The U.K. Department for Science, Innovation and Technology published a white paper with its approach to regulating artificial intelligence technologies. The regulatory framework seeks to "build public trust in cutting-edge technologies and make it easier for businesses to innovate, grow and create jobs." The approach consists of five AI principles: safety, transparency, fairness, accountability and governance, and redress. U.K. regulators will roll out guidance within the next 12 months to help ... Read More

The U.K. Information Commissioner’s Office approved the fourth set of U.K. General Data Protection Regulation certification scheme criteria for training and qualifying service providers. The scheme's intention will "enable … candidates to make informed choices when applying for training" programs so they can maintain confidence their personal data is being processed in accordance with the law. Other certification schemes released so far cover secure disposal and reuse of IT equipment, age assura... Read More

Several significant figures in the privacy landscape shared their thoughts on the keynote stage at the IAPP Data Protection Intensive: U.K. here in London Thursday. The state of play and future of EU enforcement and international data transfers were the focus of a keynote panel moderated by IAPP Research and Insights Director Joe Jones and featuring former U.K. Information Commissioner and current Baker McKenzie International Advisor Elizabeth Denham and NOYB Honorary Chair Max Schrems.  Separa... Read More

The U.K. released draft data protection reform of its General Data Protection Regulation. On Wednesday, U.K. Secretary of State for Science, Innovation and Technology Michelle Donelan introduced the Data Protection and Digital Information (No. 2) Bill to Parliament.  The first version of the reform bill was originally proposed by the government in July 2022 but was put on pause last September in the wake of Liz Truss's then-appointment as prime minister.  "Co-designed with business from the st... Read More

Amid the introduction of a new data protection reform bill Wednesday, U.K. Information Commissioner John Edwards said the goals within the ICO25 strategic plan "are not predicated or dependent on law reform." "We can still achieve everything we’ve set out to achieve regardless of the direction the law goes in, within certain limits, but I’m very confident of those limits," Edwards said in a keynote address at the IAPP Data Protection Intensive: U.K. in London, reflecting on his first year in of... Read More

The U.K. Information Commissioner’s Office issued a six-step guide for small businesses that receive data protection complaints. The steps are to acknowledge receipt of the complaint, find out the specific issue related to the complaint, provide updates to the data subject, record actions taken in response to complaint, formally respond to the individual with the outcome of the investigation, and review lessons observed.  Full Story... Read More

The U.K. Information Commissioner's Office published updated guidance for using binding corporate rules as a data transfer mechanism. The updates are geared toward a "simplified" approach for controllers and processors with the ICO noting it will "only request supporting documents and commitments once during the U.K. approval process." The regulator also called BCRs a "gold standard" transfer mechanism that "demonstrates your commitment to implementing appropriate safeguards."Full Story... Read More

The U.K. Information Commissioner's Office submitted a report to U.K. Parliament discussing observations on data protection challenges and practices during the peak of the COVID-19 pandemic. Former Information Commissioner Elizabeth Denham focused the paper on how the flexibility of the data protection legislation could enable the data use while maintaining protections. The paper also looks at best practices for maintaining user trust as organizations deployed more digital and technological solu... Read More

The Luxembourg National Commission for Data Protection published guidance on how Brexit affects international data transfers. The guidance was created to help "companies, public bodies and associations" in Luxembourg transfer information to the U.K. following the European Commission's adequacy decision adoptions, recommending each entity respect the principles of the EU General Data Protection Regulation when sending data.Full Story ... Read More

After years of uncertainty in the wake of the U.K.'s vote in 2016 to leave the EU, there are finally sign posts for privacy pros to look to as both regions aim to secure cross-border data transfers through U.K. adequacy. In a massive trade agreement signed last Christmas Eve, both regions secured a temporary transfer period that provides the U.K. government and European Commission time to complete an adequacy agreement.  But, of course, the clock is ticking.  "We don't see why the U.K. shouldn... Read More