The Online Safety Bill (OSB or Bill) passed its final reading in the UK’s Parliament in September 2023. The Bill will become law in the coming weeks, ushering in a new era for the regulation of digital services in the UK. Online platforms and search services that fall within the scope of the legislation will be subject to proactive content risk assessment and mitigation duties oriented at protecting users, regardless of where those services are established. The Bill has attracted considerable media attention due to its anticipated impact on the operation of online services in the UK, as well as the potential for it to interfere with freedom of speech.Continue Reading Flagship Online Safety Bill Moves Closer to Enactment in the UK: Who Will Be in Scope and What Will It Require?

On August 9, 2023, the UK’s Information Commissioner’s Office (ICO) and Competition and Markets Authority (CMA) released a joint position paper (the Paper) focused on “harmful” website design practices that may “trick” consumers into giving more access to their personal information. The Paper is targeted at web designers and developers, and it will be particularly relevant to consumer-facing organizations that target the UK market. It builds on joint work that the ICO and CMA have been engaged in since May 2021, when the regulators issued a joint statement promising a “joined up approach to regulation.” Announcing the Paper’s release, the ICO also revealed that it will be assessing cookie banners of the most frequently used websites in the UK, with a view to taking action against harmful designs.Continue Reading UK Regulators Signal Increased Focus on “Damaging” Website Design Practices

On December 9, 2022, the UK Government’s Department for Digital, Culture, Media, and Sport (DCMS) published a voluntary Code of Practice for App Store Operators and App Developers (Code). The Code sets out eight core

Continue Reading UK Government Publishes New Code of Practice for App Store Operators and App Developers

On February 2, 2022, the UK privacy regulator (i.e., the Information Commissioner’s Office or the ICO) issued new model clauses to support data transfers from the UK. Subject to approval by the UK Parliament, the new model clauses will become effective March 21, 2022. Companies transferring personal data outside the UK will have until March 21, 2024 to update existing contracts, but should use the new model clauses for any new contracts they sign as of September 21, 2022.

Background
Continue Reading New Model Clauses for Personal Data Transfers Outside the UK

On November 10, 2021, the UK Supreme Court ruled[1] that class representatives in data privacy class action suits need to prove damage or distress suffered to be successful. Compensation cannot be granted simply by virtue of proving that a company violated the law. The case was heard under the UK’s pre-2018 data protection law, but the UK GDPR arguably does not change the essence of the Court’s ruling.[2]
Continue Reading Lloyd v. Google: UK Supreme Court Rejects Data Protection Class Action in Landmark Ruling

On December 24, 2020, the European Commission (EC) and UK government announced the long-awaited EU-UK Trade and Cooperation Agreement (the Brexit Agreement), which sets out the future relations between the EU and the UK. If approved, the Brexit Agreement will become effective on January 1, 2021, and will have the following repercussions:
Continue Reading The Privacy Impact of the New Brexit Deal