With so much going on in the data protection landscape, we bring you a brief roundup on key issues:
- New guidelines for UK-US personal data transfers
The Information Commissioner's Office has recently issued new guidance on transfer risk assessments for organisations seeking to make restricted transfers of personal data to the United States under Article 46 of the UK GDPR. Learn more here.
- Pro-innovation approach to AI regulation
In our latest AI: data roundup, we delve into the UK government's white paper titled "A pro-innovation approach to AI regulation" and compare it with the European Union's approach. Explore further here.
- ICO toolkit and data protection
The ICO has introduced a toolkit designed to aid businesses embarking on data analytics projects. Get an overview in our AI: data roundup here.
UK Data Protection and Digital Information Bill
- The Government has tabled The Data Protection and Digital Information (No.2) Bill with a view to amending the UK’s existing data protection regime. If passed, the bill would make changes to UK GDPR, the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations. Read more here.
- New EU model contractual AI clauses
Standard EU model contractual AI clauses have been drafted by the EU public buyers community with both the high-risk and non-high risk versions of the AI clauses available to download on its website. Private organisations considering purchasing AI systems and technology providers may find the AI clauses of interest at this pivotal point in time for legal considerations around AI systems. Read more here.
- The EU Data Act
In November 2023, the European Council adopted the wording of the proposal for a regulation on harmonised rules on fair access to and use of data. The Data Act will enter into force on the twentieth day following that of its publication in the Official Journal of the European Union and shall apply 20 months from then. Discover more about its implications here.
- The European Artificial Intelligence Act
Despite global discussions and the recent UK-hosted summit on AI safety, the UK government is not immediately introducing specific legislation to regulate the use of AI. Learn about the ongoing developments in the European Artificial Intelligence Act here.
- European Cyber Resilience Act
The European Cyber Resilience Act is an EU proposal to regulate cybersecurity requirements for products with digital elements. As at November 2023, a final version of the proposed regulation was awaited. Read more here.
- Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023
Businesses involved in the manufacturing, importing and/or distributing of “connectable products” will need to prepare for the incoming requirements of the Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023, which take effect on 29 April 2024. Learn more here.