On 10 September 2021, the Department for Digital, Culture, Media & Sport (DCMS) launched a public consultation on its proposed reforms to the UK’s data protection regime, with a view to assessing the case for legislative change.

The consultation comes as the first step in the government’s plans to deliver on ‘Mission 2’ of its National Data Strategy, published in 2020: to secure a data regime that promotes growth and innovation for UK businesses, while also maintaining public trust.

The UK’s data protection regime has not received a substantive update since 2018 when the European Union’s General Data Protection Regulation (GDPR) took effect, alongside the introduction of the UK’s Data Protection Act 2018. The government’s National Data Strategy has suggested that the UK may start to move away from EU law when it comes to data protection.

According to the Secretary of State, the ultimate aim of the consultation is to ‘create a more pro-growth and pro-innovation data regime, whilst maintaining the UK’s world-leading data protection standards’.
Continue Reading DCMS launches public consultation on reforms to the UK’s data protection regime

Smart contracts and digital assets are becoming increasingly common in a variety of industries. Nevertheless, is the law ready for them? Following the publication of the Legal statement on the status of cryptoassets and smart contracts by the LawTech Delivery Panel, the Law Commission has launched two projects to analyse how English law can be reformed to accommodate these emerging technologies.

Smart contracts

English contract law has developed on the presumption that contracts are written by individuals in ordinary language. Smart contracts, on the other hand, are drafted by a computer code, without the need for human intervention. They can either be in natural language generated through computer code, a hybrid of coded terms and natural language or wholly written in code. These developments raise a number of questions and challenges for English contract law, particularly in relation to what circumstances a contract written in code would be considered legally binding and how they can be interpreted by courts.

The UK Government asked the Law Commission to undertake a study on smart contracts, which will focus on:

  • Formation and enforceability;
  • Interpretation;
  • Performance of the contract;
  • Remedies; and
  • Vitiating factors

Continue Reading The Law Commission is looking at smart contracts and digital assets: Is the law ready?

Three bipartisan Senate bills are up for consideration in Congress that would attempt to modernize the legal standards under which the U.S. government can access communications electronically stored by email service providers and cloud computing companies.

The proposed bills, introduced July 27, 2017, each provide a different scheme in updating the Electronic Communications Privacy Act (ECPA), which has been criticized for being woefully outdated, given the rise of the Internet of Things and how people currently share, store, and use information. Accordingly, many have publicly called for Congress to completely overhaul the Reagan-era statute.

Current Framework: The ECPA

Although ECPA has undergone amendment since its passage in 1986, the most scrutinized aspects of the law, such as those related to email retention, remain unchanged from when it was passed more than 30 years ago.

ECPA currently requires law enforcement officials to obtain a warrant in order to access data less than 180 days old. A warrant requirement is a strict legal standard, requiring that any request be supported by probable cause – a reasonable suspicion of criminal activity based on articulable facts.

However, if the data is more than 180 days old, ECPA considers those older communications to be abandoned, and therefore not subject to a reasonable expectation of privacy. Thus, law enforcement officials are entitled to access those emails and other electronic communications without a warrant.  Instead, government officials need only issue a subpoena for the information or obtain a court order.
Continue Reading ECPA Reform Legislation on the Horizon (Again)

A panel on legal reform in the area of privacy and data security at this week’s IAPP Summit provided an opportunity for a discussion between businesses and regulators, as well as for the launch of a white paper on the activities of the plaintiffs’ bar in this area that Reed Smith prepared for the U.S. Chamber Institute for Legal Reform (ILR).

The panel, “Lessons in Liability: The US Privacy Landscape and Proposals for Reform,” featured Tanya Madison, Chief Privacy Counsel at TD Bank; Howard Beales, Professor of Strategic Management and Public Policy at the George Washington School of Business, and former Director of the Bureau of Consumer Protection at the Federal Trade Commission; and Oriana Senatore, Vice President of Policy & Research at the U.S. Chamber of Commerce Institute for Legal Reform.Continue Reading Data Privacy and Security Legal Reform, and Plaintiffs’ Bar White Paper the Focus of IAPP Panel

This post was written by Cynthia O’Donoghue.

The Privacy (Giving Privacy Commissioner Necessary Tools) Amendment Bill that would have given greater powers of control to the New Zealand data protection authority, the Office of the Privacy Commissioner (the DPA), has been blocked by a negative vote in New Zealand Parliament.

The draft bill proposed

In January 2012, the European Commission proposed a legislative package to update the data protection principles enshrined in the 1995 Data Protection Directive (Directive 95/46/EC). The policy objectives of the European Commission set out an ambitious blueprint for a more cohesive EU data protection framework backed by stronger enforcement. Central to facilitating this were proposals

This post was also written by Nick Tyler.

The UK Minister responsible for government policy on data protection has raised concerns about any proposed “radical rewrite” of the EU Data Protection Directive.

Kenneth Clarke, Lord Chancellor and Secretary of State for Justice, called for both flexibility and a common-sense solution to modernising data protection