Today, the UK Department for Science, Innovation and Technology announced further details on the new transatlantic data flow mechanism for UK-to-US personal data transfers. In particular, the UK Secretary of State for Science, Innovation, and Technology today laid new adequacy regulations before the UK Parliament to give effect to the proposed arrangement. The deal, announced
Ondrej Hajda
UK’s Approach to Regulating the Use of Artificial Intelligence
The UK Government published its AI White Paper on 29 March 2023, setting out its proposals for regulating the use of artificial intelligence (AI) in the United Kingdom. The White Paper is a continuation of the AI Regulation Policy Paper which introduced the UK Government’s vision for the future “pro-innovation” and “context-specific” AI regulatory regime…
The UK Digital Markets, Competition and Consumers Bill: Major Reform of CMA Powers
On 25 April 2023, the UK Government announced the introduction of the Digital Markets, Competition and Consumers Bill (the “Bill”) into Parliament.1 The Bill, which reflects a key government priority of increasing consumer choice and competition, provides for:
- Far-reaching new consumer protection powers to be conferred on the Competition & Markets Authority (the
…
UK Government Proposes Key Changes to the UK GDPR
The UK Government has relaunched its efforts to reform the UK’s data protection regime, with the Data Protection and Digital Information Bill (No. 2) (the “Bill“) being introduced to Parliament on Wednesday 8 March. The Bill supersedes a previous version that was originally published in July 2022 (see our previous legal update).…
EU SCC Looming Deadline
Companies that rely on standard contractual clauses (“SCCs”) for transferring personal data from the European Economic Area (“EEA”) to jurisdictions not considered to offer an adequate level of data protection under the EU General Data Protection Regulation must ensure that none of their existing contracts use the old SCCs after 27 December 2022.
Businesses are…
ICO’s Updated Guidance on International Personal Data Transfers Offers an Alternative Approach to Carrying Out Transfer Risk Assessments
The UK Information Commissioner’s Office (the “ICO”) published new guidance on transfer risk assessments (“TRAs”) and a template for carrying out a TRA.
All businesses are required to carry out TRAs, also known as local law assessments or transfer impact assessments, when transferring personal data subject to the UK GDPR outside the United Kingdom using…
Health Data: European Commission Proposes New Rules on Access and Use
The European Commission’s proposal to establish a European Health Data Space (“EHDS”) aims to improve access by individuals to their health data (primary use) and facilitate the re-use of health data for societal good across the European Union (secondary use).
While the draft EHDS regulation might easily get lost in an alphabet of…
Deadline to Update Template Contracts to Address International Personal Data Transfers Outside the UK
Companies that rely on standard contractual clauses for transferring personal data from the United Kingdom to jurisdictions not considered to offer an adequate level of data protection under the UK General Data Protection Regulation can no longer use the old EU standard contractual clauses in new contracts as of today, Wednesday 21 September 2022.…
UK Government Sets Out its Plans for UK Data Protection Reform
The UK Government has published its response to the consultation on its proposed reform of the UK’s data protection regime (which we have provided further information on in our previous legal update available here.) Whilst the UK Government has proposed several incremental reforms to the UK’s data protection laws that will diverge from the…
European Commission’s Q&A on the New Standard Contractual Clauses
On 25 May 2022, the European Commission published Questions and Answers for the New Standard Contractual Clauses to provide practical guidance on the use of standard contractual clauses (SCCs) and help organisations with their General Data Protection Regulation (GDPR) compliance efforts. The Commission confirmed that the Q&A document will be regularly updated.