Search results
470 results ordered by
Thinking - Blog
Do you know you're being tracked?
Do you own a smart phone? Do you always have WiFi enabled? If your answers to both these questions are yes, your movements were most probably tracked on your way into work today.
Read more
Thinking - Blog
EU Consultation on standards for a Digital Single Market
On 23 September 2015, the European Commission launched a public consultation on information and communications technology ("ICT") standards for creation of a Digital Single Market.
Read more
Thinking - Blog
Update: IT Suppliers beware! Your right to terminate on a customer insolvency is changing…
In September 2013 we reported on the Enterprise and Regulatory Reform Act 2013 which provided the Government with the power to extend the law regarding the supply of essential services to insolvent customers.
Read more
Thinking - Blog
Article 29 Working Party keeps up the pressure on data reform discussions
The EU data protection reform package has entered its decisive phase. The first trilogue between the European Parliament, the European Commission and the Council of Ministers began on 24 June 2015 but, even at this late stage, there are many key concepts still to be finalised.
Read more
Thinking - Blog
Transparency by design – putting FOIA at the forefront of public sector outsourcing contracts
Earlier this year, the Information Commissioner's Office (ICO) published a guidance document recommending some steps for public authorities (Authorities) to take when entering into outsourcing arrangements to help them comply with their freedom of information obligations.
Read more
Thinking - Publication
Technology and cyber risk update
Drones – issues for casualty insurers
Read more
Thinking - Blog
Digital content under the new Consumer Rights Act
The Consumer Rights Act 2015 (CRA) comes into force on 1 October 2015. It will reform consumer law in the UK, in particular by setting up new consumer rights and remedies in respect of digital content.
Read more
Thinking - Blog
UK cyber security: insure against 'rapid, highly damaging and public' threats
Cyber attacks present a daily threat to UK businesses and have become more destructive in recent years with data breaches and hacks frequently making front page news.
Read more
Thinking - Blog
Court of Appeal opens the door to 'distress-only' data breach claims where no financial loss
In an important ruling, the Court of Appeal confirms that misuse of private information is a tort and rules on the meaning of "damage" under s13 of the Data Protection Act ("the DPA"), allowing claimants to recover compensation for "distress" resulting from a breach of the Act without also having to prove pecuniary losses.
Read more
Thinking - Blog
Supreme Court clarifies the limits on contractual discretion
A recent decision of the Supreme Court1 has confirmed that the limits on contractual discretion include a requirement to take relevant issues into account and that the discretion is not exercised irrationally.
Read more
Thinking - Blog
CMA call for information on use of online reviews
Online reviews: love them or hate them, there is no escape. Products, services, large multinationals, SMEs, online or offline, almost everyone is being judged these days.
Read more
Thinking - Blog
ICO fines online travel insurer £175,000 for failing to keep customers’ personal information secure
The Information Commissioners Office (the “ICO”) has fined Staysure.co.uk Limited (“Staysure”), an online travel insurance company, £175,000 for its failure to comply with the seventh data protection principle, after IT security failings allowed hackers to access up to 100,000 customer financial records.
Read more
Thinking - Blog
New powers to audit NHS authorities' data protection compliance
From 1 February 2015, the ICO will be able to subject public healthcare organisations to compulsory audits of their data protection compliance under section 41A of the Data Protection Act 1998.
Read more
Thinking - Blog
New UK Procurement Rules Published for Consultation
Draft new Public Contracts Regulations 2015 and a Consultation Document on UK Transposition of the new EU Procurement Directives have recently been published by the Cabinet Office. This paves the way for the 2014 Directives to be implemented in the UK early next year.
Read more
Thinking - Blog
FCA COMPLETES THEMATIC REVIEW OF MOBILE BANKING AND PAYMENTS
The Financial Conduct Authority (FCA) has recently published its findings following its thematic review of mobile banking and payments.
Read more
Thinking - Blog
EU Consultation on Cloud Computing and Software
The EU has opened a public consultation to help define future research priorities in the areas of Cloud Computing and Software (including Open Source). Any and all stakeholders are invited to submit their views by 10 October 2014.
Read more
Profile
Thinking - Publication
Cyber_Bytes Issue 70
Welcome to Cyber_Bytes, our regular round-up of key developments in cyber, tech and evolving risks.
Read more
Thinking - Publication
New guidance on balancing data protection with the FCA's Consumer Duty and the TPR's Code of Practice
The Financial Conduct Authority (FCA), Information Commissioner's Office (ICO) and The Pensions Regulator (TPR) have published welcome guidance (Joint Statement) aimed at retail investment firms and pension providers on how to ensure their customer communications comply with the FCA's Consumer Duty (Consumer Duty) and the TPR’s Code of Practice (Code of Practice), whilst ensuring they follow the rules on direct marketing and data protection.
Read more
Thinking - Snapshot
New Standard Contractual Clauses for data importers outside the EAA but subject to the GDPR
Are the EU’s Standard Contractual Clauses (SCCs) needed if a data importer is located outside the European Economic Area (EEA) and already directly subject to the EU General Data Protection Regulation (EU GDPR)? In other words, where third party controllers and processors are based outside the EAA but subject to the GDPR, do you still need the SCCs to enable a lawful international transfer to them?
Read more
Thinking - Snapshot
The UK’s new Data (Use and Access) Bill
What does the UK’s new Data (Use and Access) Bill (the Data Bill) mean for businesses?
Read more
Thinking - Blog
The EU's Cyber Resilience Act: 10 on the 10
Today the EU's Cyber Resilience Act (Regulation (EU) 2024/2847) ('CRA') enters into force. The CRA recognises that the continuously evolving world of smart products is frequently challenged by vulnerabilities which can potentially lead to cyber-security incidents. Whilst most of the Act's obligations will not be applicable until three years from now, 10 December is the day when the EU takes a big step towards it's ten-year Cybersecurity Strategy. To mark the occasion, we have outlined ten key points that entities in scope must be aware of in preparation for compliance with the CRA.
Read more
Thinking - Snapshot
EDPB’s new publications on the ePrivacy Directive, processors and legitimate interests
What are the key takeaways for organisations processing personal data set out in the recent Guidelines and Opinions adopted by the European Data Protection Board (EDPB)?
Read more
Thinking - Snapshot
ICO Statement on Generative AI Model Training
What position does the Information Commissioner’s Office (ICO) continue to take on Generative AI Model training?
Read more
Thinking - Snapshot
ICO reprimands Sky Betting and Gaming for using non-essential cookies without users’ consent
What proactive steps should website operators take to ensure that their use of cookies complies with UK data protection law? Put another way, are you sure personal data is not being collected by your website’s advertising cookies before users have consented to their deployment?
Read more
Thinking - Snapshot
Irish DPC fines LinkedIn €310m for behavioural analysis and targeted advertising breaches
How certain do data controllers need to be of their lawful basis for processing personal data when engaging in behavioural analysis and targeted advertising, and how clearly must this be reflected in a privacy policy?
Read more
Thinking - Publication
DORA Watch - November 2024
As financial entities and ICT service providers undergo the final stages of implementation of the Digital Operational Resilience Act (DORA) requirements into their systems and processes, it is imperative to understand the legal developments and ongoing updates arising from EU Member States as they go through their respective transposition and alignment processes. Through TerraLex - our global legal network, which provides us with access to 22,000 lawyers from highly regarded and carefully vetted law firms stretching more than 120 countries – we have collated legal updates focusing on DORA and its implications in EU jurisdictions.
Read more
Thinking - Publication
Data Dispatch - November 2024
Welcome to the eighth edition of Data Dispatch from the Data Advisory team at RPC. Our aim is to provide you on a regular basis with an easy-to-digest summary of key developments in data protection law.
Read more
Thinking - Blog
New Data (Use and Access) Bill
What does the new Data (Use and Access) Bill (the Data Bill) mean for businesses?
Read more
Thinking - Publication
Cyber_Bytes Issue 69
Welcome to Cyber_Bytes, our regular round-up of key developments in cyber, tech and evolving risks.
Read more
Thinking - Publication
Navigating a cyber breach
Cyber attacks remain a board-level concern for companies given their ability to disrupt services and unleash serious repercussions on financial, reputational, and operational fronts.
Read more
Thinking - Publication
DORA Developments Compilation – October 2024
As financial entities and ICT service providers undergo the final stages of implementation of the Digital Operational Resilience Act (DORA) requirements into their systems and processes, it is imperative to understand the legal developments and ongoing updates arising from EU Member States as they go through their respective transposition and alignment processes. Through TerraLex - our global legal network, which provides us with access to 22,000 lawyers from highly regarded and carefully vetted law firms stretching more than 120 countries – we have collated legal updates focusing on DORA and its implications in EU jurisdictions.
Read more
Thinking - Publication
Data Dispatch - October 2024
Welcome to the seventh edition of Data Dispatch from the Data Advisory team at RPC. Our aim is to provide you on a regular basis with an easy-to-digest summary of key developments in data protection law.
Read more
Thinking - Blog
The EU Cyber Resilience Act targets digital components made available in the EU market throughout the entire supply chain of a product
Last month, the EDPB published their "Guidelines on Examples regarding Personal Data Breach Notification" (the Guidelines). These are intended to provide "practice-oriented, case-based" guidance on when it is necessary to notify the relevant supervisory authorities (the SA) under Article 33(1) of the GDPR and/or data subjects under Article 34(1) of the GDPR following a personal data breach.
Read more
Thinking - Snapshot
UK's new AI Cyber Security Code of Practice
What is the UK's proposed AI Cyber Security Code of Practice?
Read more
Thinking - Snapshot
EU AI Act into force 1 August 2024
The EU AI Act came into force across all 27 EU member states on 1 August 2024. The aim of the legislation is to ensure AI systems used in the EU are safe and transparent.
Read more
Thinking - Snapshot
New Minister for Data Protection Sir Chris Bryant
On 8 July 2024, the Government appointed Sir Chris Bryant as the Minister of State for Data Protection and Telecoms (as well as Minister of State for Creative Industries, Arts and Tourism).
Read more
Thinking - Snapshot
Social media and video sharing platforms targeted by ICO over children's privacy practices
What must social technology platforms be aware of to ensure they are following the ICO's codes of practice for children's online safety?
Read more
Thinking - Snapshot
Uber hit with €290m fine for transferring European driver data to its US HQ
What does the Uber fine signal for international data transfers and the consequences of failing to comply with the EU General Data Protection Regulation (EU GDPR)?
Read more
Thinking - Snapshot
X suspends personal data training of AI chatbot Grok following Irish DPC pressure
How are the data regulators addressing the use of personal data when training AI language models?
Read more
Thinking - Snapshot
The UK's Digital Information and Smart Data Bill
What can we expect from the new Digital Information and Smart Data Bill (the DISD Bill)?
Read more
Thinking - Publication
Cyber_Bytes Issue 68
Welcome to Cyber_Bytes, our regular round-up of key developments in cyber, tech and evolving risks.
Read more
Thinking - Publication
AI-as-a-Service – Key Issues
Artificial Intelligence-as-a-Service (AIaaS), in the same vein as Software-as-a-Service and Infrastructure-as-a-Service, refers to cloud-based tools that allow businesses to gain access to an AI model hosted by a third party provider.
Read more
Thinking - Publication
Procuring AI – Commercial Considerations Checklist
Many companies will no doubt be considering using AI within their business to take advantage of the massive opportunities for increased productivity and cost efficiencies promised.
Read more
Thinking - Publication
AI and Privacy – 10 Questions to Ask
We set out in this section 10 key questions to ask yourself at the outset when developing or deploying AI solutions in your business.
Read more
Thinking - Publication
Generative AI – Addressing Copyright
When it comes to the interaction of AI and IP rights, bar a flurry of activity surrounding the inevitable outcome by the courts in the Thaler, Dabus case (see here) and the Court of Appeal's ruling on the potential for exclusion from patentability of artificial neural networks in the Emotional Perception case, most attention has been focused on copyright issues. There are three main potentially thorny issues and all have been extensively covered by the mainstream media.
Read more
Thinking - Publication
Part 6 – Practical Considerations
AI focussed actors and providers have been focussing on their forthcoming AI obligations and on governance for some time, but it is now prudent for the majority of organisations to assess how their use of AI will come within the scope of regulation in key territories and become familiar with each regime (and devise a means to keep up with the anticipated fast moving changes). Planning for the costs of compliance and for AI governance including systems and procedures for data retention and record keeping should also be part of current business strategy together with building expertise on AI internally and identifying trusted advisors from the "noise" of what is being offered externally.
Read more
Thinking - Publication
Part 5 – AI Regulation Globally
On 30 October 2023 the G7 published its international guiding principles on AI, in addition to a voluntary code of conduct for AI developers. The G7 principles are a non-exhaustive list of guiding principles aimed at promoting safe, secure and trustworthy AI and are intended to build on the OECD's AI Principles, adopted back in May 2019.
Read more
Thinking - Publication
Part 3 - AI regulation in the US
Back in October 2022, the White House published federal guidance – a Blueprint for an AI Bill of Rights identifying five principles aiming to guide the design, use, and deployment of automated systems. It was designed to operate as a roadmap to protect the public from AI harms and was followed in October 2023 by the US President's Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence. The Executive Order sets out eight "guiding principles and priorities", detailing how those principles and priorities should be put into effect, and reporting requirements
Read moreStay connected and subscribe to our latest insights and views
Subscribe Here