UK – Debevoise Data Blog

Cybersecurity

ICO Dawn Raids: How to respond and what you can do to prepare – An FAQ

By: Robert Maddox and Aisling Cowell September 25, 2024

In the UK, unannounced inspections of businesses’ premises, or “dawn raids”, are most often associated with authorities such as the Serious Fraud Office, National Crime Agency, Competition and Markets Authority…

Automated Decision Making

European Data Protection Roundup – June 2024

By: Robert Maddox, Friedrich Popp, Fanny Gauthier, Sophie Michalski, Léa Lascoux, Deniz Tanyolac and Samuel Thomson July 30, 2024

Our top five European data protection developments from June are: Non-material damage under GDPR: The CJEU clarified the scope of compensation for non-material damage in the context of identity theft…

Automated Decision Making

European Data Protection Roundup – May 2024

By: Robert Maddox, Friedrich Popp, Martha Hirst, Michiko Wongso, Anna Chirniciuc, Alexander McGinley, Deniz Tanyolac and Samuel Thomson June 27, 2024

Our top five European data protection developments from May are: UK guidance on ransom payments: The UK NCSC and various insurance industry bodies co-published guidance on key considerations for ransomware…

Artificial Intelligence

The UK’s Use of Competition and Consumer Laws to Regulate AI

By: Avi Gesser, Timothy McIver, Robert Maddox, Martha Hirst and Alfred Scott June 25, 2024

As the European Union edges ever-closer to formally enacting the EU AI Act, attention is turning to how other jurisdictions will approach AI regulation. In the UK, individual regulators will…

Artificial Intelligence

The UK’s Emerging Approach to AI Regulation

By: Avi Gesser, Matt Kelly, Robert Maddox, Martha Hirst and Scott Morrison February 22, 2024

Almost a year after it initially published its White Paper on AI Regulation (the “AI White Paper”) and launched its associated consultation, the UK government has published its consultation response…

Data Transfers

Reminder: UK International Data Transfer Deadline Approaching

By: Robert Maddox, Martha Hirst and Samuel Thomson January 31, 2024

In 2022, the UK ICO published the International Data Transfer Agreement (“IDTA”) and the International Data Transfer Addendum to the European Commission’s Standard Contractual Clauses (“the Addendum”). In short, the…

Artificial Intelligence

UK Financial Regulators Publish Response to AI Consultation – Seven Takeaways

By: Avi Gesser, Robert Maddox, Benjamin Lyon, Clare Swirski, Martha Hirst and Ryan Fincham October 31, 2023

On 26 October 2023, the Bank of England, Prudential Regulation Authority (“PRA”) and Financial Conduct Authority (“FCA”, collectively the “UK Financial Authorities”) published FS2/23 on Artificial Intelligence and Machine Learning…

Artificial Intelligence

Eight GDPR Questions when Adopting Generative AI

By: Avi Gesser, Robert Maddox, Friedrich Popp and Martha Hirst October 10, 2023

As businesses adopt Generative AI tools, they need to ensure that their governance frameworks address not only AI-specific regulations such as the forthcoming EU AI Act, but also existing regulations,…

Automated Decision Making

European Data Protection Roundup – August 2023

By: Robert Maddox, Friedrich Popp, Aisling Cowell, Stephanie Thomas, Tristan Lockwood, Melissa Muse, Melyssa Eigen, Maria Epishkina and David Z. Rochelle September 27, 2023

Key takeaways from August include: Conflicts of interest: Businesses should consider re-evaluating their data protection officer’s role and responsibilities, including dual roles on boards and committees, to prevent conflicts of interest…

Business

UK Online Safety Bill Passed – An FAQ

By: Robert Maddox, Martha Hirst and Allegra De Lorenzo September 26, 2023

After years of deliberation, the UK passed its long-awaited Online Safety Bill (the “OS Bill”). It imposes content moderation requirements on certain online platforms and service providers to address illegal…