The legal world has kept us on our toes this January! Knowledge is power so we've prepared a short article to give you the down low - let's dive in..

ICO concerns over cookie policies

The ICO has sent warnings to some of the UK’s most visited websites setting out their concerns regarding their use of cookies - giving them 30 days to render their website compliant. Specifically, the ICO is concerned these websites don’t allow users a fair choice whether to be tracked for personalised advertising. The ICO says it will provide an update in January 2025 including details of those websites which have not complied. It will be interesting to see whether the ICO continues with its current trend of naming and shaming through issuing reprimands as its main form of enforcement action. You can read more about how we can support with cookie compliance (and website compliance more generally), here.

EU-US Data Privacy Framework (Data Bridge)

In a positive development to the UK extension to the EU-US Data Privacy Framework (Data Bridge), the first panel of judges were announced to the US Data Protection Review Court (DPRC). The DPRC was created as part of a redress mechanism for UK (and EU) individuals who believe their personal data has been collected by US government when conducting signal intelligence activities in breach of applicable US law (which now incorporates the Data Bridge). You can read more about the introduction of the data bridge in this article.

AI Governance

The Science, Innovation and Technology Committee has released a report on AI governance, highlighting that the rapid development of AI has intensified the need for effective regulation. The report identifies twelve key challenges, including bias, privacy, and transparency issues, that policymakers must address to harness AI's benefits while safeguarding against harm. The Committee’s view is that, whilst a welcome effort, the UK government’s “pro-innovation approach to AI regulation” whitepaper from March 2023 is already at risk of falling behind the pace of development of AI. The AI Act is due to introduced in the EU at some point this year. You can read more about it and what UK businesses should be thinking about here.

The CMA also published its report on AI Foundation Models (large, machine learning models trained on vast amounts of data). This sets out the proposed principles underpinning how they will scrutinise the competition law and consumer protection aspects of developing AI markets. This set of principles is not viewed as the ‘finished article’ and the CMA now plans to seek engagement on the report and the principles from a wide range of people in the UK, US and elsewhere over the coming months to maximise the potential of this technology.

Workers Health Information

The ICO have been busy this month! In addition to their naming and shaming activity, they've also published guidance which aims to help employers understand their obligations under the UK GDPR and DPA 2018 when handling the health information of the people who work for them. The guidance is divided into two main parts: the first part offers an overview of how data protection law applies to processing workers' health information, emphasising data protection principles and compliance basics with links to more detailed guidance. The second part explores common employment practices involving the processing of workers' health information, addressing legal requirements and providing good practice advice. The term 'worker' in the guidance encompasses various work relationships, including those in the gig economy, and the guidance specifies what organisations must, should, and could do to comply with the law and good practice.

Need support?

If you require support with preparing your business for any of the above, you can read more about what we do or get in touch with the team.