Policy paper

Digital Regulation Cooperation Forum: Plan of work for 2021 to 2022

Published 10 March 2021

DRCF logos

Foreword

Digital technologies and online services bring benefits for people and businesses. They are changing the way we interact with the world around us, driving new behaviours and creating new ways of doing business and communicating. However, these technologies also raise concerns and the possibility of new types of harms.

Many tech companies have sought to take responsibility for managing risks people may face when using their services. However, given the scale of the economic and social impact that these companies now have, governments are calling on strong, independent regulation to deliver a safer and fairer experience online.

The Competition and Markets Authority (CMA), the Information Commissioner’s Office (ICO) and Ofcom play increasingly important roles in enabling trust in digital technology and making sure digital platforms compete and innovate to bring benefits for the people that use them. The Government has decided to appoint Ofcom as the regulator for online safety in the UK, and in April the CMA will establish a Digital Markets Unit to oversee the new pro-competition regime planned by the UK Government. Meanwhile it has never been more important to ensure that our data rights are protected, and our personal data is secure: the ICO’s mandate under the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR) is key to this.

Consumers and businesses rightly expect regulators to be joined up. Last year we established the Digital Regulation Cooperation Forum (DRCF). By working together through this forum, we will be better able to respond to the scale and global nature of large digital platforms and the speed at which they innovate. Our cooperation will support more coherent and co-ordinated regulatory approaches.

In bringing us together to promote competition, protect consumers, regulate communication services, and protect people’s data rights, the DRCF will enable us to work together on the most complex issues. We are now also delighted to welcome the Financial Conduct Authority (FCA) as a full member of the DRCF from April 2021 and look forward to working closely with the FCA as this workplan is implemented.

The DRCF has a key role in enhancing cooperation across the regulatory landscape and will continue to build on our discussions with other digital regulators. We welcome comments and engagement on the DRCF’s plan of work and on its priorities. For more information please contact DRCF@ofcom.org.uk.

Introduction

The digital economy brings benefits and risks for society, and new challenges for regulation

Many traditional sectors, such as finance and shopping, have been transformed as products and services move online, and new markets have emerged, such as online search, social media, and online advertising. Adults in the UK now spend more time online than on any other media activity, and our reliance on internet services is increasing.[footnote 1] During the first five months of 2020, in the context of the coronavirus (Covid-19) pandemic and restrictions on movement in the UK, the number of UK adults using video calling doubled from 35% to 71%, and three-quarters of UK internet users are now using online messaging services (such as Facebook and WhatsApp).[footnote 2]

Digital innovations clearly bring many benefits for consumers, including easier access to services, lower prices and increased choice of products and suppliers. The potential to create new services, and to make and supply traditional products more efficiently, is also bringing benefits for businesses. But these digital innovations also create a risk of new types of harm. For example, increased access to a wide range of online content has many benefits, but it can also support the spread of disinformation and misinformation.[footnote 3] There is also a risk that the unprecedented concentration of power amongst a small number of tech companies is restraining growth, holding back innovation and potentially causing harm to the people and businesses that rely on them.[footnote 4] Meanwhile, as everything moves online, it has never been more important to ensure that our data rights are protected and our personal data is secure.

The regulation of digital and online services also creates new challenges. Regulators need to respond to the scale and global nature of many of the firms, and the speed at which they change and innovate. Meanwhile, to support innovation and ensure that people feel comfortable trying new services, regulatory regimes will need to be clear and understandable. This will require effectively engaging with new interplays between competition, data, content, and consumer issues. For example, online services may be incentivized to maximise the data and attention they capture from consumers, which may lead to the spread of certain harmful content and might lead to data being linked to user profiles in ways which are not transparent or easy to understand. If this data is used to influence consumer decision making through targeted or personalized services this may limit users’ exposure to a variety of views and weaken competition from potential entrants.

As well as addressing the challenges posed by digital regulation, regulators will need to ensure that there is coherence in regulatory approaches across traditional and digital services, which are increasingly inseparable.

Working together is central to meeting these challenges. The scope of the challenges means that delivering effective digital regulation doesn’t fit neatly into the remit of one regulator. Greater coordination can both support each regulator in meeting these challenges in their own remit and ensure that we are able to provide a coherent approach to regulation for both industry and individuals. The benefits of cooperation include:

  • Providing coherent digital regulation in the public interest: joined-up regulatory approaches will provide better clarity and transparency making it quicker and easier for people and businesses to engage with digital regulation, and will allow us to speak with a common policy voice.
  • Responding strategically to industry and technological developments: by working together, we can collectively build a comprehensive view of industry trends and technological innovations that have regulatory implications. This will help us to develop strategic responses in the public interest.
  • Building shared skills and capabilities: we need the right skills to find innovative regulatory approaches for engaging with complex, data-driven business models. Cooperating to develop and make use of shared resources will be key to building these skills and capabilities efficiently.

The DRCF will bring benefits for business and the people using digital services

We launched the DRCF in July 2020 to support cooperation between the CMA, ICO and Ofcom[footnote 5]. Over the past year, the FCA has also participated in the DRCF as an observer and will join as full member on 1 April 2021. The DRCF harnesses our collective expertise to ensure that the digital landscape is regulated effectively, coherently and efficiently and that regulatory policy is developed in a responsive and holistic way. This is good for the people using digital services, and for business and innovation.

People using digital services can have more confidence in innovative digital and online services in the knowledge that they are underpinned by strong, effective, and coherent regulatory regimes , and that regulators have the expertise and resources to tackle the issues that affect them. The DRCF’s coordinated approach aims to provide consistency and clarity on key issues helping to create a cohesive regulatory environment which is easier for businesses to navigate. Our cooperation on looking ahead and sharing expertise will also help DRCF members to identify emerging risks and trends, and support businesses in understanding their regulatory responsibilities, enabling them to innovate with confidence.

The DRCF will be the first national regulatory network supporting cooperation across the breadth our responsibilities for regulating digital services.[footnote 6] Together, these include: promoting competition; regulating communications services and broadcasting; protecting people’s data rights; regulating harmful online content; and, from 1 April this year with the FCA joining the DRCF, the regulation of financial services. The DRCF builds on our previous cooperation, including the ICO and Ofcom joint research on internet users concerns about, and experience of, online harms[footnote 7], as well as the cooperation between the CMA, the ICO, Ofcom and the FCA as part of the CMA-led Digital Markets Taskforce[footnote 8]. Our objectives for the DRCF are set out in Annex 1.

The evolution of digital regulation means we need to work together even more closely

As the CMA, the ICO and Ofcom prepare for new digital responsibilities in this dynamic policy environment, we will in parallel need to step up our cooperation through the DRCF. Since the DRCF was established, there have been several key developments in the emerging regulatory landscape for digital markets, which reinforce the need for us to deepen our cooperation.

The UK government is working to ensure a more inclusive, competitive and innovative digital economy for the future.[footnote 9] As part of this agenda, the UK Government introduced new legislation in autumn 2020 giving Ofcom powers to regulate UK-established video-sharing platforms (VSPs).[footnote 10] These powers came into force on 1 November 2020. Ofcom will also oversee and enforce the UK Government’s planned new duty of care to make companies take responsibility for the safety of their users[footnote 11]. This year the UK Government will also seek to establish and resource a Digital Markets Unit in the CMA to oversee its planned new pro-competition regime.[footnote 12] As required by the Data Protection Act 2018, in September 2021 the ICO’s Age Appropriate Design Code[footnote 13] will come into effect. The Government will also implement the National Data Strategy[footnote 14], driving the UK in building a world-leading data economy while ensuring public trust in data use, and in 2021 the Government intends to launch a new Digital Strategy covering its approach to regulating and governing digital technologies.[footnote 15]

The FCA also continues to be at the forefront of digital regulatory developments, including leading the way on new policy approaches to support fintech to innovate in the interest of consumers via its regulatory sandbox; and on data regimes such as open banking and open finance.

Outside the UK, governments and regulators around the world are also responding to the challenge of putting the interests of consumer and citizens at the heart of the digital transformation. In the European Union, the European Commission has proposed new laws to improve the transparency and accountability of content moderation and advertising online, and to support fair and contestable digital markets.[footnote 16] New antitrust cases in the United States also reflect a shift in approach to putting fair competition at the focus of their approach to regulating digital companies[footnote 17]. In Australia, the Australian Competition and Consumer Commission has taken steps to address bargaining power imbalances between news media businesses and large internet platforms.[footnote 18]

Our 2021-22 DRCF priorities and workplan represent a step-change in our cooperation

We have developed a DRCF workplan that represents a real step change in both its scope and ambition. Our investment in cooperation through the DRCF means we will be able to deliver coherent and joined up approaches to digital regulation over the coming year.

During 2021/22, the DRCF will focus on three priority areas.

A. Responding strategically to industry and technological developments: establish joint strategic projects where our cooperation will help to provide clarity for businesses and digital service users; and regulatory coherence. This includes service design, algorithmic processing, digital advertising technologies (with the Advertising Standards Authority, (ASA) and service encryption. We will also jointly horizon scan to identify future areas for cooperation.

B. Joined-up regulatory approaches: develop approaches for delivering coherent regulatory outcomes where different regulations overlap, such as the ICO’s Age Appropriate Design Code and Ofcom’s approach to regulating video-sharing platforms. This work will also consider how planned new regimes for online regulation may interact with wider existing regulation such as financial regulation, intellectual property rights, and content regulation (including advertising content regulated by the ASA).

C. Building skills and capabilities: develop practical ways of sharing knowledge, expertise, capabilities and resources, for example in AI and data analysis.

In addition to this work, we will also be taking steps to strengthen our wider stakeholder engagement and transparency, and to further develop the functioning of the DRCF to support our ambitions.

D. Building clarity through collective engagement: through our workplan we will seek to build better clarity for our stakeholders, including through our planned joint public documents and engagement with them. We will also use our joint work to strengthen our existing domestic and international engagement, for example by attending international forums to exchange knowledge and share best practice.

E. Developing the DRCF: we will continue to build the operational capabilities of the DRCF to ensure it is fit for purpose.

In the next section we set out further details on plans for 2021-22 for each of the above workstreams. To support ongoing transparency and accountability we will publish an update and report in 12 months on our progress.

Ideas to support future cooperation between digital regulators

Our ambitions for the DRCF during 2021-22 represent a significant innovation in the breadth and depth of cooperation between digital regulators, and we are confident that the DRCF can deliver on the objectives of our workplan. However, future challenges have the potential to test the limits of our collaboration under our current frameworks. We have therefore been working with the Department for Digital, Culture, Media and Sport (DCMS) to identify whether further measures may be needed to support cooperation between digital regulators. As part of our analysis we have been considering a range of ideas about statutory support for cooperation and changes to information sharing arrangements. We will publish our evidence in the coming months to support ongoing steps to ensure greater coherence across the digital regulatory landscape.

We welcome engagement on our work

We welcome engagement and are actively facilitating broader cooperation and coordination beyond DRCF. On 1 April the FCA will join the DRCF, and we will work closely with the ASA, Prudential Regulation Authority (PRA), Payment Systems Regulator (PSR), the Intellectual Property Office (IPO), the Gambling Commission and other agencies as appropriate.

The 2021-22 DRCF workplan

Section A: Responding strategically to industry and technological developments

The knowledge and expertise of individual regulators is driven by their respective policy objectives, regulatory duties, and functions. Working together provides us with an opportunity to exploit our common areas of work and expertise and consider potential policy concerns in a more holistic way. By approaching issues from the breadth of our perspectives we can look for solutions that best deliver benefits for the people using digital services, and adopt regulatory approaches that are easier and more efficient for businesses. Cooperative working can also more effectively horizon scan for potential current or future regulatory gaps.

We have identified several emerging trends and technological developments in online services that have implications for our respective regulatory objectives. These issues require a more joined-up strategic approach and coordinated working between regulators that cuts across sectors. Our four priority areas for strategic joint work for 2021-22 will be:

  • design frameworks
  • algorithmic processing
  • digital advertising technologies
  • end-to-end encryption

In each of these four areas, we will work together so that, as far as possible, we create single project teams, share resources and expertise, engage once with stakeholders rather than separately, and publish our findings jointly. The four workstreams are described below.

Design frameworks

Digital services often have interfaces and features that can help consumers navigate and customise their services. Design frameworks are regulatory approaches which require firms to incorporate certain outcomes in the design of their online services, for example by requiring companies to design an online interface to ensure it meets privacy standards. Through such regulatory approaches, digital services can be designed from the outset in ways that help to reduce harms, for example by helping users to understand how their personal data is collected and used, and to make effective and informed choices.

The UK General Data Protection Regulation (GDPR) requires data controllers to put in place appropriate technical and organisational measures to effectively implement the data protection principles and safeguard individual rights.[footnote 19] This is called ‘data protection by design and default’. It has a broad application, including, for example, developing online services, products, and processes that involve the processing of personal data. In essence, it means that data controllers must integrate data protection into their personal data-processing activities from the design stage.

In the Government’s full response to the Online Harms White paper, it committed to developing a voluntary Safety by Design framework in advance of online safety legislation.[footnote 20] This framework will set out clear voluntary principles and practical guidance on how companies can design safer online products and services. This framework is intended to link up with existing legal obligations around data protection by design and secure by design principles, to make it easier for start-ups and small businesses to embed safety and privacy during the development or update of products and services. The Government also set in the Online Harms White Paper its intention to develop a media strategy which would ensure a coordinated strategy approach to media literacy education ensuring users have the skills they need to keep themselves and others safe online.[footnote 21] Several other areas of work are relevant to design frameworks and they are relevant to the remits of the CMA, the ICO and Ofcom. These include:

  • approaches to encourage and engage stakeholders in building in ‘fairness by design’ which requires platforms to design choice architecture in a way that encourages free and informed consumer choice[footnote 22] and how it can complement the existing ‘data protection by design’ requirements in online services[footnote 23];
  • the CMA’s continuing work on the importance of fair, clear and unambiguous ‘choice architecture’ in supporting consumer choice and protecting vulnerable consumers[footnote 24]; and
  • further work between the Government and Ofcom on links between service design and media literacy in the context of the online safety regime.[footnote 25]

Our objectives are to collaborate with government and stakeholders to develop coherent design frameworks and approaches. The aim will be to provide greater clarity for industry regarding regulatory requirements and, where relevant, make compliance with them more efficient. This should enable innovators to bring products to market more quickly, while also helping to ensure that consumers and users of digital services benefit from products which comply with regulatory good practice as a matter of course. We will approach this in the following way over the coming year:

  • Seeking stakeholders’ views: bring together stakeholders, government and other regulators to understand how different design frameworks may interact and could be joined up. This will include creating a working group of regulators, industry experts and government to exchange knowledge and best practice in this area and set up a repository of existing research and best practice accessible to stakeholders.
  • Assessing practical approaches: engage jointly with companies, and wider technology and developer communities, to develop, pilot and assess practicable methods and tools to meet the range of design framework requirements and address the concerns of the people who use their services.

Algorithmic processing

Algorithmic processing and ‘artificial intelligence’ (AI) are at the heart of many digital products and online services and have resulted in substantial gains in firms’ efficiency and effectiveness. The use of algorithms to recommend and rank products, offer personalised prices and curate content can save users’ time and money. Efficiency gains can also reduce industry costs and potentially prices for consumers.

The use of algorithmic processing can also have implications for the regulation of digital services. Algorithms may limit the range of products that individuals are offered and alter or restrict the content they see. They may also encourage the viewing of harmful content or addictive behaviour. As algorithmic systems become more sophisticated, they can become less transparent, operating in multiple domains, from our digital devices to our ‘smart’ home, in an increasingly frictionless – and often undetected - manner. This could make it harder to assess how algorithms influence individuals; whether their data is used beyond the original purpose for which it was provided; and how their privacy is protected. Regulators need the skills, expertise and capability to understand how and where algorithmic processing is being used and whether it could lead to adverse or discriminatory outcomes that are unfair to people (particularly vulnerable people) or impact competition dynamics.

Regulators and government have already started work to understand the benefits and implications of algorithms. The CMA has published an initial paper on the potential effects of algorithms on competition and consumers, including a call for views and evidence to inform its Analysing Algorithms Programme. This adds to the work already done by the ICO on explaining decisions made by AI and Ofcom’s work on the use of AI in online content moderation. The Centre for Data Ethics and Innovation (CDEI)’s review of algorithmic bias also made recommendations covering the need for algorithms to promote fairness, the need for greater levels of cooperation between regulators to work together with wider society to agree best practice and establish regulatory standards.[footnote 26] The ICO’s guidance on data protection and AI as well as the AI auditing framework speak to those concerns and will be relevant to these discussions. The FCA is also active in this space, working on a collaboration with the Alan Turing Institute to consider AI transparency which will report shortly.[footnote 27] In October 2020, the BoE and the FCA launched the AI Public Private Forum to facilitate dialogue between the public and private sectors to better understand the use and impact of AI in financial services.[footnote 28]

Our objectives are to strengthen our shared understanding of, and expertise in, algorithmic systems. We will do this by identifying areas where common practical approaches in different regulatory regimes can be streamlined and by developing solutions to deliver efficiencies for industry, for example in relation to impact assessments for algorithmic systems. In doing so, we will simplify regulation for businesses who deploy algorithms, reduce regulatory duplication which tends to negatively affect smaller businesses, and engage stakeholders on important conversations around transparency and accountability. Effective regulation could also help increase public confidence in new technologies that use algorithmic processing. We will approach this in the following way over the coming year.

  • Assessing shared objectives and challenges: identify areas of overlap where a common approach, in terms of regulatory principles and tools, would be beneficial in addressing any harms. We will also identify areas of overlap between other DRCF workstreams, such as ensuring that by-design frameworks to be developed address the issues in relation to algorithmic systems.
  • Seeking the views of stakeholders: engage with stakeholders including government to share our work to date and seek their views on the benefits and risks of algorithmic systems as well as the merits of and challenges in developing a joint regulatory response. We will jointly host stakeholder events (such as roundtables or public-private fora) in Q3 2021.
  • Reporting on shared regulatory tools and approaches: publish a report in Q4 which reflects on the insights of our roundtable events and sets out a vision for the range of shared tools, resources and approaches necessary to equip regulators to assess and audit algorithms. This may include topics such as setting standards for auditing firms’ algorithms and exploring the use of personal data in choice architectures (including issues such as dark patterns[footnote 29] and consent).

Digital advertising technologies

Digital advertising technologies are used to deliver online advertising, including personalised and targeted ads. This sector has grown rapidly as people’s time and attention is increasingly focused online, and advertising-funded business models allow people to access many types of services for free. However, there are also concerns related to the digital advertising sector.

In March 2020, the Government launched a call for evidence in how online advertising is regulated, specifically aiming to engender transparent, fair and ethical advertising that works for people and businesses.[footnote 30] In July 2020, the CMA published its market study on online platforms and digital advertising, finding that competition is not working well in these markets, leading to substantial harm for people and society.[footnote 31] Subsequently, in January 2021, the CMA opened a formal competition investigation into Google’s Privacy Sandbox proposals to remove third-party cookies from its Chrome browser[footnote 32] and other functionalities that are fundamental to digital advertising.[footnote 33] The ICO is also continuing its work in relation to the issues it has identified regarding data protection and the advertising technology ‘real-time bidding’ industry.[footnote 34] Close links between advertising-funded business models and the supply of online content mean that understanding these business models will be important part of Ofcom’s future role in regulating online safety.

Our objectives are to develop a more holistic view of how the digital advertising sector (including advertising-funded business models) interacts with people’s rights and creates potential consumer harms. On this we will work where appropriate with the ASA. We will approach this in the following way over the coming year.

  • Assessing issues and challenges: assess aspects of digital advertising technologies that raise issues and challenges across our regulatory regimes, with the objective of developing a plan for coordinated work in this area that addresses potential competition, consumer and privacy harms.
  • Seeking the views of stakeholders: build upon existing expertise as well as incorporate new understandings of advertising funded business models. This will include holding cross-regulator workshops to develop a framework to support a holistic approach to assessing the interaction of data collection, data protection, online safety, media plurality and competition for market and services that are funded by digital advertising, with a view to informing our evaluation of future industry developments.

End-to-end encryption

Encryption technologies are increasingly embedded in online services. For some online messaging services, the use of end-to-end encryption means that only the sender and receiver of messages can see their content. While this provides high levels of security and privacy protection for users, it also reduces the transparency and oversight of the way services are used. End-to-end encryption technologies might also reduce the interoperability of different services and impact consumers’ ability to switch between services, reducing effective competition and innovation.

Regulators and the Government have already started work considering issues relating to end-to-end encryption, including the ICO’s work on related privacy issues and Ofcom’s work on online messaging and calling[footnote 35], as well as work already conducted by the Government and our stakeholders in relation to this important cross-cutting issue.

Building on existing work, our objectives are to understand the implications of end-to-end encryption for the people using digital services, as well as for industry, and its implications for policy objectives relevant to the current and future remits of the CMA, the ICO and Ofcom. We will approach this in the following way over the coming year.

  • Seeking the views of stakeholders: hold a joint workshop to bring a range of perspectives on end-to-end encryption together and help set priority areas for future joint work.
  • Assessing options: reflect on the perspectives from our joint workshop and publish a summary of workshop outcomes and future priorities, including identifying next steps for work undertaken either by the DRCF and/or member regulators.

Section B: Joined-up regulatory approaches

The digital regulatory environment is rapidly developing and new responsibilities for regulators and protections for consumers and society are coming soon. The nature of digital services means that issues often interact with more than one regulatory regime (for example, the CMA’s Google Privacy Sandbox investigation). This means that, as we carry out our work, any interactions will need to be appropriately and efficiently identified and addressed. By considering issues from a range of perspectives across different regulatory regimes, we can be more confident that any decisions or regulatory actions will work well for people and businesses.

We are already working together across our regulatory teams and will continue to support and monitor our cooperation. Our main areas for joint work during 2021-22 will be in relation to:

  • data protection and competition regulation (led by the CMA and the ICO)
  • the Age Appropriate Design Code and the regulation of video-sharing platforms and online safety (led by the ICO and Ofcom)
  • interactions in the wider digital regulation landscape

Data protection and competition regulation

The CMA, in its market study on online platforms and digital advertising, indicated that further work was needed to understand interactions between data protection and pro-competition measures.[footnote 36] Since then, the ICO and the CMA have conducted joint work in relation to these issues.

As noted above, in January 2021, the CMA opened a formal competition investigation into Google’s proposals to remove third party cookies and other functionalities from its Chrome browser. Google’s announced changes, known collectively as the ‘Privacy Sandbox’ project, would disable third-party cookies on the Chrome browser and Chromium browser engine and replace them with a new set of tools for targeting advertising and other functionality that they say will protect consumers’ privacy to a greater extent.

The CMA investigation will consider issues at the interface of privacy and competition. Third party cookies currently play a fundamental role online and in digital advertising by helping businesses target advertising effectively and fund free online content for consumers, such as newspapers. However, the use of third-party cookies may have implications from a privacy perspective, as they allow consumers’ behaviour to be tracked across the web in ways that many consumers feel uncomfortable with and may find difficult to understand. This DRCF workstream will complement these existing regulatory activities and explore how to balance competition and consumer privacy concerns in the future. We will approach this in the following way over the coming year.

  • Continue joint working: collaborate to understand, review, and inform the development of Google’s Privacy Sandbox proposals in such a way that preserves competition in digital advertising, while promoting consumers’ privacy and respecting data protection regulation.
  • Reporting on shared views: publish a statement, in the first half of 2021, setting out shared views on the relationship between competition and data protection in digital markets, which clarifies how we will enhance the synergies and overcome the tensions that exist between these two policy objectives. We will use this statement to inform any potential future DRCF work on the policy interface between the regimes.

The Children’s Code and the regulation of video-sharing platforms and online safety

There are new protections for children using digital and online services. The ICO’s Age Appropriate Design Code, or Children’s Code, came into force on 2 September 2020 with a 12-month transition period. The Children’s Code requires that, when personal data drives the content that children are exposed to, relevant services must recognise and act on their responsibilities to protect children’s rights and freedoms.[footnote 37]

The regulation of video-sharing platforms (VSPs), overseen by Ofcom, applies from 1 November 2020 and requires (among other things) that video-sharing platform providers must take appropriate measures to protect children under 18 from content which might impair their physical, mental or moral development.[footnote 38] Ofcom will also oversee the future online safety regulatory regime which is expected to require companies who fall in scope to take steps to protect children using their services.[footnote 39] These new online safety provisions will replace the current video-sharing platform rules.[footnote 40]

Since 2018, the ICO and Ofcom have been working together to jointly research internet users’ concerns about, and experience of, online harms, including with respect to the protection of children.[footnote 41] Our objectives are to build on our existing cooperation in relation to our new responsibilities to ensure clarity of roles, coherence in our approaches, and the operational effectiveness of our current and future regulatory approaches. In doing so we seek to allow not only people - in particular children - to use the internet freely and safely, but also give industry clear direction on the most effective way to comply with regulation. We will approach this in the following way over the coming year.

  • Seeking the view of stakeholders: carry out joint public engagement to support people and stakeholders in understanding the differences and overlaps between these new regimes, including an assessment of the need and scope for joint guidance in relation to any issues raised.
  • Continue joint working: build on existing cooperation to review the respective data protection and video-sharing platform regulatory regimes as we operationalise our regulatory approaches.

Interactions in the wider digital regulation landscape

As set out in the introduction to this document, the DRCF was formed due to a recognition of the high level of overlapping regulatory policy interests between the current and future regulatory remits of the CMA, the ICO and Ofcom. Due to the increasingly online nature of financial institutions, the FCA has also been actively engaging with digital regulatory issues and has been an observer member of the DRCF since its creation. The FCA will become a full member of the DRCF from 1 April 2021.

Beyond the FCA, there is a wider range of regulatory authorities with remits covering digital issues, and it might be appropriate for the DRCF membership to expand further. The DRCF and its members will need to establish appropriate mechanisms to cooperate effectively with the wider set of regulatory agencies in specific areas of concern. Improved cooperation across the wider digital regulatory landscape can help businesses coordinate their regulatory compliance and makes it easier for them to understand upcoming requirements.

We are keen to ensure that areas of mutual interest with agencies outside the DRCF are identified and that we can cooperate without imposing any unnecessary coordination burdens. We will approach this in the following way over the coming year.

  • Engaging across the wider digital regulatory landscape: build on our existing discussion with regulators with a mutual interest in the regulation of digital services, including the ASA, PRA, PSR, Gambling Commission and the IPO to identify possible areas for joint work.
  • Assessing areas of interactions: work with other regulators to consider where digital regulatory matters may interact and relate to each other across the digital regulatory landscape.

Section C: Building skills and capabilities

To regulate digital services effectively we will need to build appropriate skills and capabilities. Despite our different regulatory roles, much of the new skills and expertise needed will be common and there is scope to cooperate to build our capabilities more efficiently. For example, each member of the DRCF will need to be equipped to respond to some common digital trends and practices, including the use of algorithmic and AI decision making and commercial practices; the storing and sharing of data, software development and interoperability, and people’s experiences when using digital services. In such areas, there is likely scope to cooperate in developing the skills and system understanding (both technical and commercial) to regulate issues raised and monitor outcomes.

We are already working together to consider how we share and leverage our respective digital regulatory capabilities. As part of a working group including DRCF members, the Alan Turing Institute and the Office for AI, we are researching different approaches for sharing skills and capability. We can also make use of our joint work, such as on algorithmic processing, to identify whether common tools are needed across regulators and, if so, start to work out what they are and develop them. More generally, we are considering what can be done to respond to common challenges. These include how to support efficiency among members in building and retaining new skills and expertise, and how to create an attractive environment for recruiting relatively rare skills. We will explore a range of approaches to support skills and capability sharing in the future. Our initial ideas include:

  • Using pro-active and flexible secondment programmes between regulators: the DRCF members, and potentially other organisations, could use the processes developed through the Secondment Working Group under the UK Regulators’ Network to support secondments focussed on the skills and roles specific to digital regulation.
  • Establishing collocated teams: physically collocating teams across the DRCF members could help build our culture of collaboration.
  • Developing a shared centre of excellence: this could provide a hub for specialist expertise and resource sharing; and
  • Co-recruitment initiatives: working together on recruitment activities, for example for data scientists and specialist skills, could help recruit these skills more efficiently as well as recruit for opportunities in cross–regulator specialist teams.

Our objective during this year are to scope the need for shared skills and capabilities and to consider which approaches are appropriate. We will approach this in the following way over the coming year.

  • Assessing where skills and capabilities sharing is needed: analyse our skills needs, current capacities and recruitment challenges.
  • Reviewing options: review and assess the options available to us, including those listed above.
  • Supporting the AI and Data Science Regulatory Capacity Working Group: continue to work as part of this group, which expects to bring forward proposals during 2021.

Section D: Building clarity through collective engagement

The DRCF offers an opportunity to engage collectively and more widely to build clarity and transparency for industry and for the people who use digital services. It is important for industry and regulated parties to have joined-up discussions, particularly where they may have to comply with a range of obligations.

In a context of ongoing international developments in digital regulation, we also see opportunities for international engagement to learn from developments in other jurisdictions and at a global level, and to promote the consistent development of coherent regulatory approaches around the world. This should support future monitoring and enforcement activities, particularly in relation to companies who operate globally, as well as supporting greater clarity for new entrants to the UK market. We will approach this in the following way over the coming year.

  • Engaging jointly with stakeholders: where appropriate, we will seek to engage jointly with stakeholders particularly in the areas identified across our 2021-22 workplan.
  • International engagement: on areas identified across the 2021-22 workplan through our existing international relationships; and in international forums.

Section E: DRCF development

Delivering on our ambitious workplan will require the DRCF to ensure that it has the right practical support in place to manage and facilitate our cooperative working. It will also be helpful for our work and for stakeholders for us to ensure that our approach to information sharing, where legally appropriate, is consistent and transparent. Our approach to sharing information remains carefully controlled in line with our legal obligations, and we publicly set out our approach in Memoranda of Understanding (MoUs).[footnote 42] One limitation of current MoUs is that they do not take in to account the proposed new functions for online services nor the multilateral aims of the DRCF.

We think it is the right time to review our MoUs to provide better transparency regarding how and when information-sharing can support cooperation. As part of our work with DCMS we have also considered what further measures may be needed to support effective cooperation between digital regulators in the future. We will publish our findings in the months to come.

Our objectives are to continue to develop the DRCF to ensure it is fit for purpose and works for the benefit of people, business, and innovation. We will approach this in the following way over the coming year.

  • Review our MoUs: review our existing bilateral MoU arrangements to ensure that they reflect the potential for multilateral joint projects and the aims of coordination in online regulation.
  • Assist the Government: where relevant, we will assist the Government as it considers further measures to support digital regulatory cooperation.
  • Establish systems and support: establish a dedicated DRCF secretariat; and shared secure IT systems to support efficient joint working.

Annex 1: The DRCF objectives and operation

The DRCF is a non-statutory voluntary network. It does not have a decision-making role and does not provide formal advice or direction to members.

The DRCF aims to support cooperation and coordination between the CMA, the ICO and Ofcom on online regulatory matters, and enable coherent, informed and responsive regulation of the UK digital economy which serves people and enhances the global impact and position of the UK. The FCA will join DRCF from 1 April 2021.

The DRCF has six objectives:

Objective 1: Collaborate to advance a coherent regulatory approach, by facilitating open dialogue and joint working to make sure regulation and other enforcement tools applied to the digital landscape are developed and implemented in a coherent way, and produce effective and efficient outcomes that maximise benefits for consumers across policy areas.

Objective 2: Inform regulatory policy making by using the collective expertise of the forum to explore emerging policy challenges in the digital space and develop solutions to inform regulatory approaches.

Objective 3: Enhance regulatory capabilities by pooling knowledge and resources to ensure that all members have the skills, expertise and tools needed to carry out their functions effectively in digital markets.

Objective 4: Anticipate future developments by developing a shared understanding of emerging digital trends, to enhance regulator effectiveness and inform strategy.

Objective 5: Promote innovation by sharing knowledge and experience, including regarding innovation in the approaches of regulators.

Objective 6: Strengthen international engagement with regulatory bodies to exchange information and share best practice regarding approaches to the regulation of digital markets.

  1. Ofcom, June 2020, Online Nation 2020 Report

  2. Ofcom, June 2020, Online Nation 2020 Report

  3. UK Government, December 2020, Online Harms White Paper: Full government response to the consultation

  4. UK Government, November 2020, Government response to the CMA’s market study into online platforms and digital advertising. 

  5. Ofcom, ICO and CMA, July 2020, Digital Regulation Cooperation Forum Launch Document

  6. Regulatory authorities involved in digital markets in some EU Member States have begun to establish task forces, partly in the context of responding to the recent Commission proposals in the Digital Markets Act and a Digital Services Act. In 2015 the Federal Trade Commission and the Federal Communications Commission signed a Memorandum of Understanding

  7. Ofcom and ICO, June 2020, Internet users’ concerns about and experience of potential online

  8. CMA, December 2020, A new pro-competition regime for digital markets: Advice of the Digital Markets Taskforce

  9. UK Government, December 2020, Joint Ministerial forward to the Online Harms White Paper: Full government response to the consultation

  10. Ofcom, October 2020, A guide to the regulation of video-sharing platforms

  11. UK Government, December 2020, Online Harms White Paper: Full government response to the consultation

  12. UK Government, November 2020, Government response to the CMA’s market study into online platforms and digital advertising. 

  13. ICO, June 2020, Explanatory memorandum to the Age Appropriate Design Code 2020

  14. DCMS, December 2020, National Data Strategy

  15. DCMS, June 2020, Digital Secretary’s closing speech to the UK Tech Cluster Group

  16. European Commission, January 2021, The Digital Services Act package

  17. FTC, December 2020, FTC Sues Facebook for Illegal Monopolization. 

  18. The Australian Government directed the ACCC to prepare a mandatory code of conduct between designated news media businesses, and Facebook and Google. The Australian News Media and Digital Platforms Bargaining Code was adopted into legislation on 25 February 2021. 

  19. ICO, May 2018, Data protection by design and default

  20. UK Government, December 2020, Online Harms White Paper: Full government response to the consultation

  21. UK Government, December 2020, Online Harms White Paper: Full government response to the consultation

  22. CMA, July 2020, Online Platforms and Digital Advertising Market Study

  23. ICO, 2018, Data protection by design and default

  24. CMA, July 2020, Online Platforms and Digital Advertising Market Study: Choice Architecture and Fairness by Design

  25. UK Government, December 2020, Online Harms White Paper: Full government response to the consultation

  26. CDEI, November 2020, Review into Bias in Algorithmic Decision-Making

  27. Turing Institute, February 2020, AI transparency in financial services

  28. FCA, October 2020, Data analytics and artificial intelligence

  29. Dark patterns are choice architectures used by many websites and apps that exploit individuals’ biases and heuristics to maliciously push users into doing something that otherwise they would not have done, if properly informed. 

  30. UK Government, March 2020, Online Advertising - Call for Evidence

  31. CMA, July 2020, Online Platforms and Digital Advertising Market Study. 

  32. Third-party cookies are created by domains that are not the website (or domain) that you are visiting. They are usually used for online-advertising purposes and placed on a website through a script or tag. 

  33. CMA, January 2021, CMA to investigate Google’s ‘Privacy Sandbox’ browser changes

  34. ICO, January 2020, Blog: Adtech – the reform of real time bidding has started and will continue

  35. Ofcom, June 2020, Online Nation 2020 Report

  36. CMA, July 2020, Online Platforms and Digital Advertising Market Study

  37. ICO, September 2020, What is the Children’s Code? 

  38. Ofcom, October 2020, Video-sharing platform (VSP) regulation

  39. UK Government, December 2020, Online Harms White Paper: Full government response to the consultation

  40. Ofcom, December 2020, Ofcom to regulate harmful content online

  41. Ofcom and ICO, June 2020, Internet users’ concerns about and experience of potential online

  42. Frameworks to support cooperation and information sharing are commonly set out in a Memoranda of Understanding (MoU) between regulators and improve transparency by providing a public statement about the way that regulators interact and their approach to particular procedural matters.