The DUAA introduces several reforms to UK data protection law, but their implications are relatively limited in practice.
The Data (Use and Access) Act 2025 (the DUAA) was enacted on 19 June 2025 and amends rather than...more
7/28/2025
/ Adequacy Requirement ,
Amended Legislation ,
Cookies ,
Data Privacy ,
Data Protection ,
EU ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
New Legislation ,
Personal Data ,
Privacy Laws ,
Regulatory Requirements ,
UK
In the next phase of Online Safety Act implementation, children’s safety duties and related codes of practice will come into full effect on 25 July 2025....more
Illegal content safety duties came into full effect on 17 March 2025, shortly followed by children’s access assessment requirements.
The UK Online Safety Act (OSA) establishes an extensive regulatory framework for...more
The Online Safety Act (the OSA) received Royal Assent on 26 October 2023 and is now in force.
The OSA establishes an extensive regulatory framework for providers of online user-to-user services and search services with...more
8/16/2024
/ Compliance ,
Compliance Dates ,
Digital Service Providers ,
Digital Services ,
Enforcement ,
New Legislation ,
OFCOM ,
Online Marketplace ,
Online Platforms ,
Online Safety for Children ,
Regulatory Requirements ,
Search Engines ,
Social Media ,
UK ,
User-Generated Content
The updated reform legislation provides welcome guidance and clarifications on aspects such as legitimate interests and accountability, without substantially shifting the approach proposed under the existing reform bill. ...more
Navigating evolving digital economy regulation requires a sophisticated and proactive approach from dealmakers.
Amid the ongoing global proliferation of regulation governing the digital economy, EU and UK legislators are...more
The Information Commissioner’s Office published draft guidance on privacy enhancing technologies that can be used to comply with privacy-by-design requirements.
On 7 September 2022, the Information Commissioner’s Office...more
Last year, the UK Department of Digital, Culture, Media and Sport (DCMS) published its 10- year National AI Strategy for the regulation and promotion of artificial intelligence (AI) in the UK (Report). DCMS seeks to build...more
9/26/2022
/ Artificial Intelligence ,
Copyright ,
Cybersecurity ,
Defense Sector ,
Ethics ,
Health and Safety ,
Information Commissioner's Office (ICO) ,
Intellectual Property Protection ,
Patents ,
Regulatory Oversight ,
Risk Management ,
Strategic Planning ,
UK ,
White Papers
A year on from the national implementation deadline of the Directive on copyright in the Digital Single Market, the CJEU has upheld controversial Article 17.
In September 2016, the European Commission announced its...more
Areas of interest include anonymisation, “recognised legitimate interests”, and the ICO’s role.
The UK Data Protection and Digital Information Bill (the Bill) sets out the government’s proposals for reforming the current...more
8/19/2022
/ Anonymization ,
Compliance ,
Data Controller ,
Data Processors ,
Data Protection ,
Data Security ,
Electronic Communications ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Personal Data ,
Proposed Legislation ,
UK ,
UK Data Protection Act
The bill would largely build on the UK data protection regime’s EU GDPR-style framework, albeit with UK-specific provisions.
The UK government introduced the Data Protection and Digital Information Bill (the Bill) to...more
UK government sets out ambitious proposal for reforming the UK data protection landscape.
On 17 June 2022, the Department for Culture, Media and Sport (DCMS) published its response to its consultation “Data: a new...more
7/13/2022
/ Consultation ,
Data Protection ,
e-Privacy Directive ,
Electronic Communications ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Popular ,
Regulatory Agenda ,
UK ,
UK GDPR
Recent developments at the CJEU give some shape to the practical implications of Article 17 of the Copyright Directive.
7 June 2021 was the implementation deadline for the Copyright in the Digital Single Market Directive...more
The proposals includes fines for non-compliance of up to the greater of £18 million or 10% of a provider’s annual global revenue.
On 12 May 2021, the UK government published the Online Safety Bill (the Bill), which aims...more
6/28/2021
/ Digital Service Providers ,
Digital Services ,
Duty of Care ,
EU ,
New Legislation ,
OFCOM ,
Online Marketplace ,
Online Platforms ,
Proposed Legislation ,
Regulatory Requirements ,
Search Engines ,
Social Media ,
UK ,
User-Generated Content
Companies have three months to prepare to use the latest standard contractual clauses for new data transfers, and 18 months to migrate existing arrangements.
On 4 June 2021, the European Commission released its...more
6/28/2021
/ Court of Justice of the European Union (CJEU) ,
Data Controller ,
Data Processors ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
FISA ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
UK
Beyond creative works and consumer products, NFTs open up new avenues for IP monetisation in the technology, life sciences, and pharmaceutical industries.
Non-fungible tokens (NFTs), one-of-a-kind cryptoassets stored on...more
6/25/2021
/ Anti-Money Laundering ,
Blockchain ,
Cryptoassets ,
Cryptocurrency ,
Digital Assets ,
EU ,
Know Your Customers ,
Life Sciences ,
MiFID ,
Non-Fungible Tokens (NFTs) ,
Technology Sector ,
Token Sales ,
UK
This recent CJEU decision raises a number of considerations for content rights holders and for those seeking to link to content online, across both the EU and the UK -
Under UK and European laws, the rights of copyright...more
As the Brexit transition period draws to a close, businesses will need to consider their data protection efforts to comply with both UK and EU regimes.
The end of the Brexit transition period on 31 December 2020 will have...more
The European Commission has published draft updated standard contractual clauses in light of the Schrems II decision.
On 12 November 2020, the European Commission (the Commission) published a draft implementing decision,...more
12/8/2020
/ Data Controller ,
Data Processors ,
EU ,
European Commission ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Member State ,
Personal Data ,
Public Consultations ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
UK
The BoE is seeking feedback on the Introductory Phase of the ISO 20022 migration, that will create a common language for payments data globally.
In 2018, the Bank of England (BoE) consulted on the adoption of ISO 20022 — a...more
European Commission confirms SCA measures should apply to EU consumers purchasing from UK websites in the event of a no-deal Brexit.
Complex payment processing chains comprise multiple entities operating behind the scenes...more
How can private equity firms identify and mitigate inherited liability risk from vulnerable portfolio companies?
Ongoing big ticket regulatory fines coupled with high profile corporate veil cases indicate that private...more
9/30/2019
/ Acquisitions ,
British Airways ,
Data Breach ,
Due Diligence ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Mergers ,
Piercing the Corporate Veil ,
Portfolio Companies ,
Private Equity ,
Private Equity Firms ,
Risk Assessment ,
Risk Mitigation ,
Successor Liability ,
UK