On 5 March 2024, the UK data protection regulator (ICO) published guidance on biometric recognition (the Guidance), following a consultation with stakeholders in October 2023. The Guidance clarifies the concept and properties of biometric data and provides practical considerations for organisations contemplating or using biometric recognition systems.Continue Reading ICO Publishes Biometric Data Guidance
AI Regulation in 2024 – Will The UK Continue to Remain The Outlier?
Earlier this year, the UK government released an AI white paper outlining its light-touch, pro-business proposal to AI regulation. Eight months on, and the UK appears to be sticking firm with this approach, with Jonathan Camrose (UK First Minister for AI and Intellectual Property) stating in a speech on 16 November 2023 that there will be no UK law on AI ‘in the short term’.
This stance has been taken in spite of the developments being made around the world in this area. The EU for example, by contrast, continues to make significant steps towards finalization and implementation of its landmark AI Act, with policy-makers announcing that they had come to a final agreement on the Act on 8 December 2023. Progress has also been made across the pond with President Biden issuing the executive order on Safe, Secure and Trustworthy Artificial Intelligence on 30 October 2023, with the intention of cementing the US as a world leader in the field. The UK’s reluctance to regulate in this area has been criticised by some as not addressing consumer concerns – but will this approach continue into 2024?Continue Reading AI Regulation in 2024 – Will The UK Continue to Remain The Outlier?
UK Information Commissioner Warns of Privacy Risks Around Generative AI
The UK Information Commissioner (ICO) was reportedly set to sound a note of caution recently, at Politico’s Global Tech Day, regarding the potential privacy risks that can arise in the context of generative artificial intelligence (AI).
Privacy risks of generative AI
While acknowledging the potentially significant advantages and benefits that generative AI can bring, both to organisations and society more generally, the ICO’s Exec Director of Regulatory Risk, Stephen Almond, was expected to reiterate to businesses the need to consider the potential data protection issues around generative AI, noting that ensuring the compliance of such technologies with applicable data protection laws needs to be robustly scrutinised.Continue Reading UK Information Commissioner Warns of Privacy Risks Around Generative AI
Messaging Apps Call for Re-evaluation of the Online Safety Bill
A number of encrypted messaging services have signed an open letter calling on the UK Government to reconsider various aspects of the Online Safety Bill (OSB) pending its final reading in the House of Lords, over concerns that the bill could threaten end-to-end encryption.
End-to-end encryption currently delivers a strong level of security for electronic messages, meaning that messages can only be read on the apps of the sender and intended recipient. Continue Reading Messaging Apps Call for Re-evaluation of the Online Safety Bill
UK Data Protection Regulator Updates its Guidance on Data Transfers
Introduction
Ahead of its much-anticipated guidance on the UK International Data Transfer Agreement / Addendum (IDTA) (the United Kingdom’s version of the EU standard contractual clauses (EU SCCs)), the UK data protection regulator, the Information Commissioner’s Office (ICO), has revised its guidance on international transfers of personal data under the UK GDPR (Transfer Guidance).Continue Reading UK Data Protection Regulator Updates its Guidance on Data Transfers
UK Takes Action Over Cybercrime
The United Kingdom and the United States joined forces last week in an initiative to combat ransomware attacks by sanctioning seven Russian nationals believed to be members of a hacking network. Together with U.S. authorities, the UK’s Foreign Office has reportedly identified the individuals in question, frozen their assets and imposed travel bans in respect of them.
Ransomware is a type of malware that typically renders systems or data inaccessible, often due to the encryption of files. Devices are often locked, and data may be leaked, in addition to being encrypted or deleted, unless and until the victim pays a “ransom” to the actors who deployed the ransomware in return for decryption. Continue Reading UK Takes Action Over Cybercrime
UK GDPR: What Will 2023 Hold for International Data Transfers?
International transfers of personal data under the UK GDPR are set to continue to be a key topic in 2023, in particular, regarding new UK adequacy regulations, transatlantic data flows, and updated guidance regarding the UK’s International Data Transfer Agreement (IDTA).
While 2022 saw the Department for Digital, Culture, Media & Sport (DCMS) and ICO comment on imminent updates on these issues, very little has actually materialised, leaving businesses and commentators alike hopeful that 2023 will be a year of increased certainty when undertaking restricted international transfers subject to the UK GDPR.Continue Reading UK GDPR: What Will 2023 Hold for International Data Transfers?
Incoming Privacy and Cybersecurity Developments in the UK
2023 will bring with it updates and reforms in relation to data protection and cybersecurity in the UK. The proposed changes are expected to place tighter restrictions on digital content; increase protection around the internet of things and connected products; and, to the delight of some, lighten compliance burdens with respect to personal data. A few highlights to watch out for are set out below:Continue Reading Incoming Privacy and Cybersecurity Developments in the UK
The UK Government’s Post-Brexit Agenda Will Affect the ICO’s Structure and Powers
The UK Government’s vision for a post-Brexit data protection regime includes controversial changes to the remit and workings of the Information Commissioner’s Office. In a Privacy Laws & Business article on possible ICO reform, Edward Machin considers what its proposed structure, duties and powers means for the independence of the regulator and its standing on…
UK Data Protection & Digital Information Bill: Key Proposals for Reform of the UK’s Data Protection Framework
On July 18, 2022, the UK Government introduced into Parliament the Data Protection and Digital Information Bill (the Data Reform Bill), which proposes legislation to reform the UK data protection regime. A recent article in Entertainment Law Review by Ropes & Gray attorneys Rohan Massey, Christopher Foo & Edward Machin analyzes the Data Reform Bill’s…