Life With GDPR: Cathay Pacific Enforcement Action
Life With GDPR: Episode 30- British Airways Data Breach Enforcement Action
E18: ICANN Loses First GDPR Court Ruling in Germany
The Data (Use and Access) Act 2025 (Commencement No. 1) Regulations 2025 (SI 2025/904) have been made and published. The Regulations bring certain key provisions of the Data (Use and Access) Act 2025 (DUAA) into force from 20...more
The DUAA introduces several reforms to UK data protection law, but their implications are relatively limited in practice. The Data (Use and Access) Act 2025 (the DUAA) was enacted on 19 June 2025 and amends rather than...more
The UK Information Commissioner’s Office’s (the ICO’s) latest Annual Report summarises its accomplishments and priorities, including last year’s enforcement actions. Based on our review of the report, we see the ICO focusing,...more
The Data (Use and Access) Bill passed both Houses of UK Parliament and received Royal Assent on 19 June 2025, now becoming the Data (Use and Access) Act 2025 (“DUA Act”). This is the final iteration of the Data Protection and...more
The guidelines specify the requirements for data controllers to conduct risk assessments related to the transfer or disclosure of personal data outside the Kingdom. ...more
In a December, the Information Commissioner’s Office (ICO) responded to Google’s decision to lift a prohibition on device fingerprinting (which involves collecting and combining information about a device’s software and...more
The Digital Operational Resilience Act (DORA) establishes a harmonised and comprehensive framework for information and communication technology (ICT) risk management in the financial sector. It is a directly applicable EU...more
On December 12 2024 the ICO published an outcomes report on its 2024 generative AI consultation series (the Report). The Report addresses five key areas regarding generative AI and its relation to data protection: -...more
On March 23 2018, the Information Commissioner’s Office (ICO) executed a warrant to enter and search the offices of Cambridge Analytica. The purpose of the search was to access records concerning its alleged use of personal...more
BCLP recently hosted a seminar on AI in HR. In this thought-provoking session, we considered how AI is used in HR and its regulation in the EU and the UK, and then engaged in some discussions around two theoretical scenarios....more
The draft guidelines provide further clarification to the EDPB’s interpretation of legitimate interests, and suggest a potential divergence with the UK ICO....more
As further initiatives come in to play and legislation is on the horizon, existing regulators (such as the ICO, CMA, Ofcom and FCA) continue to press on with their approach to AI regulation, including through the Digital...more
On October 23, the UK Government’s House of Lords had its first reading of a new proposed data protection bill, the Data (Use and Access) Bill (“DUA Bill”), as sponsored by the Department of Science, Innovation, and...more
The Upper Tribunal (UT) has overturned a decision by the First-tier Tribunal (FTT), relating to a Monetary Penalty Notice (MPN) that was issued by the Information Commissioner (ICO). All of this stemmed from a cyber-attack...more
This is the final note in a three-part series on the regulation of artificial intelligence in the financial services sector in the United States, the European Union and the United Kingdom. Our first note, we provided a...more
This series of blogs rounds up some of the key data protection regulatory trends we have seen during 2024, focused on the EU and UK. 2024 has seen behavioural advertising and cookies continue to dominate the agenda of data...more
On 5 September 2024, the UK’s data privacy regulator, the Information Commissioner’s Office (ICO), and the UK National Crime Agency (NCA) signed a Memorandum of Understanding (MoU) outlining how they will further collaborate...more
Latham & Watkins and Privacy Laws & Business recently co-hosted a webinar looking back on the first eight months since the UK-US Data Bridge entered into force. Speakers from the UK Information Commissioner’s Office (ICO) and...more
To help organizations stay on top of the main developments in European digital compliance, Morrison Foerster’s European Digital Regulatory Compliance team reports on some of the main topical digital regulatory and compliance...more
This blog notes some of the key features of the Addendum. At its core, the Addendum can be used in relation to both controller BCRs and processor BCRs. Organisations then have a choice as to whether they use the Addendum in...more
The United Kingdom has announced its decision to establish the UK-U.S. Data Bridge. The UK-U.S. Data Bridge will allow UK businesses and organizations to transfer personal data to organizations in the United States that have...more
Why should I read this? A new UK-US data bridge will be available to businesses in the UK looking to transfer personal data to organizations in the United States certified under the UK Extension to the EU-US Data Privacy...more
As we noted in our 2023 DSIR, there has been a flurry of activity within the information governance space, at home and abroad. This activity deserves further analysis, because while it seems from a distance that there are...more