Hunton Andrews Kurth LLP (LexBlog United Kingdom)

The UK Information Commissioner’s Office and the UK regulator for communications and online safety, Ofcom, issued a joint statement regarding their collaboration on the regulation of online services.

On April 12, 2024, the UK Information Commissioner's Office launched the third installment in its consultation series examining how data protection law applies to the development and use of generative AI.

On April 3, 2024, the UK Information Commissioner’s Office published its 2024-2025 priorities for protecting children’s personal data online.

On April 1, 2024, the U.S. and UK signed a Memorandum of Understanding that details how the U.S. and UK will work together to develop tests for advanced AI models.

On March 18, 2024, the UK Information Commissioner’s Office published new data protection fining guidance on how the ICO decides to determine penalties and calculate fines.

On March 1, 2024, the UK Information Commissioner's Office announced that it had issued an enforcement notice and a warning to the UK Home Office for failing to sufficiently assess the privacy risks posed by the electronic monitoring of people arriving in the UK via unauthorized means.

On February 22, 2024, the Federal Trade Commission announced a settlement order against Avast Limited requiring the company to pay $16.5 million and prohibit the company from selling or licensing any web browsing data for advertising purposes.

On February 23, 2024, the UK Information Commissioner’s Office reported that it had ordered public service providers Serco Leisure, Serco Jersey and associated community leisure trusts to stop using facial recognition technology and fingerprint scanning to monitor employee attendance.

On February 16, 2024, the UK Information Commissioner's Office published its first piece of guidance on content moderation.

On February 6, 2024, the UK government published a response to the consultation on its AI Regulation White Paper. This blog entry provides key takeaways from the response.

On January 31, 2024, the UK ICO released a statement in response to its requirement that the UK's biggest websites comply with data protection laws when using cookies. The ICO said that it received "an overwhelmingly positive response," with 38 of the 58 organizations having changed their cookie banners in order to come into compliance.

On January 24, 2024, the UK National Cyber Security Centre announced it had published a report on its assessment of the near-impact of AI on the cyber threat landscape.

On January 18, 2024, the UK Information Commissioner’s Office (“ICO”) published an updated Opinion on age assurance for the Children’s Code (the “Opinion”). The Children’s Code is a statutory code of practice setting out how information society services likely to be accessed by children should protect children’s information rights online. According to the ICO, the...

On January 15, 2024, the UK Information Commissioner's Office announced that it has launched a consultation series on generative AI.

On December 18, 2023, the updated response from UK Information Commissioner John Edwards to the Data Protection and Digital Information (No 2) Bill was published on the UK ICO’s website.

On December 12, 2023, the UK Information Commissioner’s Office announced that it is producing an online resource relating to employment practices and data protection.

On November 22, 2023, the Artificial Intelligence Bill was introduced into the UK Parliament’s House of Lords.

On November 27, 2023, the UK government announced the first global guidelines to ensure the secure development of AI technology, which were developed by the UK National Cyber Security Centre and the U.S. Cybersecurity and Infrastructure Security Agency, in cooperation with industry experts and other international agencies and ministries.

On November 23, 2023, the UK government’s National Cyber Security Centre and the Republic of Korea’s National Intelligence Service issued a joint advisory detailing techniques and tactics used by cyber actors linked to the Democratic People’s Republic of Korea that are carrying out software supply chain attacks.

On November 21, 2023, the UK Information Commissioner’s Office issued a statement explaining that it has recently written to companies operating some of the UK’s most visited websites regarding their compliance with data protection laws when using cookies.

On November 8, 2023, the UK Information Commissioner’s Office and the European Data Protection Supervisor announced they have signed a Memorandum of Understanding intended to reinforce their “common mission to uphold individuals’ data protection and privacy rights, and cooperate internationally to achieve this goal”.

On November 1, 2023, 29 nations, including the U.S., the UK, the EU and China, reached a ground-breaking agreement, known as the Bletchley Declaration.

On October 26, 2023, the UK Online Safety Act received Royal Assent, making it law in the UK.

On October 17, 2023, The First-tier Tribunal of the UK General Regulatory Chamber allowed an appeal by Clearview AI Inc against an enforcement notice and fine issued by the UK’s Information Commissioner’s Office.

On October 3, 2023, the UK Information Commissioner’s Office published new Guidance on lawful monitoring in the workplace, designed to help employers comply with their obligations under the UK General Data Protection Regulation and the Data Protection Act 2018.

On September 21, 2023, the UK Information Commissioner’s Office published an opinion on the UK Government’s assessment of adequacy for the UK Extension to the EU-U.S. Data Privacy Framework.

On September 21, 2023, UK Secretary of State for Science, Innovation and Technology Michelle Donelan laid regulations in the UK Parliament, giving effect to a UK-U.S. Data Bridge.

On September 12, 2023, the UK Information Commissioner, John Edwards, and the Chief Executive of the National Cyber Security Centre (NCSC) of the UK, Lindy Cameron, signed a joint Memorandum of Understanding (MoU) that sets forth a framework for cooperation and information sharing between the ICO and the NCSC.

Starting in 2024, US citizens traveling to 30 European countries (most of western Europe except for the UK), will need to get pre-approval from the EU authorities before traveling.

On June 19, 2023, the UK Information Commissioner’s Office (“ICO”) recommended that organizations start using privacy enhancing technologies (“PETs”) to share personal information safely, securely and anonymously. The ICO also has issued new guidance on PETs which is aimed at those using large data sets in finance, healthcare, money laundering and cybercrime. The guidance contains...