Lara White (UK)

Subscribe to all posts by Lara White (UK)

Artificial Intelligence (Regulation) Bill: UK Private Members’ Bill underscores wide-spread regulatory concerns

By Marcus Evans (UK), Lara White (UK), Michael Sinclair (UK) and Rosie Nance on November 28, 2023 Posted in Artificial Intelligence

A Private Members’ Bill, the Artificial Intelligence (Regulation) Bill (the Bill), has been introduced into House of Lords (the UK’s upper House of the UK Parliament) and is currently at the second Parliamentary stage. The King’s Speech, which set out the agenda for the current Parliamentary session, did not contain any proposals from the Government for legislation on AI, … Continue reading

Informative preparatory papers on state of frontier AI and potential safety risks for UK AI Safety Summit published

By Marcus Evans (UK) and Lara White (UK) on October 27, 2023 Posted in Artificial Intelligence

On 26 October, the UK prime minister gave a speech on the AI Safety Summit to be hosted in the UK on 1 and 2 November. The summit will bring together representatives from large lab AI companies, world governments and civil society to discuss safety risks arising from frontier AI. Frontier AI is “highly capable … Continue reading

UK Information Commissioner’s Office Publishes Final Guidance On Employee Monitoring

By Lara White (UK), Rosie Nance and Olivia Wint on October 12, 2023 Posted in Data Protection, Fintech

The UK Information Commissioner’s Office (ICO) published its final guidance on monitoring workers on 3 October 2023 (the Guidance). The Guidance is aimed at employers across both the private and public sector. Responding to the rise of remote working and new technologies available to monitor employees, the ICO has looked to provide clear direction on … Continue reading

An overview of the European digital strategy

By Lara White (UK), Miranda Cole and Polina Maloshchinskaia on October 2, 2023 Posted in Data Protection, General

We have published an article, EU: An overview of the European digital strategy, explaining the aims and key components of the EU digital strategy, outlining at a high-level key legislation that has been published in this space in the past three years and highlighting the way in which the various legislative instruments interact with each … Continue reading

European Commission adopts its adequacy decision for the EU-US Data Privacy Framework

By Lara White (UK), Marcus Evans (UK), Susan Ross (US), Jurriaan Jansen, Christoph Ritzer (DE) and Nadège Martin (FR) on July 11, 2023 Posted in Fintech

On 10 July, the European Commission adopted its adequacy decision for the EU-US Data Privacy Framework (the DP Framework). It thereby declared that the United States (the US) ensures an adequate level of protection for personal data transferred from the EU to US companies that have self-certified their adherence to the DP Framework Principles. More … Continue reading

The ICO urges organisations to start using privacy enhancing technologies to share personal data safely, securely and anonymously

By Olivia Wint and Lara White (UK) on June 26, 2023 Posted in General, Privacy law

On 19 June 2023, the UK Information Commissioner’s Office (the ICO) published guidance on privacy enhancing technologies (or PETs) (the Guidance). The Guidance sits alongside the ICO’s recommendation that organisations should, if they haven’t already, start using PETs to share personal data safely, securely and anonymously. Structure of the Guidance The Guidance is split into … Continue reading

New commitments in principle regarding UK to USA data transfer mechanism

By Lara White (UK), Marcus Evans (UK) and Fiona Bundy-Clarke (UK) on June 13, 2023 Posted in Data Protection

On 8 June 2023, the UK Secretary of State for Science, Innovation, and Technology and the US Secretary of Commerce issued a joint Statement confirming that the UK and the USA have committed in principle to establishing a “data bridge” to allow for the free flow of data between organisations in the UK and participating … Continue reading

Privacy notices – the ICO follows the lead of the EU data protection authorities in their interpretation of Article 13 UK GDPR

By Marcus Evans (UK) and Lara White (UK) on June 6, 2023 Posted in General

Introduction On 15 May, the ICO published the monetary penalty notice (MPN) in relation to the £12.7 million fine it imposed on TikTok in April. This MPN and its accompanying annexes set out details of TikTok’s non-compliance with data protection law and the reasons why the ICO considered that a fine was appropriate. Whilst a … Continue reading

Schrems II – Irish DPC finally issues its decision – suspension order, deletion/ repatriation of data and fine

By Lara White (UK), Marcus Evans (UK), Christoph Ritzer (DE), Jurriaan Jansen and Nadège Martin (FR) on May 25, 2023 Posted in General

Introduction: On 22 May, the Irish Data Protection Commissioner (the DPC) published its decision against Meta Platform Ireland Ltd (Meta Ireland) in relation to Facebook’s transfer of user’s personal data to the US (the Decision). In it, the DPC ordered Meta Ireland to suspend Facebook’s future transfers of personal data to the U.S. within five … Continue reading

The AI Act – A step closer to the first law on Artificial Intelligence

By Lara White (UK) and Marcus Evans (UK) on May 18, 2023 Posted in General

On 11 May 2023, members of the European Parliament passed their compromise text of the AI Act (the AI Act) at the committee stage, taking this law a step closer to being finalised. The compromise text (the Parliament Draft), which amends the Commission’s original proposal, includes quite a large number of amendments, some of which … Continue reading

Everyone is using ChatGPT what does my organisation need to watch out for

By Marcus Evans (UK), Lara White (UK) and Steve Roosa (US) on April 27, 2023 Posted in Cybersecurity, Fintech

In December 2022, OpenAI released ChatGPT, a powerful AI-powered chatbot that could handle users’ questions and requests for information or content in a convincing and confident manner. The number of users signing up to use the tool increased very rapidly, with users using the tool to write letters, edit text, generate lists, prepare presentations and … Continue reading

UK AI White Paper

By Marcus Evans (UK) and Lara White (UK) on March 29, 2023 Posted in Data Protection, General

At last, UK Government publishes its White Paper on AI – “A pro-innovation approach to AI regulation” – an opportune start, but as expected, a framework with detail to follow… The Department for Science, Innovation and Technology, has finally published its AI regulation white paper (the ‘White Paper’). Here are the key elements: What AI … Continue reading

EDPB Guidelines on international transfers: 6 key takeways

By Marcus Evans (UK) and Lara White (UK) on March 13, 2023 Posted in General

EDPB Guidelines on the interplay between Article 3 and the provisions in Chapter V of the General Data Protection Regulation on international data transfers On 14 February 2023, the European Data Protection Board (EDPB) published its Guidelines on the interplay between Article 3 and the provisions in Chapter V of the General Data Protection Regulation … Continue reading

New guidance on direct marketing

By Ali Fazeli-Nia, Lara White (UK) and Janine Regan (UK) on January 10, 2023 Posted in Data Protection, Privacy law

Introduction On 5 December 2022, the Information Commissioner’s office (ICO) published its new guidance on direct marketing (the Direct Marketing Guidance). The Direct Marketing Guidance is accompanied by various resources, including checklists, FAQs, an online training module, specific guidance relating to SMEs, B2B marketing, data brokers, political campaigning and direct marketing in the public sector. … Continue reading

Draft European Commission EU-US Data Privacy Framework adequacy decision published

By Marcus Evans (UK), Lara White (UK), Shiv Daddar (UK) and Janine Regan (UK) on December 13, 2022 Posted in Data Protection, Privacy law

On 13 December, the European Commission launched the process to adopt an adequacy decision for the EU-US Data Privacy Framework (EU-US DPF). The draft decision – available here – addresses the concerns raised by the Court of Justice of the European Union (CJEU) in its Schrems II decision of July 2020. These concerns centred around … Continue reading

New UK guidance on Transfer Risk Assessments

By Lara White (UK) and Fiona Bundy-Clarke (UK) on December 8, 2022 Posted in Data Protection, Data Transfer

On 17 November 2022, the Information Commissioner’s Office (ICO) published an update to its guidance on international transfers (Transfers Guidance). This included specific guidance about transfer risk assessments or TRAs and a tool for undertaking TRAs (the TRA Guidance and TRA Tool, respectively). In its blog post accompanying the updated Transfers Guidance, the ICO makes … Continue reading

Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities: Paving the way toward adequacy

By Shiv Daddar (UK), Marcus Evans (UK) and Lara White (UK) on October 18, 2022 Posted in Privacy law

As reported in our previous blogpost, on 7 October 2022, the US White House published an Executive Order on enhancing safeguards for United States signals intelligence activities (EO). In this blogpost, we set out the key points to note, including the background to the EO, what it does and does not do and what organisations … Continue reading

First part of EU/ US Transatlantic Data Protection Framework published today

By Marcus Evans (UK), Lara White (UK) and Susan Ross (US) on October 7, 2022 Posted in Data Transfer

On 7 October 2022, the US White House published the Executive Order on enhancing safeguards for United States signals intelligence activities. This action is the first part of the US legal apparatus required for the EU Commission to find certain transfers to the US to be adequate. It is also likely in due course to … Continue reading

Belgian DPA fines IAB Europe over its consent framework’s GDPR violations

By Wil Kim and Lara White (UK) on February 11, 2022 Posted in Compliance and risk management

On 2 February 2022, the Belgian Data Protection Authority (the BDPA) fined IAB Europe for various infringements in relation to the IAB Transparency and Consent Framework. This decision could have a huge impact on the majority of players in the online adtech ecosystem who rely on the framework. Background The Interactive Advertising Bureau Europe’s (IAB) … Continue reading

UK finally publishes revised standard form international data transfer agreements and conversion addendum for the use of revised EU SCCs

By Lara White (UK) and Marcus Evans (UK) on January 31, 2022 Posted in Data Transfer

The UK government has finally published the UK’s own standard form international data transfer agreement (UK IDTA) for transferring personal data outside the UK to countries not deemed to have adequate data protection regimes. It has also published a standard form international data transfer addendum to the revised EU SCCs (EU SCC UK Conversion Addendum) … Continue reading

UK Government sets out proposals to shake up UK data protection laws

By Marcus Evans (UK), Lara White (UK) and Sahar Bhaimia on September 28, 2021 Posted in Compliance and risk management, General

On 10 September 2021, the UK Government published its consultation paper on proposals to reform the UK’s data protection regime. The deadline for responding to the consultation is 19 November 2021. In August, the Government announced that it intended to “seize the opportunity” afforded by the UK’s exit from the European Union to makes some … Continue reading

The UK Government unveils its post-Brexit plans to shake up data protection laws

By Lara White (UK), Marcus Evans (UK) and Isabella Martinez-Sistac Orozco on August 27, 2021 Posted in General, Privacy law, Regulatory response

On 26 August 2021, in a move that puts it on a potential collision course with the EU, the UK Government made a number of announcements relating to the future of the UK’s data protection regime, with the stated intention of “seizing the opportunity” by “developing a world leading data policy that will deliver a … Continue reading

It must be as easy to reject cookies as it is to accept them: 40 additional organizations on the radar of the CNIL

By Lara White (UK) and Barbara Ghebali (FR) on July 27, 2021 Posted in Enforcement, Regulatory response

As part of its global strategy to ensure compliance with its new cookies mandatory guidelines, and as announced in its priority control themes for 2021, in May 2021 the CNIL issued formal notices to over twenty organizations (including international actors in the digital economy and some public bodies) for not enabling users to accept or … Continue reading

The EDPB publishes its finalised version of the Recommendations on supplementary measures

By Marcus Evans (UK), Lara White (UK) and Christoph Ritzer (DE) on June 22, 2021 Posted in Data Transfer, Regulatory response

On 21 June 2021, the European Data Protection Board (EDPB) published its finalised version of the Recommendations on supplementary measures (the Recommendations) to assist companies comply with the Schrems II judgement. This comes just a couple of weeks after the European Commission (the Commission) published new, revised Standard Contractual Clauses (New SCCs) (read our blog … Continue reading