UK Information Commissioner's Office (ICO)

Companies that rely on standard contractual clauses for transferring personal data from the United Kingdom to jurisdictions not considered to offer an adequate level of data protection under the UK General Data Protection Regulation can no longer use the old EU standard contractual clauses in new contracts as of today, Wednesday 21 September 2022.

The UK Government has published its response to the consultation on its proposed reform of the UK’s data protection regime (which we have provided further information on in our previous legal update available here.) Whilst the UK Government has proposed several incremental reforms to the UK’s data protection laws that will diverge from the

In line with the government’s commitments in its 2022 National Cyber Strategy, the Department for Digital, Culture, Media & Sport (DCMS) launched a consultation on 19 January 2022 outlining its proposals for new measures to strengthen the cyber security of businesses in the UK.

The UK government acknowledges that a new legal framework needs

The UK Online Safety Bill was proposed by the UK government to establish a new regulatory framework to tackle harmful content online and usher in a new age of accountability for tech companies. The bill will impose a duty of care on companies that offer user-generated content, in addition to search engines, to protect users

In August 2021, the ICO launched a consultation on replacing the use of the old EU based standard contractual clauses for international transfers of personal data outside of the UK (“Old SCCs“) with new transfer tools to reflect the post-Brexit environment. Following the end of that consultation, the Department for Culture, Media and

The Information Commissioner’s Office (ICO) have issued their response to the UK Government’s Consultation proposing reforms to the UK’s Data Protection regime. While the ICO maintains that it supports the UK Government’s review of the country’s data protection rules and the purpose behind that review, it raises many concerns about the proposals put forward by

On 18 June 2021, the UK Information Commissioner published a Commissioner’s Opinion (the “Opinion”) on the use of live facial recognition (“LFR”) technology in public spaces. Public spaces are defined broadly and include any non-residential space. The Opinion sets out that there is “a high bar” for businesses to meet.

The UK Digital Regulation Cooperation Forum (DRCF) – an initiative between the Competition and Markets Authority (CMA), the Information Commissioner’s Office (ICO), Ofcom and, from 1 April 2021, the Financial Conduct Authority (FCA) – has published its Work Plan for 2021 to 2022.

The Work Plan sets out how the four regulators propose to cooperate

Whilst the UK left the European Union (“EU”) on 31 January 2020 (“Exit Day”) it remained within the EU’s legal framework during the Brexit Transition Period (“Transition Period”). When the Transition Period ends at 11:00 p.m. GMT on 31 December 2020 (“Completion Day”), EU law that was

On 12 November, the European Commission published draft standard contractual clauses for transfers of personal data from the European Union to third countries (“New SCCs“).

Once approved, the New SCCs will replace the previous standard contractual clauses which pre-date the implementation of the General Data Protection Regulation 2016/679 (“GDPR“). The draft