitimate interest provision would have enabled organisations to use personal data in far more circumstances without having to undertake a balancing test.

But, when a general election is called, bills which have not been passed will fall. The DPDI had passed the Commons and two readings in the Lords. In effect it was likely weeks away from receiving royal assent.

In the last few days before a parliament is dissolved, there is a ‘wash-up’ period where the government and opposition parties horse-trade on which bills can be rushed through before the clock ticks down to the election campaign. Generally bills that are passed in ‘wash-up’ are relatively non-controversial provisions which had already completed most of their parliamentary journey. Sometimes the contentious provisions will be taken out, or a last-minute compromise will be reached. The Finance Bill made it through, as did a widening of sanctions on Russia, and a watered down Leasehold and Freehold Reform Bill.

But the Data Protection and Digital Information Bill did not make it through, so the legislation falls. Bills cannot be carried over across a general election. If the Conservatives somehow overcome their 20-point poll deficit, it’s reasonable to assume DPDI will be resurrected. 

Labour had actually not opposed much of the DPDI Bill. Labour and several members of the House of Lords had objected to certain provisions inserted late in the day to allow the Department for Work and Pensions to access people’s bank accounts. And this is believed to be why the bill wasn’t able to cross the last hurdle. 

What are Labour’s plans on data protection, GDPR and AI?

Despite not broadly opposing the DPDI, Labour have been relatively quiet on data protection reform. This is likely to mean amending GDPR will not be a high priority should a Labour government take office. However Labour could actually seek to strengthen data protection laws. At their 2023 conference, Labour delegates committed the party to “amend GDPR and Equality Act to guard against discriminatory algorithms.”

Labour have, however, been making a lot of noise around AI. In fact, they seem interested in deepening the UK’s alignment with EU data regulations and pass the UK’s own version of the recently enacted EU AI Act.

While Rishi Sunak was happy with a wait-and-see approach to AI regulation, Labour are sounding much more proactive. In fact, AI regulation seems to be one of the areas Labour is comfortable staying in relative alignment with the EU .They are considering new regulations on AI developers, similar to the EU’s AI Act. Developers of general-purpose AI tools like Chat GPT would be obligated to take reasonable steps to ensure they are not involved in the production of fake content, or other harmful deepfakes. The proposals would also ban the use of deepfake creation tools that allow people to make false and obscene AI images by uploading images of real people.

Peter Kyle, the shadow science, innovation and technology secretary, said: “The capacity for deepfakes to harm individuals, undermine elections, and increase fraud has been clear for some time. The recent surge in nudification tools is deeply concerning.”

Labour also plans to set up a Regulatory Innovation Office which will expedite regulatory decisions and develop ten-year research and development budgets to encourage longer-term investment into technology.

However there is still more to come, as Labour have not yet said if they would create an independent regulator for Artificial Intelligence, or give new powers to an existing one, such as the Information Commissioner’s Office (ICO). The former shadow digital secretary Lucy Powell suggested making AI a “licensed” industry, like medicines and nuclear power. 

Other plans include adding a kitemark or other type of indicator to online chats to show whether someone is speaking to a person or an AI. Citations may also be required of generative AI, and there could be requirements to train AI on more diverse data sets.

The party would enact a statutory testing regime between tech companies and the government, under which AI businesses would be compelled to share test data with officials. This comes after Prime Minister Rishi Sunak struck a ‘voluntary agreement’ with leading AI firms at the global AI safety summit in November 2023.

Ultimately, Labour have said they want to make AI “work for everyone.” Unions also want more protections from AI in the workplace. Given deputy leader Angela Raynor’s promise for a new worker rights bill within the first 100 days of a new government, this may mean AI regulation comes at the forefront of the next parliament, along with stronger data protection rights. 

Download our guide to the EU’s AI Act

Download guide

The General Election and Compliance – Special Webinar

Every sector could be impacted and every area of compliance is likely to be reviewed by the next government. From overhauls of financial services regulation, reviews of data protection law, closer alignment with EU regulations and an expansion of health and safety protections, the next parliament will see compliance at the centre of the regulatory agenda.

With everything from whistleblowing reform to overhauls of corporate governance, new employment rights like menopause leave and expanded equal pay rules, alongside crackdowns on tax evasion and expansion of the money laundering regulations, organisations large and small should prepare for the outcome of the general election.

This webinar will cover:

  • What the main parties are pledging on key compliance areas
  • Potential changes to legislation including the Equality Act, sexual harassment and employment rights
  • Expected legislation on AML, bribery, sanctions, fraud and economic crime
  • Possible expansion of regulations around GDPR, AI and health and safety
  • Preparing your organisation for future regulatory changes and new requirements
Webinar registation


Related Articles

GDPR Mental Health Thought Leadership
Image of a man with his head in his hands

GDPR
Biometric crackdown by UK regulator puts focus on big data at work