The UK Data (Use and Access) Act 2025, which came into force on 19 June 2025 and will be implemented in a phased approach, marks a significant shift in the United Kingdom’s approach to data regulation....more
2023 is shaping up to be a landmark year for data privacy, on both sides of the Atlantic. In the US, four new state laws go into effect – two on July 1 – while California is expanding its already robust requirements, and...more
On June 8, 2023, the UK and the U.S. governments issued a joint statement announcing that they had committed in principle to the establishment of a “UK Extension to the Data Privacy Framework,” which would facilitate flows of...more
By now, you have probably heard about OpenAI’s ChatGPT, an artificially intelligent chatbot, and similar chatbots that have launched in its wake. Since its launch, ChatGPT is estimated to have reached more than 100 million...more
The highly anticipated UK Supreme Court decision in Lloyd v. Google has brought into focus (1) the operation of the United Kingdom’s collective redress regime brought under the civil procedure rules, particularly the...more
On 10 November 2021, the Supreme Court dismissed the United Kingdom’s first ever “opt-out” class action brought outside of the competition law sector, in Lloyd v Google LLC. The claim, seeking an award of damages of around £3...more
The UK Supreme Court handed down its much-anticipated decision in the Lloyd v Google LLC [2021] UKSC 50 case on 10 November 2021 restricting claimants’ ability to bring data privacy class actions in the UK under the (now...more
On 9 July 2021, the Data Protection Act, 2021 (the DPA) came into force in the British Virgin Islands (the BVI).The DPA applies to all BVI companies, limited partnerships and other entities that process, have control over or...more
In one of the world’s first test cases regarding the legality of the use of automated facial recognition and biometric technology, on 11 August 2020 the English Court of Appeal handed down judgment in R (Bridges) v CC South...more
In this month's edition, we examine the Court of Justice of the European Union's decision invalidating the EU-U.S. Privacy Shield framework, as well as the U.S. government's response to the decision. We also examine two...more
Companies who do business in the United States and have documents located abroad must understand the potential conflicts between the broad extraterritorial discovery authorized by U.S. courts, and the major restrictions on...more
Case Summary - Richard Lloyd, a “champion of consumer protection” and former director of the consumer rights group Which?, is seeking to bring a representative damages claim against Google, on behalf of more than four...more
UK supermarket chain Morrisons has been held vicariously liable for the acts of a malicious employee in the UK’s first data leak class action. The issue began in 2014, when a disgruntled Morrison’s internal IT auditor posted...more
The GDPR will apply to the UK when it is effective on May 25, 2018, but the government will need to adopt domestic data privacy legislation upon the UK’s pending exit from the EU....more