Life With GDPR: Cathay Pacific Enforcement Action
Life With GDPR: Episode 30- British Airways Data Breach Enforcement Action
E18: ICANN Loses First GDPR Court Ruling in Germany
On 27 March 2025, the UK Information Commissioner’s Office (ICO) issued a £3.07 million fine to an IT services provider following a ransomware attack in 2022 that affected the company’s health care business. The ransomware...more
The guidelines specify the requirements for data controllers to conduct risk assessments related to the transfer or disclosure of personal data outside the Kingdom. ...more
The UK’s data protection regulator, the Information Commissioner’s Office (ICO), has recently announced investigations into three companies in connection with the use of children’s personal information. In a statement on...more
On February 20 2025, the Information Commissioner’s Officer (the ICO) published the third edition of the Tech Horizons Report (the Report). The Report identifies four new technologies expected to emerge over the next 2 to 7...more
What happened? The UK Information Commissioner’s Office (ICO) has released updated guidance on ‘consent or pay’ business models. These models present users with a choice to either consent to the processing of their...more
Welcome to your weekly update from the A&O Shearman pensions team, covering all the latest legal and regulatory developments in the world of workplace pensions. ICO guidance on using employment records The Information...more
On 16 January 2025, in an open statement and letter, the UK Information Commissioner, John Edwards, responded to the December 2024 letter from the UK Prime Minister, the Chancellor, and the Business Secretary....more
On January 24 2025, the UK’s Information Commissioner’s Office (ICO) published its response to a request from the Prime Minister, Chancellor and Business Secretary for regulatory proposals to improve business confidence and...more
In a December, the Information Commissioner’s Office (ICO) responded to Google’s decision to lift a prohibition on device fingerprinting (which involves collecting and combining information about a device’s software and...more
UK Data Regulator Responds to Google’s Policy Shift on Fingerprinting - Google announced that starting February 16, 2025, its platform program policies will change to remove the prohibition in its current policies against...more
The UK Information Commissioner’s Office (the ICO) has published guidance to help firms take steps to protect customers’ personal information when data is shared between firms to prevent fraud and scams....more
On 13 December 2024, the UK Information Commissioner’s Office (ICO) published the report of outcomes from its consultation on generative AI (genAI). The report sets out key themes that emerged from responses to the ICO’s...more
What happened? In an attempt to address ongoing regulatory uncertainty about how the UK General Data Protection Regulation (UK GDPR) and UK Data Protection Act 2018 apply to the development and use of generative artificial...more
After its election to power in July 2024, the newly formed Labour government wasted little time in announcing its legislative priorities for the coming year. Unsurprisingly, these priorities included several proposed Bills...more
The Digital Operational Resilience Act (DORA) establishes a harmonised and comprehensive framework for information and communication technology (ICT) risk management in the financial sector. It is a directly applicable EU...more
On 23 October 2024, the Data (Use and Access) Bill (the “DUAB”) was introduced to Parliament. The DUAB is the Labour government’s answer to the perceived shortfalls of the since-abandoned Data Protection and Digital...more
In December 2019, the UK Information Commissioner’s Office (ICO) imposed a fine of £275,000 on Doorstep Dispensaree Limited (DDL) for multiple contraventions of the GDPR. On December 9 2024, five years on and three judgments...more
On December 12 2024 the ICO published an outcomes report on its 2024 generative AI consultation series (the Report). The Report addresses five key areas regarding generative AI and its relation to data protection: -...more
On March 23 2018, the Information Commissioner’s Office (ICO) executed a warrant to enter and search the offices of Cambridge Analytica. The purpose of the search was to access records concerning its alleged use of personal...more
BCLP recently hosted a seminar on AI in HR. In this thought-provoking session, we considered how AI is used in HR and its regulation in the EU and the UK, and then engaged in some discussions around two theoretical scenarios....more
On 6 November 2024, the ICO published an outcomes report on AI tools in recruitment (the “Report”). This Report follows consensual audit engagements carried out by the ICO with developers and providers of AI tools to be used...more
The draft guidelines provide further clarification to the EDPB’s interpretation of legitimate interests, and suggest a potential divergence with the UK ICO....more
FTC Settles Allegations of Over Inflated Reviews with AI-Enabled Review Platform Sitejabber - On November 6, 2024, the Federal Trade Commission (“FTC”) announced a proposed settlement with GGL Projects, Inc., doing...more
On 6 November 2024, the Information Commissioner’s Office (ICO) published a report on the use of artificial intelligence (AI) in recruitment (the Report) following a series of consensual audits with developers and providers...more
As further initiatives come in to play and legislation is on the horizon, existing regulators (such as the ICO, CMA, Ofcom and FCA) continue to press on with their approach to AI regulation, including through the Digital...more