UK law
Investigatory Powers Act 2016 codes of practice published
Various codes of practice under the Investigatory Powers Act 2016 have been published. The codes of practice set out processes and safeguards for several investigatory powers.
CMA consults on releasing Google from Privacy Sandbox commitments
The Competition and Markets Authority is consulting on releasing Google from commitments after Google announced in April that it was abandoning plans to prompt users to decide if they want to block third party cookies from Chrome. The CMA commitments were put in place to ensure that Google’s Privacy Sandbox was developed in a way that benefits consumers. The CMA believes the commitments are no longer necessary and is now consulting before it takes a decision on whether to release them later this year. The consultation ends on 4 July 2025.
Ofcom consults on Media Act listed sporting events implementation
The Media Act makes significant changes to the listed events regime. Instead of being restricted to traditional broadcast channels, the updated regime will include any services which can be used to show live coverage of listed events to UK audiences – including Public Service Broadcasters’ (PSBs) on-demand players, global media platforms and other internet-based streaming services. The Media Act also changes the categories in which services are split, so that one category broadly includes only services provided by PSBs. All other services are in the other category. As part of implementing these changes, Ofcom is required to define several terms used in the regime. It must also revise its Code on listed events. The consultation ends on 8 August 2025.
New working group on using AI to prepare court documents
At its annual strategy meeting, the Civil Justice Council (CJC) agreed to set up a working group examining the use of AI by legal representatives for preparing court documents. The CJC’s statutory functions include (a) keeping the civil justice system under review, and (b) considering how to make the civil justice system more accessible, fair, and efficient. The Working Group will produce a consultation paper, followed by a final report, seeking to address the question of whether rules are needed to govern the use of AI by legal representatives for the preparation of court documents, including pleadings, witness statements, and expert reports.
EU law
Council and European Parliament reach deal on cross-border GDPR enforcement
The Council, represented by the Polish presidency of the Council of the EU, and the European Parliament have secured a provisional deal on a new law which aims to improve cooperation between national data protection authorities when they enforce the GDPR in cross-border cases. It deals with issues such as admissibility, the rights of complainants and parties under investigation, deadlines, swifter resolution of complaints and a simple cooperation procedure. The provisional agreement has to be confirmed by the Council and the European Parliament. The new rules will enter into force following the final adoption in both institutions.
European Parliament adopts rules aimed at combating child sexual abuse
The European Parliament has adopted its position on draft legislation to improve EU countries’ capacity to fight child sexual abuse effectively. It backed an update to EU-wide definitions of the crimes linked to child sexual abuse (CSA) and exploitation. The proposal is designed to adapt legislation to new technologies, for example artificial but realistic-looking deepfake CSA material, and ensure that abuse and solicitation can be prosecuted regardless of whether they occurred online or in the real world. To bring EU laws up to date with technological developments, MEPs want to criminalise explicitly the use of AI systems “designed or adapted primarily” for CSA crimes. They have also endorsed provisions on the livestreaming of CSA, and dissemination online of related material. To make investigations more effective, MEPs call for rules allowing undercover investigations and covert surveillance methods.
European Commission accepts commitments offered by AliExpress under the Digital Services Act and takes further action on illegal products
The European Commission has issued an update about its investigation concerning the compliance of AliExpress with the Digital Services Act. First, the Commission has accepted and made binding a series of commitments offered by AliExpress to settle several concerns, such as its transparency on advertising and recommender systems. Second, following its in-depth investigation, the Commission preliminarily found AliExpress in breach of its obligation to assess and mitigate risks related to the dissemination of illegal products under the DSA. The preliminary findings by the Commission are without prejudice to the final outcome of the investigation, as AliExpress may now exercise its rights of defence by examining the documents in the Commission’s investigation file and by replying in writing to the Commission’s preliminary findings. If the Commission’s preliminary view were to be ultimately confirmed, the Commission would adopt a non-compliance decision finding that AliExpress does not comply with articles 34 and 35 of the DSA, and impose a fine. In addition, such a non-compliance decision would oblige the provider of AliExpress to submit an action plan to remedy the infringement within a specified timeframe, to be approved by the Commission upon opinion of the Board of Digital Services Coordinators.
Coimisiún na Meán issues statutory information notice to X
Coimisiún na Meán has issued a statutory Information Notice to X Internet Unlimited Company, the provider of the platform X. Under Section 139O of the Irish Broadcasting Act, a statutory Information Notice requires the recipient to provide information relating to its compliance with the Online Safety Code. The information X has provided so far is not sufficient to assess whether X’s current measures are sufficient to protect children using the service. An Coimisiún is therefore using its statutory powers to seek further information. X must respond by 22 July 2025. Failure to comply with the Notice can result in criminal liability, including a fine of up to €500k. An Coimisiún will review the response from X and will consider whether it has complied with its obligations under Part A of the Online Safety Code and will then decide if further measures should be taken. X was designated by Coimisiún na Meán as a video-sharing platform service (VSPS) in December 2023 and so must comply with the Online Safety Code. The Code, which was fully adopted in October 2024, includes measures to protect people, especially children, from harmful video and associated content. Under Part A of the Code designated platforms must establish and operate age verification systems for users for content which may impair physical, mental, or moral development of minors. Under Part A, the term “age verification” includes effective age assurance measures including age estimation. An age assurance measure based solely on self-declaration of age by users of the service is not an effective measure under Part A.
