Capita has stated that the widely reported cyber-attack it suffered in March 2023 could cost the outsourcing and professional services company up to £20 million once specialist professional fees, recovery and remediation costs, and investment in strengthened IT systems is accounted for.
The UK’s AI strategy
Rishi Sunak’s Tech Week speech on AI, given on 12 June 2023, continued a policy shift away from an innovation-first approach, in favour of greater regulation in light of growing safety concerns associated with the development and use of Artificial Intelligence ("AI"). However, Mr Sunak stressed that any such regulation would remain balanced, and would be developed alongside leading AI companies. The shift in policy reflects the ongoing tension faced by governments seeking to exploit the benefits of AI whilst ensuring that safety concerns are appropriately managed through regulation.
Microsoft has reached a settlement with the US Federal Trade Commission ("FTC") regarding a series of charges pertaining to alleged violations of the Children's Online Privacy Protection Act of 1998 ("COPPA"). As part of the settlement, Microsoft has agreed to pay $20 million and implement various measures to ensure its compliance with COPPA.
On 8 June 2023, a joint statement was released by the UK Secretary of State for Science, Innovation and Technology and US Commerce Secretary announcing an agreement in principle to establish a "data bridge" (i.e., an adequacy decision) between the UK and the US for transfers of personal data.
To celebrate the GDPR's fifth birthday, we asked Bobbie Bickerton, an associate in the international data protection practice at Stephenson Harwood, to talk about her experience over the past five years.
The results from the Irish Data Protection Commission's investigation are in and it has today been announced that Meta has been fined €1.2 billion – the largest GDPR fine to date – for failures to impose appropriate safeguards on the transfer of personal data to the US.
Meta has been granted leave by the Irish High Court to appeal a November 2022 decision by the Irish Data Protection Commission ("DPC") to impose fines totalling €265 million against Meta in connection with a major data-scraping breach involving personal data of over 500 million Facebook users.
On 23 January 2019, the European Commission adopted its adequacy decision in respect of Japan. The effect of that decision was that personal data could flow between the EEA and businesses in Japan without further safeguards, as it was determined that Japanese data protection laws ensured an adequate level of protection for personal data transferred.