Late in the evening on Friday 8 December in Brussels was a historic moment for AI regulation in Europe. After three days of extensive final debate the EU Parliament, Council and Commission finally announced provisional agreement on the EU AI Act, the bloc’s landmark legislation regulating development and use of AI in Europe. It is one of the world’s first comprehensive attempts to regulate the use of AI. The EU AI Act awaits formal adoption…
Last week was incredibly busy in terms of AI governance developments, on both sides of the Atlantic and globally. While countries are racing to demonstrate their leadership on AI governance on the global stage, common themes continue to emerge. Policymakers recognise the need to strike a balance between the opportunities and potential that this technology can bring, on the one hand, and the risks and challenges posed by AI, on the other hand. There is…
The Information Commissioner’s Office (ICO) has released its ICO Audit a Year in Focus. This report outlines the ICO’s regulatory activities and rulings over the last year and provides crucial insights for data protection officials. The takeaways below make clear the current Commissioner approach to setting priorities to areas where the most impact to individuals will be felt. As we will see for the outgoing year, it is protection of children’s data. Here are the key points…
Employee monitoring has become common practice for many employers in the UK. Monitoring is often part of an organization’s security procedures to secure personal information or prevent loss of property, often deployed for health and safety reasons, or companies may even have to monitor employees to comply with legal requirements (for example, in the financial services sector). Increasingly, employers are monitoring employee office attendance as many organisations are requiring their staff back into the office…
With the passage of the Data Protection (Adequacy) (United States of America) Regulations 2023 (Adequacy Regulation), the UK government has made good on its intention to establish a data bridge with the US. This follows the commitment-in-principle reached by President Joe Biden and UK Prime Minister Rishi Sunak on June 8 2023, when the EU-US Data Privacy Framework (“DPF”) was still being evaluated by the European Commission under the EU GDPR. With the DPF’s completion and…
The ICO has published the first phase of draft guidance on biometric data and biometric technologies for public consultation. Why? The ICO set out the reasoning for publishing this draft guidance on biometric data in an Impact Assessment (here). The ICO stated in the Impact Assessment that it anticipates the use of biometric recognition systems is likely to increase significantly in the next decade. These technologies are expected to be used in sectors such as…
In brief The ICO has recently published a joint statement on data scraping in conjunction with 11 other members of the Global Privacy Assembly’s International Enforcement Cooperation Working Group, including authorities from Argentina, Australia, Canada, Columbia, Hong Kong, Jersey, Mexico, Morocco, New Zealand, Norway, and Switzerland. The statement was issued to highlight the privacy risks associated with data scraping, focusing on how social media companies (“SMCs”), and other websites with publicly accessible personal data, should…
In brief As Artificial Intelligence (AI) technology advances at a rapid pace, global efforts to establish appropriate legislative frameworks are also fast developing. Since the beginning of 2023, there have been announcements from several countries, including the United Kingdom, highlighting the developing legislative actions being implemented to keep pace with this era of emerging technological development. The trend from the UK is that it intends to take a relatively conservative approach to legislation by leaving AI…
The Competition and Markets Authority (CMA) has been focusing lately on the adverse impacts of Online Choice Architecture (OCA) and how it can hurt competition and consumers. The situations in which people make decisions and how alternatives are presented to them are described by choice architecture. In online settings, choice architecture is the environment in which users act, including the display and positioning of options as well as the design of interfaces. OCA issues tend…
Brief refresher on the Data Governance Act (DGA): We covered the new wave of EU data-centric legislation that is being implemented to usher in stronger regulatory guardrails for data in our recent article on the EU Data Strategy, with one of the discussed laws being the Data Governance Act. The Data Governance Act (DGA) is aimed at increasing accessibility to data by regulating the re-use of publicly held protected data, increasing data sharing through the…