In October 2024, the UK government introduced the Data (Use and Access) Bill (the Data Bill) to Parliament. The Data Bill represents a third attempt by UK ministers to bring about reforms to the UK’s data protection and ePrivacy regimes. If enacted, the Data Bill will introduce changes to the existing regime, including by reducing restrictions on automated decision-making and enhancing powers for the UK’s privacy regulator. It will also lay the groundwork for new “Smart Data” schemes, which will in future require companies operating in certain industries to share data with authorized and regulated third parties.Continue Reading UK Brings Forward Bill to Reform UK Privacy Laws

The Artificial Intelligence Act (AI Act) is the first comprehensive legislation that intends to regulate AI horizontally across all sectors in Europe. It will have far reaching consequences on all companies developing, implementing, or using AI solutions in the EU and beyond. These FAQs provide key information you should know before the AI Act is adopted, and some tips on what you can already be doing to prepare. To learn more, click here to read Wilson Sonsini’s updated FAQs.”Continue Reading Updated: 10 Things You Should Know About the EU Artificial Intelligence Act

On April 3, 2024, the UK Information Commissioner’s Office (ICO) released a statement setting out its priorities for protecting children’s privacy online. The priorities reflect the ICO’s strategy for the next phase of implementing its Children’s code of practice (also known as the “AADC”) and signal a focus by the regulator on the operations of social media and video-sharing platforms (platforms). The ICO will look at platforms’ default settings for children’s profiles, recommender systems and how they obtain consent to the processing of children’s data. The statement also indicates that the ICO will conduct audits of EdTech providers to identify privacy risks and potential noncompliance with applicable legislation.Continue Reading UK Privacy Regulator Details Next Stages of Its Strategy to Protect Children Online

On February 28, 2024, the UK’s Information Commissioner (commissioner) confirmed that the regulator’s focus areas in 2024 will include artificial intelligence (AI), cookies, biometrics, and children’s privacy.Continue Reading UK Privacy Regulator to Focus on AI, Cookies, Biometrics, and Children’s Privacy, and Consult on “Consent or Pay” Models

On December 8, 2023, the EU finally agreed on the world’s first comprehensive legal framework on AI: the AI Act. EU lawmakers reached a political agreement on a series of controversial issues after record-long negotiations. They are expected to formally adopt the agreed text within the next couple of months. If adopted, the AI Act will ban certain AI systems, regulate general purpose AI (GPAI), impose heavy obligations on high-risk AI systems, subject to high fines, and support innovation through regulatory “sandboxes.” The AI Act will have an extraterritorial reach. Being the first law of its kind globally, the AI Act has the potential to establish a benchmark for AI regulation in other regions, just as the EU General Data Protection Regulation (GDPR) has accomplished.Continue Reading EU Lawmakers Reach Political Agreement on the AI Act

The Online Safety Bill (OSB or Bill) passed its final reading in the UK’s Parliament in September 2023. The Bill will become law in the coming weeks, ushering in a new era for the regulation of digital services in the UK. Online platforms and search services that fall within the scope of the legislation will be subject to proactive content risk assessment and mitigation duties oriented at protecting users, regardless of where those services are established. The Bill has attracted considerable media attention due to its anticipated impact on the operation of online services in the UK, as well as the potential for it to interfere with freedom of speech.Continue Reading Flagship Online Safety Bill Moves Closer to Enactment in the UK: Who Will Be in Scope and What Will It Require?

On September 21, 2023, the UK Government announced the establishment of the “UK-US data bridge” (the Bridge), also known as the UK Extension to the EU-U.S. Data Privacy Framework (the DPF). The announcement promises to simplify compliance issues surrounding the transfer of personal data from the UK to the U.S.Continue Reading UK-U.S. Data Bridge Commencement Date Announced