After a troubled passage through parliament, the Data (Use and Access) Bill received Royal Assent on 19 June and is now the Data (Use and Access) Act 2025. It introduces amendments to the UK GDPR, the Data Protection Act 2018, and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2003/2426) (PECR). The Act…
Read More… from Data (Use and Access) Bill receives Royal Assent
UK law CMA publishes update on dynamic pricing The CMA has published an update on its investigation into dynamic pricing. It says that dynamic pricing can affect competition and consumer outcomes; and has issued guidance for businesses using dynamic pricing to help them comply with consumer law, and with the aim of building build trust…
After our recent podcast episode on privacy and tech laws in Latin America, two of the guests, Bárbara Lazarotto and Luz Orozco, stayed behind to share some additional insights with the host, Mauricio Figueroa. Bárbara Lazarotto Can you share a bit of the work you do at the Brussels Privacy Hub? What is like day-to-day and…
UK law Investigatory Powers Act 2016 codes of practice published Various codes of practice under the Investigatory Powers Act 2016 have been published. The codes of practice set out processes and safeguards for several investigatory powers. CMA consults on releasing Google from Privacy Sandbox commitments The Competition and Markets Authority is consulting on releasing Google…
The ICO has fined genetic testing company 23andMe £2.31 million for failing to implement appropriate security measures to protect the personal information of UK users, following a large-scale cyber-attack in 2023. The penalty follows a joint investigation conducted by the ICO and the Office of the Privacy Commissioner of Canada. Between April and September 2023,…
Read More… from 23andMe fined £2.31 million for failing to protect UK users’ genetic data
Camilo Artiga-Purcell, General Counsel at Kiteworks, identifies some of the ever-increasing risks and potential consequences of rushing to use AI in legal practice Picture a partner at a leading UK law firm, racing to finalise a high-stakes merger. With a deadline looming, they turn to a free online AI tool, uploading sensitive deal documents for…
Read More… from AI Data Leaks & Shadow AI: The Legal Minefield Facing UK Organisations in 2025
The Online Safety Act 2023 established the basis for creation of an online safety super-complaints regime. The process will allow for complaints about systemic issues (features or conduct of regulated services) to be raised with the regulator where those issues are, appear to be, or present a material risk of: For the online safety super-complaints…
Read More… from Super-complaints regime for online safety due to come into force on 31 December 2025
UK law Data (Use and Access) Bill finally passes through Parliament and heads for Royal of Assent The Data (Use and Access) Bill finally completed its passage through the UK parliament on 11 June 2025. It was the third attemot at data protection reform in the UK and this final attempt was subject to a…
Ofcom has opened formal investigations into online discussion board 4chan and seven file-sharing services – Im.ge, Krakenfiles, Nippybox, Nippydrive, Nippyshare, Nippyspace and Yolobit. Ofcom has not received responses to its statutory information requests, to which services are legally required to respond. It also says that it has received complaints about the potential for illegal content…
Read More… from Ofcom opens nine new investigations under Online Safety Act 2023
During its latest plenary, the European Data Protection Board (EDPB) adopted the final version of its guidelines on Article 48 GDPR about data transfers to third country authorities. The EDPB also discussed the European Commission’s request for a joint EDPB-EDPS opinion on the draft proposal on the simplification of record-keeping obligation under the GDPR. Finally,…