On 28 June 2021, the EU Commission found that the UK provides adequate protection for personal data, enabling personal to freely flow from the EU (and EEA) to the UK. Background European privacy law (specifically articles 44-50 of the General Data Protection Regulation (GDPR)) prohibits the export of personal data from the EU to a third …
Summary By the end of 2021, many corporate transactions in the communications, data infrastructure, artificial intelligence, satellite and space technologies sectors (and some others) will be subject to mandatory notification to, and national security review by, the UK government. Implementation timetable The National Security and Investment Act 2021 (“Act“) became part of UK law on …
The European Commission has proposed a ‘digital compass’ to set its course for a digitally empowered Europe by 2030. The UK’s Department for Culture Media and Sport (DCMS) has also set out its top ten priorities for a technology driven future to ‘build back better’ following the Covid19 pandemic. European Digital Compass At a press …
EU progresses revised ePrivacy Regulation
On 24 November 2020, the UK Government started the legislative process for a new Telecoms (Security) law which will, when passed into law, provide statutory backing for their already announced policy objective to exclude Huawei (and potentially other ‘high risk vendors’) from the UK’s 5G (and other) networks on the grounds on national security. This …
On 7 September 2020, the UK’s Intellectual Property Office (IPO) published a call for views on the impact of Artificial Intelligence (AI) on the UK’s Intellectual Property (IP) laws. Responses are due by 30 November. The consultation takes place against the backdrop of worldwide interest in AI and the law by governments and regulators. The …
This guest post is written by @matthew1hunter and @aisling1odwyer. Regular readers of this blog will know we have been tracking the impact of ISO/IEC 27018:2014 –Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors (ISO/IEC 27018). We see this as the go-to standard for customers of public …
Since its release in August 2014, ISO 27018 is becoming well established as the “go to” standard to help cloud customers to comply with their privacy obligations when using public cloud services. Privacy regulators recognise and refer to the new standard. Cloud customers are using it in their RFP requirements and in their assessments of …
A key challenge for organisations who want to use cloud services is to do so in a way that is compliant with the organisations’ obligations under data protection laws. This guest post by Matt Hunter (@matthew1hunter) and Daniel Jung explains how ISO 27018 is relevant and why companies considering cloud solutions should look to cloud providers …
There should be relief at the moment felt by financial institutions and cloud service providers alike, following the release of the MAS’s consultation on the proposed new outsourcing notice and updated guidelines as mentioned in Rob’s previous post. The MAS doesn’t use the word “cloud” expressly in its consultation. However, the MAS has made important changes …