The Information Commissioner's Office (ICO) has published its report alongside a press release following a review into the gathering and use of children's data in financial services, particularly from services supplying them...more
In honour of the International Association of Privacy Professionals (IAPP) London 2025 conference , we hosted a webinar on European privacy litigation. This post summarises some of the key UK privacy cases we covered in that...more
On March 26, 2025, the UK data protection regulator (the Information Commissioner’s Office (“ICO”)) fined Advanced Computer Software Group Ltd (“Advanced”) £3.07 million (approximately $4 million). In 2022, Advanced suffered...more
On 27 March 2025, the UK Information Commissioner’s Office (ICO) issued a £3.07 million fine to an IT services provider following a ransomware attack in 2022 that affected the company’s health care business. The ransomware...more
UK Government Publishes Research Report on Proposed Cyber Governance Code of Practice - The UK Department for Science, Innovation and Technology (“DSIT”) published a research report detailing results from a pilot of the...more
What happened? The UK Information Commissioner’s Office (ICO) has released updated guidance on ‘consent or pay’ business models. These models present users with a choice to either consent to the processing of their...more
UK Data Regulator Expands Cookie Compliance Review Across the UK’s Top 1,000 Websites - The UK Information Commissioner's Office (“ICO”) has announced an expanded review of advertising cookie practices to encompass the...more
In a December, the Information Commissioner’s Office (ICO) responded to Google’s decision to lift a prohibition on device fingerprinting (which involves collecting and combining information about a device’s software and...more
A new decision by the United Kingdom’s high court says that even if you have cookie and marketing consent mechanisms that are sufficient for valid consent under privacy laws for the general public, they may not be enough for...more
On 23 October 2024, the Data (Use and Access) Bill (the “DUAB”) was introduced to Parliament. The DUAB is the Labour government’s answer to the perceived shortfalls of the since-abandoned Data Protection and Digital...more
Illinois Courts Split over Whether Biometric Privacy Law Amendment Applies Retroactively - Two federal judges in the Northern District of Illinois have taken conflicting views on the issue of whether the Illinois...more
Artificial Intelligence (“AI”) use in business has proliferated in recent years; risks arising from this therefore must be managed. Whilst the use of AI can drive significant efficiency gains for most businesses, the...more
As further initiatives come in to play and legislation is on the horizon, existing regulators (such as the ICO, CMA, Ofcom and FCA) continue to press on with their approach to AI regulation, including through the Digital...more
As the EU presses ahead with its implementation of the AI Act, the UK continues to develop its evolutionary approach to AI policy and regulation. As the new Labour Government starts to implement its perspective and ahead of a...more
On October 23, the UK Government’s House of Lords had its first reading of a new proposed data protection bill, the Data (Use and Access) Bill (“DUA Bill”), as sponsored by the Department of Science, Innovation, and...more
The Upper Tribunal (UT) has overturned a decision by the First-tier Tribunal (FTT), relating to a Monetary Penalty Notice (MPN) that was issued by the Information Commissioner (ICO). All of this stemmed from a cyber-attack...more
The English High Court recently granted a bank permission to transfer personal data disclosed in court proceedings to an authority in Ukraine, a country without UK GDPR adequacy status. The Judge found that the transfer fell...more
CFPB Director Chopra Emphasizes “Pressing Need” for Data Protections - On June 12, 2024 and June 13, 2024, Consumer Financial Protection Bureau Director Rohit Chopra appeared before the Senate Banking Committee and the...more
During 2023, privacy protection and artificial intelligence regulation continued apace and their implications continued to be a major focus in Israel and around the world. In Israel, this was reflected in a number of...more
If you feel like every day you wake up to a new data privacy law or piece of guidance, you’re not dreaming. Regulation and rulemaking are happening faster than ever before. The complexities relating to ethical data usage are...more
Clearview AI Inc's successful challenge to the ICO’s £7.5 million fine focused on the limits of the UK GDPR’s jurisdictional reach, succeeding on the grounds that Clearview’s processing activities were outside the scope of...more
Alongside the recent CJEU judgment on automated decision making in Schufa (see the Allen & Overy blog ) there are a range of developments related to ADM in other jurisdictions. UK developments - The UK Parliament is...more
2023 saw a surge in interest in the application of generative AI within business models. So, if AI and data protection was your favourite genre of 2023, or if you found it to be a broken record, this post consolidates and...more
On 9 November 2023, the UK Office of Communications (Ofcom) issued its first set of draft guidance on the UK’s long-anticipated Online Safety Act (OSA), which aims to protect online users against illegal and harmful content....more
Clearview AI was issued with an enforcement action including a fine of around £7.5million and an order to delete certain data by the ICO for breaches of the UK GDPR in relation to its facial recognition data. The Tribunal...more