Amidst growing public attention on artificial intelligence (AI), the UK government recently published its white paper detailing its “pro-innovation” approach to AI. Other developments, showing the UK’s continued focus on this area, are also outlined below.Continue Reading A “light touch” approach to AI regulation in the UK
UK expands scope of NIS Regulations
The UK Network and Information Systems (NIS) Regulations 2018 will be strengthened in an effort to protect essential and digital services. On 30th November 2022, the UK government published its response to the public consultation on proposals to improve the UK’s cyber resilience. As the UK is no longer bound by EU legislation, it will not be implementing the NIS 2 Directive, recently adopted by European Parliament and Council. However, the frequency and scale of cyber incidents and consequent increased risk of severe damage has prompted change to UK cyber laws as well. Continue Reading UK expands scope of NIS Regulations
What happens when AI goes wrong? The proposed EU AI Liability Directive
On 28 September 2022, the European Commission published the proposed AI Liability Directive. The Directive joins the Artificial Intelligence (AI) Act (which we wrote about here) as the latest addition to the EU’s AI focused legislation. Whilst the AI Act proposes rules that seek to reduce risks to safety, the liability rules will apply where such a risk materialises and damage occurs.
In a European enterprise survey, 33% of companies considering adopting AI quoted ‘liability for potential damages’ as a major external challenge. The proposed Directive hopes to tackle this challenge by establishing EU-wide rules to ensure consumers obtain the same level of protection as they would if they issued a claim for damages from using any other product.Continue Reading What happens when AI goes wrong? The proposed EU AI Liability Directive
‘Mere upset’ insufficient for compensation under the GDPR
On 6 October 2022, the Advocate General (Campos Sánchez-Bordona) issued his opinion in UI v Österreichische Post AG on the interpretation of the rules on civil liability under the GDPR .
He concluded that a data subject must have suffered harm in order to claim compensation, and that breach of the GDPR alone was not sufficient. There is also a distinction to be drawn between mere upset (which does not give rise to a right for compensation) and non-material damage (which does).Continue Reading ‘Mere upset’ insufficient for compensation under the GDPR
EU Commission proposes Cyber Resilience Act to bolster the EU’s cyber security rules.
The European Commission published a proposal for a Cyber Resilience Act on 15 September 2022 (the ‘Regulation’), which aims to:
- ensure that cyber security is considered during the development of hardware and software products and is continuously improved throughout that product’s life cycle; and
- improve transparency so that users can take cybersecurity into account when selecting and using a product with digital elements.
Irish DPC fines Instagram a record €405 million
Meta-owned Instagram has been fined €405 million by the Irish Data Protection Commission (DPC) for violations of the EU General Data Protection Regulation (GDPR), following a two year investigation into how the social media platform handles children’s data. This is the largest fine imposed by the DPC to date. Below, we highlight some of the key issues arising in the case.Continue Reading Irish DPC fines Instagram a record €405 million