On June 19, 2025, the UK Data (Use and Access) Act 2025 was enacted, marking the culmination of a lengthy legislative process aimed at reshaping aspects of the country’s data protection regime. First proposed in 2021 as part...more
The UK’s Data (Use and Access) Act received Royal Assent last Thursday, June 19th, bringing into law some significant changes to the country’s post Brexit data protection framework, among an array of other, related rules (on...more
On June 19 2025, the Data (Use and Access) Act (DUA Act) received Royal Assent, having passed both Houses of Parliament on June 11 2025. The Data (Use and Access) Bill was first introduced in the House of Lords on October 23...more
The UK’s Data (Use and Access) Bill (DUA Bill) completed its passage through Parliament on 11 June 2025 and is now awaiting Royal Assent. Once enacted, it will introduce a series of targeted updates to the UK’s data...more
On 11 June 2025, the UK’s Data (Use and Access) Act 2025 (“DUA Act“) was passed and now awaits Royal Assent. The government first announced plans for the new DUA Act in the King’s speech back in July 2024. The DUA Act...more
On May 14, 2025, the European Data Protection Board ("EDPB") issued a favorable opinion on granting a six-month extension to the existing adequacy decisions for the UK, following a formal proposal from the European...more
The UK's data protection landscape is undergoing significant transformation with the progression of the Data (Use and Access) Bill through Parliament. Officially titled the Data Protection and Digital Information Bill, this...more
On April 14, 2025, the UK data protection regulator (the Information Commissioner’s Office (“ICO”)) fined DPP Law (“DPP”) £60,000 (approximately $80,000) following a ransomware incident. In its penalty notice, the ICO found...more
The Information Commissioner's Office (ICO) has published its report alongside a press release following a review into the gathering and use of children's data in financial services, particularly from services supplying them...more
In honour of the International Association of Privacy Professionals (IAPP) London 2025 conference , we hosted a webinar on European privacy litigation. This post summarises some of the key UK privacy cases we covered in that...more
On March 26, 2025, the UK data protection regulator (the Information Commissioner’s Office (“ICO”)) fined Advanced Computer Software Group Ltd (“Advanced”) £3.07 million (approximately $4 million). In 2022, Advanced suffered...more
On 27 March 2025, the UK Information Commissioner’s Office (ICO) issued a £3.07 million fine to an IT services provider following a ransomware attack in 2022 that affected the company’s health care business. The ransomware...more
What happened? The UK Information Commissioner’s Office (ICO) has released updated guidance on ‘consent or pay’ business models. These models present users with a choice to either consent to the processing of their...more
In a December, the Information Commissioner’s Office (ICO) responded to Google’s decision to lift a prohibition on device fingerprinting (which involves collecting and combining information about a device’s software and...more
A new decision by the United Kingdom’s high court says that even if you have cookie and marketing consent mechanisms that are sufficient for valid consent under privacy laws for the general public, they may not be enough for...more
On 23 October 2024, the Data (Use and Access) Bill (the “DUAB”) was introduced to Parliament. The DUAB is the Labour government’s answer to the perceived shortfalls of the since-abandoned Data Protection and Digital...more
Artificial Intelligence (“AI”) use in business has proliferated in recent years; risks arising from this therefore must be managed. Whilst the use of AI can drive significant efficiency gains for most businesses, the...more
As the EU presses ahead with its implementation of the AI Act, the UK continues to develop its evolutionary approach to AI policy and regulation. As the new Labour Government starts to implement its perspective and ahead of a...more
On October 23, the UK Government’s House of Lords had its first reading of a new proposed data protection bill, the Data (Use and Access) Bill (“DUA Bill”), as sponsored by the Department of Science, Innovation, and...more
The English High Court recently granted a bank permission to transfer personal data disclosed in court proceedings to an authority in Ukraine, a country without UK GDPR adequacy status. The Judge found that the transfer fell...more
During 2023, privacy protection and artificial intelligence regulation continued apace and their implications continued to be a major focus in Israel and around the world. In Israel, this was reflected in a number of...more
If you feel like every day you wake up to a new data privacy law or piece of guidance, you’re not dreaming. Regulation and rulemaking are happening faster than ever before. The complexities relating to ethical data usage are...more
Alongside the recent CJEU judgment on automated decision making in Schufa (see the Allen & Overy blog ) there are a range of developments related to ADM in other jurisdictions. UK developments - The UK Parliament is...more
2023 saw a surge in interest in the application of generative AI within business models. So, if AI and data protection was your favourite genre of 2023, or if you found it to be a broken record, this post consolidates and...more
On 9 November 2023, the UK Office of Communications (Ofcom) issued its first set of draft guidance on the UK’s long-anticipated Online Safety Act (OSA), which aims to protect online users against illegal and harmful content....more