Home / Sources / Select Committees / Tenth Report - Connected tech: smart or sinister?
Index live · Last sync 22 May 2026
Source · Select Committees · Culture, Media and Sport Committee

Tenth Report - Connected tech: smart or sinister?

Culture, Media and Sport Committee HC 157 Published 7 August 2023
Report Status
Government responded
Conclusions & Recommendations
20 items (15 recs)
Government Response
AI assessment · 20 of 20 classified
Accepted 10
Acknowledged 3
Rejected 7
Filter by:

Recommendations

15 results
2 Acknowledged
Para 36

Introduce measures to standardise intuitive privacy interfaces for connected devices, empowering users.

Recommendation
The Government should introduce appropriate measures to standardise privacy interfaces for connected devices as a first step, which will help users learn how to control connected devices in their homes and exercise data rights. Privacy interfaces should be appropriately accessible, … Read more
Government Response Summary
The government partially accepts the recommendation, referencing existing GDPR requirements for privacy information. While not committing to standardising interfaces for connected devices, it will engage with interest groups in the coming months to explore options for simpler and more granular cookie preference choices using automated technologies.
Department for Culture, Media and Sport
View Details →
3 Accepted
Para 41

Clarify Online Safety Bill obligations for connected devices and voice assistants surfacing harmful content.

Recommendation
The Government should clarify the obligations in the Online Safety Bill for voice assistants, connected devices (like smart speakers) and other emerging technologies that can surface harmful content, to ensure that those that integrate search services in particular fall in-scope … Read more
Government Response Summary
The government partially accepts the recommendation, clarifying that the Online Safety Act's broad scope covers voice assistants and connected devices integrating internet search, subjecting them to duties to conduct risk assessments and mitigate illegal content and harm to children.
Department for Culture, Media and Sport
View Details →
4 Rejected
Para 51

Urge ICO to proactively engage manufacturers on child-friendly privacy settings for connected tech.

Recommendation
The use of connected tech in schools and by children in homes raises concerns, including the harvesting and third-party use of children’s data and their lack of control over what technology is used and when. The Government and ICO were … Read more
Government Response Summary
The government rejects the conclusion, asserting that the ICO has already been proactive through extensive work with industry since the Age-Appropriate Design Code came into force, producing guidance and resources for Edtech and schools.
Department for Culture, Media and Sport
View Details →
5 Accepted
Para 52

Commit to strengthening the Age-Appropriate Design Code and laying revised version promptly.

Recommendation
The Government should commit to ensuring that the Age-Appropriate Design Code is strengthened rather than undermined by data protection reform and to laying the revised code as soon as is practicable.
Government Response Summary
The government agrees with the recommendation, committing to ensure that forthcoming data protection reforms will not undermine the Age-Appropriate Design Code. The ICO will update its guidance, including the code, as soon as practicable once the Data Protection and Digital Information (No.2) Bill receives Royal Assent.
Department for Culture, Media and Sport
View Details →
6 Acknowledged
Para 59

Review incentives for piloting data institutions in smart cities to boost citizen control.

Recommendation
Though smart cities provide a range of opportunities, such as more efficient management of resources, there are also additional risks to confidence in privacy and data protection, making it harder for individuals to exercise data rights. The Government should review … Read more
Government Response Summary
The government partially accepts the recommendation, stating it is examining how data intermediaries can facilitate data sharing and empower individuals. It highlights existing data-driven practices and discusses ongoing work to manage security risks associated with connected places technologies, providing guidance to local authorities.
Department for Culture, Media and Sport
View Details →
7 Accepted
Para 64

Commission research on automated workplace monitoring and clarify HSE's role in AI regulation.

Recommendation
The monitoring of employees in smart workplaces should be done only in consultation with, and with the consent of, those being monitored. The Government should commission research to improve the evidence base regarding the deployment of automated and data collection … Read more
Government Response Summary
The government partially accepts the recommendation, stating that workplace monitoring must comply with existing data protection law. It highlights safeguards in the Data Protection and Digital Information (No.2) Bill for automated decision-making and refers to its previously published AI Regulation White Paper and ongoing work with regulators like HSE, with a consultation response to be published later this year.
Department for Culture, Media and Sport
View Details →
9 Rejected
Para 72

Keep data protection reforms under review to avoid undermining existing adequacy agreements.

Recommendation
The Government has not yet made a compelling case for reform of data protection. While we understand that some companies do not share data outside the UK, we are concerned that differing expectations between those companies and companies that do … Read more
Government Response Summary
The government rejects the conclusion, asserting that the UK remains committed to high data protection standards and that the proposed Bill will simplify legislation while maintaining robust safeguards. It argues that EU adequacy does not require identical rules and that dialogue with the EU continues to ensure free data flows.
Department for Culture, Media and Sport
View Details →
11 Rejected

Produce an implementation plan and commit to codifying remaining IoT security guidelines.

Recommendation
The introduction of the product security regime, which codifies three of the original thirteen guidelines set out in the Government’s internationally recognised 2018 Code of Practice for Consumer IoT Security, is an important first step in improving cybersecurity for connected … Read more
Government Response Summary
The government rejects committing to codify the remaining guidelines in phases, stating it's not currently proportionate, but will monitor the impact of existing requirements and may mandate further ones if necessary.
Department for Culture, Media and Sport
View Details →
13 Accepted
Para 108

Require providers to adopt network, storage, and cloud security standards for connected tech.

Recommendation
Improving cybersecurity of consumer connected devices is an important and positive step, but the proliferation of connected tech in enterprise settings and the gap in the regime regarding network, storage and cloud security still present likely attack vectors that will … Read more
Government Response Summary
The government claims existing security requirements already apply to relevant software, including off-device elements, and highlights current initiatives like NCSC principles and ongoing work to understand risks in enterprise devices.
Department for Culture, Media and Sport
View Details →
14 Accepted
Para 116

Support free courses, educators, and improve industry hiring to address cyber skills shortage.

Recommendation
We are concerned about the ongoing skills shortage, as recognised in both the Government and industry’s regular reporting on cybersecurity skills in the labour market, and believe that the shortage will be exacerbated further as the product safety regime comes … Read more
Government Response Summary
The government acknowledges an ongoing cyber skills shortage and states it already funds free cyber bootcamps across the UK through the DfE and National Cyber Strategy Programme. It also commits to continuing engagement with industry on improving hiring and retention.
Department for Culture, Media and Sport
View Details →
15 Accepted
Para 117

Improve gender and ethnic diversity in cyber workforce through new schemes and support.

Recommendation
We are particularly concerned that, despite the shortage of cyber skills in the UK, there are stubborn and significant disparities in the cyber workforce based on gender and race and ethnicity. The Government should reflect on the significant disparities in … Read more
Government Response Summary
The government agrees to address diversity in the cyber workforce, highlighting ongoing initiatives like funding the National Centre for Computing Education, DSIT's 'Upskill in Cyber' programme, and funding the UK Cyber Security Council to develop professional recognition processes.
Department for Culture, Media and Sport
View Details →
16 Rejected
Para 120

Ensure DSIT coordinates cyber policy and establish clear ministerial accountability for delivery.

Recommendation
The creation of the Department for Science, Innovation and Technology is an opportunity to ensure a comprehensive, joined up approach to cyber policy. We recommend that responsibilities for cyber policy is co-ordinated by the dedicated Department for Science, Innovation and … Read more
Government Response Summary
The government rejects the recommendation, stating that the UK National Cyber Strategy sets out a whole-of-government approach where various ministers have specific cyber responsibilities, and argues that national security cannot be separated from broader cyber policy.
Department for Culture, Media and Sport
View Details →
17 Rejected

Ensure National Cyber Security Centre has capacity to meet growing demands for services

Recommendation
As the prevalence of connected technology grows, so too will the demand for the National Cyber Security Centre’s services. The Government should ensure that the National Cyber Security Centre has the capacity to meet demands for its services. It should … Read more
Government Response Summary
The government partially agrees, stating it ensures the NCSC is sustainably funded but rejects explicitly addressing NCSC capacity issues in its regular labour market reporting, instead confirming that NCSC needs are considered within broader workforce capacity assessments.
Department for Culture, Media and Sport
View Details →
18 Acknowledged
Para 131

Make tackling technology-facilitated abuse a priority across law enforcement and justice system

Recommendation
The Government must make tackling technology-facilitated abuse, or “tech abuse”, a priority. There is little evidence to suggest that our law enforcement and criminal justice system has been equipped to deal with the problems caused by tech abuse now, let … Read more
Government Response Summary
The government agrees, stating that tackling technology-facilitated abuse is already recognised as a priority within existing strategies like the 2021 Tackling Violence Against Women and Girls Strategy, and commits to continuing to ensure it remains a priority.
Department for Culture, Media and Sport
View Details →
19 Accepted
Para 132

Upskill law enforcement and improve crime data to enhance response to tech abuse

Recommendation
The Government’s response to tech abuse should involve upskilling law enforcement to improve the criminal justice response and increasing law enforcement’s and victims’ and survivors’ awareness of specialist services tackling violence against women and girls. The Government should also reflect … Read more
Government Response Summary
The government partially agrees, committing to provide up to £8.3 million over two years for frontline support, including training on tech-facilitated abuse, and £150k for the Revenge Porn Helpline. It also commits to continuing to work with policing partners on developing skills and with police forces to ensure accurate use of the 'online flag' in crime data.
Department for Culture, Media and Sport
View Details →

Conclusions (5)

Observations and findings
1 Conclusion Accepted
Para 35
Data rights are an important tool for empowering data subjects and balancing data processing against users’ rights and freedoms. However, there are many barriers to individuals being able to exercise these rights when using or interacting with connected tech, ranging from product design to digital literacy and resources. Users must …
Government Response Summary
The government agrees with the conclusion, stating that existing data protection legislation, including the UK GDPR, already addresses these issues by requiring transparent data processing and empowering individuals to report non-compliance to the ICO. It welcomes the ICO's existing recommendations to technology providers.
View Details →
8 Conclusion Accepted
Para 65
The Information Commissioner’s Office should develop its existing draft guidance on “Employment practices: monitoring at work” into a principles-based code for designers and operators of workplace connected tech.
Government Response Summary
The ICO plans to publish final guidance for employers on employee monitoring in October, which will replace parts of the 2011 Employers Code of Practice, following a public consultation that closed in January.
View Details →
10 Conclusion Rejected
We agree that reforming the governance and accountability structures of the Information Commissioner’s Office will be a positive step. We have previously recommended against executive overreach in the case of Ofcom and the Online Safety Bill; these concerns apply with respect to the Information Commissioner’s Office and the Data Protection …
Government Response Summary
The government rejects the conclusion, asserting that the reforms will enhance the ICO's accountability without undermining its independence, citing the Information Commissioner's agreement. It clarifies that the Strategic Statement of Priorities will be subject to parliamentary oversight and approval, ensuring accountability to Parliament.
View Details →
12 Conclusion Accepted
Para 102
As the guidelines set out in the 2018 Code of Practice for Consumer IoT Security imply, cybersecurity and data protection are mutually reinforcing. Without cybersecurity, data cannot be meaningfully protected, while data protection can manage the risk and impact of cyberattack. The Information Commissioner’s Office, either bilaterally or through the …
Government Response Summary
The government commits that the Information Commissioner’s Office (ICO) will work with the Office for Product Safety Standards (OPSS), bilaterally or via the Digital Regulation Co-operation Forum, to support industry and ensure effective enforcement of new regulations.
View Details →
20 Conclusion Rejected
We want to see words from cross-sector stakeholders on tech abuse now leading to positive actions. The Office for Product Safety and Standards should, at the earliest opportunity, convene a “tech abuse working group” with stakeholders, bringing industry together with researchers, specialist support services and public services. This group should …
Government Response Summary
The government rejects the recommendation, stating there are no plans for OPSS to convene a tech abuse working group as aspects of tech abuse are addressed in existing policies and legal frameworks, and it is not within OPSS's primary remit.
View Details →