June Data Wrap: A snapshot of key regulatory developments

A sneaky entry into the June data wrap given that it was actually announced on Monday 10 July, but the European Commission (the “Commission“) has now adopted its adequacy decision for the EU-US Data Privacy Framework (the “Framework“). The decision means that personal data can now freely flow to organisations participating in the Framework without … Read more

April Data Wrap: A snapshot of key regulatory developments

In light of the multiple announced investigations across Europe in relation to Open AI and its Chat GPT Service, April saw the EDPB launch a dedicated task force to “foster cooperation and to exchange information on possible enforcement actions conducted by data protection authorities”. The speed with which this coordinated taskforce was set up highlights … Read more

March Data Wrap: A snapshot of key regulatory developments

March saw the UK Government recommence its efforts to reform the UK data regime by introducing the aptly named “Data Protection and Digital Information Bill (No.2)” to Parliament on 8 March 2023. The second draft bill supersedes the original version that was paused in September to allow ministers to rethink their approach and engage in … Read more

HAPPY INTERNATIONAL DATA PRIVACY DAY: OUR PREDICTIONS FOR 2023

Happy International Data Privacy Day for Saturday! And what better reason than that to explore what 2023 is likely to have in store for data and privacy? We are just over one year on from the UK government hinting that it might think outside the box in terms of data protection regulation. Two years on … Read more

Transfer Impact Assessments – divergence between EDPB and ICO approaches

Now that the deadlines have passed for implementing: EU Standard Contractual Clauses (“EU SCCs”) into all new and existing contractual arrangements involving restricted transfers of data under the EU GDPR; and the UK equivalent to the EU SCCs (the UK specific International Data Transfer Agreement (“IDTA“) or the EU SCCs in combination with the UK … Read more

Pseudonymised data is personal data – but in whose hands? ICO calls for views on third chapter of draft anonymisation guidance

On 7 February 2022, the Information Commissioner’s Office (“ICO“) announced the publication of the third chapter of its draft guidance on anonymisation, pseudoymisation and privacy enhancing technologies (the “Draft Guidance“). Following on from the first and second chapters published on 28 May 2021 and 8 October 2021, respectively, which focus on anonymisation, the new third … Read more

Online Privacy Code: More Transparency and Minimum Standards for Online Platforms in Australia

 G20 nation moves to modernised privacy code for online platforms, including binding rules. The proposed scope – and stakes for industry players – is substantial. On 25 October 2021, the Australian Attorney-General’s department released, for public consultation, an exposure draft bill introducing amendments to the Privacy Act 1988 (Cth) (the Privacy Legislation Amendment (Enhancing Online Privacy and … Read more