A much-anticipated Opinion from the European Data Protection Board (EDPB) on AI models and data protection has not resulted in the clear or definitive guidance that businesses operating in the EU had hoped for. The Opinion emphasises the need for case-by-case assessments to determine GDPR applicability, highlighting the importance of accountability and record-keeping
Continue Reading EU: EDPB Opinion on AI Provides Important Guidance though Many Questions Remain
This is Part 3 in a series of articles on the European Health Data Space (“EHDS“). Part 1, which provides a general overview of the EHDS, is available here. Part 2, which deals with the requirements on the manufacturers of EHR-Systems under the EHDS, is available here.
This article provides an
Continue Reading EU: EHDS – Access to health data for secondary use under the European Health Data Space
Déjà vu in the world of UK data law: the Labour government has proposed reforms to data protection and e-privacy laws through the new Data (Use and Access) Bill (“DUAB“). The DUAB follows the previous government’s unsuccessful attempts to reform these laws post-Brexit, which led to the abandonment of the Data Protection
Continue Reading UK: Data (Use and Access) Bill: newcomer or a familiar face?
The EU Data Act is one of the cornerstones of the EU’s Data Strategy and introduces a new and horizontal set of rules on data access and use to boost the EU’s data economy. Most of the provisions of the Data Act will become applicable as of 12 September 2025. To assist stakeholders in the
Continue Reading EU: Data Act Frequently Asked Questions answered by the EU CommissionThe UK has made several consequential amendments to its primary electronic surveillance law, the Investigatory Powers Act (“IPA”). These changes have the potential to impact the development of certain privacy-enhancing services by technology companies, whilst also widening the scope of the government’s access to certain electronic datasets. There is also the possibility of
Continue Reading UK: Changes to UK surveillance and communications law: the Investigatory Powers (Amendment) Act 2024.Disclaimer: This article first appeared in the June 2024 issue of PLC Magazine, and is available at http://uk.practicallaw.com/resources/uk-publications/plc-magazine.
In order to capture the benefits of data-driven innovation, the EU and the UK are taking action to facilitate data sharing across various industries.
In the EU, the European Commission is investing €2
Continue Reading EU/UK: Data-Sharing Frameworks – A State of Play in the EU and the UK
On Monday 29 April, new cyber security requirements entered into force in the United Kingdom. They apply to connected products sold to consumers and place obligations on the manufacturers, importers and distributors of those products.
Background
The Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023 (Regulations) are the
Continue Reading UK: New cyber security requirements for consumer products
Disclaimer: The blogpost below is based on a previously published Thomson Reuters Practical Law practice note (EU AI Act: data protection aspects (EU)) and only presents a short overview of and key takeaways from this practice note. This blogpost has been produced with the permission of Thomson Reuters, who has the copyright over the
Continue Reading Europe: The EU AI Act’s relationship with data protection law: key takeawaysThe ICO has issued an enforcement notice which provides valuable insights into its approach to the use of biometrics in the workplace, and the lawfulness of employee monitoring activities more broadly.
On 23 February 2024, the Information Commissioner’s Office (“ICO”) ordered Serco Leisure Operating Limited (“Serco”), an operator of leisure facilities, to stop using facial
Continue Reading UK: Enforcement Against the Use of Biometrics in the WorkplaceAuthors: James Clark and Verena Grentzenberg
The Court of Justice of the European Union (CJEU) has delivered an important judgment on the scope and interpretation of the ‘automated decision-making’ framework under the GDPR. It is a decision that could have significant implications for service providers who use algorithms to produce automated scores, profiles
Continue Reading EU: Significant new CJEU decision on automated decision-making
