With the passage of the Data Protection (Adequacy) (United States of America) Regulations 2023 (Adequacy Regulation), the UK government has made good on its intention to establish a data bridge with the US. This follows the commitment-in-principle reached by President Joe Biden and UK Prime Minister Rishi Sunak on June 8 2023, when the EU-US Data Privacy Framework (“DPF”) was still being evaluated by the European Commission under the EU GDPR. With the DPF’s completion and…
The ICO has published the first phase of draft guidance on biometric data and biometric technologies for public consultation. Why? The ICO set out the reasoning for publishing this draft guidance on biometric data in an Impact Assessment (here). The ICO stated in the Impact Assessment that it anticipates the use of biometric recognition systems is likely to increase significantly in the next decade. These technologies are expected to be used in sectors such as…
In brief The ICO has recently published a joint statement on data scraping in conjunction with 11 other members of the Global Privacy Assembly’s International Enforcement Cooperation Working Group, including authorities from Argentina, Australia, Canada, Columbia, Hong Kong, Jersey, Mexico, Morocco, New Zealand, Norway, and Switzerland. The statement was issued to highlight the privacy risks associated with data scraping, focusing on how social media companies (“SMCs”), and other websites with publicly accessible personal data, should…
In brief As Artificial Intelligence (AI) technology advances at a rapid pace, global efforts to establish appropriate legislative frameworks are also fast developing. Since the beginning of 2023, there have been announcements from several countries, including the United Kingdom, highlighting the developing legislative actions being implemented to keep pace with this era of emerging technological development. The trend from the UK is that it intends to take a relatively conservative approach to legislation by leaving AI…
The Competition and Markets Authority (CMA) has been focusing lately on the adverse impacts of Online Choice Architecture (OCA) and how it can hurt competition and consumers. The situations in which people make decisions and how alternatives are presented to them are described by choice architecture. In online settings, choice architecture is the environment in which users act, including the display and positioning of options as well as the design of interfaces. OCA issues tend…
Brief refresher on the Data Governance Act (DGA): We covered the new wave of EU data-centric legislation that is being implemented to usher in stronger regulatory guardrails for data in our recent article on the EU Data Strategy, with one of the discussed laws being the Data Governance Act. The Data Governance Act (DGA) is aimed at increasing accessibility to data by regulating the re-use of publicly held protected data, increasing data sharing through the…
On August 9, India’s Digital Personal Data Protection Bill, 2023 (“DPDP Bill”) passed both houses of the Indian Parliament and now awaits Presidential assent. In 2017, India’s Supreme Court mandated that privacy is a fundamental human right. Since that time, India has been working to pass data protection legislation. The DPDP Bill is India’s fifth draft of the bill. The DPDP Bill only applies to the processing of digital personal data in India, where the personal…
On 6 July 2023, the United Kingdom (“UK”) became the first country to be granted Associate status in the Global Cross Border Privacy Rules (“CBPR”) Forum. In addition to the benefits of sharing best practices and pursuing interoperability with other privacy frameworks, the Global CBPR Forum seeks to establish and promote adoption of the Global Cross-Border Privacy Rules (CBPR) System and Global Privacy Recognition for Processors (PRP) System to facilitate data protection and free flow…
Brief refresher on the Children’s Code: In 2020, the ICO published its Age appropriate design: a code of practice for online services (the “Code”). The Code set out 15 standards applicable to information society services (“ISS”) aimed at or likely to be accessed by children, requiring the “best interests” of the child to be the primary driver of product and service design. We have published an article setting out the aims of the Code and…
In today’s digital economy, the ability to access and use data effectively is critical for economies to grow and drive innovation. Global data production is expected to increase by 530% between 2018 and 2025. In response to this opportunity, the European Commission (“EC”) outlined the European Data Strategy in 2020, one of its main objectives being to create a single common data market based on a harmonised framework for data exchange. This framework encompasses new…