The UK government has published its long-waited response to the AI White Paper, “A pro-innovation approach to AI regulation” published back in March 2023. Here’s what you need to know. 1. Endorsement of principles-based approach The UK is sticking with its principles-based regulatory framework for AI, continuing to take a very different path to its EU neighbours (as discussed in our previous alert). Unlike the EU there will be no new AI regulator, new legislation…
With the passage of the Data Protection (Adequacy) (United States of America) Regulations 2023 (Adequacy Regulation), the UK government has made good on its intention to establish a data bridge with the US. This follows the commitment-in-principle reached by President Joe Biden and UK Prime Minister Rishi Sunak on June 8 2023, when the EU-US Data Privacy Framework (“DPF”) was still being evaluated by the European Commission under the EU GDPR. With the DPF’s completion and…
In brief As Artificial Intelligence (AI) technology advances at a rapid pace, global efforts to establish appropriate legislative frameworks are also fast developing. Since the beginning of 2023, there have been announcements from several countries, including the United Kingdom, highlighting the developing legislative actions being implemented to keep pace with this era of emerging technological development. The trend from the UK is that it intends to take a relatively conservative approach to legislation by leaving AI…
Our London employment team is delighted to share the first edition of our quarterly HR Privacy newsletter keeping you updated with key cases, developments and trends in UK and EU-wide HR data privacy matters. This edition includes an interesting employment tribunal decision considering whether an employee had a reasonable expectation of privacy over her private Facebook posts, the latest guidance on data subject access requests and an update in relation to the EU-US Data Privacy…
On 8 June 2023, US President Joe Biden and UK Prime Minster Rishi Sunak announced the US and UK had reached a commitment in principle to establish a UK/US “data bridge”. From a UK GDPR perspective this new mechanism would be an extension to the EU-US Data Privacy Framework, which is currently being assessed by the European Commission under the EU GDPR. The European Commission is expected to issue an adequacy decision under the EU…
28 January 2023 is Data Protection Day (or Data Privacy Day outside of Europe), which marks the anniversary of the Council of Europe’s Convention 108. To mark Data Protection Day 2023, Baker McKenzie’s Global Data Privacy and Security Team is pleased to present this special edition update of key data protection and privacy developments and trends across the globe, as well summarising future legislative changes, predictions, and enforcement priorities to look out for during 2023.…
The UK’s Health Research Authority (HRA) has unveiled new guidance which signposts the three essential steps to access health and care data for research purposes. The guidance delves into a point that researchers often miss: the common law duty of confidentiality runs in parallel to data privacy laws, and each regime needs to be considered separately to ensure data access requests can stand up to regulatory scrutiny. Step 1: Scoping – What are the data…
The UK data protection framework is set to change. These changes will be relevant for organisations in the UK as well as organisations outside of the UK that offer goods or services to data subjects in the UK or monitor their behaviour. From a practical perspective many of the proposed changes are focused on reducing certain obligations, particularly record keeping obligations such as records of processing or data protection impact assessments. However, it is important…
In a recent judgment, the UK Supreme Court unanimously refused to give permission for a litigant to serve a claim form outside of the jurisdiction in respect of a representative action brought against Google. This case, Lloyd v Google, is the latest, and most significant, in a line of recent decisions (see our other updates here and here) which show a general trend of the courts interrogating the type of losses that have been claimed and rejecting claims for…
The 25 May 2021 marks the third anniversary of the GDPR coming into force. As we have moved from preparation for the GDPR to business as usual compliance with the GDPR, regulators have focused on various issues in different jurisdictions. Although we are now three years into compliance with the GDPR being part of our day to day operations, it is clear that interpretation and expectations regarding compliance from the courts and regulators continue to…