On 26 October 2023, the UK adopted the Online Safety Act 2023, which introduces new obligations for online platforms to improve user safety online by ensuring content that is illegal and harmful is monitored and removed. We previously compared the Act in its draft form with the EU Digital Services Act here and will be updating the table soon.Continue Reading The UK Online Harms Bill becomes the Online Safety Act
Regulatory
The UK Information Commissioner’s Data Protection Practioner’s Conference 2023 on Cybersecurity
On 3 October 2023, the UK Information Commissioner’s Office organised its annual Data Protection Practioner’s Conference 2023 (DPPC 2023). This year its focus was on Cybersecurity – a topic that concerns organisations across the board. Here are the takeaways from the DPPC 2023 (the event sessions available here).Continue Reading The UK Information Commissioner’s Data Protection Practioner’s Conference 2023 on Cybersecurity
UK Workplace monitoring – are you compliant?
On 3 October 2023, the Information Commissioner’s Office (ICO) published guidance (the Guidance) on lawful monitoring in the workplace. The Guidance provides advice to companies to help them comply with their obligations under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018) when monitoring anyone who performs work on their behalf. This is not limited to employees and could include monitoring of workers or those who are self-employed.Continue Reading UK Workplace monitoring – are you compliant?
DRCF to launch AI and Digital Hub regulatory advice pilot in 2024
On 19 September, the Department for Science, Innovation and Technology (DSIT) announced in a press release that it is to launch a pilot advisory service next year, called the DRCF AI and Digital Hub.
This service will be operated by members of the Digital Regulation Cooperation Forum (DRCF), made up of the Information Commissioner’s Office (ICO), the Office of Communications (Ofcom), the Competition and Markets Authority (CMA) and the Financial Conduct Authority (FCA).
The DRCF AI and Digital Hub will provide businesses with tailored advice and support regarding how to meet requirements across multiple regulatory regimes. The DSIT anticipates that this service will expedite the process of getting new products and innovations to market, in a safe and responsible manner.
As such, the launch of the DRCF AI and Digital Hub will likely be welcome news for businesses across the UK, providing companies and innovators with the tools to navigate a challenging and multi-layered regulatory environment.Continue Reading DRCF to launch AI and Digital Hub regulatory advice pilot in 2024
UK government announces a UK data bridge with the US
Further to the joint announcement in June by UK Secretary of State for Science, Innovation, and Technology and the US Commerce Secretary of their intention to create a UK-US data bridge (please see our blog for further details), the UK government has passed a Regulation establishing a UK-US data bridge. The data bridge comes in the form of an extension to the EU-US Data Bridge Privacy Framework (the DPF) and will come into force on 12 October.Continue Reading UK government announces a UK data bridge with the US
DSIT publishes draft amendments to the UK GDPR and DPA 2018
On 11 September 2023, the UK’s Department for Science, Innovation, and Technology (DSIT), published the draft Data Protection (Fundamental Rights and Freedoms) (Amendment) Regulations 2023 (DP Regulations), which seek to amend the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018 (DPA 2018).Continue Reading DSIT publishes draft amendments to the UK GDPR and DPA 2018
Cookies and international data transfers: Key takeaways from the EDPB 101 Task Force report
The EDPB 101 Task Force published a report summarizing its assessment on international data transfers in connection with the use of tracking and analytics cookies (Tracking Cookie). The report is available here. The 101 Task Force comprises of representatives of the supervisory authorities in the EU (SA) and was created back in 2020, in response to the 101 complaints filed by NYOB, a data privacy activism group, regarding data transfers in connection with the use of Tracking Cookies.Continue Reading Cookies and international data transfers: Key takeaways from the EDPB 101 Task Force report
EU-US data transfers: LIBE Committee to stop debate over adequacy decision due to concerns over insufficient privacy safeguards
On 13 April 2023, the EU’s Committee on Civil Liberties, Justice and Home Affairs (LIBE Committee) passed a resolution to stop the debate over the draft adequacy decision stating that the new EU-US Data Privacy Framework (DPF) and the Executive Order on Enhancing Safeguards for US Signals Intelligence Activities issued by the US President do not provide sufficient privacy safeguards. The DPF was originally predicted to pass in early 2023 but putting a resolution to Parliament’s vote suggests looming delays.Continue Reading EU-US data transfers: LIBE Committee to stop debate over adequacy decision due to concerns over insufficient privacy safeguards
Unanimous Supreme Court limits FTC and other agencies’ investigative power
In the latest of a recent string of judicial rebukes, the Supreme Court’s unanimous decision in Axon Enterprise, Inc. v. FTC offers the targets of Federal Trade Commission (“FTC”) and other agencies’ administrative proceedings a path to quicker judicial relief. Historically, courts have been reluctant to permit immediate challenges to investigations and adjudications without forcing the targets to wait for the resolution of all agency proceedings. While aptly referred to as the doctrine of “exhaustion,” the result, as Justice Gorsuch observed, is that “agencies sometimes use this as leverage to extract settlement terms they could not lawfully obtain any other way.” The Court’s decision in Axon not only deprives the FTC of a potential source of leverage, but it also increases the likelihood that companies faced with investigations may turn to the courts for relief at an earlier stage. The decision comes at a time when the FTC’s powers and attempts to exercise those powers have been called into question by the bar, members of Congress, and by courts.Continue Reading Unanimous Supreme Court limits FTC and other agencies’ investigative power
EU may expand the scope of the adequacy decision for Japan following its first review
On 4 April 2023, the Personal Information Protection Commission of Japan (PPC) and European Commissioner for Justice issued a joint Press Statement on the conclusion of the first review of the Japan-EU Mutual Adequacy Decision. Both sides reiterated the importance of cooperation in the data protection regulation sphere that is becoming increasingly complex to navigate.Continue Reading EU may expand the scope of the adequacy decision for Japan following its first review