UK Information Commissioner's Office (ICO)

The Information Commissioner’s Office (the “ICO”) has clarified the methods it will use to calculate the fines it will issue for breaches of data privacy law in the UK by publishing its latest Data Protection Fining Guidance (the “Guidance“) on 18 March 2024.

The ICO oversees compliance with the UK data protection law,

The UK Information Commissioner’s Office (the “ICO”) published new guidance on transfer risk assessments (“TRAs”) and a template for carrying out a TRA.

All businesses are required to carry out TRAs, also known as local law assessments or transfer impact assessments, when transferring personal data subject to the UK GDPR outside the United Kingdom using

Companies that rely on standard contractual clauses for transferring personal data from the United Kingdom to jurisdictions not considered to offer an adequate level of data protection under the UK General Data Protection Regulation can no longer use the old EU standard contractual clauses in new contracts as of today, Wednesday 21 September 2022.

The UK Government has published its response to the consultation on its proposed reform of the UK’s data protection regime (which we have provided further information on in our previous legal update available here.) Whilst the UK Government has proposed several incremental reforms to the UK’s data protection laws that will diverge from the

In line with the government’s commitments in its 2022 National Cyber Strategy, the Department for Digital, Culture, Media & Sport (DCMS) launched a consultation on 19 January 2022 outlining its proposals for new measures to strengthen the cyber security of businesses in the UK.

The UK government acknowledges that a new legal framework needs

The UK Online Safety Bill was proposed by the UK government to establish a new regulatory framework to tackle harmful content online and usher in a new age of accountability for tech companies. The bill will impose a duty of care on companies that offer user-generated content, in addition to search engines, to protect users

In August 2021, the ICO launched a consultation on replacing the use of the old EU based standard contractual clauses for international transfers of personal data outside of the UK (“Old SCCs“) with new transfer tools to reflect the post-Brexit environment. Following the end of that consultation, the Department for Culture, Media and

The Information Commissioner’s Office (ICO) have issued their response to the UK Government’s Consultation proposing reforms to the UK’s Data Protection regime. While the ICO maintains that it supports the UK Government’s review of the country’s data protection rules and the purpose behind that review, it raises many concerns about the proposals put forward by

On 18 June 2021, the UK Information Commissioner published a Commissioner’s Opinion (the “Opinion”) on the use of live facial recognition (“LFR”) technology in public spaces. Public spaces are defined broadly and include any non-residential space. The Opinion sets out that there is “a high bar” for businesses to meet.

The UK Digital Regulation Cooperation Forum (DRCF) – an initiative between the Competition and Markets Authority (CMA), the Information Commissioner’s Office (ICO), Ofcom and, from 1 April 2021, the Financial Conduct Authority (FCA) – has published its Work Plan for 2021 to 2022.

The Work Plan sets out how the four regulators propose to cooperate