On 23 February 2022, the European Commission (Commission) proposed a draft of a regulation on harmonised rules on fair access to and use of data – also known as the Data Act. The Data Act is intended to “ensure fairness in the digital environment, stimulate a competitive data market, open opportunities for data-driven innovation and make data more accessible for all”.
If adopted in its current form, the new rules will impose far-reaching obligations on tech companies (such as manufacturers of connected products and cloud service providers) and give national authorities new enforcement powers to sanction infringements with fines of up to EUR 20 million or 4% of annual global revenue, whichever is higher. (more…)
On 28 January 2022, the UK Government Department for Digital, Culture, Media & Sport (DCMS) laid before the UK Parliament its International Data Transfer Agreement (IDTA) and International Data Transfer Addendum (UK Addendum) to the European Commission’s Standard Contractual Clauses (EU SCCs). If no objections are raised by the UK Parliament, the IDTA and the UK Addendum will come into force on 21 March 2022. (more…)
It seems there will be a packed agenda for EU and UK data protection this coming year. We set out below the 5 hot topics to watch in 2022 including expected legislative reforms, the most interesting cases to follow, and areas which are expected to continue to receive regulatory attention. (more…)
On 29 November 2021, the Slovenian Presidency (the “Presidency”) of the European Council published its compromise text (“Compromise Text”) on the European Union’s (“EU”) draft Artificial Intelligence Act (“AI Act” or “Act”) alongside a progress report on the Act. While the overall structure of the AI Act and many of its key provisions (including, those relating to potential fines for non-compliance), remain the same, there are some significant proposed changes to the Act which we have noted below including, for example, a new Article on general purpose AI systems. (more…)
*This article was first published by Law360 on January 3, 2022.
A recent discussion with Elizabeth Denham and Claudia Berg of the U.K. Information Commissioner’s Office provided ample food for thought on the direction in which data protection regulation both in the U.K. and internationally is headed, including key trends to watch for in data protection.
On November 10, 2021, the European General Court (Court) issued its judgment in Case T-612/17 Google and Alphabet v Commission (Google Shopping).
The Court dismissed almost in its entirety the action brought by Google and Alphabet against the decision by the European Commission (Commission) of June 27, 2017, which found that Google had abused its dominant market position by favoring its own comparison shopping service (CSS) on its general results pages while demoting the results from competing CSSs. The Court also upheld the fine of €2.42 billion imposed on Google by the Commission. The judgment can be appealed to the Court of Justice of the European Union (CJEU). (more…)
On 7 October 2021, the Information Commissioner’s Office (“ICO”), published its response to the UK government’s consultation entitled “Data: A new direction”. The consultation which sets out the proposals of the Department for Digital, Culture Media & Sport (“DCMS”) promised far-reaching reforms to the UK data protection regime with an emphasis on capturing the power of data to drive economic growth and innovation. The DCMS’s proposals posed a significant moment for UK data protection law and as such Sidley was pleased to host a Chatham House Rule discussion about this important consultation on 15 September 2021 with Joe Jones, Deputy Director, International Data Transfers at the DCMS. We hope that interested readers may have attended our discussion with Deputy Director Jones. (more…)
Please join Sidley’s Privacy and Cybersecurity Group for a two-part discussion with UK government officials with a focus on data transfer and innovation.
UK Data Protection and Data Transfers – New Directions
In this Chatham House discussion, our panelists will cover:
- Data Transfers to the U.S. and Developments on “Adequacy”
- G7 and OECD Data Protection Initiatives
- UK Regulation of Data and Promotion of Innovation
As from September 9, 2021, Regulation (EU) 2021/821 (EU Dual-Use Regulation Recast) replaces the existing Council Regulation (EC) 428/2009 setting up the European Union (EU) regime for the control of exports, transfer, brokering, and transit of “dual-use” items (EU Dual-Use Regulation). Dual-use items are sensitive goods, services, software, and technology that can be used for both civil and military purposes.
On 28 June 2021, the European Commission announced that it has adopted two adequacy decisions for the UK, one under the General Data Protection Regulation (GDPR) and one under the Data Protection Directive with Respect to Law Enforcement (Law Enforcement Directive) (Adequacy Decisions). The announcement comes just two days before the bridging period for data transfers between the EU and the UK was set to expire. In its assessment, the European Commission has determined the UK’s data protection laws are “essentially equivalent” to the data protection laws ensured within the EU. As a result of the Adequacy Decisions, personal data can continue to freely flow between the EU to the UK without the need for a data transfer safeguard (e.g., Standard Contractual Clauses or SCCs) in place. This announcement comes as very welcome news to many organisations transferring data between the EU and the UK.