The bill would largely build on the UK data protection regime’s EU GDPR-style framework, albeit with UK-specific provisions.
The UK government introduced the Data Protection and Digital Information Bill (the Bill) to...more
UK government sets out ambitious proposal for reforming the UK data protection landscape.
On 17 June 2022, the Department for Culture, Media and Sport (DCMS) published its response to its consultation “Data: a new...more
7/13/2022
/ Consultation ,
Data Protection ,
e-Privacy Directive ,
Electronic Communications ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Popular ,
Regulatory Agenda ,
UK ,
UK GDPR
Companies have three months to prepare to use the latest standard contractual clauses for new data transfers, and 18 months to migrate existing arrangements.
On 4 June 2021, the European Commission released its...more
6/28/2021
/ Court of Justice of the European Union (CJEU) ,
Data Controller ,
Data Processors ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
FISA ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
UK
As the Brexit transition period draws to a close, businesses will need to consider their data protection efforts to comply with both UK and EU regimes.
The end of the Brexit transition period on 31 December 2020 will have...more
The European Commission has published draft updated standard contractual clauses in light of the Schrems II decision.
On 12 November 2020, the European Commission (the Commission) published a draft implementing decision,...more
12/8/2020
/ Data Controller ,
Data Processors ,
EU ,
European Commission ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Member State ,
Personal Data ,
Public Consultations ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
UK
The EDPB takes a strict approach in its recent guidance on international data transfers following Schrems II, posing a difficult challenge for businesses.
On 10 November, the European Data Protection Board (EDPB) released...more
As contactless transactions boom, EU regulators publish draft guidelines on the interplay between the GDPR and PSD2.
Last year, more than half of all payments in the UK were made by card and contactless methods, while cash...more
11/4/2020
/ Anti-Money Laundering ,
Anti-Terrorism Financing ,
Data Protection ,
EU ,
European Data Protection Board (EDPB) ,
Financial Institutions ,
General Data Protection Regulation (GDPR) ,
Member State ,
New Guidance ,
Payment Systems ,
Personal Data ,
PSD2
Swiss companies are advised to take additional measures when transferring personal data from Switzerland to the US.
On 8 September 2020, the Swiss data protection authority, Adrian Lobsiger (the Federal Data Protection and...more
The Dubai International Financial Centre (DIFC) has a new data protection law and regulations: the Data Protection Law DIFC Law No. 5 of 2020 (DIFC DP Law) and the Data Protection Regulations (DIFC DP Regulations, and...more
Latham develops new resource to identify considerations for assessing SCC and BCR data transfers in Europe.
Following the Schrems II decision in July 2020, organisations relying on the standard contractual clauses (SCCs) or...more
A ruling by the EU’s top court invalidates the key mechanism for transferring personal data from the EU to the US and imposes additional conditions for use of the standard contractual clauses.
On 16 July 2020, the Court of...more
The new guidelines reflect the European Commission’s aim to provide additional certainty for regulated entities outsourcing to cloud services.
On 3 June 2020, ESMA published a consultation paper on draft guidelines...more
UK government encourages regulated firms to share customer information within corporate groups, highlighting interaction with firms’ obligations under the Proceeds of Crime Act 2002 and GDPR.
The UK government has...more
The resource aims to help businesses create more resilient supply chains and trusted data by responsibly deploying blockchain technology.
The World Economic Forum has launched a new, first-of-its-kind resource -...more
Not too long ago, an investment manager looking to invest in a company might conduct due diligence, attend investor relation calls, peruse quarterly or annual filings, and consider standard ratios such as price to earnings...more
3/5/2020
/ California Consumer Privacy Act (CCPA) ,
Data Privacy ,
EU ,
EU Market Abuse Regulation (EU MAR) ,
Financial Institutions ,
Financial Services Industry ,
General Data Protection Regulation (GDPR) ,
Investment Advisers Act of 1940 ,
MiFID ,
Regulation S-P ,
Risk Management ,
Risk Mitigation ,
Securities Exchange Act
The final guidelines create new obligations for insurers that will impact cloud outsourcing arrangements.
On 6 February 2020, the European Insurance and Occupational Pensions Authority (EIOPA) published its final...more
2/27/2020
/ Cloud Service Providers (CSPs) ,
Draft Guidance ,
EIOPA ,
EU ,
European Banking Authority (EBA) ,
Financial Institutions ,
Insurance Industry ,
Outsourcing ,
Public Contracts ,
Reinsurance ,
Solvency II
IT companies face higher fines in Russia for noncompliance with data privacy and content moderation rules.
In December 2019, Russia imposed large fines for certain types of violations of the Russian data privacy and...more
The FCA is considering whether alternative data could introduce new risks to market integrity.
The FCA’s recently published Insight article explores how alternative data might give rise to market abuse risks. The article...more
Potential amendments to the PDPO would impose much stricter controls on organisations that process personal data of individuals located in Hong Kong.
Key Points:
..On 20 January 2020 the Legislative Council debated...more
Insights from Latham’s flagship event: Managing the risk and promise of digitisation in financial services.
In a bid to keep pace with rapid advances in cloud adoption across financial services, regulators have published a...more
11/12/2019
/ CLOUD Act ,
Cloud Storage ,
Data Protection Authority ,
EU ,
European Banking Authority (EBA) ,
Financial Services Industry ,
FinTech ,
General Data Protection Regulation (GDPR) ,
Insurance Industry ,
New Guidance ,
Open Banking ,
Regulatory Agenda ,
Reinsurance
UK Treasury Committee report warns that the current level and frequency of disruption and consumer harm is unacceptable.
On 28 October 2019, the Treasury Committee published a report on IT failures in the financial...more
10/30/2019
/ Banking Sector ,
Corporate Communications ,
Corporate Management ,
Financial Services Industry ,
HM Treasury ,
Information Reports ,
Information Technology ,
Outsourcing ,
Risk Management ,
SMCR ,
UK
Subcontractors, security, and audit and termination rights will require special consideration under forthcoming EBA outsourcing guidelines.
Recent growth in divestiture and carve-out deals in the M&A landscape, including...more
10/29/2019
/ Acquisitions ,
Banking Sector ,
Carve Out Provisions ,
Contract Terms ,
Divestiture ,
European Banking Authority (EBA) ,
Exit Strategies ,
Financial Institutions ,
Mergers ,
Outsourcing ,
Regulatory Standards ,
Subcontractors ,
Third-Party Service Provider ,
Transitional Arrangements
The FSB is reviewing cloud provider concentration risk in the latest example of regulator concern over reliance on leading cloud providers by financial services institutions.
The Financial Stability Board (FSB), an...more
How can private equity firms identify and mitigate inherited liability risk from vulnerable portfolio companies?
Ongoing big ticket regulatory fines coupled with high profile corporate veil cases indicate that private...more
9/30/2019
/ Acquisitions ,
British Airways ,
Data Breach ,
Due Diligence ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Mergers ,
Piercing the Corporate Veil ,
Portfolio Companies ,
Private Equity ,
Private Equity Firms ,
Risk Assessment ,
Risk Mitigation ,
Successor Liability ,
UK
Recent action by the Hamburg authority may present implications for companies regulated by a lead data protection supervisory authority in Europe.
A German supervisory authority has initiated an investigation into Google’s...more