Sitemap
Blog
- 13 April – A big day for the future of Meta and its EU-US transfers
- A new threat to public safety? The collision of immigration and data protection law
- Breach response: How do we reconcile international incident and breach reporting requirements?
- Breaking news: Meta receives largest GDPR fine to date
- Building data bridges: UK extends EU-US Data Privacy Framework
- Capita cyber-attack impacts around 90 organisations
- ChatGPT banned in Italy over alleged privacy violations
- Could you be in breach of the GDPR when printing work-related documents at home?
- Cracking down on cookies 2.0: Latest complaints and regulatory actions
- Cracking down on cookies: Recent complaints and regulatory enforcement
- Data breach claim transferred from High Court to County Court
- Data Reform Bill announced in Queen’s Speech
- Data Subject Access Requests – Harrison v Cameron and ACL judgment
- Driving data protection compliance: employee vehicle monitoring
- EU-US draft adequacy decision now published
- Experian's win against the ICO in Upper Tribunal
- Facebook prepares to defend yet more legal challenges as data woes continue
- Facebook shuts down facial recognition system after personal data concerns
- Facial recognition goes to war: How AI is being used in Ukraine
- FTC clamps down on Microsoft over child privacy infringements
- GDPR Turns 5!
- Guidance issued by the EDPB on international transfers of personal data
- Guidance on enforcement of UK connected products regime - Product Security and Telecoms Infrastructure Act
- ICO launches consultation on new Data Protection Fining Guidance
- ICO looking into schools' use of facial recognition to take lunch payments
- ICO Publishes First Tech Horizons Report
- ICO publishes new guidance on employee monitoring
- ICO's fifth call for evidence on generative AI
- ICO's third call for evidence on generative AI
- Important CJEU ruling on automated decision making and credit scoring under GDPR
- India pushes ahead with new Digital Personal Data Protection Act
- LGBT dating app Grindr fined £8.6 million by Norway’s Data Protection Authority
- Meta verification subscription service signals end to data for free services
- Meta vs DPC over data-scraping breach
- Ministry of Defence email blunder exposes personal data of Afghan interpreters
- My name is Olivia: How old am I?
- Ofcom fines TikTok for failure to comply with information request
- Personal data or inferred special category data?
- Poland: requirement to report even minor personal data breaches
- Project Red Card: privacy concerns for the Premier League
- Remediating SCCs deadlines: are you ready?
- Snap into (ICO) action
- Spotlight on TikTok – ICO fines TikTok £12.7 million as global concerns relating to the app's security and data privacy practices continue to mount
- Stabilising transatlantic data flows: Examining the role of the new EU-US Data Privacy Framework
- Summary judgment confirms de minimis threshold continues to apply for data breaches
- The Conservative Party illegally collected data on ethnicity of 10 million voters but dodges enforcement action
- The EU AI Act: enforcement overview
- The EU AI Act: what we know so far and key takeaways
- The European Commission has concluded its first review of Japan-EU mutual adequacy decision
- The fourth anniversary of the GDPR: what's happened and what's next
- The French police have been condemned by the French Data Protection Authority for their use of drones to monitor quarantine compliance
- The PRC announces the creation of a new data regulator
- Uber accused of using discriminatory facial verification software
- UK and US announce an agreement in principle for a "data-bridge"
- UK's regulatory approach to AI continues to shift
- Vulnerabilities in the Covid-19 vaccination booking website put the UK population's personal data at risk
- “Have you had your jab?”: Navigating the vaccine status of your workforce
Expertise
Insight
- Appropriate technical and organisational measures: key takeaways from the recent ICO BA, Marriott and Ticketmaster penalty notices
- A UK perspective on ‘consent or pay’ online advertising models
- Access rights: GDPR vs the EU Data Act
- AI regulation – latest legal developments in Europe and the US
- AI update – ICO's strategic approach to regulating AI
- Amendments to Personal Data Protection Act
- An analysis of the Monetary Penalty Notice issued by the Information Commissioner's Office to British Airways plc dated 16 October 2020
- An analysis of the Monetary Penalty Notice issued by the Information Commissioner’s Office to Marriott International, Inc. dated 30 October 2020
- An analysis of the Monetary Penalty Notice issued by the Information Commissioner’s Office to Ticketmaster UK Limited dated 13 November 2020
- Are you ready for the GDPR?
- Article 29 Data Protection Working Party ("WP29") GDPR Guidelines on Consent
- Article 29 Data Protection Working Party ("WP29") GDPR Guidelines on Transparency
- Article 29 Data Protection Working Party GDPR Guidelines on Breach Notification
- Big Brother is watching you: Facial recognition in the UK
- Brexit snapshot - Brexit and data protection issues
- Brexit trade deal: what does it mean for data protection law?
- Class wars: time to legislate for hurt feelings? (Damages for data breach - Austrian Post)
- Clearview AI Inc v The Information Commissioner: Clearview AI successfully overturns ICO fine
- Closing the door on the third appeal against the ICO’s first UK GDPR fine
- Court of Appeal hands down significant judgment in Lloyd v Google LLC [2019] EWCA Civ 1599
- Court of Appeal hands down significant judgment in WM Morrison Supermarkets Plc ("Morrisons") v Various Claimants [2018] EWCA Civ 2339
- Cracking the Code: Lessons from the first ICO-approved UK GDPR Code of Conduct
- Cybersecurity risks: Fail to prepare; prepare to fail
- Data (Use and Access) Act 2025: A comparison with its predecessor, the Data Protection and Digital Information Bill (the 'DPDI Bill')
- Data (Use and Access) Bill: A New Register of Digital ID Verification Services
- Data (Use and Access) Bill: Changes to the UK's Data Protection Regime
- Data (Use and Access) Bill: Laying the groundwork for smart data schemes
- Data (Use and Access) Bill: New Powers and a Makeover for the ICO
- Data protection and 5MLD
- Data protection and coronavirus: what you need to know
- Data protection in Singapore: Year in review
- Data protection in the United Kingdom: the GDPR countdown
- Data Protection update - April 2018
- Data Protection update - April 2019
- Data Protection update - April 2020
- Data Protection update - April 2021
- Data Protection update - April 2022
- Data Protection update - April 2023
- Data Protection update - April 2024
- Data Protection update - April 2025
- Data Protection update - August 2018
- Data Protection update - August 2019
- Data Protection update - August 2020
- Data Protection update - August 2021
- Data Protection update - August 2022
- Data Protection update - August 2023
- Data Protection update - August 2024
- Data Protection update - December 2019/January 2020
- Data Protection update - December 2021/January 2022
- Data Protection update - December 2023/ January 2024
- Data Protection update - February 2018
- Data Protection update - February 2019
- Data Protection update - February 2020
- Data Protection update - February 2021
- Data Protection update - February 2022
- Data Protection update - February 2024
- Data Protection update - February 2025
- Data Protection update - January 2018
- Data Protection update - January 2019
- Data Protection update - January 2021
- Data Protection update - July 2018
- Data Protection update - July 2019
- Data Protection update - July 2020
- Data Protection update - July 2021
- Data Protection update - July 2022
- Data Protection update - July 2023
- Data Protection update - July 2024
- Data Protection update - June 2018
- Data Protection update - June 2019
- Data Protection update - June 2020
- Data Protection update - June 2021
- Data Protection update - June 2022
- Data Protection update - June 2023
- Data Protection update - June 2024
- Data Protection update - June 2025
- Data Protection update - March 2018
- Data Protection update - March 2019
- Data Protection update - March 2021
- Data Protection update - March 2022
- Data Protection update - March 2023
- Data Protection update - March 2024
- Data Protection update - March 2025
- Data Protection update - May 2018
- Data Protection update - May 2019
- Data Protection update - May 2020
- Data Protection update - May 2021
- Data Protection update - May 2022
- Data Protection update - May 2023
- Data Protection update - May 2024
- Data Protection update - May 2025
- Data Protection update - November 2018
- Data Protection update - November 2019
- Data Protection update - November 2020
- Data Protection update - November 2021
- Data Protection update - November 2024
- Data Protection update - October 2018
- Data Protection update - October 2019
- Data Protection update - October 2020
- Data Protection update - October 2021
- Data Protection update - October 2023
- Data Protection update - October 2024
- Data Protection update - September 2018
- Data Protection update - September 2019
- Data Protection update - September 2020
- Data Protection update - September 2021
- Data Protection update - September 2023
- Data Protection update - September 2024
- Data Protection update – December 2022-January 2023
- Data Protection update – February 2023
- Data Protection update – January 2025
- Data Protection update – November 2022
- Data Protection update – November 2023
- Data Protection update – October 2022
- Data Protection update – September 2022
- Data Use and Access Bill Series: Part 3 — comparisons with the DPDI Bill
- Data's coming home: the proposed future for international transfers under the UK GDPR
- DCMS AI Policy Statement
- Deadline approaching for the European Commission consultation on AI in the financial sector
- EACCNY - EU-UK Data Protection Law Divergence: Impact on Data flows
- EDPB FAQs: what are your next steps for data transfers post-Privacy Shield?
- EU: Obligations on providers of GPAI models under the EU AI Act
- Expert Q&A: DIFC Data Protection Law
- Financial sector feels pressure to monitor use of WhatsApp
- Four key decisions mark the end of the EU GDPR's fourth year
- GDPR, PDPO and PIPL – A comparison
- Generative AI webinar series: top tips and take-aways
- Hong Kong's new anti-doxxing regime
- ICO publishes detailed guidance on subject access requests
- ICO's fourth call for evidence on generative AI
- International employee DSARS - Practical tips for UK employers
- International personal data transfers: EDPB guidance and new Standard Contractual Clauses
- Lloyd v Google: No damages without proof of damage
- Make the invisible visible: five key takeaways from the Experian enforcement action
- Map, Update, Remediate
- Neural Network - April 2025
- Neural Network - December 2024
- Neural Network - February 2025
- Neural Network - January 2025
- Neural Network - June 2025
- Neural Network - March 2025
- Neural Network - May 2025
- New DIFC Data Protection Law: Act now to ensure compliance
- New Draft regulation to facilitate data export from Chinese Mainland
- New guidance sheds light on an employer's approach to DSARs
- New regulation: GBA standard contract for the cross-border flow of personal information - will it make Hong Kong unique under PIPL?
- New Security Regulations for Connected Products come into force on 29 April 2024
- New UK data transfer tools
- PRC law alert – New legislation on export of personal information 中国法律更新 - 关于个人信息出境的新立法
- PRC released guidelines for SCC filing
- Presumption of innocence: privacy until proven guilty?
- Privacy Shield invalid: what next for international data transfers?
- RGPD – Compte à rebours
- Risks of remote working: How much can you monitor your employees?
- See EU later - using the UK’s post-Brexit data transfer tools
- Take two: What's new in the latest UK Data Protection and Digital Information Bill?
- The Biden Executive Order on AI: key takeaways
- The EU Data Act: Data sharing
- The EU Data Act: Rights of Access to Data
- The EU Data Act: Switching, interoperability and prevention of unauthorised access to non-personal data
- The Neural Network – August 2024
- The Neural Network – July 2024
- The Neural Network – November 2024
- The Neural Network – October 2024
- The Neural Network – September 2024
- The roles of the provider and deployer in AI systems and models
- The second reading of the Data Protection and Digital Information (No. 2) Bill
- Towards PIPL compliance – summary of actions
- United Kingdom General Data Protection Regulation
- Unveiling best practices: Exchange's evaluation of issuers' corporate governance frameworks 治理新风向:联交所最新审查发行人企业管治实践
- Upcoming AI-focused events: A global perspective
- Using personal data in AI projects: Overcoming the challenges
- What are the implications of Clearview AI's win
- Whistleblowing in the financial services sector – A global perspective
Knowhow
Team
- Katie Hewson
- Zoe Zhou
- Emily Aryeetey
- Simon Bollans
- Helen Conlan
- Elise Dufour
- Joanne Elieli
- Jenna Franklin
- Boriana Guimberteau
- Naomi Leach
- Katherine Liu
- Kiersten Lucas
- Genevieve Quierin
- Sheetal Sandhu
- Mark Lewis
- Bobbie Bickerton
- Nic McMaster
- Sarah O’Brien
- James Wong
- Martha Hampton
- Jonathan Howie
- Geting Lin
- Alice Routh
- Joseph Samuelson
- Alison Llewellyn
- Nelson Kiu
- Daya Matharu
- Esther Odujeru