On October 3, 2022, the UK-U.S. agreement on Access to Electronic Data for the Purpose of Countering Serious Crime (the UK-U.S. Agreement) came into force. The UK and the U.S. governments signed the UK-U.S. Agreement on October 3, 2019 under the U.S. Clarifying Lawful Overseas Use of Data Act 2018 (“CLOUD Act”). The U.S. government is negotiating similar agreements with the governments of Canada, Australia and New Zealand, but notably, not with the European Union.

Continue Reading Does the UK-U.S. agreement under the U.S. CLOUD Act affect UK’s adequacy under the GDPR?

On 26 September 2022, the UK Information Commissioner’s Office (“ICO”) issued a blog post addressing compliance with data subject access requests (“DSARs”).

A DSAR is a written request by an individual to an organisation asking for access to the personal information it holds on them. This is a legal right everyone in the UK has and can be exercised at any time for free (in most circumstances).

Continue Reading ICO issues guidance on responding to subject access requests

In the October edition of IAPP’s Privacy Advisor, Divonne Smoyer, Hubert Zanczak, and Stuart Cobb speak to New York State Attorney General, Letitia James, about her view of consumer privacy, her work to date in enforcing existing laws and her thoughts about the future of privacy in New York and the country.

Almost 20 million Americans — 8 percent of the U.S. population — are blind or have visual impairments. Accordingly, organizations and businesses in nearly every industry stand to benefit from the use of vision related accessibility tools, which can increase employee productivity and provide a more inclusive user experience. To address this need, M365 incorporates a slew of tools and features – such as screen readers, text-to-speech, and color filters – that make it easier for end users with visual impairments to access, use, and benefit from M365 products. However, because these tools may collect and store user data in ways that may not be immediately apparent, businesses employing them must remain cognizant of the potential downstream risks associated with their use. Listen to our latest Tech Law Talks podcast episode, M365 accessibility: Vision-specific tools, as we discuss.

Continue Reading M365 Accessibility: Considerations and Risks Associated with Vision Related Tools

The UK Financial Services and Markets Bill (“FSMB”) and the accompanying explanatory notes were published on 20 July. The FSMB signals upcoming reforms to the regulatory landscape in the UK financial services sector, including issues and challenges brought about by the adoption of technologies and digital assets.

Continue Reading UK Financial Services and Markets Bill – what it means to technology providers and users in the financial services sector

Meta-owned Instagram has been fined €405 million by the Irish Data Protection Commission (DPC) for violations of the EU General Data Protection Regulation (GDPR), following a two year investigation into how the social media platform handles children’s data. This is the largest fine imposed by the DPC to date. Below, we highlight some of the key issues arising in the case.

Continue Reading Irish DPC fines Instagram a record €405 million

On 18 July 2022, the United Kingdom (UK) government set out its new proposals for regulating the use of artificial intelligence (AI) technologies while promoting innovation, boosting public trust, and protecting data. The proposals reflect a less centralised and more risk-based approach than in the EU’s draft AI Act.

The proposals coincide with the introduction to Parliament of the Data Protection and Digital Information Bill, which includes measures to use AI responsibly while reducing compliance burdens on businesses to boost the economy.

Continue Reading UK government announces its proposals for regulating AI

The Summer 2022 Edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released:

English version

German version

Continue Reading Get your Update on IT & Data Protection Law in our Newsletter (Summer 2022 Edition)

Background

On 1 August 2022, the Court of Justice of the European Union (“CJEU”) issued a decision (“Decision”) clarifying how the indirect disclosure of sexual orientation data is protected as special category data under Article 9 of the EU General Data Protection Regulation (“GDPR”). “Special Category Data” is defined within Article 9(1) of the GDPR and includes (for example) a data subject’s racial or ethnic origin or data concerning a natural person’s sex life or sexual orientation. The processing of such sensitive personal data is expressly prohibited, unless the processing is exempted from the prohibition in the sense of Article 9(2) GDPR.

Continue Reading CJEU rules on interpretation of EU GDPR special categories of data

In the September edition of IAPP’s Privacy Advisor, Divonne Smoyer and Hubert Zanczak speak to Michigan State Attorney General, Dana Nessel, about her ongoing work in the area of consumer privacy, as well as her reaction to Dobbs, thoughts on state consumer privacy legislation and the spread of misinformation online.