Cyber laws in United Kingdom
UK

Cyber Laws in United Kingdom

Cybercrime in the U.K. is very large and difficult to figure out in the cost of cybercrime to the U.K. economy. They have adopted cybersecurity strategies for the safety and security of the citizens of the U.K. to ensure free interaction and exchange of data in cyberspace. The U.K. government to execute and implement the strategy acted using effective law enforcement and proper judicial response to the cybercrime cases. Such strategies become importantly relevant to create a hostile environment for the cybercriminals by law enforcement and comprehensive understanding of scale and scope of cybercrime. It also becomes necessary to ensure standard data handling with proper measures of safety and security. Creating awareness among the public and to gain public confidence is necessary for the proper execution of provisions regarding cybercrime. A well executable strategy is utmost essential to coordinate between internet industry stakeholders and commercial business houses to have better control over the cybercrime issues. Cybercrime includes a broad range of illegal activities done with the help of the internet using cyberspace so, it can be defined as unlawful acts wherein the computer is either a tool or a target or both.

The U.K. has a very vibrant economy in today’s world. The Internet has resulted in opting an alternative means of communication which has removed the barriers and people have stepped into the shoes of consumers to buy goods and services online. With the increase in the use of the internet and online platforms for day to day activities, there are huge benefits enjoyed by the businesses as well as the U.K. government leading to the expansion of its digital economy. However, such platforms also gave rise to the number of online threats, aiding the online vultures to grab the chance to make illegal profits. Most of U.K.’s private and public assets are now stored by electronic means and that makes it more vulnerable to cyber-attacks. As a result, the cyber attackers focus not only on the public but also on the business houses and government agencies initiating mandates and serious lookout for cybercrimes in the U.K.

Law relating to obscenity and pornography through the electronic medium is yet another vulnerable and threatening area of cybercrime. The U.K. has specially enacted the Obscene Publication Act, 1959 which prohibits the publication of obscene matters irrespective of the motive and Protection of Children Act, 1978 to prevent child pornography. Section 1 of this Act defines indecent photographs of a child under the age of 18 years to explicitly include a digital image as well. In addition to it in the current era of booming information technology, Telecommunication Act, 1984 is very relevant to meet the internet service issues using electronic communication technology. The Communication Act, 2003 also has a cross-reference to the cybercrimes. The Act has given regulatory authority regarding communication matters to the special body called Office of Communication (OFCOM) to secure the communication through all radio and television services to provide adequate protection to the public from unwarranted infringement of privacy from activities carried on for such services, protection of children, matter likely to have a significant impact on the business people and the general public in the United Kingdom. Thus, the publication of any matter in the public platform has to be under the surveillance and appropriate security of OFCOM. Similarly, the Malicious Communication Act, 1988 concentrates on offences of sending letters etc. with the intention to cause distress and anxiety

The Electronic Commerce (EC Directive) Regulation, 2002 takes care of regulations regarding electronic commercial activities throughout the European Community. They give directive guidelines to the member countries on the proper control over e-commerce. Yet another specific legal regime includes the Protection from Harassment Act, 1997 that is specifically enacted to take care of harassment cases including online cyberbullying. The state must prevent such an act. Moreover, another vast and effective mode of terrorizing a country includes cyber-terrorism. The Anti-Terrorism, Crime and Security Act, 2001 is a comprehensive statute formulated to regulate and prevent crime and terrorism. Nowadays crime and terrorism are intricately related to cybercrime and cyber terrorism hence proves the relevance of this statute for the prevention of such crimes. Defamation is a way of cybercrime and this can seriously prejudice the dignity and fame of the government agencies, private corporates and reputed persons. Keeping this in mind special statutes the Defamation Act, 1996 was passed.

The Computer Misuse Act, 1990 was the first legislation adopted by the U.K. to control cybercrime in response to the decision in R.v. Gold & Schifreen in which the two defendants Robert Schifreen and Stephen Gold had unauthorized access to British Telecom Prestel service by using the credentials of a BT engineer. Eventually, they hunted down the email account of Prince Philip, the Duke of Edinburgh. However, they were convicted under the Forgery and Counterfeiting Act, 1981. This law had been drafted to handle the issues such as hacking, misuse of the software, or protection of data in the computer. It was the key piece of legislation that was introduced in the U.K. criminalizing the act of accessing or modifying data stored on a computer system without appropriate consent or permission.

The primary legal instrument for the free movement of data in the U.K. includes the Data Protection Act, 2018 (DPA) and General Data Protection Regulation (GDPR). When the GDPR came into effect on the 25th May of 2018, it was the first major update to European data protection law for over 20 years. This regulation gives individuals known as the data subject much greater control over how organizations process or control the processing of personal data. Personal data consists of information such as the name, email address, location, health records etc. In the U.K. the GDPR is also supplemented by the new Data Protection Act 2018 which fills in sections of the regulations that were to the individual states to elaborate and implement. Under the new law, the failure to comply can result in the considerably harsher penalties than the 1998 DPA with a maximum fine up to 20 million euro or 4% of annual global turnover. The new law promotes greater transparency of accountability and aims to increase public trust by giving individuals more control over their data. By getting data protection rights, organizations will enhance their reputation with more trusted customers. 

Apart from these statutes, one of the exemplary initiatives taken by the U.K government is the creation in 2016, the National Cyber Security Centre (NCSC) to make the U.K the safest place to live and work online. This unit has taken fundamental cyber strategies for organizations who are in need to improve their online security. NCSC has safeguarded more than 700 cyber-attacks while supporting national pandemic response. Throughout its journey to combat cyber threats there has been greater diversity in the measures taken up by them.