4 min read

Data, Privacy and Cyber Bulletin - February 2024

Read more

By Jade Kowalski, Hans Allnutt & Patrick Hill

|

Published 08 March 2024

Overview

The latest edition of our Data, Privacy and Cyber Bulletin covers a broad range of content including the LMA publishing model cyber war exclusions, the publicised takedown of the LockBit ransomware group, latest developments in the regulation of AI and a summary of recent celebrity privacy law decisions.

To start this month, our insurance wording experts offer their analysis of recently published LMA war exclusions for cyber treaty insurance, confirming our prediction that further cyber war exclusions should be expected in 2024.

The most striking news of the previous month was the success of Operation Cronos, a concerted effort by international law enforcement agencies including the National Crime Agency, to take down the ransomware group, LockBit. We discuss the legal and commercial implications.

February also saw further developments in the AI regulatory landscape in the UK. Our central discussion piece provides a detailed summary of developments in the last month on the AI regulatory landscape in the UK following the publication of the Government's consultation response to the 2023 White Paper. We also provide overviews of the ICO's second consultation on generative AI and guidance issued by the Association of British Insurers on the responsible use of AI in the insurance industry.

There is a celebrity angle as we review recent data privacy decisions discussing unlawful information gathering by newspapers and the processing of allegedly inaccurate personal data.

Looking to the future, colleagues from our Dublin office provide insight on recent changes at the Irish Data Protection Commission. The departure of Helen Dixon emphasises the growth of the DPC in recent years, but also highlights the regulatory challenges facing her replacements.

We also reflect on the second edition of the ICO Tech Horizons Report which features those innovations and technologies that the ICO believes will be the subject of widespread adoption in the next two to seven years.

To conclude, we consider developments in the UK and Europe highlighting the continued pressure that adtech models face as regulators in Europe are expected to issue guidance soon on 'pay or ok' consent models

 

LMA publishes model state-backed cyber war exclusion clauses for cyber treaty reinsurance

The LMA has published nine new cyber war clauses, including three LMA war exclusions for cyber treaty insurance. Our insurance wordings team offer their insight on the LMA exclusions.

Read more

 

LockedBit: Locked down

Our Cyber and Data Risk team discuss the legal and commercial implications of the takeover of the LockBit ransomware group's infrastructure and server by international law enforcement agencies. The article considers questions that the takedown raises for clients affected by ransomware attacks following the release of decryptor tools and confirmation that LockBit stored exfiltrated data for those who paid ransoms.

Read more

 

An update on the UK's approach to AI regulation

The Department for Science and Technology (DSIT) published the Government's consultation response to its March 2023 White Paper on AI regulation. We review the consultation response alongside DSIT's Initial Guidance for Regulators also published in February, setting out the key takeaways and expected developments in the future.

Read more

 

ICO issues second consultation on Generative AI and Data Protection

The ICO has launched a second call for evidence on how the principle of purpose limitation should be applied at different stages in the generative AI lifecycle. We review the details of this consultation, highlighting the ICO's focus on the reuse of training data and defining a purpose when developing a generative AI model.

Read more

 

Changing of the Guard: Transformation at the Irish Data Protection Commission

The departure of Helen Dixon in February 2024 from her role as Ireland's Data Protection Commissioner marked the end of an era in data and privacy regulation across the European Union. We analyse the development of the DPC during her tenure, and those challenges faced by her successors in the coming months and years.

Read more

 

Recent data privacy decisions: Celebrity edition

The High Court has recently handed down judgments on two data privacy claims considering the key issues of limitation, causation and loss. The actions involved two high-profile individuals alleging the unlawful gathering of information and breaches of the UK GDPR respectively.

Read more

 

ICO releases second Tech Horizons Report commenting on eight priority technologies

The ICO has published a second edition of the report, doubling the number of technological developments discussed including genomics, immersive virtual worlds, neurotechnologies and quantum computing. The report identifies a number of overarching trends involved in these developments and the associated privacy and data protection risks.

Read more

 

'Take it or leave it' and 'Pay or ok': Adtech business models at risk

Recent developments continue to demonstrate the pressure that adtech business models face. We review those developments including the progression of a proposed class action alleging Meta has abused its dominant market position, and continuing challenges to 'pay or ok' consent models in Europe.

Read more

 

ABI launches guidance on using AI responsibly

A guide offering support and ideas on the responsible use of AI for those working in the insurance industry was launched at the 2024 ABI Annual Conference. We provide an overview of the guide, including issues such as the application of AI to the insurance product lifecycle.

Read more

Authors