Latham & Watkins and Privacy Laws & Business recently co-hosted a webinar looking back on the first eight months since the UK-US Data Bridge entered into force. Speakers from the UK Information Commissioner’s Office (ICO) and...more
9/6/2024
/ Bilateral Agreements ,
Data Protection ,
Department of Transportation (DOT) ,
EU ,
EU-US Privacy Shield ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Jurisdiction ,
Personal Data ,
Self-Certification ,
Standard Contractual Clauses ,
U.S. Commerce Department ,
UK
The Online Safety Act (the OSA) received Royal Assent on 26 October 2023 and is now in force.
The OSA establishes an extensive regulatory framework for providers of online user-to-user services and search services with...more
8/16/2024
/ Compliance ,
Compliance Dates ,
Digital Service Providers ,
Digital Services ,
Enforcement ,
New Legislation ,
OFCOM ,
Online Marketplace ,
Online Platforms ,
Online Safety for Children ,
Regulatory Requirements ,
Search Engines ,
Social Media ,
UK ,
User-Generated Content
Now that the EU AI Act has come into force, companies deploying high-risk artificial intelligence (AI) systems in the European Union (EU) must prepare to navigate a complex landscape of new obligations by 2 August 2027. This...more
The EU AI Office has just published a consultation on the topics that should be covered by the first general-purpose AI (GPAI) Code of Practice and a call for interest to participate in drafting the Code....more
Today marks a significant milestone in the regulation of artificial intelligence (AI) as the European Union (EU) AI Act is published in the EU Official Journal. This landmark legislation establishes the world’s first...more
After three years of legislative debate, the Council of the European Union cast its final vote on the European Union (EU) Artificial Intelligence (AI) Act on 21 May 2024. Once published in the EU Official Journal in June, the...more
Companies subject to India’s new data protection law should assess practical implications.
The Indian parliament enacted India’s first comprehensive data protection law on 11 August 2023, namely the Digital Personal Data...more
Critical Third Parties serving the UK financial sector must ready themselves for compliance with the newly proposed operational resilience requirements.
On 7 December 2023, the PRA, FCA, and BoE jointly published a...more
As regulatory thinking evolves, firms must ensure that any current or planned use of AI complies with regulatory expectations.
As financial services firms digest FS2/23, the joint Feedback Statement on Artificial...more
A new publication from the UK’s financial regulator signals to firms that they should take steps to manage risks in the use of AI.
The UK’s Financial Conduct Authority (FCA) has published its latest board minutes...more
Artificial Intelligence has the potential to be the next transformational technology, and as adoption of AI-powered tools continues to increase, deal activity in the AI space will follow. Regulators and law makers are...more
Regulator clarifies that existing FCA rules will continue to apply but will also reflect the evolving landscape of financial promotions on social media.
On 17 July 2023, the FCA published a guidance consultation (GC23/2)...more
7/21/2023
/ Affiliates ,
Comment Period ,
Consultation ,
Financial Conduct Authority (FCA) ,
Financial Institutions ,
Financial Promotions ,
Financial Services Industry ,
Guidance Update ,
High Risk Financial Products ,
Influencers ,
Marketing ,
Retail Investors ,
Social Media ,
UK
The updated reform legislation provides welcome guidance and clarifications on aspects such as legitimate interests and accountability, without substantially shifting the approach proposed under the existing reform bill. ...more
Organisations should expect increased scrutiny and enforcement activity around the role of data protection officers in the coming year.
The European Data Protection Board (EDPB) has announced that its coordinated...more
3/27/2023
/ Court of Justice of the European Union (CJEU) ,
Data Protection ,
Data Protection Authority ,
Data Protection Impact Assessments (DPIAs) ,
Data Protection Officers (DPOs) ,
EU ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Harmonization ,
Personal Data
The Information Commissioner’s Office published draft guidance on privacy enhancing technologies that can be used to comply with privacy-by-design requirements.
On 7 September 2022, the Information Commissioner’s Office...more
Areas of interest include anonymisation, “recognised legitimate interests”, and the ICO’s role.
The UK Data Protection and Digital Information Bill (the Bill) sets out the government’s proposals for reforming the current...more
8/19/2022
/ Anonymization ,
Compliance ,
Data Controller ,
Data Processors ,
Data Protection ,
Data Security ,
Electronic Communications ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Personal Data ,
Proposed Legislation ,
UK ,
UK Data Protection Act
The bill would largely build on the UK data protection regime’s EU GDPR-style framework, albeit with UK-specific provisions.
The UK government introduced the Data Protection and Digital Information Bill (the Bill) to...more
UK government sets out ambitious proposal for reforming the UK data protection landscape.
On 17 June 2022, the Department for Culture, Media and Sport (DCMS) published its response to its consultation “Data: a new...more
7/13/2022
/ Consultation ,
Data Protection ,
e-Privacy Directive ,
Electronic Communications ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Popular ,
Regulatory Agenda ,
UK ,
UK GDPR
Companies have three months to prepare to use the latest standard contractual clauses for new data transfers, and 18 months to migrate existing arrangements.
On 4 June 2021, the European Commission released its...more
6/28/2021
/ Court of Justice of the European Union (CJEU) ,
Data Controller ,
Data Processors ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
FISA ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
UK
As the Brexit transition period draws to a close, businesses will need to consider their data protection efforts to comply with both UK and EU regimes.
The end of the Brexit transition period on 31 December 2020 will have...more
The European Commission has published draft updated standard contractual clauses in light of the Schrems II decision.
On 12 November 2020, the European Commission (the Commission) published a draft implementing decision,...more
12/8/2020
/ Data Controller ,
Data Processors ,
EU ,
European Commission ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Member State ,
Personal Data ,
Public Consultations ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
UK
The EDPB takes a strict approach in its recent guidance on international data transfers following Schrems II, posing a difficult challenge for businesses.
On 10 November, the European Data Protection Board (EDPB) released...more
As contactless transactions boom, EU regulators publish draft guidelines on the interplay between the GDPR and PSD2.
Last year, more than half of all payments in the UK were made by card and contactless methods, while cash...more
11/4/2020
/ Anti-Money Laundering ,
Anti-Terrorism Financing ,
Data Protection ,
EU ,
European Data Protection Board (EDPB) ,
Financial Institutions ,
General Data Protection Regulation (GDPR) ,
Member State ,
New Guidance ,
Payment Systems ,
Personal Data ,
PSD2
Swiss companies are advised to take additional measures when transferring personal data from Switzerland to the US.
On 8 September 2020, the Swiss data protection authority, Adrian Lobsiger (the Federal Data Protection and...more
The Dubai International Financial Centre (DIFC) has a new data protection law and regulations: the Data Protection Law DIFC Law No. 5 of 2020 (DIFC DP Law) and the Data Protection Regulations (DIFC DP Regulations, and...more