Companies that rely on standard contractual clauses for transferring personal data from the United Kingdom to jurisdictions not considered to offer an adequate level of data protection under the UK General Data Protection Regulation can no longer use the old EU standard contractual clauses in new contracts as of today, Wednesday 21 September 2022.

The UK Government has published its response to the consultation on its proposed reform of the UK’s data protection regime (which we have provided further information on in our previous legal update available here.) Whilst the UK Government has proposed several incremental reforms to the UK’s data protection laws that will diverge from the

The Queen’s Speech 2022 (the “Speech”), given on 10 May 2022 (available here), details the UK Government’s priorities for the year. Although its focus was primarily on the cost of living crisis and proposed economic measures, the Speech confirmed that the UK’s data protection regime will be reformed by way of the ‘Data

Today, 21 March 2022, the International Data Transfer Agreement (IDTA) and the UK Addendum to the EU standard contractual clauses have entered into force.

The IDTA and the UK Addendum can be used for transfers of personal data outside the UK to countries that are not considered “adequate” by the UK Government. You can read

In line with the government’s commitments in its 2022 National Cyber Strategy, the Department for Digital, Culture, Media & Sport (DCMS) launched a consultation on 19 January 2022 outlining its proposals for new measures to strengthen the cyber security of businesses in the UK.

The UK government acknowledges that a new legal framework needs

The UK Online Safety Bill was proposed by the UK government to establish a new regulatory framework to tackle harmful content online and usher in a new age of accountability for tech companies. The bill will impose a duty of care on companies that offer user-generated content, in addition to search engines, to protect users

The General Data Protection Regulation (“GDPR”) might apply to operators of overseas websites that have even  minimal commercial activity in the UK following the judgment of the Court of Appeal of England and Wales in Soriano v Forensic News LLC and Others [2021] EWCA Civ 1952.

Operators of overseas online platforms, apps and

In August 2021, the ICO launched a consultation on replacing the use of the old EU based standard contractual clauses for international transfers of personal data outside of the UK (“Old SCCs“) with new transfer tools to reflect the post-Brexit environment. Following the end of that consultation, the Department for Culture, Media and

The Information Commissioner’s Office (ICO) have issued their response to the UK Government’s Consultation proposing reforms to the UK’s Data Protection regime. While the ICO maintains that it supports the UK Government’s review of the country’s data protection rules and the purpose behind that review, it raises many concerns about the proposals put forward by

The UK government has published its National AI Strategy, which outlines the government’s plan for turning the UK into a global Artificial Intelligence (AI) powerhouse in the next ten years. This follows in the footsteps of earlier industrial and digital strategies published by the UK government which advocated for the adoption of AI. This