The ICO has fined genetic testing company 23andMe £2.31 million for failing to implement appropriate security measures to protect the personal information of UK users, following a large-scale cyber-attack in 2023. The penalty follows a joint investigation conducted by the ICO and the Office of the Privacy Commissioner of Canada. Between April and September 2023,…

Read More… from 23andMe fined £2.31 million for failing to protect UK users’ genetic data

Camilo Artiga-Purcell, General Counsel at Kiteworks, identifies some of the ever-increasing risks and potential consequences of rushing to use AI in legal practice Picture a partner at a leading UK law firm, racing to finalise a high-stakes merger. With a deadline looming, they turn to a free online AI tool, uploading sensitive deal documents for…

Read More… from AI Data Leaks & Shadow AI: The Legal Minefield Facing UK Organisations in 2025

The Online Safety Act 2023 established the basis for creation of an online safety super-complaints regime. The process will allow for complaints about systemic issues (features or conduct of regulated services) to be raised with the regulator where those issues are, appear to be, or present a material risk of: For the online safety super-complaints…

Read More… from Super-complaints regime for online safety due to come into force on 31 December 2025

Ofcom has opened formal investigations into online discussion board 4chan and seven file-sharing services – Im.ge, Krakenfiles, Nippybox, Nippydrive, Nippyshare, Nippyspace and Yolobit.  Ofcom has not received responses to its statutory information requests, to which services are legally required to respond. It also says that it has received complaints about the potential for illegal content…

Read More… from Ofcom opens nine new investigations under Online Safety Act 2023

During its latest plenary, the European Data Protection Board (EDPB) adopted the final version of its guidelines on Article 48 GDPR about data transfers to third country authorities. The EDPB also discussed the European Commission’s request for a joint EDPB-EDPS opinion on the draft proposal on the simplification of record-keeping obligation under the GDPR. Finally,…

Read More… from EDPB publishes final version of guidelines on data transfers to third country authorities and SPE training material on AI and data protection

Amanda Chaboryk, Chris Cartmell, and Stephanie Baker, of PwC, raise some early considerations about the seemingly inevitable spread of agentic AI into legal departments IntroductionArtificial Intelligence (AI) has played an increasingly prominent role within legal, starting as early as the 90’s, when legal databases started incorporating natural language processing to optimise search and retrieval. Leaping…

Read More… from The (Speculative) Rise of AI Agents in Legal

Latin America is an incredibly diverse region. Yet, from the shores of Baja California to the windswept plains of Argentinian Patagonia, it arguably shares more cultural common ground than Europe does as a whole. Despite this, it lacks a unified market zone like the European Union. Where does the region stand on tech and privacy…

Read More… from SCL Podcast “Technology & Privacy Laws Around The World” – Episode 6: Latin America