Photo of David Naylor

David Naylor

Contact:Read more about David Naylor

The Data (Use and Access) Bill (“DUA Bill”)[1] had its second reading on 19th November 2024 after being introduced in the House of Lords on 23 October and the Bill is anticipated to enter the Lords’ Committee stage in December. According to the Department for Science, Innovation and Technology, the DUA Bill will harness the power of data to boost the UK economy by an estimated £10 billion, free up thousands of police and NHS staff time and secure the effective use of data for the public interest.[2] The DUA Bill proposes to amend both the UK General Data Protection Regulation (“UK GDPR”) and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (“PECRs”), despite little weight being placed on this in the Government’s initial press release.Continue Reading Unpacking the Proposed Data (Use and Access) Bill

The UK Parliament was dissolved on 30th May 2024 ahead of the upcoming July general election and before the Government’s Data Protection and Digital Information (DPDI) Bill could be passed in the “wash up period”1. Like other proposed laws which were not enacted prior to the dissolution of Parliament, the Bill is considered failed and will not be carried over to the new Parliament (even if the Conservatives are re-elected, it will need to be re-presented).

What was the DPDI Bill?

This Bill was the second version of the DPDI Bill – the first version was presented to Parliament in July 2022. Its stated goal was to revise the UK’s data protection laws post-Brexit and reduce red tape and paperwork for UK businesses2. However, as we observed in a previous post, the creation of a UK data protection regime that diverged further from the regime in the EU would have had the opposite effect for any international UK (and other) businesses already subject to EU GDPR and other data protection laws.

In addition, the DPDI Bill aimed to:

  • Reduce barriers to responsible innovation by, for example, amending the definition of “scientific research” to include commercial activities;
  • Boost trade and reduce barriers to data flows by, for example, keeping the existing EU Standard Contractual Clauses;
  • Deliver better public services by, for example, the facilitation of data sharing between public and private institutions including banks to prevent fraud; and
  • Reform the Information Commissioner’s Office by, for example, replacing the current Commissioner role with a statutory board of members appointed by the Secretary of State.

Continue Reading What Happened to the UK’s Data Protection and Digital Information Bill?

Collaboration is a core value of our firm’s client service. Daily our lawyers with in-depth experience in different practice areas collaborate with each other to find joined-up and multi-faceted solutions to the legal issues facing our clients. This is particularly so in the field of online safety, where several legal regimes overlap. We have already

Whether to and how to integrate AI into business operations remains a real challenge for companies considering the adoption of the technology. We have released “Ten Things About Artificial Intelligence (AI) for GCs in 2024” providing 10 key insights as a helpful guide on the issues around AI. Our global team stands ready

The UK Data Protection and Digital Information Bill (the Bill) received its second reading in the House of Lords on 19 December 2023. Although the Bill cleared that crucial milestone, the debate focused on the government’s last-minute introduction of sweeping powers enabling the Secretary of State to require banks and other financial service providers to monitor and to provide information from accounts into which benefits are paid. Although ostensibly intended to identify fraud, the Lords echoed the view expressed by campaigning group, Big Brother Watch, that it would be:

“wholly inappropriate for the UK Government to order private banks, building societies and other financial services to conduct mass, algorithmic, suspicionless surveillance and reporting of their account holders on behalf of the state”.Continue Reading Government access to personal data in bank accounts: a compliance challenge for banks, and a threat to EU adequacy?

On October 13, 2023, Singapore and the United States (US) announced at the inaugural Dialogue on Critical and Emerging Technologies (CET Dialogue) held in Washington DC, that they had launched the world’s first ever interoperable AI Governance framework.

The CET Dialogue was co-chaired by Singapore’s Minister for Communications and Information and Minister for Foreign Affairs, as well as the US National Security Advisor and Deputy Envoy for Critical and Emerging Technology, on behalf of US Secretary of State Antony Blinken. Both countries also co-chaired a Business Roundtable on AI Safety and Innovation, together with US Deputy Secretary of Commerce Don Graves.Continue Reading Singapore and the US Publish First-of-its-Kind Interoperable AI Governance Framework

On July 10, the European Commission formally adopted the EU-U.S. Data Privacy Framework (DPF). The Commission’s adequacy decision (and the documentation package accompanying it, including the FAQ) brings welcome news: for certified DPF participants, personal data can flow between the European Economic Area (EEA) and the United States (U.S.

The EU adequacy decision in favour of the UK allows the free flow of personal data between the UK and the European Economic Area (the EU member states plus Iceland, Liechtenstein and Norway). Both before and since expiry of the Brexit implementation period businesses have emphasised the crucial importance of maintaining that adequacy decision, pointing

The UK’s Data Protection and Digital Information (No 2) Bill passed its second reading in the House of Commons on 17 April 2023. Completion of that formal stage in Parliamentary proceedings confirms approval of the Bill in principle. From there, the Bill moves into its committee stage for more detailed scrutiny. The second reading debate