Where can I find the text of the Data Act? The published text can be found here. What is the Data Act about? It requires organisations to make data collected through connected products or related services (including virtual assistants in so far as they interact with a connected product or related service) available to users and, upon a user’s request, to third parties. By mixing concepts of both data and competition law, the Data Act…
The ICO has recently launched a public consultation on the first chapter of its draft guidance on generative AI and data protection. This consultation has a particular focus, it is a call to explore the lawful basis for extracting data from the web to train generative AI models (a process which is becoming more common across numerous markets). The ICO is requesting input from developers, users and wider interested parties. What is generative AI? Generative…
With the passage of the Data Protection (Adequacy) (United States of America) Regulations 2023 (Adequacy Regulation), the UK government has made good on its intention to establish a data bridge with the US. This follows the commitment-in-principle reached by President Joe Biden and UK Prime Minister Rishi Sunak on June 8 2023, when the EU-US Data Privacy Framework (“DPF”) was still being evaluated by the European Commission under the EU GDPR. With the DPF’s completion and…
Brief refresher on the Children’s Code: In 2020, the ICO published its Age appropriate design: a code of practice for online services (the “Code”). The Code set out 15 standards applicable to information society services (“ISS”) aimed at or likely to be accessed by children, requiring the “best interests” of the child to be the primary driver of product and service design. We have published an article setting out the aims of the Code and…
On 19 July 2023, the European Data Protection Board (EDPB) announced that it had adopted a statement on the European Commission’s first review of the functioning of the adequacy decision for Japan during its 82nd plenary meeting. The context In January 2019 the European Commission adopted an adequacy decision in relation to transfers of personal data from the EU to businesses in Japan. The adequacy decision means that EU standard contractual clauses are not required…