In the next phase of Online Safety Act implementation, children’s safety duties and related codes of practice will come into full effect on 25 July 2025....more
An overhaul of the UK consumer law landscape is on the horizon, with the consumer law provisions of the Digital Markets, Competition and Consumers Act 2024 set to take effect on 6 April 2025....more
4/7/2025
/ Antitrust Provisions ,
Consumer Contracts ,
Consumer Protection Laws ,
Enforcement ,
Enterprise Act 2002 ,
New Legislation ,
New Regulations ,
Regulatory Requirements ,
Subscription Services ,
UK ,
UK Competition and Markets Authority (CMA)
Illegal content safety duties came into full effect on 17 March 2025, shortly followed by children’s access assessment requirements.
The UK Online Safety Act (OSA) establishes an extensive regulatory framework for...more
The draft guidelines provide further clarification to the EDPB’s interpretation of legitimate interests, and suggest a potential divergence with the UK ICO....more
11/25/2024
/ Court of Justice of the European Union (CJEU) ,
Data Controller ,
Data Processors ,
Draft Guidance ,
EU ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Marketing ,
Multi-Factor Test ,
Personal Data ,
UK
The new regime will take effect on 1 January 2025, but will not diminish the responsibilities of financial services firms relying on the services of critical third parties....more
11/20/2024
/ Bank of England ,
Final Rules ,
Financial Conduct Authority (FCA) ,
Financial Institutions ,
Financial Services Industry ,
FSMA ,
HM Treasury ,
Prudential Regulation Authority (PRA) ,
Regulatory Requirements ,
Third-Party ,
Third-Party Risk ,
Third-Party Service Provider ,
UK
Latham & Watkins and Privacy Laws & Business recently co-hosted a webinar looking back on the first eight months since the UK-US Data Bridge entered into force. Speakers from the UK Information Commissioner’s Office (ICO) and...more
9/6/2024
/ Bilateral Agreements ,
Data Protection ,
Department of Transportation (DOT) ,
EU ,
EU-US Privacy Shield ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Jurisdiction ,
Personal Data ,
Self-Certification ,
Standard Contractual Clauses ,
U.S. Commerce Department ,
UK
The Online Safety Act (the OSA) received Royal Assent on 26 October 2023 and is now in force.
The OSA establishes an extensive regulatory framework for providers of online user-to-user services and search services with...more
8/16/2024
/ Compliance ,
Compliance Dates ,
Digital Service Providers ,
Digital Services ,
Enforcement ,
New Legislation ,
OFCOM ,
Online Marketplace ,
Online Platforms ,
Online Safety for Children ,
Regulatory Requirements ,
Search Engines ,
Social Media ,
UK ,
User-Generated Content
Critical Third Parties serving the UK financial sector must ready themselves for compliance with the newly proposed operational resilience requirements.
On 7 December 2023, the PRA, FCA, and BoE jointly published a...more
As regulatory thinking evolves, firms must ensure that any current or planned use of AI complies with regulatory expectations.
As financial services firms digest FS2/23, the joint Feedback Statement on Artificial...more
A new publication from the UK’s financial regulator signals to firms that they should take steps to manage risks in the use of AI.
The UK’s Financial Conduct Authority (FCA) has published its latest board minutes...more
Regulator clarifies that existing FCA rules will continue to apply but will also reflect the evolving landscape of financial promotions on social media.
On 17 July 2023, the FCA published a guidance consultation (GC23/2)...more
7/21/2023
/ Affiliates ,
Comment Period ,
Consultation ,
Financial Conduct Authority (FCA) ,
Financial Institutions ,
Financial Promotions ,
Financial Services Industry ,
Guidance Update ,
High Risk Financial Products ,
Influencers ,
Marketing ,
Retail Investors ,
Social Media ,
UK
The updated reform legislation provides welcome guidance and clarifications on aspects such as legitimate interests and accountability, without substantially shifting the approach proposed under the existing reform bill. ...more
The Information Commissioner’s Office published draft guidance on privacy enhancing technologies that can be used to comply with privacy-by-design requirements.
On 7 September 2022, the Information Commissioner’s Office...more
Areas of interest include anonymisation, “recognised legitimate interests”, and the ICO’s role.
The UK Data Protection and Digital Information Bill (the Bill) sets out the government’s proposals for reforming the current...more
8/19/2022
/ Anonymization ,
Compliance ,
Data Controller ,
Data Processors ,
Data Protection ,
Data Security ,
Electronic Communications ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Personal Data ,
Proposed Legislation ,
UK ,
UK Data Protection Act
The bill would largely build on the UK data protection regime’s EU GDPR-style framework, albeit with UK-specific provisions.
The UK government introduced the Data Protection and Digital Information Bill (the Bill) to...more
UK government sets out ambitious proposal for reforming the UK data protection landscape.
On 17 June 2022, the Department for Culture, Media and Sport (DCMS) published its response to its consultation “Data: a new...more
7/13/2022
/ Consultation ,
Data Protection ,
e-Privacy Directive ,
Electronic Communications ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Popular ,
Regulatory Agenda ,
UK ,
UK GDPR
Companies have three months to prepare to use the latest standard contractual clauses for new data transfers, and 18 months to migrate existing arrangements.
On 4 June 2021, the European Commission released its...more
6/28/2021
/ Court of Justice of the European Union (CJEU) ,
Data Controller ,
Data Processors ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
FISA ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
UK
As the Brexit transition period draws to a close, businesses will need to consider their data protection efforts to comply with both UK and EU regimes.
The end of the Brexit transition period on 31 December 2020 will have...more
The European Commission has published draft updated standard contractual clauses in light of the Schrems II decision.
On 12 November 2020, the European Commission (the Commission) published a draft implementing decision,...more
12/8/2020
/ Data Controller ,
Data Processors ,
EU ,
European Commission ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Member State ,
Personal Data ,
Public Consultations ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
UK
UK government encourages regulated firms to share customer information within corporate groups, highlighting interaction with firms’ obligations under the Proceeds of Crime Act 2002 and GDPR.
The UK government has...more
The FCA is considering whether alternative data could introduce new risks to market integrity.
The FCA’s recently published Insight article explores how alternative data might give rise to market abuse risks. The article...more
UK Treasury Committee report warns that the current level and frequency of disruption and consumer harm is unacceptable.
On 28 October 2019, the Treasury Committee published a report on IT failures in the financial...more
10/30/2019
/ Banking Sector ,
Corporate Communications ,
Corporate Management ,
Financial Services Industry ,
HM Treasury ,
Information Reports ,
Information Technology ,
Outsourcing ,
Risk Management ,
SMCR ,
UK
How can private equity firms identify and mitigate inherited liability risk from vulnerable portfolio companies?
Ongoing big ticket regulatory fines coupled with high profile corporate veil cases indicate that private...more
9/30/2019
/ Acquisitions ,
British Airways ,
Data Breach ,
Due Diligence ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Mergers ,
Piercing the Corporate Veil ,
Portfolio Companies ,
Private Equity ,
Private Equity Firms ,
Risk Assessment ,
Risk Mitigation ,
Successor Liability ,
UK
UK confirms reciprocal requirements for digital services providers to appoint UK representatives for NIS purposes, following Brexit.
Following a consultation process, the UK government has now confirmed that it will put...more
The guidance clarifies the interplay between the PECR and GDPR and provides practical steps to achieving cookie compliance.
The UK’s data protection supervisory authority, the Information Commissioner’s Office (ICO),...more