Life With GDPR: Cathay Pacific Enforcement Action
Life With GDPR: Episode 30- British Airways Data Breach Enforcement Action
E18: ICANN Loses First GDPR Court Ruling in Germany
Latham & Watkins and Privacy Laws & Business recently co-hosted a webinar looking back on the first eight months since the UK-US Data Bridge entered into force. Speakers from the UK Information Commissioner’s Office (ICO) and...more
Introduction The UK’s Online Safety Act (OSA) imposes extensive obligations on certain types of online service providers to protect users from illegal and harmful content. A key focus of the OSA is the protection of children...more
The UK’s data privacy regulator, the Information Commissioner’s Office (ICO), is investigating Microsoft over potential privacy concerns with its recently announced AI-powered “Recall” feature for Windows PCs. Microsoft...more
The Information Commissioner’s Office (ICO), the UK’s data protection regulator, has published an opinion on age assurance for internet society services (ISS). The opinion aims to explain how a company can use technology in...more
In part one of our series "FemTech: how this growing industry can build trust, protect privacy and redress healthcare inequity… one app at a time", we take an introductory look at the industry, and offer some...more
The Information Commissioner’s Office (ICO) launched a campaign called ‘Think. Check. Share’ (the Campaign) on 29 January 2024, to promote responsible data sharing to safeguard children. The Campaign aims to provide...more
There’s so much activity around generative AI! This is a hot topic for us data privacy folks as it presents new challenges for the protection of personal data. Call us sad, but we get very excited about it!...more
The Information Commissioner’s Office (ICO), the personal data protection authority in the United Kingdom (UK), is running a public consultation on its draft guidance on biometric data which covers the requirements under the...more
The United Kingdom has announced its decision to establish the UK-U.S. Data Bridge. The UK-U.S. Data Bridge will allow UK businesses and organizations to transfer personal data to organizations in the United States that have...more
On 3 October 2023, the UK’s Information Commissioner’s Office (ICO) published new guidance on workplace monitoring. The previous guidance was issued in 2011, as part of the ICO’s Employment Practices Code, and was badly in...more
The UK has approved the UK-U.S. Data Bridge facilitating flows of personal data to U.S. entities that have self-certified to the EU-U.S. Data Privacy Framework (‘DPF’), provided that those entities extend their DPF...more
FTC Finalizes Settlement with 1Health.io For Allegations It Failed to Protect Customers’ DNA Data - On September 6, 2023, the Federal Trade Commission’s agreement with the genetic testing firm 1Health.io Inc. – formerly...more
The ICO has issued a draft guidance on using biometric data and technologies. Who is the guidance aimed at? If your organisation develops or uses biometric technologies, you should familiarise yourself with this guidance....more
I recently had the chance to visit with Jonathan Armstrong on a recent data breach case that occurred in the health service provider NHS Lanarkshire (Scotland) during the COVID-19 pandemic. This breach serves as a stark...more
The UK Information Commissioner’s Office (“ICO”) has published a report on the evolving nature of neurotechnology and its implications for data protection laws. The report highlights the risks of neurotechnology and sets the...more
On May 24, 2023 (or as we like to call it, the eve of GDPR’s 5th birthday), the UK’s data protection body, the Information Commissioner’s Office (the ICO), published a new guide for employers on responding to data subject...more
A challenging economic situation is prompting contentious staffing decisions. The rise of hybrid work has led employers to generate more information in more places about employees. Against this backdrop, more employees are...more
The UK ICO has provided guidance for employers on responding to employee subject access requests. Although much of the content reflects existing guidance, it deals specifically with issues such as requests made in the context...more
Following the introduction of the Age-Appropriate Design Code (the Code) on 2 September 2021, companies have questioned whether the Code applies to their online service. A recent consultation by the ICO seeks to clarify when...more
On March 8, 2023, the Data Protection and Digital Information (No. 2) Bill was introduced to the UK Parliament by the Department for Science, Innovation and Technology (DSIT). If enacted, the Bill will make changes to the UK...more
The UK’s new Code of Practice for App Store Operators and App Developers provides companies with privacy-related resources. It also highlights ICO privacy expectations. Participating in the code is done by voluntarily...more
On 6 December 2022, the UK Information Commissioner’s Office (ICO) announced that it would publish details of all future reprimands, including those issued from January 2022 onwards, ‘unless there is a good reason not to’....more
On 17 November 2022, the Information Commissioner's Office (“ICO”) announced that it has updated its guidance on international data transfers. In its announcement, the ICO outlined its intention to “clarify an alternative...more
As part of its project to update the Employment Practices Data Protection Code, the UK ICO has published its second topic-specific draft guidance for consultation. The guidance covers processing information about workers’...more
Moving forward, businesses will need to use the updated Data Transfer Agreement or Data Transfer Addendum for any relationship or contract that contemplates the cross-border transfer of UK personal data. As of September...more