The English High Court recently granted a bank permission to transfer personal data disclosed in court proceedings to an authority in Ukraine, a country without UK GDPR adequacy status. The Judge found that the transfer fell...more
CFPB Director Chopra Emphasizes “Pressing Need” for Data Protections - On June 12, 2024 and June 13, 2024, Consumer Financial Protection Bureau Director Rohit Chopra appeared before the Senate Banking Committee and the...more
During 2023, privacy protection and artificial intelligence regulation continued apace and their implications continued to be a major focus in Israel and around the world. In Israel, this was reflected in a number of...more
If you feel like every day you wake up to a new data privacy law or piece of guidance, you’re not dreaming. Regulation and rulemaking are happening faster than ever before. The complexities relating to ethical data usage are...more
Clearview AI Inc's successful challenge to the ICO’s £7.5 million fine focused on the limits of the UK GDPR’s jurisdictional reach, succeeding on the grounds that Clearview’s processing activities were outside the scope of...more
Alongside the recent CJEU judgment on automated decision making in Schufa (see the Allen & Overy blog ) there are a range of developments related to ADM in other jurisdictions. UK developments - The UK Parliament is...more
2023 saw a surge in interest in the application of generative AI within business models. So, if AI and data protection was your favourite genre of 2023, or if you found it to be a broken record, this post consolidates and...more
On 9 November 2023, the UK Office of Communications (Ofcom) issued its first set of draft guidance on the UK’s long-anticipated Online Safety Act (OSA), which aims to protect online users against illegal and harmful content....more
Clearview AI was issued with an enforcement action including a fine of around £7.5million and an order to delete certain data by the ICO for breaches of the UK GDPR in relation to its facial recognition data. The Tribunal...more
Our October update includes a significant Supreme Court decision on how to treat historic underpayments of holiday pay, a preliminary tribunal hearing on whether a belief in race equality that opposed critical race theory was...more
The Information Commissioner’s Office (ICO), the personal data protection authority in the United Kingdom (UK), is running a public consultation on its draft guidance on biometric data which covers the requirements under the...more
UK-U.S. Data Bridge Approved - The UK has approved an extension to the EU-U.S. Data Privacy Framework (DPF) called the ‘UK-U.S. Data Bridge,’ which facilitates data flows from the UK to the U.S. From October 12, 2023...more
Why should I read this? A new UK-US data bridge will be available to businesses in the UK looking to transfer personal data to organizations in the United States certified under the UK Extension to the EU-US Data Privacy...more
On September 21, 2023, the UK Secretary of State for Science, Innovation and Technology laid before Parliament regulations that will operate to significantly simplify the process for UK businesses to transfer personal data to...more
The UK has approved the UK-U.S. Data Bridge facilitating flows of personal data to U.S. entities that have self-certified to the EU-U.S. Data Privacy Framework (‘DPF’), provided that those entities extend their DPF...more
FTC Finalizes Settlement with 1Health.io For Allegations It Failed to Protect Customers’ DNA Data - On September 6, 2023, the Federal Trade Commission’s agreement with the genetic testing firm 1Health.io Inc. – formerly...more
On 18 August 2023, the UK’s Information Commissioner’s Office (“ICO”) published draft guidance on biometric recognition (the “Draft Guidance”) for public consultation. The Draft Guidance explains how data protection law...more
FTC Settles with Experian for Alleged Customer Spamming - On August 14, 2023, the Federal Trade Commission (“FTC”) announced a proposed settlement involving Experian Consumer Services (“Experian”). A federal court entered...more
From long-standing laws to incoming legislation, global nonprofits must understand the requirements and prepare for scrutiny in their handling of personal data. U.S. privacy regulations are currently a complex framework of...more
A challenging economic situation is prompting contentious staffing decisions. The rise of hybrid work has led employers to generate more information in more places about employees. Against this backdrop, more employees are...more
Organisations must provide individuals with information on the specific recipients of their data upon request. The Court of Justice of the European Union (CJEU) has ruled that organisations must generally disclose the...more
With more fintech’s looking to expand their businesses internationally, it can be daunting to navigate varying regulations across borders. This article focuses on regulations in the United Kingdom....more
Data is yet again at the top of the agenda in the UK Parliament. Seeking to balance the need for the protection of privacy of data and enabling data-driven growth, the UK Department for Science, Innovation and Technology...more
The updated reform legislation provides welcome guidance and clarifications on aspects such as legitimate interests and accountability, without substantially shifting the approach proposed under the existing reform bill. ...more
While the reform is a long way away from a certainty, it represents a departure of the UK from the EU’s strict adherence and adoption of the General Data Protection Regulation which came into effect in 2018. Earlier this...more