On June 19 2025, the Information Commissioner’s Office (ICO) published guidance on the Data (Use and Access) Act 2025 (DUAA), which received Royal Assent on the same day. The DUAA introduces significant changes to the UK data...more
7/8/2025
/ DATA Act ,
Data Privacy ,
Data Protection ,
Government Agencies ,
Information Commissioner's Office (ICO) ,
Legislative Agendas ,
New Guidance ,
New Legislation ,
Personal Data ,
Privacy and Electronic Communications Regulation 2003 (PECR). ,
Regulatory Agencies ,
Regulatory Reform ,
UK
We are now on the first stop – illegal harms – of Ofcom’s (the UK’s online safety regulator) roadmap for what online providers must do to comply with the OSA.
- By March 16, 2025, in-scope services must assess the risk of...more
On February 20 2025, the Information Commissioner’s Officer (the ICO) published the third edition of the Tech Horizons Report (the Report). The Report identifies four new technologies expected to emerge over the next 2 to 7...more
3/10/2025
/ Artificial Intelligence ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Healthcare ,
Information Commissioner's Office (ICO) ,
Machine Learning ,
Personal Data ,
Privacy Laws ,
Technology ,
UK
On February 5 2025, the UK Information Commissioner's Office (ICO) released new guidance designed to help employers understand and comply with their obligations under the UK GDPR and the Data Protection Act 2018 in relation...more
2/21/2025
/ Corporate Governance ,
Data Collection ,
Data Privacy ,
Data Protection ,
Employee Privacy Rights ,
Employee Rights ,
Employer Liability Issues ,
Employment Policies ,
Personal Data ,
Personal Information ,
Privacy Laws ,
UK
On January 24 2025, the UK’s Information Commissioner’s Office (ICO) published its response to a request from the Prime Minister, Chancellor and Business Secretary for regulatory proposals to improve business confidence and...more
2/7/2025
/ Artificial Intelligence ,
Cloud Computing ,
Data Privacy ,
Data Protection ,
Data Security ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Internet of Things ,
Regulatory Agenda ,
Technology Sector ,
UK
On January 13 2025, the UK Prime Minister announced the AI Opportunities Action Plan (Action Plan) and associated UK Government response.
Prepared by Matt Clifford CBE, the Action Plan is a series of 50 recommendations on...more
1/27/2025
/ Artificial Intelligence ,
Data Privacy ,
Data Protection ,
Data Security ,
Emerging Technologies ,
EU Action Plans ,
Innovation ,
Public Sector ,
Regulatory Agenda ,
Technology Sector ,
UK
On 6 November 2024, the Information Commissioner’s Office (ICO) published a report on the use of artificial intelligence (AI) in recruitment (the Report) following a series of consensual audits with developers and providers...more
On Wednesday, the UK Government published its new Data (Use and Access) Bill with a promise that it will ‘harness the enormous power of data to boost the UK economy by GBP10 billion’ and ‘unlock the secure and effective use...more
This is the final note in a three-part series on the regulation of artificial intelligence in the financial services sector in the United States, the European Union and the United Kingdom. Our first note, we provided a...more
10/21/2024
/ Artificial Intelligence ,
Consumer Protection Laws ,
Data Protection ,
Enforcement Actions ,
EU ,
Financial Services Industry ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Legislative Agendas ,
Liability ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Requirements ,
Securities and Exchange Commission (SEC) ,
UK ,
United States
Rapid and accelerating developments in artificial intelligence have prompted governments around the world to consider how AI should be regulated and used responsibly by businesses, without stifling innovation.
This is...more
10/17/2024
/ Artificial Intelligence ,
Capital Markets ,
Data Protection ,
EU ,
Financial Conduct Authority (FCA) ,
Financial Services Industry ,
General Data Protection Regulation (GDPR) ,
Innovative Technology ,
Intellectual Property Protection ,
Machine Learning ,
Privacy Laws ,
Regulatory Agenda ,
Technology Sector ,
UK ,
White Collar Crimes
Many governments are grappling with the question of how to regulate artificial intelligence to ensure it is adopted safely and used responsibly without hampering innovation. Governments have generally indicated similar...more
10/8/2024
/ Artificial Intelligence ,
Bank of England ,
Bergdorf Goodman ,
Data Collection ,
Data Processors ,
Data Selling ,
Documentation ,
EU ,
European Banking Authority (EBA) ,
European Securities and Markets Authority (ESMA) ,
Financial Conduct Authority (FCA) ,
Financial Industry Regulatory Authority (FINRA) ,
Financial Institutions ,
Financial Services Industry ,
Information Governance ,
Machine Learning ,
MiFID II ,
Personal Data ,
Popular ,
Privacy Laws ,
Prudential Regulation Authority (PRA) ,
Regulatory Agenda ,
Regulatory Standards ,
Risk Management ,
Third-Party ,
Training ,
Transparency ,
UK
AI is accelerating digital transformation for companies and data governance is a key pillar in this change, enabling data strategies that unlock the potential of AI, and mitigate the risks associated with its use. Data...more
9/12/2024
/ Artificial Intelligence ,
Corporate Governance ,
Data Management ,
Data Privacy ,
Data Protection ,
EU ,
Information Governance ,
Machine Learning ,
Regulatory Agenda ,
Regulatory Requirements ,
Risk Management ,
UK
The UK Information Commissioner’s Office (ICO) issued guidance on content moderation technologies and processes for the first time (the Guidance). In its press release on 16 February 2024, the ICO flagged the need for content...more
This blog notes some of the key features of the Addendum. At its core, the Addendum can be used in relation to both controller BCRs and processor BCRs. Organisations then have a choice as to whether they use the Addendum in...more
The UK-US data bridge is the UK Government’s preferred terminology to describe its decision to permit the flow of personal data from the UK to the US, achieved through the UK Extension to the EU-US Data Privacy Framework. The...more
On 10 July 2023, the European Commission adopted the adequacy decision for the EU-U.S. Data Privacy Framework (DPF). This decision enables the free flow of personal data from the EU and three EEA countries (Iceland,...more
The UK National Cyber Security Centre (NCSC) published its guidance on shadow IT on 27 July 2023.
‘Shadow IT’ are unknown assets that are used within an organisation for business purposes (including in certain cloud...more
The UK National Cyber Security Centre (NCSC) revised its guidance on risk management on 26 June 2023, which was last updated in 2018....more
The UK Information Commissioner's Office (ICO) published a report on neurotechnology and released an accompanying statement on 8 June 2023....more
Within the past year, a number of countries around the world, including the United States, United Kingdom, France, and The Netherlands have initiated regulatory inquiries and developed new strategies for the purpose of more...more
4/25/2023
/ Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
NIST ,
Popular ,
UK
On 13 June 2022, the UK’s Department of Digital, Culture, Media and Sport (DCMS) published its 2022 Digital Strategy (the Strategy)....more
On 15 December 2021, the UK Government published its new National Cyber Strategy for 2022 based around the following five strategic pillars, representing the goals that the government intends to achieve by 2025, as first set...more
On 25 May 2021, the Grand Chamber of the European Court of Human Rights (ECtHR) handed down its judgment in the case Big Brother Watch v United Kingdom (BBW), holding that the UK had breached the European Convention on Human...more
The UK has left the European Union (EU), the transition period is over, the UK and EU have agreed a new Trade and Cooperation Agreement (the TCA), so what now for data protection? We look at the key consequences of Brexit for...more
Following months of protracted negotiations and coming four and a half years after the UK voted to leave the EU, 24 December 2020 saw the EU and UK finally agree the shape of their future relationship. While the Trade and...more