The UK Information Commissioner’s Office’s (the ICO’s) latest Annual Report summarises its accomplishments and priorities, including last year’s enforcement actions. Based on our review of the report, we see the ICO focusing,...more
The High Court's decision in RTM [2025] EWHC 111 (KB) raises several questions around the future of consent under the UK GDPR. Key takeaways - - The Court introduces a novel three-part test for assessing consent,...more
On 11 June 2025, the UK Parliament passed the Data (Use and Access) Act 2025 (“DUAA”), which received Royal Assent on 19 June 2025. This legislation marks a significant and targeted overhaul of the UK’s data protection...more
On 19 June 2025 the Data (Use and Access) Act (the "DUA Act") received Royal Assent and became law in the UK, having been passed by the UK Parliament on 11 June 2025. The DUA Act principally reforms the General Data...more
The UK’s Data (Use and Access) Act received Royal Assent last Thursday, June 19th, bringing into law some significant changes to the country’s post Brexit data protection framework, among an array of other, related rules (on...more
On June 19 2025, the Data (Use and Access) Act (DUA Act) received Royal Assent, having passed both Houses of Parliament on June 11 2025. The Data (Use and Access) Bill was first introduced in the House of Lords on October 23...more
The UK’s Data (Use and Access) Bill (DUA Bill) completed its passage through Parliament on 11 June 2025 and is now awaiting Royal Assent. Once enacted, it will introduce a series of targeted updates to the UK’s data...more
On 11 June 2025, the UK’s Data (Use and Access) Act 2025 (“DUA Act“) was passed and now awaits Royal Assent. The government first announced plans for the new DUA Act in the King’s speech back in July 2024. The DUA Act...more
Orrick's Founder Series offers monthly top tips for UK startups on key considerations at each stage of their lifecycle, from incorporating a company through to possible exit strategies. The Series is written by members of our...more
The UK's data protection landscape is undergoing significant transformation with the progression of the Data (Use and Access) Bill through Parliament. Officially titled the Data Protection and Digital Information Bill, this...more
In honour of the International Association of Privacy Professionals (IAPP) London 2025 conference , we hosted a webinar on European privacy litigation. This post summarises some of the key UK privacy cases we covered in that...more
What happened? The UK Information Commissioner’s Office (ICO) has released updated guidance on ‘consent or pay’ business models. These models present users with a choice to either consent to the processing of their...more
In a December, the Information Commissioner’s Office (ICO) responded to Google’s decision to lift a prohibition on device fingerprinting (which involves collecting and combining information about a device’s software and...more
A new decision by the United Kingdom’s high court says that even if you have cookie and marketing consent mechanisms that are sufficient for valid consent under privacy laws for the general public, they may not be enough for...more
Artificial Intelligence (“AI”) use in business has proliferated in recent years; risks arising from this therefore must be managed. Whilst the use of AI can drive significant efficiency gains for most businesses, the...more
The English High Court recently granted a bank permission to transfer personal data disclosed in court proceedings to an authority in Ukraine, a country without UK GDPR adequacy status. The Judge found that the transfer fell...more
During 2023, privacy protection and artificial intelligence regulation continued apace and their implications continued to be a major focus in Israel and around the world. In Israel, this was reflected in a number of...more
If you feel like every day you wake up to a new data privacy law or piece of guidance, you’re not dreaming. Regulation and rulemaking are happening faster than ever before. The complexities relating to ethical data usage are...more
From long-standing laws to incoming legislation, global nonprofits must understand the requirements and prepare for scrutiny in their handling of personal data. U.S. privacy regulations are currently a complex framework of...more
Data Protection & Digital Information Bill (DPDI) changes will be announced shortly in a further shake-up of UK data laws. The new Department for Science, Innovation and Technology (DSIT) will shortly release proposals for...more
Does this signal the beginning of the end of the GDPR in the UK or simply a reframing of approach? The UK Government has announced a new Data Reform Bill, part of a series of legislative changes aimed at obtaining a “Brexit...more
By the end of 2023, privacy laws will protect the personal information of 75 percent of the world’s population, and with the rise of cybercrime across the globe, data protection is top of mind for organizations that manage...more