UK government responds to call for views on enterprise connected device security The government has responded to its call for views on enterprise connected device security which ran from 12 May to 4 August 2025. The response includes an overview of the feedback received and key themes that emerged, as well as the next steps…
BCC errors still cause a good deal of regulatory intervention. Dr W Kuan Hon has catalogued some below. This table supplements an article on the data protection risks of not using BCC available here. Below, in reverse chronological order of decision publication date, are selected (non-exhaustive) examples, as at March 2026, of incidents where emails…
Read More… from TABLE: Enforcement action & publicity for not using BCC
Dr W Kuan Hon and Dr Eoin Woods highlight the ongoing data protection issues caused by not using BCC and suggest some technical solutions. Introduction Sending bulk emails with recipients listed in the TO or CC fields rather than using Blind Carbon Copy (BCC) is a commonly occurring data security incident, with over 2,000 such…
Read More… from Avoiding Privacy & Data Protection Breaches when Emailing Multiple Recipients
Olga Sevriuk rounds up some recent cases that highlight the legal risks of sharing sensitive client data with public AI chatbots and agents and the lessons that can be learned. The evolving landscape of AI safety Nowadays the AI adoption often outpaces the development of regulatory and governance frameworks. As a result, AI increasingly influences…
Read More… from Safe AI: How to Interact with AI and Agents Without Breaching the Law
The European Commission is investigating if Snapchat is ensuring a high level of safety, privacy and security for children online in compliance with the Digital Services Act (DSA). It suspects that Snapchat is breaching the DSA by exposing minors to grooming attempts and recruitment for criminal purposes, as well as to information about sale of…
Read More… from European Commission investigates Snapchat’s compliance with DSA
UK Law Data (Use and Access) Act 2025 (Consequential Amendments and Transitional Provision) Regulations 2026 made The Data (Use and Access) Act 2025 (Consequential Amendments and Transitional Provision) Regulations 2026 SI 2026/386 have been made. They make various amendments to legislation in consequence of sections 117, 118 and 119(1) of the Data (Use and Access) Act…
As part of the ICO’s AI and biometrics strategy, which it published in June 2025, it made the use of automated decision-making (ADM) in recruitment a key regulatory focus. It said that it would: It has now published a report setting out its findings to date and its regulatory expectations based on those findings. The…
Read More… from ICO consults on updated guidance on automation in recruitment
UK law Online Safety (CSEA Content Reporting by Regulated User-to-User Service Providers) Regulations 2026 made The Online Safety (CSEA Content Reporting by Regulated User-to-User Service Providers) Regulations SI 2026/268 have been made. They come into force on 7 April 2026 and set out the legal requirements for services to comply with the child sexual exploitation…
UK law Business and Trade Committee holds inquiry on AI, business and the future of the workforce The House of Commons Business and Trade Select Committee is holding an inquiry into AI to better understand the opportunities and costs for businesses and the workforce, and to make recommendations on government priorities. It says that AI…
Sophie Stalla-Bourdillon looks at the controversial CJEU decision in EDPS v SRB and how other courts are interpreting anonymisation in its wake. The judgment of the Court of Justice of the European Union (CJEU) in EDPS v SRB has become a pivotal reference point in recent debates on the definition of personal data and the…
Read More… from Cracking the Anonymisation Test: Early Lessons following EDPS v SRB