UK law
CMA launches investigation into hotel chains
The Competition and Markets Authority has launched an investigation into suspected sharing of competitively sensitive information among competing hotel chains – Hilton, IHG Hotels and Marriott – using the hotel data analytics tool STR, owned by CoStar. All four businesses are under investigation. Companies use various types of data analytics tools and algorithms to help them make commercial decisions. The CMA’s investigation reflects the CMA’s wider commitment to ensuring new technologies support fair competition and do not harm consumers. For example, it has issued guidance for businesses on using algorithms. The CMA has also published a blog post on AI and collusion.
TPC consults on amendments to Upper Tribunal Rules for Online Safety Act appeals
The Tribunal Procedure Committee is consulting on proposed amendments to the Upper Tribunal Procedure Rules to support the new rights of appeal created by the Online Safety Act 2023. It seeks views on introducing a clear time limit for applications for permission to appeal by persons with a sufficient interest in Ofcom’s regulatory decisions, and on whether to change the default costs position so that the Upper Tribunal has greater discretion to award costs in Online Safety Act cases. The consultation ends on 21 May 2026.
ICO consults on draft updated guidance on research, archiving and statistics provisions following DUAA 2025
The ICO is consulting on draft updated guidance about research, archiving and statistics. The updated guidance follow the introduction of the Data (Use and Access) Act 2025 (DUAA 2025). It includes revised criteria for scientific research as there have been requests for greater clarity. The consultation also asks for views about the ICO’s approach to the new disproportionate effort exemption under section 77 of the DUAA 2025, which exempts organisations from the requirement to inform data subjects when re-using previously collected data for research purposes. The consultation ends on 27 April 2026.
EU law
European Commission consults on draft Guidance on EU Cyber Resilience Act
The European Commission is consulting on guidance on how to apply the Cyber Resilience Act in practice. The guidance aims to help manufacturers, developers, and other stakeholders understand their obligations under the Regulation and ensure a consistent approach across the EU. It will clarify how key provisions of the Regulation should be interpreted and implemented. The consultation ends on 31 March 2026.
European Commission holds first meeting of Special Panel on child safety online
European Commission President Ursula von der Leyen has hosted the first meeting of the Special Panel on child safety online. The panel will make recommendations aimed at better protecting and empowering children online and will explore the need for potential harmonised age restrictions to access social media. It examined the current evidence related to the risks and benefits from children’s use of social media and other online activities, such as gaming, messaging apps or AI. The participants focused on the responsibility of tech companies, and discussions revolved around several points, including age-appropriate safety by design, addictive features and algorithms, as well as digital literacy for children, their parents and teachers. Participants also discussed existing measures taken within the EU and in third countries. The next panel meetings will consider the advantages for minors in accessing online spaces, assessing how existing approaches can prevent risks and harms without jeopardising benefits. The Panel aims to present a report with recommendations by summer 2026.
