If you can remember as far back as December 2021, we published a blog post announcing that the European Data Protection Board (EDPB) published draft guidelines on the interplay between the territorial scope of the GDPR and the international transfer requirements. Following what must have been an extensive consultation, we are pleased to report that those guidelines were finally finalised on 14 February 2023 (here) and, are even more pleased to report that they contain some very useful illustrations to help you make sense of the concept of international data transfers.

Sarah O'Brien
What happens when AI goes wrong? The proposed EU AI Liability Directive
On 28 September 2022, the European Commission published the proposed AI Liability Directive. The Directive joins the Artificial Intelligence (AI) Act (which we wrote about here) as the latest addition to the EU’s AI focused legislation. Whilst the AI Act proposes rules that seek to reduce risks to safety, the liability rules will apply where such a risk materialises and damage occurs.
In a European enterprise survey, 33% of companies considering adopting AI quoted ‘liability for potential damages’ as a major external challenge. The proposed Directive hopes to tackle this challenge by establishing EU-wide rules to ensure consumers obtain the same level of protection as they would if they issued a claim for damages from using any other product.…
Continue Reading What happens when AI goes wrong? The proposed EU AI Liability Directive
UK government announces its proposals for regulating AI
On 18 July 2022, the United Kingdom (UK) government set out its new proposals for regulating the use of artificial intelligence (AI) technologies while promoting innovation, boosting public trust, and protecting data. The proposals reflect a less centralised and more risk-based approach than in the EU’s draft AI Act.
The proposals coincide with the introduction to Parliament of the Data Protection and Digital Information Bill, which includes measures to use AI responsibly while reducing compliance burdens on businesses to boost the economy.
Continue Reading UK government announces its proposals for regulating AI
Government releases proposals to reform UK data protection laws
On 17 June 2022, in response to its consultation in 2021 on the same topic (which we wrote about here), the UK government published more detailed proposals to reform data protection laws in the UK. The response to the consultation can be found here. The intention of the reforms is to achieve greater personal data use enabling economic growth by removing barriers and reducing obstacles for organisations whilst maintaining high standards of personal data protection and EU adequacy.…
Continue Reading Government releases proposals to reform UK data protection laws
The fourth anniversary of the GDPR: How the GDPR has had a domino effect
Four years ago, the General Data Protection Regulation (“GDPR”) came into force in the EU. Since then, the GDPR has had a domino effect, as many countries in the world have used it as a model to shape their own rules on the handling of personal data. Given the rapid changes in data protection legislation around the world, legal and compliance teams of multinational organisations are under pressure to keep up with such developments as they continuously adapt their compliance programs in response.…
Continue Reading The fourth anniversary of the GDPR: How the GDPR has had a domino effect
UK regulators publish two discussion papers on algorithmic systems
On 28 April 2022, the UK Digital Regulation Cooperation Forum (DRCF) published two discussion papers on the benefits and harms of algorithms and on the landscape of algorithmic auditing and the role of regulators, respectively.
About DRCF
The DRCF consists of four UK regulators: the Competition and Markets Authority, Ofcom, the Information Commissioner’s Office and the Financial Conduct Authority, to support regulatory cooperation in digital markets.…
Continue Reading UK regulators publish two discussion papers on algorithmic systems
Department for Digital, Culture, Media and Sport launches consultation on app security
On 4 May 2022, the Department for Digital, Culture, Media and Sport (DCMS) launched a consultation (available here) to request views from the tech industry on potential interventions to enhance security and privacy requirements for firms running app stores and developers making apps.…
European Commission adopts two proposals for cybersecurity and information security regulations
On 22 March 2022, the European Commission (“EC”) adopted two new proposals for a Cybersecurity Regulation and an Information Security Regulation (available here and here). These regulations aim to set common priorities and frameworks in order to further strengthen inter-institutional co-operation, minimise risk exposure and further strengthen the EU security culture.
Continue Reading European Commission adopts two proposals for cybersecurity and information security regulations
Cybersecurity 2.0: the UK follows suit with the EU in launching cybersecurity law reform
Following the recent adoption of a new draft EU cybersecurity directive (we wrote about it here), the UK government has now also launched a consultation on its proposal to reform the existing UK cybersecurity legislation (see consultation here).
A recap of the current UK cybersecurity law: NIS Regulations
One of the key pieces of cybersecurity legislation in the UK is the Network and Information Systems Regulations 2018 (NIS Regulations), which implemented the EU Cybersecurity Directive 2016 prior to Brexit.
Under the NIS Regulations, businesses who provide certain essential services (referred to as operators of essential services, or OES) and relevant digital service providers (RDSP) are required to register with the relevant competent authorities; meet a baseline level of cybersecurity requirements; and report any incident which has a significant impact on the continuity of the essential services.…
What does the ICO tell us about using data for research purposes?
The UK’s data protection regulator, the Information Commissioner’s Office (‘ICO’), has released draft guidance on the research provisions within the UK’s General Data Protection Regulation (‘UK GDPR’) and Data Protection Act (‘DPA’). The guidance is out for public consultation until 22 April 2022.
Continue Reading What does the ICO tell us about using data for research purposes?