The draft guidelines provide further clarification to the EDPB’s interpretation of legitimate interests, and suggest a potential divergence with the UK ICO....more
11/25/2024
/ Court of Justice of the European Union (CJEU) ,
Data Controller ,
Data Processors ,
Draft Guidance ,
EU ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Marketing ,
Multi-Factor Test ,
Personal Data ,
UK
Latham & Watkins and Privacy Laws & Business recently co-hosted a webinar looking back on the first eight months since the UK-US Data Bridge entered into force. Speakers from the UK Information Commissioner’s Office (ICO) and...more
9/6/2024
/ Bilateral Agreements ,
Data Protection ,
Department of Transportation (DOT) ,
EU ,
EU-US Privacy Shield ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Jurisdiction ,
Personal Data ,
Self-Certification ,
Standard Contractual Clauses ,
U.S. Commerce Department ,
UK
The updated reform legislation provides welcome guidance and clarifications on aspects such as legitimate interests and accountability, without substantially shifting the approach proposed under the existing reform bill. ...more
The Information Commissioner’s Office published draft guidance on privacy enhancing technologies that can be used to comply with privacy-by-design requirements.
On 7 September 2022, the Information Commissioner’s Office...more
Areas of interest include anonymisation, “recognised legitimate interests”, and the ICO’s role.
The UK Data Protection and Digital Information Bill (the Bill) sets out the government’s proposals for reforming the current...more
8/19/2022
/ Anonymization ,
Compliance ,
Data Controller ,
Data Processors ,
Data Protection ,
Data Security ,
Electronic Communications ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Personal Data ,
Proposed Legislation ,
UK ,
UK Data Protection Act
The bill would largely build on the UK data protection regime’s EU GDPR-style framework, albeit with UK-specific provisions.
The UK government introduced the Data Protection and Digital Information Bill (the Bill) to...more
Companies have three months to prepare to use the latest standard contractual clauses for new data transfers, and 18 months to migrate existing arrangements.
On 4 June 2021, the European Commission released its...more
6/28/2021
/ Court of Justice of the European Union (CJEU) ,
Data Controller ,
Data Processors ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
FISA ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
UK
UK government encourages regulated firms to share customer information within corporate groups, highlighting interaction with firms’ obligations under the Proceeds of Crime Act 2002 and GDPR.
The UK government has...more
The FCA is considering whether alternative data could introduce new risks to market integrity.
The FCA’s recently published Insight article explores how alternative data might give rise to market abuse risks. The article...more
How can private equity firms identify and mitigate inherited liability risk from vulnerable portfolio companies?
Ongoing big ticket regulatory fines coupled with high profile corporate veil cases indicate that private...more
9/30/2019
/ Acquisitions ,
British Airways ,
Data Breach ,
Due Diligence ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Mergers ,
Piercing the Corporate Veil ,
Portfolio Companies ,
Private Equity ,
Private Equity Firms ,
Risk Assessment ,
Risk Mitigation ,
Successor Liability ,
UK
UK confirms reciprocal requirements for digital services providers to appoint UK representatives for NIS purposes, following Brexit.
Following a consultation process, the UK government has now confirmed that it will put...more
Das ICO kündigt an, Bußgelder gegen British Airways und Marriott zu verhängen. Was ist passiert, wie geht es weiter?
Am 8. Juli 2019 kündigte das Information Commissioner’s Office (ICO) an, gegen British Airways wegen...more
The guidance clarifies the interplay between the PECR and GDPR and provides practical steps to achieving cookie compliance.
The UK’s data protection supervisory authority, the Information Commissioner’s Office (ICO),...more
The ICO issued notices of intent to fine British Airways and Marriott. What happened?
On 8 July 2019, the UK Information Commissioner’s Office (ICO) announced a notice of intent to fine British Airways £183.39 million (about...more
7/12/2019
/ British Airways ,
Corporate Fines ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Marriott ,
Popular ,
UK
Online services have until 31 May to respond to 16 draft standards of age-appropriate design.
The ICO is required by s123 of the Data Protection Act 2018 to prepare a code of practice which contains guidance on standards...more
Companies should identify data flows, implement a data transfer solution, and update internal documents and privacy notices.
Since our blog on “What a “No Deal” Brexit Means for UK Data Privacy”, the European Data...more
3/20/2019
/ Article 50 Treaty of the EU ,
CNIL ,
Data Privacy ,
Data Protection ,
DIFC ,
EU ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Ireland ,
Member State ,
No-Deal Brexit ,
UK ,
UK Brexit ,
Withdrawal Agreement