Disclaimer: This article first appeared in the June 2024 issue of PLC Magazine, and is available at http://uk.practicallaw.com/resources/uk-publications/plc-magazine.

In order to capture the benefits of data-driven innovation, the EU and the UK are taking action to facilitate data sharing across various industries.

In the EU, the European Commission is investing €2

Continue Reading EU/UK: Data-Sharing Frameworks – A State of Play in the EU and the UK

On Monday 29 April, new cyber security requirements entered into force in the United Kingdom.  They apply to connected products sold to consumers and place obligations on the manufacturers, importers and distributors of those products.


The Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023 (Regulations) are the

Continue Reading UK: New cyber security requirements for consumer products

Disclaimer: The blogpost below is based on a previously published Thomson Reuters Practical Law practice note (EU AI Act: data protection aspects (EU)) and only presents a short overview of and key takeaways from this practice note. This blogpost has been produced with the permission of Thomson Reuters, who has the copyright over the

Continue Reading Europe: The EU AI Act’s relationship with data protection law: key takeaways

The ICO has issued an enforcement notice which provides valuable insights into its approach to the use of biometrics in the workplace, and the lawfulness of employee monitoring activities more broadly.

On 23 February 2024, the Information Commissioner’s Office (“ICO”) ordered Serco Leisure Operating Limited (“Serco”), an operator of leisure facilities, to stop using facial

Continue Reading UK: Enforcement Against the Use of Biometrics in the Workplace

Authors: James Clark and Verena Grentzenberg

The Court of Justice of the European Union (CJEU) has delivered an important judgment on the scope and interpretation of the ‘automated decision-making’ framework under the GDPR.  It is a decision that could have significant implications for service providers who use algorithms to produce automated scores, profiles

Continue Reading EU: Significant new CJEU decision on automated decision-making

The European Data Protection Board has published new guidelines (14 November 2023) on the scope of Article 5(3) of the e-Privacy Directive – i.e., the so-called ‘cookie rule’.  

These guidelines apply a maximalist interpretation to the cookie rule, meaning that a wide variety of technologies other than traditional cookies are, in the opinion of the

Continue Reading EU: New EDPB guidelines on the scope of the ‘cookie rule’


A UK court has reversed a fine imposed on the provider of a facial image database service, Clearview AI, on the basis that the (UK) GDPR did not apply to the processing of personal data by the company. In so doing, the court has provided helpful judicial interpretation of both the territorial and material scope

Continue Reading Clearview AI -v- Information Commissioner

What is the European Health Data Space?

On 3 May 2022, the EU Commission published a draft Regulation on the European Health Data Space (“HDS”).  The Regulation is the first sector-specific proposal in the Commission’s “European Strategy for Data”, which aims at creating a ‘single market for data’.  In so doing, the Commission
Continue Reading The European Health Data Space – 5 Things You Need to Know

What has happened?

The European Union has today announced ‘agreement in principle’ with the United States on a new data transfer framework, intended to replace the Privacy Shield framework that was struck down in the 2020 Schrems II decision of the Court of Justice of the European Union.

The agreement was announced in a joint
Continue Reading Privacy Shield 2.0? EU and US announce potential new data transfer framework

Experiencing a global pandemic has provided us with many examples of the importance of scientific research to our lives.  Meanwhile, a sometimes popular (mis)conception is that data protection laws – and particularly the GDPR – are a barrier to the effective use of personal data for research. Consequently, new guidance from the UK’s Information Commissioner’s
Continue Reading UK: New guidance on processing personal data for scientific research purposes