As foreshadowed in our post of 20 September 2023, we are pleased to announce an evening briefing session with leading data and internet specialists Anya Proops KC and Jamie Susskind on the Online Safety Act, arguably the most significant new law in a generation.

We have happily managed to secure a larger venue than expected for this event, and so there are still some places available. Please RSVP at RSVP@11kbw.com if you wish to attend.

Date: Tuesday, 3rd October 2023
Time: 6:30 PM – 7:30 PM
Venue: IET London: Savoy Place, London WC2R 0BL
Delegate Charge: This event is free of charge

On 12 October 2023, the Data Protection (Adequacy) (United States of America) Regulations 2023 will come into effect and the UK-USA ‘data bridge’ will be effected. This will mean that, under the terms of the revised EU-US Data Privacy Framework, and the UK Extension to it, transfers of personal data from the UK to a person in the USA on the Data Privacy Framework List, will be deemed to meet the test of adequacy for the purposes of the UK GDPR and the DPA 2018. Read more »

Yesterday the Online Safety Bill received assent in the House of Lords, meaning it is now ready to become law. It is anticipated that the Bill will receive Royal Assent in the course of October 2023. So it is that the UK stands on the brink of a new era in internet regulation, one which is intended fundamentally to improve the health and wellbeing of the nation by making the internet a safer, less hazardous environment for all.

And how, you may well ask, is this improvement to be achieved? Well, in the most basic terms, the Online Safety Bill (soon to be the Online Safety Act) seeks to make the internet a safer place by: (a) converting those online intermediaries who host and index online content – including most obviously social media providers and online search engines – into the digital caretakers of the online world, making them subject to a wide array of duties of care with respect to the content they respectively host or index and, further, (b) charging Ofcom with responsibility for ensuring that online intermediaries are discharging these duties of care in practice. Read more »

It’s been a few days since the CJEU’s landmark 4th July decision in Meta Platforms v Bundeskartellamt (Case C-252/21). As readers of the blog will probably have seen elsewhere, this was no Independence Day victory for Meta. Instead, the CJEU Grand Chamber upheld the idiosyncratic blending of competition law and GDPR by the German competition regulator (the Federal Cartel Office, or FCO). Read more »

Public lawyers, in particular, may have encountered government departments or others redacting the names of ‘junior officials’ on grounds of ‘relevance’ or ‘data protection’, when disclosing documents in litigation. Anecdotally, at least, that has been an increasing trend in recent years. The judgment of Swift J in FMA and Others v SSHD [2023] EWHC 1579 (Admin) contains a very clear – and welcome – statement that this approach is not appropriate.

Read more »

ICO Enforcement Notices and Monetary Penalty Notices (“MPNs”), and the resulting appeals to the FtT, are the bread and butter of information law litigation. Readers of Panopticon would be forgiven for thinking that issues such as the burden and standard of proof in such appeals would be uncontentious. But not so, according to the appellant in Doorstep Dispensaree Ltd v Information Commissioner [2023] UKUT 132 (AAC).

Read more »