UK law
UK government consults on data intermediaries
Data intermediaries are third-party organisations that act on behalf of individuals to exercise their data subject rights under data protection legislation. Services range from secure personal data storage to donating health data to support scientific research. Last year’s call for evidence identified key issues affecting data intermediaries, individuals, data controllers, data processors and other stakeholders. These include awareness: many people do not know their data subject rights or how they could benefit from using them; friction: third-party data access requests are often slow and burdensome, and data controllers lack the incentives to improve this; and legal ambiguity: confusion about the legal roles of data intermediaries and the ability to delegate data subject rights to them, which underpins the other challenges. The UK government is now consulting on legislative and non-legislative options to address these issues. Some options are more direct, others are quicker to implement, and some aim to deliver longer-term structural change. The options are intended to be complementary and can be taken forward individually or together. The consultation ends on 21 August 2026.
Ofcom updates crisis event protocol
Ofcom is publishing a statement that sets out new measures to be included in the Illegal Content Codes of Practice and Protection of Children Codes of Practice to respond appropriately to a crisis event. Ofcom defines a crisis as an “extraordinary situation in which there is a serious threat to public safety in the UK”, which is highly likely to have resulted from a significant increase in relevant content. Such crises are exceptional, and this means that online service providers’ usual content moderation systems and processes may not be sufficient in such circumstances. In June 2025, Ofcom consulted on several additional safety measures, including a measure recommending that certain service providers set up a crisis response protocol. Ofcom is now introducing two measures. The first recommends that service providers should prepare and apply a crisis protocol to mitigate and manage the risks arising from a significant increase in relevant illegal content and/or content harmful to children on their services. The second measure recommends that service providers have a dedicated communication channel through which law enforcement can contact them on crisis-related matters during a crisis. The measures are intended to ensure that service providers within scope can act promptly and effectively during a crisis. They will help make sure that service providers have appropriate systems and processes in place to enable rapid and coordinated action when a crisis emerges.
IPO launches Knowledge Asset Management Hub
The Intellectual Property Office (IPO) has launched the Knowledge Asset Management Hub. This new resource is designed to help universities and other research institutions identify, protect and commercialise their intellectual property (IP) and broader knowledge assets. IP-intensive sectors, including advanced manufacturing, clean technology, digital services, and life sciences, represent a substantial share of the UK’s economic output. The launch sits within the context of the UK’s Industrial Strategy, which identifies IP, standards and regulation as foundational levers for long-term growth. Effective knowledge asset management at the institutional level is integral to translating that innovation and strategic ambition into tangible economic outcomes.
Foreign Affairs Committee publishes the Government response to its report “Disinformation diplomacy: How malign actors are seeking to undermine democracy”
The House of Commons Foreign Affairs Select Committee has published the government’s response to its report, which partially agrees with the Committee’s recommendations to require social media companies to make algorithms transparent, to launch a National Counter Disinformation Centre, and to include provisions in the Representation of the People Bill to tackle AI-generated content and algorithmic bias for political advantage. The government response disagrees with the Committee’s recommendation to amend the Online Safety Act (OSA) to oblige social media companies to provide transparency of user location. It states that “the OSA provides one of the strongest online safety frameworks in the world, placing clear duties on platforms to tackle illegal content, including electoral offences, harassment and abuse, and related harms, including where it is AI-generated”.
EU law
EDPB consults on common data breach notification template
In line with the European Data Protection Board’s Helsinki Statement to make GDPR compliance easier and strengthen consistency across Europe, the EDPB has adopted a common template for data breach notifications, which will be subject to an implementation process. The EDPB common template for data breach notifications has been conceived to help organisations and Data Protection Authorities (DPAs) structure, harmonise and unify their data breach notification processes. The template will help ensure that notifications contain the information required by Article 33 GDPR (on the notification of a personal data breach to the DPA), making it easier for organisations to submit a timely notification and facilitating the assessment of the case by the responsible DPAs. The template provides predefined options to choose from, and further guidance on how to fill in the fields. This will help save time and costs, particularly for smaller organisations lacking dedicated Data Protection Officers or legal resources. The EDPB is consulting on the new template until 5 August 2026, after which the EDPB will decide on the timeline for the practical implementation of the template by all national regulators.
