Capita cyber-attack impacts around 90 organisations


Capita has stated that the widely reported cyber-attack it suffered in March 2023 could cost the outsourcing and professional services company up to £20 million once specialist professional fees, recovery and remediation costs, and investment in strengthened IT systems is accounted for.

UK's regulatory approach to AI continues to shift

The UK’s AI strategy

Rishi Sunak’s Tech Week speech on AI, given on 12 June 2023, continued a policy shift away from an innovation-first approach, in favour of greater regulation in light of growing safety concerns associated with the development and use of Artificial Intelligence ("AI"). However, Mr Sunak stressed that any such regulation would remain balanced, and would be developed alongside leading AI companies. The shift in policy reflects the ongoing tension faced by governments seeking to exploit the benefits of AI whilst ensuring that safety concerns are appropriately managed through regulation.

FTC clamps down on Microsoft over child privacy infringements

Microsoft has reached a settlement with the US Federal Trade Commission ("FTC") regarding a series of charges pertaining to alleged violations of the Children's Online Privacy Protection Act of 1998 ("COPPA"). As part of the settlement, Microsoft has agreed to pay $20 million and implement various measures to ensure its compliance with COPPA.

UK and US announce an agreement in principle for a "data-bridge"

On 8 June 2023, a joint statement was released by the UK Secretary of State for Science, Innovation and Technology and US Commerce Secretary announcing an agreement in principle to establish a "data bridge" (i.e., an adequacy decision) between the UK and the US for transfers of personal data.

GDPR Turns 5!

To celebrate the GDPR's fifth birthday, we asked Bobbie Bickerton, an associate in the international data protection practice at Stephenson Harwood, to talk about her experience over the past five years.

Breaking news: Meta receives largest GDPR fine to date

The results from the Irish Data Protection Commission's investigation are in and it has today been announced that Meta has been fined €1.2 billion – the largest GDPR fine to date – for failures to impose appropriate safeguards on the transfer of personal data to the US.

Meta vs DPC over data-scraping breach

Meta has been granted leave by the Irish High Court to appeal a November 2022 decision by the Irish Data Protection Commission ("DPC") to impose fines totalling €265 million against Meta in connection with a major data-scraping breach involving personal data of over 500 million Facebook users. 

ICO Publishes First Tech Horizons Report

The Information Commissioner's Office ("ICO") has published the first of its annual Tech Horizons Reports (the "Report") which examines the implications of technological developments for privacy law in the next two to five years.

The European Commission has concluded its first review of Japan-EU mutual adequacy decision

On 23 January 2019, the European Commission adopted its adequacy decision in respect of Japan. The effect of that decision was that personal data could flow between the EEA and businesses in Japan without further safeguards, as it was determined that Japanese data protection laws ensured an adequate level of protection for personal data transferred.