""

 

United Kingdom

United Kingdom

On this topic page, you can find the IAPP’s collection of coverage, analysis and resources related to privacy in the United Kingdom. The IAPP Resource Center also includes a “Europe” topic page, which can be accessed here.

Featured Resources

How EU, UK cope with third-party cookie shift

In the first of a two-part series looking at some specific areas of the third-party cookie conundrum, IAPP Westin Fellow Taylor Kay Lively explores the current legal and regulatory developments impacting the use of third-party cookies in the EU and the U.K.
Read More

Changing direction? UK consults reforms

Ruth Boardman and Clara Clark Nevola summarize and offer a color-coding scale for assessing the severity of the consultation document proposing a raft of changes to the U.K.’s data protection law.
Read More

UK International Data Transfers Consultation

Officials from the U.K. government and additional panelists discuss some of the most difficult questions regulators and organizations face when crafting effective and practical cross-border data protections.
Read More


""

Latest News and Resources

Edwards discusses new beginning as UK commissioner

U.K. Information Commissioner John Edwards offered wide-ranging comments regarding his new post. Edwards said that "privacy is a right not a privilege" and he believes "we all deserve to have our data treated with respect." In his role as commissioner, Edwards wants to pave the way for companies to "respect our privacy with ease whilst still reaping the benefits of data-driven innovation." He also indicated desires to ensure individuals can control their data and "access remedies if things go wr... Read More

UK launches algorithmic transparency standard for government

The U.K. Central Digital and Data Office rolled out an algorithmic transparency standard for government agencies and the public sector. CDDO and the Centre for Data Ethics and Innovation consulted civil society and academics on the standard, which aims to bring transparency to "the way in which algorithmic tools are being used to support decisions" and especially those decisions with "legal or economic impact on individuals." A pilot program will begin in the coming months to generate feedback b... Read More

Denham 'deeply concerned' with UK data reforms

In a parting speech before vacating her post, U.K. Information Commissioner Elizabeth Denham voiced her concerns regarding the direction of the proposed U.K. data reforms. "I am deeply concerned about any changes to the data protection regime that would remove the centrality of fairness in how people’s data is used," Denham said with specific note to the proposals around artificial intelligence. While indicating the reforms are "well timed," Denham stressed that any regulatory reform "must keep ... Read More

UK Supreme Court halts billion-dollar privacy class action against Google

The United Kingdom's Supreme Court denied a claim Wednesday that sought billions of dollars in damages in a class-action lawsuit against Google over alleged illegal tracking of millions of iPhone users. The 3 billion GBP ($4 billion) lawsuit, which was filed on behalf of 4.4 million residents in England and Wales, had implications for other class-action lawsuits filed in the U.K.  Judge George Leggatt said the claimant did not prove damages to the individuals involved in the data collection. "... Read More

ICO issues data protection guide for media, journalists

U.K. Information Commissioner Elizabeth Denham announced a draft journalism code of practice featuring guidance on data protection practices for media outlets and their staff. Denham said the code will bring members of the press up to speed on what's required of them under the U.K. General Data Protection Regulation, noting the code aims to "strike the right balance between journalism, freedom of expression and data protection." The code will be up for public consultation through 10 Jan. 2022.... Read More

UK details plans for national AI strategy
(IAPP, September 2021)
The UK’s new plans for data transfers: An interview with Joe Jones
(IAPP, September 2021)
EU warns UK could lose adequacy by drifting away from GDPR
(IAPP, August 2021)
Denham discusses potential for global privacy standard
(IAPP, September 2021)
UK launches wide-ranging data reform initiative
(IAPP, September 2021)
Children’s Data Privacy Protections in the U.K.: What to Know and How to Comply
(Davis Wright Tremaine, September 2021)
UK announces independent adequacy decisions; Edwards named ICO top candidate
(IAPP, August 2021)
ICO publishes direct marketing guidance for public sector
(IAPP, August 2021)
ICO unveils AI and Data Protection Risk Toolkit
(IAPP, July 2021)
UK government publishes ‘Plan for Digital Regulation’
(IAPP, July 2021)
European Commission adopts UK adequacy decisions
(IAPP, June 2021)
UK CMA’s role in Privacy Sandbox ‘changes the dynamic’
(IAPP, June 2021)
UK health department, NHS publish draft health data strategy
(IAPP, June 2021)
Report: UK MPs suggest tossing GDPR, creating new standard
(IAPP, June 2021)
UK Court of Appeals deems Data Protection Act ‘immigration exemption’ unlawful
(IAPP, June 2021)
ICO addresses data protection in UK digital identity scheme
(IAPP, April 2021)
Elizabeth Denham reflects on the pandemic year and road ahead
(IAPP, April 2021)
ICO discusses common UK GDPR compliance issues
(IAPP, April 2021)
NIS representation in the EU and UK — Was the March 31 deadline a turning point?
(IAPP, April 2021)
GDPR representatives in EU and UK after Brexit
(IAPP, February 2021)
Draft UK adequacy decisions — A somewhat lukewarm embrace?
(IAPP, February 2021)
European Commission releases draft UK adequacy decisions
(IAPP, February 2021)
UK government publishes draft rules on use of digital identities
(IAPP, February 2021)
Government leaders discuss state of play for UK adequacy, data transfers
(IAPP, January 2021)
Data brokers under the spotlight: A commentary on the ICO vs. Experian case
(IAPP, January 2021)
UK, EU reach interim data flow agreement
(IAPP, January 2021)
The Keeling Schedules
(UK Government, December 2020)
Online Harms White Paper — UK Government
(UK Government, December 2020)
New Economic Foundation — The Cost of Data Inadequacy: The Economic Impacts of the UK Failing to Secure an EU Data Adequacy Decision
(New Economics Foundation and University College London’s European Institute, November 2020)
ICO Accountability Framework
(UK ICO, September 2020)
U.K. Government National Data Strategy
(UK Government, September 2020)
ICO: Freedom of information self-assessment toolkit
(UK ICO, July 2020)
View More Resources

ICO Resources

The Information Commissioner’s Office is the UK’s independent data protection authority. Linked below are resources from the ICO.


ICO report reviews COVID-19 data protection challenges

The U.K. Information Commissioner's Office submitted a report to U.K. Parliament discussing observations on data protection challenges and practices during the peak of the COVID-19 pandemic. Former Information Commissioner Elizabeth Denham focused the paper on how the flexibility of the data protection legislation could enable the data use while maintaining protections. The paper also looks at best practices for maintaining user trust as organizations deployed more digital and technological solu... Read More

ICO Annual Track Survey

The U.K. Information Commissioner's Office released the findings of its 2021 Annual Track survey. The survey consists of data from the ICO polling individuals to gauge their awareness of their data protection rights and trust in organizations that use their information. Click To View (PDF) ... Read More

Brexit

Luxembourg DPA publishes Brexit data transfer guidance

The Luxembourg National Commission for Data Protection published guidance on how Brexit affects international data transfers. The guidance was created to help "companies, public bodies and associations" in Luxembourg transfer information to the U.K. following the European Commission's adequacy decision adoptions, recommending each entity respect the principles of the EU General Data Protection Regulation when sending data.Full Story ... Read More

Web Conference: ‘Brexit Means Brexit’ — Unpacking the Reality. UK Data Protection Law After 2020

Original broadcast date: 24 March 2021  The Brexit transition period has ended. How does that affect you? Join us to explore the impact on U.K., EU and non-European businesses. See what's happening with EU adequacy for the U.K. and learn how the U.K.'s new international transfers regime will impact data flows. We will discuss how the EU and U.K. can manage regulatory divergence and risks to data protection in a connected world. And, we will examine how businesses should prepare for different and potentially diverging regimes in the U.K. and the EU. Read More

LinkedIn Live: ‘Privacy Implications of Brexit’

Published: January 2021 In this Linkedin Live, Covington & Burling Senior Counsel Jetty Tielemans, European Commission Head of International Data Flows and Protection Bruno Gencarelli, and Department for Digital, Culture, Media & Sport Head of U.K. International Transfer Regime Joe Jones talk about the privacy implications of Brexit. To view this video on LinkedIn, click here. To access all IAPP LinkedIn Live videos, click here. Access the IAPP's LinkedIn profile here.... Read More

Government leaders discuss state of play for UK adequacy, data transfers

After years of uncertainty in the wake of the U.K.'s vote in 2016 to leave the EU, there are finally sign posts for privacy pros to look to as both regions aim to secure cross-border data transfers through U.K. adequacy. In a massive trade agreement signed last Christmas Eve, both regions secured a temporary transfer period that provides the U.K. government and European Commission time to complete an adequacy agreement.  But, of course, the clock is ticking.  "We don't see why the U.K. shouldn... Read More