A revised data protection law forms part of the new government’s legislative agenda for the UK. Key points in the Queen’s Speech on 21 June 2017 were that a new UK Data Protection Bill (the Bill) will replace the current Data Protection Act 1998; the new Bill will implement the EU General Data Protection Regulation (GDPR) in the UK (a fact that the party manifestos were silent on before the election); and the government intends to put the UK in the best position to maintain data sharing across the EU and internationally. These points remained unchallenged in the subsequent parliamentary debates, and the government’s express intention to implement the GDPR through national law in the UK was welcomed by many businesses.
Continue Reading

The European Commission’s January 2017 Communication on Building an European Data Economy (‘Communication‘)  proposes a principle of free movement of data within the EU. Whilst the coming into force of the General Data Protection Regulation (‘GDPR‘) on 25 May 2018, significantly changes and tightens the rules relating to the collection and use of personal data in Europe, those changes need to be read alongside the Communication (and the accompanying staff working paper) to fully understand the regulatory environment for data in Europe. The Communication examines actual or potential blockages to the free movement of data and presents options to remove unjustified and or disproportionate data location restrictions in the EU. It also considers the barriers around access to and transfer of non-personal machine-generated data, data liability, as well as issues related to the portability of non-personal data, interoperability and standards.
Continue Reading

On 10 May 2017, the European Commission published its mid-term review of the implementation of Europe’s Digital Single Market strategy. Launched in 2015, the ambitious strategy covered 16 actions under the three pillars: (1) improving access to digital goods and services for consumers and businesses across Europe; (2) creating the right conditions and a level playing field for digital networks and innovative services to flourish; and (3) maximising the growth potential of the digital economy. Despite a lot of activity, the Commission was only able to highlight one actual delivered improvement in its review – the abolition of retail roaming charges – although it looks forward to the imminent implementation of cross-border content portability in early 2018 and the expected approval of a proposal to address unjustified geo-blocking.

Continue Reading

In January 2017, the European Commission published the proposed text of a new draft e-Privacy Regulation (ePR) as part of its ongoing drive to advance one of its key initiatives, the Digital Single Market.

Whilst the impending introduction of the GDPR has been dominating headlines for the past months, the ePR has somewhat gone under the radar. We set out the key points to look out for with regard to the ePR and who it is likely to apply to.


Continue Reading

In 2015, the European Commission published a study (written by IDC) which provides an overview of Europe’s IoT digital ecosystem, its current status and anticipates a suggested vision of the same ecosystem in 2020. That study found:

The IoT (Internet of Things) is a pervasive innovative technology building on the universal connectivity of things and people, now moving in Europe from the pioneer phase to widespread adoption. In combination with cloud computing and Big Data the IoT is opening the new age of the hyper-connected society and acting as a powerful driver of business innovation, but also facing equally strong barriers in terms of security risks, concerns about privacy protection, and resistance to organizational change.”


Continue Reading

On 30 March 2017, the UK’s Department for exiting the European Union published a white paper outlining its proposals for a Great Repeal Bill (GRB). Whilst superficially, this appears to bring clarity to the legal position after Brexit, on closer examination the GRB proposal over-simplifies the position and glosses over the very significant legislative (and consequential business) problems that will arise from the UK’s departure from the EU in the absence of a comprehensive and detailed free trade agreement between the UK and EU to enable many of the existing business arrangements to continue. Whilst much of the press commentary has focused on the impact of Brexit on the financial services sector, the same issue, disruption of existing business models as a result of leaving the single market, arises in almost every other sector of the economy, and certainly in the telecoms, media and technology sectors.

Continue Reading

Regular readers will be aware that current data protection (privacy) laws will be replaced in Europe by the new General Data Protection Regulation (or GDPR) from May 2018. This change is driving a lot of preparatory regulatory activity – see this article for a recent summary. Whilst the impact of Brexit on data protection law in the UK is not yet finally settled, the UK regulator ICO is proceeding on the basis that the GDPR (or something very like it) will take effect in the UK and as a result is starting to consult on implementation.
Continue Reading

On 7 July 2016, the UK’s Financial Conduct Authority (FCA) issued finalised guidance for authorised UK financial institutions use of cloud services. In a marked contrast to some other jurisdictions’ approach, this guidance is issued against a policy backdrop of FCA’s ‘Project Innovate’ which is an initiative to foster innovation and competition. The FCA say:

We see no fundamental reason why cloud services (including public cloud services) cannot be implemented, with appropriate consideration, in a manner that complies with our rules.”


Continue Reading