The past 12 months saw a wide range of key events, and our summary pieces take in updates on developments in artificial intelligence, the Online Safety Bill and the continued growth of the cyber insurance market.
Looking specifically at developments in December, the ICO features heavily following publication of its opinion on the progression of the Data Protection and Digital Information Bill, its cookie crackdown continued with publication of a warning letter issued to companies with inadequate websites, and finally updated guidance on Transfer Risk Assessments relating to transfers to the United States.
Finally, we consider updates from Europe, where the Court of Justice of the European Union offered clarity on when a controller can be liable for its processors' wrongdoing. The European Commission also confirmed that political agreement had been reached on the content of the Cyber Resilience Act, intended to cover products with digital elements, such as connected products. With similar legislation taking effect in the UK in April of this year, the specifics of the CRA are awaited with great interest.
Data Protection and Privacy: 2023 in review
We reflect on events occurring in the past year in the world of data protection and privacy, with the fifth anniversary of the introduction of the GDPR prompting reflections on its influence and emerging challenges. Our review also takes in the previous years' discussions around adequacy agreements, the passing of the Online Safety Bill, a busy year for the ICO, and the numerous developments in data protection and privacy in the context.
Cyber Risk: 2023 in review
We review the key developments in cyber risk covered in our bulletins throughout 2023, ranging from our AI Explainer series, continued calls for increased cyber resilience and newsworthy updates from the ever-growing cyber insurance market.
ICO publishes cookies deficiency warning to companies
As part of their continued efforts to ensure that the use of advertising cookies complies with data protection, the ICO published an example of the cautionary letter issued to selected companies warning them to address specific concerns with their use of cookies.
The ICO's Response to the Data Protection and Digital Information Bill
The Information Commissioner has published feedback on the current version of the Data Protection and Digital Information Bill, indicating that he remains broadly comfortable with the shape of the legislation. However, concerns were raised regarding the introduction of 'effective new policy' by the Government via amendments without them having received appropriate scrutiny in the House of Commons.
UK-US data bridge: ICO publishes updated TRA guidance
Following the implementation of the UK-US Data Bridge in October 2023, the ICO has updated its Transfer Risk Assessment guidance with a specific section on TRAs relating to transfers to the United States.
GDPR: CJEU finds that a controller can be liable for its processors' wrongdoing
The Court of Justice of the European Union recently offered clarity on a number of issues regarding the relationship between the parties and allocating liability for regulatory breaches, including the topic of our article, establishing the circumstances in which a controller can be liable for its processors' wrongdoing.
Connected Products: Political Agreement reached on EU Cyber Resilience Act
We review the announcement from the European Commission confirming that political agreement had been reached with the European Parliament and Council on the content of the Cyber Resilience Act.
