Tag Archives: United Kingdom

Brexit Deal Keeps EU-UK Data Flows Open as Parties Pursue Mutual Adequacy

By Dan Cooper and Kurt Wimmer on Posted in Cross-Border Transfers, European Union, United Kingdom
On December 24th, with a year-end deadline and the holidays fast approaching, European Commission and United Kingdom (“UK”) officials announced they reached a deal on the EU-UK Trade and Cooperation Agreement (“Agreement”).  Once formally adopted by the European Union (“EU”) institutions, the Agreement will govern the relationship between the EU and UK beginning on January … Continue Reading

Inside Privacy Audiocast: Episode 7 – Brexit and the Future of UK Data Privacy Law

By Dan Cooper on Posted in Brexit, Cross-Border Transfers, European Union, Privacy and Data Security, United Kingdom
Over the past 9 months, the UK has been hammering out the shape of its future trading relationship with the EU, as well as many others, and there apparently are signs of progress in the past few days as a result of intensified talks between the two sides. Some are reporting a deal will be … Continue Reading

English High Court Awards Damages for Quasi-Defamation Data Claim

By Louise Freeman, Dan Cooper, Katharine Kinchlea and Tom Cusworth on Posted in United Kingdom
The English High Court has recently awarded damages in a data privacy case, with two features of particular interest.  First, the nature of the claim is more reminiscent of a claim in defamation than for data privacy breaches, which is a development in the use of data protection legislation.  Secondly, the damages awarded (perhaps influenced … Continue Reading

ICO publishes blog post on AI and trade-offs between data protection principles

By Mark Young, Sam Jungyun Choi and Gemma Nash on Posted in Artificial Intelligence (AI), Data Privacy, United Kingdom
On July 25, 2019, the UK’s Information Commissioner’s Office (“ICO”) published a blog on the trade-offs between different data protection principles when using Artificial Intelligence (“AI”).  The ICO recognizes that AI systems must comply with several data protection principles and requirements, which at times may pull organizations in different directions.  The blog identifies notable trade-offs … Continue Reading

ICO Updates Guidance on Cookies and Similar Technologies

By Mark Young on Posted in Advertising & Marketing, Data Privacy, EU Data Protection, Privacy Policies, Social Media, United Kingdom
Back in 2013, we published a blog post entitled, “European Regulators and the Eternal Cookie Debate” about what constitutes “consent” for purposes of complying with the EU’s cookie rules.  The debate continues…  Yesterday, the ICO published new guidance on the use of cookies and a related “myth-busting” blog post.  Some of the “new” guidance really … Continue Reading

ICO issues draft code of practice on designing online services for children

By Mark Young, Sam Jungyun Choi and Jonathan Benjamin on Posted in Children's Privacy, United Kingdom
Earlier this month, the UK’s Information Commissioner’s Office published a draft code of practice (“Code”) on designing online services for children. The Code  is now open for public consultation until May 31, 2019. The Code sets out 16 standards of “age appropriate design” with which online service providers should comply when designing online services (such … Continue Reading

ICO opens beta phase of privacy “regulatory sandbox”

By Sam Jungyun Choi on Posted in Internet of Things (IoT), United Kingdom
On March 29, 2019, the ICO opened the beta phase of the “regulatory sandbox” scheme (the “Sandbox”), which is a new service designed to support organizations that are developing innovative and beneficial projects that use personal data.  The application process for participating in the Sandbox is now open, and applications must be submitted to the … Continue Reading

European Regulators Are Intensifying GDPR Enforcement

By Inside Privacy on Posted in EU Data Protection, European Union
Earlier this year, in the run-up to the General Data Protection Regulation’s (“GDPR”) May 25, 2018 date of application, a major question for stakeholders was how zealously the GDPR would be enforced.  Now, as the GDPR approaches its six-month birthday, an answer to that question is rapidly emerging.  Enforcement appears to be ramping up significantly.  … Continue Reading

IoT Update: The UK publishes a final version of its Code of Practice for Consumer IoT Security

By Inside Privacy on Posted in European Union, Internet of Things (IoT), United Kingdom
By Grace Kim and Siobhan Kahmann Following an informal consultation earlier this year – as covered by our previous IoT Update here – the UK’s Department for Digital, Culture, Media and Sport (“DCMS”) published the final version of its Code of Practice for Consumer IoT Security (“Code”) on October 14, 2018. This was developed by … Continue Reading

UK “No-Deal Brexit” Technical Notice Sets Out Plans on EU – UK Data Flows

By Inside Privacy on Posted in European Union, United Kingdom
On September 13, 2018, the UK government published a series of technical notices on how to prepare for a scenario in which the UK leaves the EU without agreement on March 29, 2019 (“no-deal Brexit”).  The government stressed that a no-deal Brexit “remains unlikely given the mutual interests of the UK and the EU in … Continue Reading

Covington Artificial Intelligence Update: House of Lords Select Committee publishes report on the future of AI in the UK

By Franka Felsner and Miranda Cole on Posted in Artificial Intelligence (AI), Data Security, Health Privacy, United Kingdom
Reflecting evidence from 280 witnesses from the government, academia and industry, and nine months of investigation, the UK House of Lords Select Committee on Artificial Intelligence published its report “AI in the UK: ready, willing and able?” on April 16, 2018 (the Report). The Report considers the future of AI in the UK, from perceived … Continue Reading
LexBlog