AI White Paper is published for consultation
Xcina Blog

AI White Paper is published for consultation

In this issue of In Perspective, Jackie Barlow, Data Protection Senior Consultant at Xcina Consulting, discusses the UK Government’s White Paper; ‘A pro-innovation approach to AI regulation’.

What are the implications for UK businesses and individuals? Find out more below.

AI White Paper is published for consultation

What happened

  • The UK Government’s White Paper; ‘A pro-innovation approach to AI regulation’ has been published and is out for consultation.
  • The White Paper claims that the UK is third in the world in terms of AI Research & Development and that a third of Europe’s AI companies are in the UK (this is twice as many as any of the other European countries).
  • The government proposes to implement a proportionate, future-proof and pro-innovation framework for regulating AI.
  • Through this new approach, the government aims to help the UK harness the opportunities and benefits that AI technologies present.  
  • The proposal sets out 5 principles, intended to underpin the regulatory framework and manage AI risks. They are (i) safety, security and robustness (ii) appropriate transparency and explainability (iii) fairness (iv) accountability and governance and (v) contestability and redress.
  • These principles will not be enforced using legislation and no AI regulator will be appointed. Instead, existing sector regulators will be expected to implement the non-statutory framework underpinned by the 5 principles above.
  • During the initial implementation period, there will be ongoing collaboration with regulators to identify any barriers to the proportionate application of the principles and evaluate whether the non-statutory framework is working.
  • If it is found that the framework can be implemented effectively without the need to legislate, the government will not introduce a statutory duty on regulators requiring them to have ‘due regard’ to the principles.

Why it matters

  • AI is already delivering major advances and efficiencies in many areas. It quietly automates aspects of our everyday activities.
  • Businesses operating in AI need parameters to assist them and enable them to handle the huge opportunities presented by digital intelligence.
  • The government does not want rigid and onerous legislative requirements on businesses to restrict AI innovation and reduce their ability to respond quickly to future technological advances.
  • The result is a ‘light touch’ approach; a principles based one, instead of a prescriptive legislative framework
  • Businesses will of course, need to be accountable for their decisions on AI development/deployment because the ‘pro-innovation approach’ involves tolerating a certain degree of risk.  

The ICO has provided further information at   What are the accountability and governance implications of AI? | ICO

Next steps – the government’s consultation on the White Paper closes on 21 June 2023. 

In the following six months, it will review the responses to its consultation and adapt the framework accordingly. 

The ICO fines TikTok £12.7m for the misuse of children's data

What happened

  • The ICO discovered that TikTok had breached the UK GDPR between May 2018 and July 2020 and has imposed a civil monetary penalty of £12.7m.
  • Up to 1.4 million UK children under 13 were using TikTok, contrary to its terms of service, which included a requirement for parental consent.
  • TikTok breached its own rules not to allow children under 13 to create accounts without parental consent and then used their personal data without it.
  • TikTok failed to provide adequate information to individuals using their platform, about how their data would be collected, used and shared in a simple, understandable way. Without this information, children in particular, were unable to make informed choices whether to engage with the platform.
  • Additionally, TikTok failed to carry out adequate checks to identify and remove underage children from its platform where it was discovered that parental consent had not been given.

Why it matters

  •  By not providing adequate information to individuals in a simple and easy to understand way, Tik Tok breached the first data protection principle; it did not ensure that personal data was processed lawfully, fairly and in a transparent manner.
  • The personal data of more than 1 million children under 13, could potentially have been used to track and profile them, possibly sending harmful or inappropriate content to them.
  • The ICO has since published the Children’s Code, to help protect children in the digital world. It is a statutory code aimed at all types of online services, including apps, gaming platforms, web and social media sites likely to be used by children.
  • The Code sets out 15 standards to ensure organisations that provide online services, likely to be used by children, take into account the best interests of the child.
  • Details of the Children’s code can be found at

We’d love to hear from you

Jackie has over 14 years’ experience in providing advice and training on data protection, records management and electronic marketing, which she has gained from working in a number of different types of organisations. Prior to joining Xcina, she managed the data protection functions at an investment management firm, pensions provider and within the not-for-profit sector including a university and charity. She is experienced in identifying and overcoming complex information governance and data protection challenges.

To discuss how the areas highlighted in this post, or any other aspect of risk management, information governance or compliance impact your business, speak with our team, tell us what matters to you and find out how we can help you navigate complex issues to help you deliver long term value.

If you have any questions or comments, or if there’s anything you would like to see covered, please get in touch by emailing Xcina Consulting at We’d love to hear from you.

Jackie Barlow

Data Protection Senior Consultant and Group Privacy Officer

Speak to me directly by Email, or
Telephone: +44 (0)20 3745 7843

Subscribe to Updates

Receive regular updates from our expert consultants as they provide clarification and guidance on issues impacting your organisation.

Subscribe >>