On August 9, 2023, the UK’s Information Commissioner’s Office (ICO) and Competition and Markets Authority (CMA) released a joint position paper (the Paper) focused on “harmful” website design practices that may “trick” consumers into giving more access to their personal information. The Paper is targeted at web designers and developers, and it will be particularly relevant to consumer-facing organizations that target the UK market. It builds on joint work that the ICO and CMA have been engaged in since May 2021, when the regulators issued a joint statement promising a “joined up approach to regulation.” Announcing the Paper’s release, the ICO also revealed that it will be assessing cookie banners of the most frequently used websites in the UK, with a view to taking action against harmful designs.Continue Reading UK Regulators Signal Increased Focus on “Damaging” Website Design Practices
Tom Evans
UK Privacy Regulator Continues to Focus on Children’s Privacy
Updated Guidance for Edtech Providers
The UK Privacy Regulator (ICO) recently updated its guidance on privacy compliance for providers of education technologies (Edtech). This should be seen as a call to action for Edtech providers…
Continue Reading UK Privacy Regulator Continues to Focus on Children’s PrivacyEU and U.S. Finalize Data Privacy Framework: Here’s How to Get Certified
On July 10, 2023, the European Commission (EC) adopted an adequacy decision in relation to the EU-U.S. Data Privacy Framework (DPF). This paves the way for organizations to certify to the DPF, reducing friction for transfers of personal data from the EU to the U.S., and allowing companies to simplify their compliance with EU data flow restrictions. It thus represents a major development in the regulation of data flows from the EU to the U.S.Continue Reading EU and U.S. Finalize Data Privacy Framework: Here’s How to Get Certified
UK and U.S. Commit to Establish a “Data Bridge” to Facilitate the Free Flow of Personal Data
On June 8, 2023, the UK and the U.S. governments issued a joint statement announcing that they had committed in principle to the establishment of a “UK Extension to the Data Privacy Framework,” which would facilitate flows of personal data between the two countries (the “Data Bridge”).Continue Reading UK and U.S. Commit to Establish a “Data Bridge” to Facilitate the Free Flow of Personal Data
Europe Prepares for a New Era in AI Regulation
In Europe, recent advances in artificial intelligence (AI) have given rise to intense debate over how this technology should be regulated. Companies that have developed AI tools, or who are considering implementing AI, should assess the implications of recent legislative developments and regulatory action. This alert discusses the most recent legislative and regulatory developments in Europe and identifies key steps companies should take in light of these developments.Continue Reading Europe Prepares for a New Era in AI Regulation
UK Brings Forward Legislation to Streamline the GDPR
In March 2023, the UK government published the Data Protection and Digital Information (No. 2) Bill (the bill). If enacted, the bill will introduce significant changes to the UK’s data protection laws, with the aim…
Continue Reading UK Brings Forward Legislation to Streamline the GDPR