Photo of David Naylor

David Naylor

Whether to and how to integrate AI into business operations remains a real challenge for companies considering the adoption of the technology. We have released “Ten Things About Artificial Intelligence (AI) for GCs in 2024” providing 10 key insights as a helpful guide on the issues around AI. Our global team stands ready

The UK Data Protection and Digital Information Bill (the Bill) received its second reading in the House of Lords on 19 December 2023. Although the Bill cleared that crucial milestone, the debate focused on the government’s last-minute introduction of sweeping powers enabling the Secretary of State to require banks and other financial service providers to monitor and to provide information from accounts into which benefits are paid. Although ostensibly intended to identify fraud, the Lords echoed the view expressed by campaigning group, Big Brother Watch, that it would be:

“wholly inappropriate for the UK Government to order private banks, building societies and other financial services to conduct mass, algorithmic, suspicionless surveillance and reporting of their account holders on behalf of the state”.Continue Reading Government access to personal data in bank accounts: a compliance challenge for banks, and a threat to EU adequacy?

On October 13, 2023, Singapore and the United States (US) announced at the inaugural Dialogue on Critical and Emerging Technologies (CET Dialogue) held in Washington DC, that they had launched the world’s first ever interoperable AI Governance framework.

The CET Dialogue was co-chaired by Singapore’s Minister for Communications and Information and Minister for Foreign Affairs, as well as the US National Security Advisor and Deputy Envoy for Critical and Emerging Technology, on behalf of US Secretary of State Antony Blinken. Both countries also co-chaired a Business Roundtable on AI Safety and Innovation, together with US Deputy Secretary of Commerce Don Graves.Continue Reading Singapore and the US Publish First-of-its-Kind Interoperable AI Governance Framework

On July 10, the European Commission formally adopted the EU-U.S. Data Privacy Framework (DPF). The Commission’s adequacy decision (and the documentation package accompanying it, including the FAQ) brings welcome news: for certified DPF participants, personal data can flow between the European Economic Area (EEA) and the United States (U.S.

The EU adequacy decision in favour of the UK allows the free flow of personal data between the UK and the European Economic Area (the EU member states plus Iceland, Liechtenstein and Norway). Both before and since expiry of the Brexit implementation period businesses have emphasised the crucial importance of maintaining that adequacy decision, pointing

The UK’s Data Protection and Digital Information (No 2) Bill passed its second reading in the House of Commons on 17 April 2023. Completion of that formal stage in Parliamentary proceedings confirms approval of the Bill in principle. From there, the Bill moves into its committee stage for more detailed scrutiny. The second reading debate

The UK’s Data Protection and Digital information (No 2) Bill (the Bill) would remove the need for many organisations to appoint a Data Protection Officer. Instead, there would be an obligation on (i) public sector bodies, and (ii) organisations whose processing of personal data is likely to result in a “high risk” to the rights and freedoms of individuals to appoint a “Senior Responsible Individual” (SRI). Although presented as a measure to reduce administrative burdens and compliance costs, the requirement could have the opposite effect, also creating a role that carries significant personal risk for anyone willing to take it on.
Continue Reading UK Data Protection Reform: who would want to be a “Senior Responsible Individual”?

On 8 March 2023 the UK government heralded its new Data Protection and Digital Information (No 2) Bill (the Bill) as a “new common-sense-led version of the EU’s GDPR” that would save the UK economy more than £4 billion over the next 10 years and ensure that privacy and data protection are securely protected”.

Background

On October 7, 2022, US President Joe Biden signed the Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities (the Executive Order), introducing new safeguards to protect the personal data shared between the EU and the US.

The Executive Order is the first tangible step towards a new transatlantic framework for personal data transfers, following the March 25, 2022, joint announcement by the European Commission president, Ursula von der Leyen, and US President Biden that they had reached an agreement in principle on a successor to the Privacy Shield.

While details of the actual content leaked over time, here is a summary of what the Executive Order is providing, but, more importantly, what the signature of the order means, not only for those who will be able to certify to the revised Privacy Shield, but also for all others.
Continue Reading We Have an EO, but Not (Yet) a New Transfer Mechanism