Photo of Alicja Lysik

The UK’s new Product Security and Telecommunications Infrastructure Act 2022 will take effect on 29 April 2024, and will require manufacturers to implement minimum-security standards on all consumer products with internet or network connectivity, such as smartphones, smart meters, CCTV cameras, smart speakers, games consoles, smart doorbells, and medical devices and wearables before they can be made available for purchase.

Continue Reading From Smartphones to Alarm Systems: UK Mandates Minimum Security for Connected Devices

The EDPB 101 Task Force published a report summarizing its assessment on international data transfers in connection with the use of tracking and analytics cookies (Tracking Cookie). The report is available here. The 101 Task Force comprises of representatives of the supervisory authorities in the EU (SA) and was created back in 2020, in response to the 101 complaints filed by NYOB, a data privacy activism group, regarding data transfers in connection with the use of Tracking Cookies.

Continue Reading Cookies and international data transfers: Key takeaways from the EDPB 101 Task Force report

On 13 April 2023, the EU’s Committee on Civil Liberties, Justice and Home Affairs (LIBE Committee) passed a resolution to stop the debate over the draft adequacy decision stating that the new EU-US Data Privacy Framework (DPF) and the Executive Order on Enhancing Safeguards for US Signals Intelligence Activities issued by the US President do not provide sufficient privacy safeguards. The DPF was originally predicted to pass in early 2023 but putting a resolution to Parliament’s vote suggests looming delays.

Continue Reading EU-US data transfers: LIBE Committee to stop debate over adequacy decision due to concerns over insufficient privacy safeguards

On 4 April 2023, the Personal Information Protection Commission of Japan (PPC) and European Commissioner for Justice issued a joint Press Statement on the conclusion of the first review of the Japan-EU Mutual Adequacy Decision. Both sides reiterated the importance of cooperation in the data protection regulation sphere that is becoming increasingly complex to navigate.

Continue Reading EU may expand the scope of the adequacy decision for Japan following its first review

On 13 March 2023, the Information Commissioner’s Office (‘ICO’) published new guidance, ‘Privacy in the product design lifecycle’, to help technology professionals, such as UX designers, product managers and software engineers, keep data protection considerations at the forefront of their products and services. The guidance describes how to tackle privacy issues arising at each stage of the design and development process, as summarised below.

Continue Reading Takeaways from ICO’s “Privacy in the product design lifecycle” guidance

The Critical Entities Resilience Directive (‘CER’) entered into force on 16 January 2023, replacing the 2008 European Critical Infrastructure Directive. The new rules are aiming to strengthen the resilience of critical infrastructure to a range of threats, including natural hazards, terrorist attacks, insider threats, or sabotage. The CER Directive introduces new obligations on entities providing