With the passage of the Data Protection (Adequacy) (United States of America) Regulations 2023 (Adequacy Regulation), the UK government has made good on its intention to establish a data bridge with the US. This follows the commitment-in-principle reached by President Joe Biden and UK Prime Minister Rishi Sunak on June 8 2023, when the EU-US Data Privacy Framework (“DPF”) was still being evaluated by the European Commission under the EU GDPR. With the DPF’s completion and…
The ICO has published the first phase of draft guidance on biometric data and biometric technologies for public consultation. Why? The ICO set out the reasoning for publishing this draft guidance on biometric data in an Impact Assessment (here). The ICO stated in the Impact Assessment that it anticipates the use of biometric recognition systems is likely to increase significantly in the next decade. These technologies are expected to be used in sectors such as…
On 19 July 2023, the European Data Protection Board (EDPB) announced that it had adopted a statement on the European Commission’s first review of the functioning of the adequacy decision for Japan during its 82nd plenary meeting. The context In January 2019 the European Commission adopted an adequacy decision in relation to transfers of personal data from the EU to businesses in Japan. The adequacy decision means that EU standard contractual clauses are not required…
Background On 18 July 2023, the Information Commissioner’s Office (“ICO”) and Financial Conduct Authority (“FCA”) issued a joint statement in response to queries from some firms regarding whether UK data protection laws prevented sending communications to customers about better savings rates. In the joint letter, the ICO and FCA confirmed that data protection and direct marketing laws do not prevent organisations from sending such “regulatory communications”. Summary The joint letter reiterates the ICO’s existing direct…
On 8 June 2023, US President Joe Biden and UK Prime Minster Rishi Sunak announced the US and UK had reached a commitment in principle to establish a UK/US “data bridge”. From a UK GDPR perspective this new mechanism would be an extension to the EU-US Data Privacy Framework, which is currently being assessed by the European Commission under the EU GDPR. The European Commission is expected to issue an adequacy decision under the EU…
On 8 March the UK Government published a new Data Protection and Digital Information Bill (No. 2) (“New Bill”). This is a different Bill from the one that was introduced into Parliament last summer, the Data Protection and Digital Information Bill (“Original Bill”). Although the New Bill has been introduced separately into Parliament, the proposals in the New Bill are substantially the same as the Original Bill. Therefore, the proposals for UK data protection reform…
28 January 2023 is Data Protection Day (or Data Privacy Day outside of Europe), which marks the anniversary of the Council of Europe’s Convention 108. To mark Data Protection Day 2023, Baker McKenzie’s Global Data Privacy and Security Team is pleased to present this special edition update of key data protection and privacy developments and trends across the globe, as well summarising future legislative changes, predictions, and enforcement priorities to look out for during 2023.…
In this episode, Brian Hengesbaugh, Global Chair of Privacy & Security, is joined by Ben Slinn, senior associate in London, as they discuss data privacy predictions across the globe for the year ahead. Listen in to hear about: The data protection regime in the UK post Brexit and what lies ahead Trends and issues that we are seeing from an EU perspective Key developments and significant changes on the horizon outside of the EU For…
The UK data protection framework is set to change. These changes will be relevant for organisations in the UK as well as organisations outside of the UK that offer goods or services to data subjects in the UK or monitor their behaviour. From a practical perspective many of the proposed changes are focused on reducing certain obligations, particularly record keeping obligations such as records of processing or data protection impact assessments. However, it is important…
The United Kingdom has finalized, and laid before Parliament, its International Data Transfer Agreement (“IDTA”). The new IDTA will come into force on 21 March 2022, together with a supplemental document to the new EU Standard Contractual Clauses (“UK Addendum”) and transitional provisions, to address requirements under the UK GDPR and UK Data Protection Act. Both the IDTA, UK Addendum, and transitional provisions will replace use of the previous EU Standard Contractual Clauses (approved by…