On 20 November 2024, the EU Cyber Resilience Act (CRA) was published in the Official Journal of the EU, kicking off the phased implementation of the CRA obligations.
What is the CRA?
The CRA is a harmonising EU regulation, the first of its kind focusing on safeguarding consumers and businesses from cybersecurity threats.
Continue Reading EU: Cyber Resilience Act published in EU Official Journal
Déjà vu in the world of UK data law: the Labour government has proposed reforms to data protection and e-privacy laws through the new Data (Use and Access) Bill (“DUAB“). The DUAB follows the previous government’s unsuccessful attempts to reform these laws post-Brexit, which led to the abandonment of the Data Protection
Continue Reading UK: Data (Use and Access) Bill: newcomer or a familiar face?
Today marks the deadline for EU Member State implementation of the Network and Information Systems Directive II (“NIS2“) into national law.
NIS2 is part of the EU’s Cybersecurity Strategy and repeals and replaces the original NIS Directive which entered into force in 2016 (with Member State implementation by 9 May 2018). Much like
Continue Reading EU: NIS2 Member State implementation deadline has arrived
October has already been a busy month for the Court of Justice of the European Union (“CJEU”), which has published a number of judgments on the interpretation and application of the GDPR, including five important decisions, all issued by the CJEU on one day – 4 October 2024.
This article provides an overview
Continue Reading EU: CJEU Insight
In the much anticipated first King’s Speech of the new Labour Government on 17 July 2024, the monarch announced that the long anticipated Cybersecurity and Resilience Bill (CS&R Bill) would be amongst those new laws making their way onto Parliament’s schedule for the next year. Six years on from the implementation of the
Continue Reading UK: The UK Cybersecurity and Resilience Bill – a different approach to NIS2 or a British sister act?
On 18th July, the European Supervisory Authorities (“ESAs“) published the final versions of the second batch of their draft regulatory technical standards (RTS) and implementing technical standards (ITS), developed under the Digital Operational Resilience Act (DORA), as well as two sets of Guidelines.
Summary of draft
Continue Reading EU: European Supervisory Authorities issue second batch of technical standards under DORA
In the UK, there is currently heightened regulatory scrutiny and increased public interest in children’s data protection and online harm, with a raft of new guidance and regulation from both the ICO and Ofcom, the chief regulator of the Online Safety Act, in relation to children’s safety online.
Since the introduction of the ICO’s Children’s
Continue Reading UK: ICO and Ofcom approach to regulation of online services
The European Data Protection Board (“EDPB”) has adopted an Opinion (“EDPB Opinion”) on the validity of consent to process personal data for the purposes of behavioural advertising in the context of ‘consent or pay’ models deployed by large online platforms. The EDPB concludes that “in most cases”, the requirements of
Continue Reading Europe: EDPB issues Opinion on ‘consent or pay’ models deployed by large online platformsOn 7 March 2024, the Court of Justice of the European Union (CJEU) issued its judgment in the Endemol Shine case (C-740/22), holding that the concept of ‘processing’ under the GDPR includes the oral disclosure of personal data.
In its judgment, the CJEU not only provided clarity on the definition of “processing”
Continue Reading EU: CJEU confirms oral disclosures are considered ‘processing’ under the GDPR
In the evolving legal landscape of data protection, several decisions by data protection regulators and courts across the EU and UK underscore the importance of proactive GDPR compliance from a contractual perspective. These issues are being scrutinised more closely in corporate due diligence transactions and by regulators in the event of a data breach or
Continue Reading EU and UK: The importance of data processing agreements
