Welcome to this week's Knowledge Collection
This month has seen several important changes to the UK's General Data Protection Regulation come into effect, as part of the Data (Use and Access) Act's phased implementation. Our Regulatory Outlook looks at the principal data protection reforms and provisions relating to automated decision-making now in force. The ICO has also recently published its final guidance on handling data protection complaints, as the new Act also brings in further rights for data subjects which come into effect in June.
In relation to the protection of children's data, the ICO recently fined an online platform after it found the company used children's personal information unlawfully. The regulator has stated its focus is on companies that primarily rely on self-declaration for age assurance, with online safety more broadly remaining a major focus for the government and regulators. The government brought forward its measures making it an offence to create purported intimate images, including AI-generated deepfakes, of an adult without consent. It has also announced an amendment to its Crime and Policing Bill to require regulated service providers to take down non-consensual intimate images within 48 hours.
On the ESG front, there are developments affecting sustainability reporting obligations for businesses in both the UK and EU. The Financial Conduct Authority is consulting on plans to replace the UK's current rules for listed companies' sustainability disclosures, and the Council of the EU has approved the provisional agreement on simplified sustainability reporting and due diligence rules. Our "Eating Compliance for Breakfast" webinar series returns next month, including a look at what the main ESG developments are that businesses should be aware of this year.
