UK

Subscribe to UK via RSS

On February 13, 2026, the UK Competition and Markets Authority (CMA) announced its (December 2025) decision to fine Euro Car Parks £473,000 (approximately $645,000) for failing to respond to an information notice issued under the Digital Markets Competition and Consumers Act (DMCCA).Continue Reading Stay Within the Lines: UK CMA Fines Parking Company for Noncompliance with Information Notice on Consumer Protection

On February 5, 2026, key reforms to the UK’s data protection regime came into force, effectuating a departure from certain aspects of the EU regime and underscoring an emerging divergence between the UK and EU frameworks. These changes introduce new flexibility in areas such as cookie consent, automated decision-making (ADM) and processing of data for scientific research purposes, while raising the bar for compliance in areas such as the handling of data relating to minors.Continue Reading Reforms to UK Data Protection and Privacy Laws Come into Force

Consumer protection in digital markets has become a major public concern in recent years, and the UK is the latest jurisdiction to introduce legislation aimed at enhancing protections online. The Digital Markets, Competition, and Consumers Act (DMCCA or the Act) introduces significant overhauls to the UK’s legal framework, with implications for businesses with online operations.Continue Reading Consumer Protection in the UK: Update on Reforms Taking Effect in 2025 and 2026

On June 19, 2025, the UK Data (Use and Access) Act 2025 was enacted, marking the culmination of a lengthy legislative process aimed at reshaping aspects of the country’s data protection regime. First proposed in 2021 as part of a government strategy titled, “Data: a new direction,” the legislation has undergone several rounds of revision since its initial introduction. Its passage reflects the UK’s desire to diverge, in measured ways, from the EU’s approach to data regulation in the post-Brexit landscape.Continue Reading UK Introduces New Legislation Amending Privacy Laws

On April 24, 2025, the UK’s Office of Communications, commonly known as Ofcom—the regulator responsible for enforcing the UK’s Online Safety Act (OSA)—issued its Protecting Children from Harm Online Statement. The statement requires online services to conduct and document a children’s risk assessment in accordance with the OSA by July 24, 2025. Services will be required to implement measures to protect children from content that is harmful to them by July 25, 2025.Continue Reading The UK’s Online Child Safety Duties Are Coming into Force: Steps to Take Now

On March 27, 2025, the Information Commissioner’s Office (ICO) announced a fine of 3 million GBP (3.9 million USD) against a software provider (the company) for security deficiencies following a ransomware incident (e.g., lack of multi-factor authentication (MFA)). This is the first time the ICO has fined a processor under the UK’s General Data Protection Regulation (GDPR). This post provides an overview of the decision and outlines the key points companies should consider, including the security measures the ICO expects them to implement.Continue Reading UK Regulator Issues Three Million GBP Monetary Penalty in Connection with Ransomware Attack

On January 14, 2025, the UK government unveiled a proposed framework aimed at combating the rise of ransomware attacks by implementing a payment prevention and reporting regime. This would require companies to not only report all ransomware incidents, but also to declare whether they intend to pay a ransom. The government also announced that it proposes to ban public bodies and infrastructure providers from making ransom payments to cyber attackers. A public consultation is open until April 8, 2025.Continue Reading Ransomware Attacks: UK Government Proposes Ransom Payment Ban and Mandatory Notification Requirements