The UK government has launched a public consultation on proposed measures to combat ransomware — a growing cyber threat with serious economic and security implications — and seeks input from businesses, cybersecurity...more
The European Union Artificial Intelligence Act (the AI Act) was published on 12 July 2024 in the European Union Official Journal and will enter into force on August 1, 2024. The AI Act is one of the most keenly anticipated...more
On 19 September 2023, the UK Parliament passed the Online Safety Bill (“OSB”). The OSB aims to protect individuals from illegal online content and focuses on the protection of children by requiring the removal of content that...more
10/18/2023
/ Compliance ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Enforcement ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
New Legislation ,
Online Platforms ,
Online Safety for Children ,
Popular ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Reform ,
Regulatory Requirements ,
Risk Management ,
UK
On 10 July 2023, the European Commission adopted its long-awaited adequacy decision for the EU-U.S. Data Privacy Framework (the DPF). With immediate effect, the adequacy decision provides a new lawful basis for transfers from...more
7/14/2023
/ Data Privacy ,
Data Protection ,
Data Security ,
EU ,
EU Data Protection Laws ,
EU-US Privacy Shield ,
European Commission ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
SCC ,
Standard Contractual Clauses ,
US-EU Safe Harbor Framework
On 22 May 2023, the Irish Data Protection Commission (DPC) issued Meta Platforms Ireland Limited (Meta Ireland) with a EUR 1.2 billion (approximately 1.3 billion U.S. dollar) fine for breaches of the GDPR with respect to...more
The UK government recently introduced a new Data Protection and Digital Information (No. 2) Bill (the “New Bill”). The reforms are intended to update and simplify the UK’s data protection framework and reduce burdens on...more
4/3/2023
/ Artificial Intelligence ,
Cookies ,
Data Controller ,
Data Privacy ,
Data Protection ,
International Data Transfers ,
Marketing ,
New Legislation ,
Recordkeeping Requirements ,
Regulatory Requirements ,
UK ,
Web Tracking
On February 24, 2023, the Cyberspace Administration of China (CAC) released the much-awaited Measures for the Standard Contract for Outbound Transfer of Personal Information (China SCC Measures) together with the issuance of...more
Meta Ireland (Meta) has recently been issued with two fines by the Irish Data Protection Commission (DPC) for breaches of the EU General Data Protection Regulation (GDPR) relating to advertisements run on its Facebook and...more
1/18/2023
/ Advertising ,
Corporate Counsel ,
Cybersecurity ,
Data Controller ,
Data Protection ,
Data Protection Commissioner ,
EU ,
European Data Protection Board (EDPB) ,
Facebook ,
Fines ,
General Data Protection Regulation (GDPR) ,
Instagram ,
Metaverse ,
Privacy Laws
In October 2022, the U.K. Medicines and Health products Regulatory Agency (MHRA) published its Guidance, Software and AI as a Medical Device Change Programme – Roadmap, setting out how it will regulate software and AI medical...more
On July 18, 2022, the U.K. Government published a paper on its proposals for AI regulation “Establishing a pro-innovation approach to regulating AI” (the AI Paper). This was published alongside the Government’s AI Action...more
The UK government has recently published proposals to amend UK data protection legislation with moves towards divergence from EU rules and regulation following the UK’s decision to leave the EU (“Brexit”). The Data Protection...more
8/4/2022
/ Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
EU ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Privacy and Electronic Communications Regulation 2003 (PECR). ,
Proposed Legislation ,
Suspicious Activity Reports (SARs) ,
UK ,
UK Brexit ,
UK Data Protection Act ,
UK GDPR
On September 10, the U.K. government launched a consultation “Data: A New Direction” (Consultation), which proposes significant changes to the U.K.’s data protection framework.
The U.K. government has signalled its...more
The United Kingdom Information Commissioner’s Office (ICO) recently launched a consultation regarding the transfer of personal data outside of the U.K. The ICO is seeking comment on its draft international data transfer...more
Last year’s European Court of Justice (ECJ) judgement in Data Protection Commissioner v Facebook Ireland LTD, Maximillian Schrems, C-311/18 (Schrems II) continues to have ramifications for cross border data transfers. The...more
In early June 2021, the European Commission adopted a new set of Standard Contractual Clauses for organizations to use to ensure compliance with the EU General Data Protection Regulation (GDPR) requirements for transfers of...more
Following on from this week’s big announcement by the European Data Protection Board (EDPB) on its expectations for international data transfers after the European Court of Justice’s July 16 Schrems II decision, the European...more
On November 11, 2020, the European Data Protection Board (EDPB) issued two much-anticipated guidance documents, outlining the approach it expects organizations to take when transferring data out of the EU. Although these...more
On 30 October 2020, the UK’s data privacy regulator, the Information Commissioner’s Office (ICO) issued a final penalty notice (Penalty Notice) to fine the hotel chain Marriott International, Inc. (Marriott) for a GDPR data...more
11/10/2020
/ Corporate Counsel ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Marriott ,
Popular ,
UK
At £20 million, the fine imposed on British Airways (BA) for its infringement of the General Data Protection Regulation is the biggest fine of its kind in the history of the U.K.’s Information Commissioner’s Office (ICO)....more
The U.K. government recently launched a consultation process for regulating consumer Internet of Things (IOT) security. This could have significant implications for U.S. manufacturers, given that the U.K. will remain a key...more
On July 16, the highest court in the European Union (EU), the Court of Justice of the European Union (CJEU), issued a landmark judgment in the case of Data Protection Commissioner v Facebook Ireland Limited, Maximillian...more
The U.K.’s data protection regulator, the Information Commissioner’s Office (ICO) has today issued guidance setting out how it intends to approach the enforcement of the General Data Protection Regulation (GDPR) during the...more
In a significant decision, the Supreme Court unanimously held that Morrisons, the U.K. supermarket chain, was not vicariously liable for an employee’s significant data breach, reversing the Court of Appeal’s previous...more
The General Data Protection Regulation (GDPR) provides that personal data may only be transferred to a country outside the European Economic Area (EEA) if that country ensures an adequate level of protection for personal...more
1/7/2020
/ Corporate Counsel ,
Cybersecurity ,
Data Protection ,
EU ,
EU Data Protection Laws ,
European Commission ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Popular ,
Standard Contractual Clauses
On 8 July 2019, the U.K. Information Commissioner’s Office (ICO) issued a Notice of Intent to fine British Airways (BA) £183.39 million (approximately $232 million). While the Notice of Intent, as the name suggests, is not a...more