The guidelines specify the requirements for data controllers to conduct risk assessments related to the transfer or disclosure of personal data outside the Kingdom. ...more
3/24/2025
/ Data Controller ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
National Security ,
Personal Data ,
Regulatory Requirements ,
Risk Assessment ,
Risk Management ,
Saudi Arabia ,
UK
Illegal content safety duties came into full effect on 17 March 2025, shortly followed by children’s access assessment requirements.
The UK Online Safety Act (OSA) establishes an extensive regulatory framework for...more
The draft guidelines provide further clarification to the EDPB’s interpretation of legitimate interests, and suggest a potential divergence with the UK ICO....more
11/25/2024
/ Court of Justice of the European Union (CJEU) ,
Data Controller ,
Data Processors ,
Draft Guidance ,
EU ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Marketing ,
Multi-Factor Test ,
Personal Data ,
UK
Organisations must provide individuals with information on the specific recipients of their data upon request.
The Court of Justice of the European Union (CJEU) has ruled that organisations must generally disclose the...more
Areas of interest include anonymisation, “recognised legitimate interests”, and the ICO’s role.
The UK Data Protection and Digital Information Bill (the Bill) sets out the government’s proposals for reforming the current...more
8/19/2022
/ Anonymization ,
Compliance ,
Data Controller ,
Data Processors ,
Data Protection ,
Data Security ,
Electronic Communications ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Personal Data ,
Proposed Legislation ,
UK ,
UK Data Protection Act
The bill would largely build on the UK data protection regime’s EU GDPR-style framework, albeit with UK-specific provisions.
The UK government introduced the Data Protection and Digital Information Bill (the Bill) to...more
The French Data Protection Authority’s white paper discusses how companies can comply with data privacy and security obligations.
The use of card, contactless, and innovative digital payment solutions has significantly...more
11/9/2021
/ Anti-Money Laundering ,
Bank Secrecy Act ,
CNIL ,
Consultation ,
Data Collection ,
Data Protection ,
Data Protection Authority ,
European Central Bank ,
European Data Protection Board (EDPB) ,
France ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Mobile Payments ,
Open Payments ,
Payment Systems ,
PCI-DSS Standard ,
Personal Data ,
Sensitive Personal Information ,
White Papers
Online retailers storing credit card data for the sole purpose of facilitating further purchases will likely need to obtain consumer consent.
Online shopping has boomed in recent years. In 2020, the European statistics...more
7/8/2021
/ Credit Cards ,
Data Collection ,
Data Processors ,
Data Storage ,
E-Commerce ,
EU ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Internet Retailers ,
New Guidance ,
PCI-DSS Standard ,
Prior Express Consent ,
Retailers
An NFT is a special, one-of-a-kind digital asset that raises a number of novel legal questions.
Earlier this month, a blockchain firm bought a US$95,000 print by the British street artist Banksy, only to burn it in a...more
3/19/2021
/ Artists ,
Blockchain ,
Collateral ,
Cryptocurrency ,
Digital Assets ,
Digital Marketplace ,
Ethereum ,
Intellectual Property Protection ,
IP License ,
Non-Fungible Tokens (NFTs) ,
Popular ,
Royalties
As contactless transactions boom, EU regulators publish draft guidelines on the interplay between the GDPR and PSD2.
Last year, more than half of all payments in the UK were made by card and contactless methods, while cash...more
11/4/2020
/ Anti-Money Laundering ,
Anti-Terrorism Financing ,
Data Protection ,
EU ,
European Data Protection Board (EDPB) ,
Financial Institutions ,
General Data Protection Regulation (GDPR) ,
Member State ,
New Guidance ,
Payment Systems ,
Personal Data ,
PSD2
A ruling by the EU’s top court invalidates the key mechanism for transferring personal data from the EU to the US and imposes additional conditions for use of the standard contractual clauses.
On 16 July 2020, the Court of...more
After the recent two-year anniversary of the GDPR, one fundamental question remains — who does the GDPR apply to?
Last month marked the two-year anniversary of the General Data Protection Regulation (GDPR), but its...more
Judgment offers some comfort for data controllers, without eliminating the possibility of vicarious liability based on an employee’s actions.
The UK Supreme Court (UKSC) has ruled that WM Morrisons Supermarkets plc...more
UK data protection regulator demands companies in the RTB ecosystem re-evaluate privacy notices, use of personal data, and lawful basis.
The UK Information Commissioner’s Office’s (ICO’s) latest report into adtech and real...more
9/11/2019
/ Advertising ,
Auction ,
Consent ,
Cookies ,
DIFC ,
European Supervisory Authorities (ESAs) ,
Google ,
Information Commissioner's Office (ICO) ,
Information Reports ,
Online Advertisements ,
Personal Data ,
Regulatory Requirements ,
UK
Das ICO kündigt an, Bußgelder gegen British Airways und Marriott zu verhängen. Was ist passiert, wie geht es weiter?
Am 8. Juli 2019 kündigte das Information Commissioner’s Office (ICO) an, gegen British Airways wegen...more
The ICO issued notices of intent to fine British Airways and Marriott. What happened?
On 8 July 2019, the UK Information Commissioner’s Office (ICO) announced a notice of intent to fine British Airways £183.39 million (about...more
7/12/2019
/ British Airways ,
Corporate Fines ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Marriott ,
Popular ,
UK
GDPR and PSD2 are two legal initialisms that have both generated a great deal of press coverage in recent months, but they are seldom considered together.
There were around 122 billion non-cash payments in the European...more
The EU General Data Protection Regulation (GDPR) will come into force in May 2018, changing how businesses and the public sector manage customer information. With seven months before the deadline, governments, supervisory...more
On October 3, 2017, the Irish High Court announced that it will make a reference to the Court of Justice of the European Union (CJEU) for a preliminary ruling on the validity of the Standard Contractual Clauses, which allow...more
Her Majesty’s Government last week published a position paper outlining its preferred post-Brexit landscape for data protection. The high-level takeaways are hardly surprising: the government stresses that it intends to...more
The General Data Protection Regulation (GDPR or Regulation) will become applicable in one year, as of May 25, 2018. A lot has happened since we set out the key provisions of the Regulation last year....more
The European Banking Authority (EBA) has published its consultation document on security measures for operational and security risks under the revised Payment Services Directive (PSD2).
The WannaCry ransomware attack that...more
The Article 29 Working Party (WP29) – the group that represents the data protection authorities of all EU Member States – has published guidance and FAQs on a number of issues under the General Data Protection Regulation...more