Following consultation, Ofcom has published details about how it intends to set the fees and maximum penalties that will apply under the Online Safety Act. The Act specifies that the costs of Ofcom’s online safety work are to be funded by the tech companies it regulates. This is in line with how Ofcom is funded…
Ofcom has already introduced its first set of codes on illegal harms, and its Protection of Children Code will come into force in July 2025. Building on this work, Ofcom is now consulting on a further set of targeted safety measures designed to make online services safer by design. The proposals respond to calls for…
Read More… from Ofcom consults on additional online protections
After a troubled passage through parliament, the Data (Use and Access) Bill received Royal Assent on 19 June and is now the Data (Use and Access) Act 2025. It introduces amendments to the UK GDPR, the Data Protection Act 2018, and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2003/2426) (PECR). The Act…
Read More… from Data (Use and Access) Bill receives Royal Assent
UK law CMA publishes update on dynamic pricing The CMA has published an update on its investigation into dynamic pricing. It says that dynamic pricing can affect competition and consumer outcomes; and has issued guidance for businesses using dynamic pricing to help them comply with consumer law, and with the aim of building build trust…
After our recent podcast episode on privacy and tech laws in Latin America, two of the guests, Bárbara Lazarotto and Luz Orozco, stayed behind to share some additional insights with the host, Mauricio Figueroa. Bárbara Lazarotto Can you share a bit of the work you do at the Brussels Privacy Hub? What is like day-to-day and…
UK law Investigatory Powers Act 2016 codes of practice published Various codes of practice under the Investigatory Powers Act 2016 have been published. The codes of practice set out processes and safeguards for several investigatory powers. CMA consults on releasing Google from Privacy Sandbox commitments The Competition and Markets Authority is consulting on releasing Google…
The ICO has fined genetic testing company 23andMe £2.31 million for failing to implement appropriate security measures to protect the personal information of UK users, following a large-scale cyber-attack in 2023. The penalty follows a joint investigation conducted by the ICO and the Office of the Privacy Commissioner of Canada. Between April and September 2023,…
Read More… from 23andMe fined £2.31 million for failing to protect UK users’ genetic data
Camilo Artiga-Purcell, General Counsel at Kiteworks, identifies some of the ever-increasing risks and potential consequences of rushing to use AI in legal practice Picture a partner at a leading UK law firm, racing to finalise a high-stakes merger. With a deadline looming, they turn to a free online AI tool, uploading sensitive deal documents for…
Read More… from AI Data Leaks & Shadow AI: The Legal Minefield Facing UK Organisations in 2025
The Online Safety Act 2023 established the basis for creation of an online safety super-complaints regime. The process will allow for complaints about systemic issues (features or conduct of regulated services) to be raised with the regulator where those issues are, appear to be, or present a material risk of: For the online safety super-complaints…
Read More… from Super-complaints regime for online safety due to come into force on 31 December 2025
UK law Data (Use and Access) Bill finally passes through Parliament and heads for Royal of Assent The Data (Use and Access) Bill finally completed its passage through the UK parliament on 11 June 2025. It was the third attemot at data protection reform in the UK and this final attempt was subject to a…