Marcus Evans

Photo of Marcus Evans

Marcus is a communications, media and technology lawyer based in London. He focuses on data privacy and IT services.

Subscribe to all posts by Marcus Evans

UK regulators’ strategic approaches to AI: a guide to key regulatory priorities for AI governance professionals

Background – white paper response on the UK’s approach to AI regulation In February 2024, the UK Department for Science, Innovation, and Technology (DSIT) set out the government’s proposed approach to AI regulation. It published a response to its consultation on its 2023 white paper, ‘A pro innovation approach to AI regulation’ (the White Paper). … Continue reading

EU confirms agreement on rules to improve working conditions of platform workers

On 11 March the Council of the EU confirmed the provisional agreement reached on the Platform Workers Directive (the Directive).  The Directive aims to improve the working conditions of those who work on platforms in the gig economy and will also regulate the use of algorithms by digital labour platforms.  Employment protection The EU suggests … Continue reading

Singapore releases New Guidelines on the Use of Personal Data in AI Systems

On 1 March 2024, Singapore’s Personal Data Protection Commission (PDPC) issued the Advisory Guidelines on the Use of Personal Data in AI Recommendation and Decision Systems (AI Advisory Guidelines). These AI Advisory Guidelines followed a public consultation which concluded in August 2023. Our blog post on the public consultation for the draft AI Advisory Guidelines … Continue reading

UK government’s response to AI White Paper consultation: next steps for implementing the principles

The authors acknowledge the assistance of Salma Khatab, paralegal, in researching and preparing some aspects of this blog The UK Department for Science, Innovation, and Technology (DSIT) has published its response to its consultation on its white paper, ‘A pro innovation approach to AI regulation’ (the Response). The Response outlines key investment initiatives and regulatory … Continue reading

ASEAN releases Joint Guide to ASEAN Model Contractual Clauses and EU Standard Contractual Clauses and AI Governance Guide 

On 1 and 2 February 2024, at the fourth 4th ASEAN Digital Ministers Meeting (ADGMIN) in Singapore, ASEAN[1] unveiled: We summarise and discuss both the Joint Guide and the ASEAN AI Governance Guide below. Joint MCC – SCC Guide To recap, the first part of the Joint MCC – SCC Guide (the Reference Guide) was … Continue reading

CNIL publishes a draft TIA guide

The Court of Justice of the European Union (CJEU)’s Schrems II decision[1] clarified strict rules for personal data transfers outside of the European Union.  The European Data Protection Board (EDPB) followed up with recommendations[2] setting out its expectations on what the Schrems II decision meant for carrying out a data transfer impact assessment (TIA) for … Continue reading

Singapore proposes Governance Framework for Generative AI

On 16 January 2024, Singapore’s Infocomm Media Development Authority (IMDA), in collaboration with the AI Verify Foundation, announced a public consultation on its draft Model AI Governance Framework for Generative AI (Draft GenAI Governance Framework), showing the areas where future policy interventions relating to generative AI may take place and options for such intervention. The … Continue reading

International Data Privacy Day: Unpacking recent significant ECJ decisions

A flurry of significant European Court of Justice judgments relating to data protection were published in the final few months of 2023. In celebration of International Data Privacy Day, in this 1 hour webinar our European data protection specialists will unpack the following four important judgments, looking at what was decided by the Court and … Continue reading

The EU AI Act: What obligations will apply to your business?

Political agreement was achieved at the beginning of December in relation to the EU’s AI Act (AIA) – the first major step in the regulation of artificial intelligence. Although the final texts are not yet available, the key elements are clear, with the “risk-based” approach at the heart of the AIA. Working from the last … Continue reading

The EU’s AI Act: the position is agreed

In the early hours of the morning of Saturday 9 December 2023, the European Parliament (the Parliament) and the Council of the EU (the Council) reached an agreement on the outstanding points on the EU’s Regulation on artificial intelligence (AI Act).  Talks had previously stalled over how to regulate AI trained on large amounts of … Continue reading

Artificial Intelligence (Regulation) Bill: UK Private Members’ Bill underscores wide-spread regulatory concerns

A Private Members’ Bill, the Artificial Intelligence (Regulation) Bill (the Bill), has been introduced into House of Lords (the UK’s upper House of the UK Parliament) and is currently at the second Parliamentary stage. The King’s Speech, which set out the agenda for the current Parliamentary session, did not contain any proposals from the Government for legislation on AI, … Continue reading

President Biden issues sweeping artificial intelligence directives targeting safety, security and trust

On October 30, 2023, after recognizing that Artificial Intelligence (AI) is the most consequential technology of our time and anticipating that it will accelerate more technological change in the next five to ten years than witnessed in the past fifty, President Biden issued an Executive Order directing actions to establish new AI standards. These directives, … Continue reading

Avoiding, Managing And Responding To Cyber Incidents

Lessons From Recent Enforcement Background The Financial Conduct Authority (FCA) announced on 13 October 2023 that it had fined Equifax Limited (Equifax), a credit reference agency and data, analytics and technology business, £11,164,400 for failing to manage and monitor the security of UK consumer data it had transferred to its parent company based in the … Continue reading

Informative preparatory papers on state of frontier AI and potential safety risks for UK AI Safety Summit published

On 26 October, the UK prime minister gave a speech on the AI Safety Summit to be hosted in the UK on 1 and 2 November. The summit will bring together representatives from large lab AI companies, world governments and civil society to discuss safety risks arising from frontier AI. Frontier AI is “highly capable … Continue reading

European Commission adopts its adequacy decision for the EU-US Data Privacy Framework

On 10 July, the European Commission adopted its adequacy decision for the EU-US Data Privacy Framework (the DP Framework). It thereby declared that the United States (the US) ensures an adequate level of protection for personal data transferred from the EU to US companies that have self-certified their adherence to the DP Framework Principles. More … Continue reading

European Commission and ASEAN releases Guide to ASEAN Model Contractual Clauses and EU Standard Contractual Clauses

Introduction To enable international businesses to comply with cross-border personal data transfers and the relevant laws across the European Union (EU) and South-East Asia, on 24 May 2023 the European Commission and the Association of Southeast Asian Nations (ASEAN) published a Reference Guide to ASEAN Model Contractual Clauses (ASEAN MCCs) and EU Standard Contractual Clauses … Continue reading

Singapore contributes to the development of accessible AI testing and accountability methodology with the launch of the AI Verify Foundation and AI Verify Testing Tool

On 7 June 2023, at the ATxAISummit, Singapore launched the AI Verify Foundation, which aims to “harness the collective power and contributions of the global open source community” in order to develop the AI Verify testing tool for the responsible use of AI. In this short post, we discuss this development as well as the … Continue reading

New commitments in principle regarding UK to USA data transfer mechanism

On 8 June 2023, the UK Secretary of State for Science, Innovation, and Technology and the US Secretary of Commerce issued a joint Statement confirming that the UK and the USA have committed in principle to establishing a “data bridge” to allow for the free flow of data between organisations in the UK and participating … Continue reading

Privacy notices – the ICO follows the lead of the EU data protection authorities in their interpretation of Article 13 UK GDPR

Introduction On 15 May, the ICO published the monetary penalty notice (MPN) in relation to the £12.7 million fine it imposed on TikTok in April. This MPN and its accompanying annexes set out details of TikTok’s non-compliance with data protection law and the reasons why the ICO considered that a fine was appropriate. Whilst a … Continue reading

Schrems II – Irish DPC finally issues its decision – suspension order, deletion/ repatriation of data and fine

Introduction: On 22 May, the Irish Data Protection Commissioner (the DPC) published its decision against Meta Platform Ireland Ltd (Meta Ireland) in relation to Facebook’s transfer of user’s personal data to the US (the Decision). In it, the DPC ordered Meta Ireland to suspend Facebook’s future transfers of personal data to the U.S. within five … Continue reading

Everyone is using ChatGPT what does my organisation need to watch out for

In December 2022, OpenAI released ChatGPT, a powerful AI-powered chatbot that could handle users’ questions and requests for information or content in a convincing and confident manner. The number of users signing up to use the tool increased very rapidly, with users using the tool to write letters, edit text, generate lists, prepare presentations and … Continue reading

UK AI White Paper

At last, UK Government publishes its White Paper on AI – “A pro-innovation approach to AI regulation” – an opportune start, but as expected, a framework with detail to follow… The Department for Science, Innovation and Technology, has finally published its AI regulation white paper (the ‘White Paper’). Here are the key elements: What AI … Continue reading
LexBlog