On May 10, 2022, Prince Charles announced in the Queen’s Speech that the UK Government’s proposed Online Safety Bill (the “OSB”) will proceed through Parliament. The OSB is currently at committee stage in the House of Commons. Since it was first announced in December 2020, the OSB has been the subject of intense debate and scrutiny on the balance it seeks to strike between online safety and protecting children on the one hand, and freedom of expression and privacy on the other.

Continue Reading Online Safety Bill to Proceed Through Parliament

In the Queen’s Speech on 10 May 2022, the UK Government set out its legislative programme for the months ahead. This includes: reforms to UK data protection laws (no details yet); confirmation that the government will strengthen cybersecurity obligations for connected products and make it easier for telecoms providers to improve the UK’s digital infrastructure; and new rules to enable the use of self-driving cars on public roads. In addition, the government confirmed its plans to move forward with the Online Safety Bill. As part of the government’s broader agenda to “level up” the UK and provide a post-Brexit economic dividend, many of the legislative initiatives referenced in the Queen’s Speech are presented as seeking to encourage greater use of data and technology to support innovation and enable growth.

We summarize below the key digital policy announcements in the Queen’s Speech and how they fit into wider developments in the UK’s regulatory landscape.

Continue Reading UK Privacy and Digital Policy & Legislative Roundup

On April 20, 2022, the cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom—the so-called “Five Eye” governments—announced the publication of Alert AA22-110A, a Joint Cybersecurity Advisory (the “Advisory”) warning critical infrastructure organizations throughout the world that the Russian invasion of Ukraine could expose them “to increased malicious cyber activity from Russian state-sponsored cyber actors or Russian-aligned cybercrime groups.”  The Advisory is intended to update a January 2022 Joint Cybersecurity Advisory, which provided an overview of Russian state-sponsored cyber operations and tactics, techniques, and procedures (“TTPs”).

In its announcement, the authorities urged critical infrastructure network defenders in particular “to prepare for and mitigate potential cyber threats by hardening their cyber defenses” as recommended in the Advisory.
Continue Reading International Cybersecurity Authorities Issue Joint Advisory on Russian Cyber Threats to Critical Infrastructure

On March 3, 2022, a leaked version of the proposal for a regulation setting up the European Health Data Space was published.  The draft regulation will set up a common framework across EU Member States for the sharing and exchange of quality health data (such as electronic health records, patient registries and genomic data).  The European Commission has not yet released an official version of the proposal.  It is expected to do so on May 3.

The leaked proposal is a lengthy document (126 pages, excluding annexes) that contains within it a number of different sets of rules.  Key requirements that are likely to be of interest to organizations in the life sciences sector are that the draft regulation proposes to:

  • create new patient rights over their electronic health data, and sets out rules regarding use of electronic health data for primary care;
  • establishes a pre-market conformity assessment requirement for electronic health record systems (“EHR systems”);
  • sets out rules that apply to digital health services and wellness apps; and
  • introduces a harmonized scheme for providing access to electronic health data for secondary use.


Continue Reading Leaked: Draft Version of the European Health Data Space Regulation

The German Conference of Independent Supervisory Authorities (“DSK”) published on March 23, 2022 a statement on scientific research and data protection (see here, in German).  The DSK published the statement in response to the German Government’s initiative on a general law on research data as part of its Open Data Strategy, announced on July 6, 2021.  The DSK also refers to the Government’s intention to introduce a law on the use of health data, including the storage of data in electronic health records.
Continue Reading German Supervisory Authorities Publish Paper on Scientific Research and Data Protection

As many readers will be aware, a key enforcement trend in the privacy sphere is the increasing scrutiny by regulators and activists of cookie banners and the use of cookies. This is a topic that we have been tracking on the Inside Privacy blog for some time. Italian and German data protection authorities have

On February 24, 2022, the Irish Data Protection Commission (“DPC”) published its 2021 annual report setting out its activities and outcomes for last year (see press release here and the full report here).  At 120 pages long, it is detailed and specific, and in places, comes with a targeted and reflective commentary.  Overall, it provides readers with useful insights into the work of a supervisory authority at the forefront of Europe’s data protection whirlwinds.

Continue Reading Irish Data Protection Commission Publishes 2021 Annual Report

The Irish Data Protection Commission has announced its Strategy for 2022-2027, highlighting 5 strategic goals:

  • (1) “consistent and effective” regulation;
  • (2) promoting data protection awareness;
  • (3) protecting children;
  • (4) providing clarity for stakeholders; and
  • (5) supporting organisational compliance.

The strategy is based on a risk based approach to regulation which, according to the DPC, “resonated with the majority of commentators” to the public consultation the Commission conducted as it developed its new 5 year strategy.
Continue Reading New 5 Year Irish Data Protection Commission’s Strategy

In January 2022, China released two regulations (one in draft form) that touch on hot topics in technological development – algorithmic recommendations and deep synthesis – making it one of the first countries in the world to directly tackle these cutting edge areas.  In this post, we provide an overview of the draft Provisions on

On Episode 18 of Covington’s Inside Privacy Audiocast, Dan Cooper, Moritz Hüsch, Kristof van Quathem, and Petros Vinis discuss GDPR enforcement, and the evolution of regulatory fines since the GDPR was enacted in 2018.


Covington’s Inside Privacy Audiocast offers insights into topical global privacy issues and trends. Subscribe to our Inside