Latham & Watkins and Privacy Laws & Business recently co-hosted a webinar looking back on the first eight months since the UK-US Data Bridge entered into force. Speakers from the UK Information Commissioner’s Office (ICO) and...more
9/6/2024
/ Bilateral Agreements ,
Data Protection ,
Department of Transportation (DOT) ,
EU ,
EU-US Privacy Shield ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Jurisdiction ,
Personal Data ,
Self-Certification ,
Standard Contractual Clauses ,
U.S. Commerce Department ,
UK
The Online Safety Act (the OSA) received Royal Assent on 26 October 2023 and is now in force.
The OSA establishes an extensive regulatory framework for providers of online user-to-user services and search services with...more
8/16/2024
/ Compliance ,
Compliance Dates ,
Digital Service Providers ,
Digital Services ,
Enforcement ,
New Legislation ,
OFCOM ,
Online Marketplace ,
Online Platforms ,
Online Safety for Children ,
Regulatory Requirements ,
Search Engines ,
Social Media ,
UK ,
User-Generated Content
Critical Third Parties serving the UK financial sector must ready themselves for compliance with the newly proposed operational resilience requirements.
On 7 December 2023, the PRA, FCA, and BoE jointly published a...more
As regulatory thinking evolves, firms must ensure that any current or planned use of AI complies with regulatory expectations.
As financial services firms digest FS2/23, the joint Feedback Statement on Artificial...more
A new publication from the UK’s financial regulator signals to firms that they should take steps to manage risks in the use of AI.
The UK’s Financial Conduct Authority (FCA) has published its latest board minutes...more
Regulator clarifies that existing FCA rules will continue to apply but will also reflect the evolving landscape of financial promotions on social media.
On 17 July 2023, the FCA published a guidance consultation (GC23/2)...more
7/21/2023
/ Affiliates ,
Comment Period ,
Consultation ,
Financial Conduct Authority (FCA) ,
Financial Institutions ,
Financial Promotions ,
Financial Services Industry ,
Guidance Update ,
High Risk Financial Products ,
Influencers ,
Marketing ,
Retail Investors ,
Social Media ,
UK
The updated reform legislation provides welcome guidance and clarifications on aspects such as legitimate interests and accountability, without substantially shifting the approach proposed under the existing reform bill. ...more
The Information Commissioner’s Office published draft guidance on privacy enhancing technologies that can be used to comply with privacy-by-design requirements.
On 7 September 2022, the Information Commissioner’s Office...more
Areas of interest include anonymisation, “recognised legitimate interests”, and the ICO’s role.
The UK Data Protection and Digital Information Bill (the Bill) sets out the government’s proposals for reforming the current...more
8/19/2022
/ Anonymization ,
Compliance ,
Data Controller ,
Data Processors ,
Data Protection ,
Data Security ,
Electronic Communications ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Personal Data ,
Proposed Legislation ,
UK ,
UK Data Protection Act
The bill would largely build on the UK data protection regime’s EU GDPR-style framework, albeit with UK-specific provisions.
The UK government introduced the Data Protection and Digital Information Bill (the Bill) to...more
UK government sets out ambitious proposal for reforming the UK data protection landscape.
On 17 June 2022, the Department for Culture, Media and Sport (DCMS) published its response to its consultation “Data: a new...more
7/13/2022
/ Consultation ,
Data Protection ,
e-Privacy Directive ,
Electronic Communications ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Popular ,
Regulatory Agenda ,
UK ,
UK GDPR
Companies have three months to prepare to use the latest standard contractual clauses for new data transfers, and 18 months to migrate existing arrangements.
On 4 June 2021, the European Commission released its...more
6/28/2021
/ Court of Justice of the European Union (CJEU) ,
Data Controller ,
Data Processors ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
FISA ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
UK
As the Brexit transition period draws to a close, businesses will need to consider their data protection efforts to comply with both UK and EU regimes.
The end of the Brexit transition period on 31 December 2020 will have...more
The European Commission has published draft updated standard contractual clauses in light of the Schrems II decision.
On 12 November 2020, the European Commission (the Commission) published a draft implementing decision,...more
12/8/2020
/ Data Controller ,
Data Processors ,
EU ,
European Commission ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Member State ,
Personal Data ,
Public Consultations ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
UK
UK government encourages regulated firms to share customer information within corporate groups, highlighting interaction with firms’ obligations under the Proceeds of Crime Act 2002 and GDPR.
The UK government has...more
The FCA is considering whether alternative data could introduce new risks to market integrity.
The FCA’s recently published Insight article explores how alternative data might give rise to market abuse risks. The article...more
UK Treasury Committee report warns that the current level and frequency of disruption and consumer harm is unacceptable.
On 28 October 2019, the Treasury Committee published a report on IT failures in the financial...more
10/30/2019
/ Banking Sector ,
Corporate Communications ,
Corporate Management ,
Financial Services Industry ,
HM Treasury ,
Information Reports ,
Information Technology ,
Outsourcing ,
Risk Management ,
SMCR ,
UK
How can private equity firms identify and mitigate inherited liability risk from vulnerable portfolio companies?
Ongoing big ticket regulatory fines coupled with high profile corporate veil cases indicate that private...more
9/30/2019
/ Acquisitions ,
British Airways ,
Data Breach ,
Due Diligence ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Mergers ,
Piercing the Corporate Veil ,
Portfolio Companies ,
Private Equity ,
Private Equity Firms ,
Risk Assessment ,
Risk Mitigation ,
Successor Liability ,
UK
UK confirms reciprocal requirements for digital services providers to appoint UK representatives for NIS purposes, following Brexit.
Following a consultation process, the UK government has now confirmed that it will put...more
The guidance clarifies the interplay between the PECR and GDPR and provides practical steps to achieving cookie compliance.
The UK’s data protection supervisory authority, the Information Commissioner’s Office (ICO),...more
The ICO issued notices of intent to fine British Airways and Marriott. What happened?
On 8 July 2019, the UK Information Commissioner’s Office (ICO) announced a notice of intent to fine British Airways £183.39 million (about...more
7/12/2019
/ British Airways ,
Corporate Fines ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Marriott ,
Popular ,
UK
Online services have until 31 May to respond to 16 draft standards of age-appropriate design.
The ICO is required by s123 of the Data Protection Act 2018 to prepare a code of practice which contains guidance on standards...more
Companies should identify data flows, implement a data transfer solution, and update internal documents and privacy notices.
Since our blog on “What a “No Deal” Brexit Means for UK Data Privacy”, the European Data...more
3/20/2019
/ Article 50 Treaty of the EU ,
CNIL ,
Data Privacy ,
Data Protection ,
DIFC ,
EU ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Ireland ,
Member State ,
No-Deal Brexit ,
UK ,
UK Brexit ,
Withdrawal Agreement
The guidelines create new obligations for financial, payment, and electronic money institutions that will impact cloud outsourcing and deployment of FinTech.
On 25 February 2019, the European Banking Authority (EBA)...more
3/19/2019
/ Cloud Service Providers (CSPs) ,
Cloud Storage ,
Commission Delegated Regulation ,
EU Directive ,
European Banking Authority (EBA) ,
Financial Institutions ,
FinTech ,
Information Reports ,
MiFID II ,
Outsourcing ,
Payment Systems ,
UK
The DIFC guidelines provide practical guidance for DIFC-registered entities engaging in electronic direct marketing, including useful “dos” and “don’ts”.
What Do DIFC-Registered Entities Need to Know?
In January 2019,...more
2/4/2019
/ DIFC ,
Direct Marketing ,
Dubai ,
Electronic Communications ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
New Guidance ,
UK ,
UK Data Protection Act ,
United Arab Emirates (UAE)