On July 18, 2022, the U.K. Government published a paper on its proposals for AI regulation “Establishing a pro-innovation approach to regulating AI” (the AI Paper). This was published alongside the Government’s AI Action Plan, the first update provided since the Government published its National AI Strategy in September 2021.
The AI Paper provides for an alternative approach to AI regulation in the U.K. when compared with the recently proposed draft legislation for AI regulation in the EU (the EU AI Act). The U.K. Government favours a more decentralised and less regimented approach: guidance, rather than legislation; sector-based, rather than cross-sector application; regulated at sector level, rather than centrally; and with a looser definition of what constitutes AI for the purposes of regulatory application. This is intended to make the U.K. an attractive environment for AI innovation, with more flexible and pragmatic regulation, although AI businesses operating in multiple sectors will potentially need to review and comply with more than one set of principles and address conflicts between them.
Continue reading “AI Regulation in the U.K. — New Government Approach”
On January 23, 2019, the European Commission announced its decision to adopt adequacy status with Japan for transfers of personal data. Pursuant to the European Union’s (EU) General Data Protection Regulation (GDPR), this decision will allow personal data to flow freely between the 28 EU countries, three additional European Economic Area member countries (Norway, Liechtenstein, and Iceland), and Japan, without the need for additional data protection safeguards or derogations. Japan adopted an equivalent decision with the EU on January 22, 2019. These reciprocal findings of adequacy will create the largest area of safe data flows in the world.
Continue reading “European Union Adopts Adequacy Decision For Safe Data Flows With Japan”
The EU Commission published its second annual review of the functioning of the EU-US Privacy Shield, which focused on the commercial issues, human resources and data automated individual decision-making and developments in the U.S. legal framework. This report follows the same general structure as the report on the first annual EU-US Privacy Shield review that we reported on last year.
Continue reading “EU-US Privacy Shield Second Review: Improvements Shown, but More to be Done”
The Article 29 Working Party (WP29) released two guideline documents, WP259 and WP260, on the General Data Protection Regulation (GDPR) concepts of consent and transparency. Comments on both documents will be accepted by the Working Party through January 23, 2018 after which the WP 29 working party will issue final guidance. WP29 is an independent European advisory body on data protection and privacy.
This blog post focuses on WP260, the guideline on transparency. Our companion post on WP259, the guideline on consent can be read here.
Transparency has long been a fundamental feature of EU privacy law and is an overarching obligation under the GDPR. The draft guideline notes that a central consideration of the principle of transparency is that the data subject should be able to determine in advance what the scope and consequences of the processing entails. Transparency applies in three central areas:
- The provision of information to data subjects related to the fair processing of their personal data.
- How data controllers communicate with data subjects in relation to their rights under the GDPR.
- How data controllers facilitate the exercise by data subjects of their rights.
Continue reading “Article 29 Working Party Releases Guideline WP260 on Transparency under the GDPR”
The Article 29 Working Party (WP29) released two guideline documents, WP259 and WP260, on the General Data Protection Regulation (GDPR) concepts of consent and transparency in November. Comments on both documents will be accepted by the Working Party through January 23, 2018 after which the WP29 will issue final guidance. WP29 is an independent European advisory body on data protection and privacy.
This blog post focuses on WP259, which is the guideline on consent. We have also written a companion blog on WP260, the guideline on transparency.
Guideline on Consent
The guideline provides a thorough analysis of the notion of consent, which is one of the six lawful bases to process personal data under the GDPR. Article 4(11) stipulates that consent of the data subject must be:
- Freely given.
- Unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Continue reading “Article 29 Working Party Releases Guideline WP259 on Consent under the GDPR”