UK

UK: Will UK cyber reforms keep step with NIS2?

By Nicholas De Lacy-Brown, Josh Turner & James McGachie on April 17, 2025

Since its announcement during the King’s Speech on 17 July 2024, there has been much anticipation over the contents of the Cyber Security and Resilience Bill (“CS&R Bill“) and in particular the extent to which it will bring the UK into alignment with its European counterpart, the NIS2 directive. Currently, cyber regulation in…

UK: Data (Use and Access) Bill: newcomer or a familiar face?

By Rachel de Souza, Andrew Dyson & James Clark on November 5, 2024

Posted in New laws, Privacy Law, UK

Déjà vu in the world of UK data law: the Labour government has proposed reforms to data protection and e-privacy laws through the new Data (Use and Access) Bill (“DUAB“). The DUAB follows the previous government’s unsuccessful attempts to reform these laws post-Brexit, which led to the abandonment of the Data Protection…

UK: The UK Cybersecurity and Resilience Bill – a different approach to NIS2 or a British sister act?

By Nicholas De Lacy-Brown, Henry Kilding, James McGachie & Rachel de Souza on October 1, 2024

Posted in Cyber security, Digital Decade, EU data governance, EU privacy, New laws, Privacy Law, UK

In the much anticipated first King’s Speech of the new Labour Government on 17 July 2024, the monarch announced that the long anticipated Cybersecurity and Resilience Bill (CS&R Bill) would be amongst those new laws making their way onto Parliament’s schedule for the next year. Six years on from the implementation of the …

UK: Data protection authority issues reprimand to gambling operator for unlawfully processing personal data

By David Cook, Benjamin Fellows, Mateusz Wojcik & Shervin Nahid on September 25, 2024

Posted in Adtech, Cookies, Enforcement, UK

On 16 September 2024, the UK’s data protection authority, the Information Commissioner’s Office (ICO), issued a reprimand against Sky Betting and Gaming (SkyBet) for unlawfully processing people’s data through advertising cookies without their consent.

Between 10 January and 3 March 2023, SkyBet’s website dropped third-party AdTech cookies to visitors’ browsers before…

EU/UK: Data-Sharing Frameworks – A State of Play in the EU and the UK

By Heidi Waem, Simon Verschaeve, Muhammed Demircan, James Clark & Laura Dobson on June 6, 2024

Posted in Data Sharing, Digital transformation, EU Commission, EU data governance, EU privacy, New laws, UK

Disclaimer: This article first appeared in the June 2024 issue of PLC Magazine, and is available at http://uk.practicallaw.com/resources/uk-publications/plc-magazine.

In order to capture the benefits of data-driven innovation, the EU and the UK are taking action to facilitate data sharing across various industries.

In the EU, the European Commission is investing €2…

UK: ICO and Ofcom approach to regulation of online services

By Alexa Smith & Rachel de Souza on May 13, 2024

Posted in New laws, Privacy Law, UK

In the UK, there is currently heightened regulatory scrutiny and increased public interest in children’s data protection and online harm, with a raft of new guidance and regulation from both the ICO and Ofcom, the chief regulator of the Online Safety Act, in relation to children’s safety online.

Since the introduction of the ICO’s Children’s…

UK: New cyber security requirements for consumer products

By James Clark on May 1, 2024

Posted in Cyber security, UK

On Monday 29 April, new cyber security requirements entered into force in the United Kingdom. They apply to connected products sold to consumers and place obligations on the manufacturers, importers and distributors of those products.

Background

The Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023 (Regulations) are the…