Consultation

The UK Government today announced that it intends to ban social media platforms from offering services to children under 16, alongside wider restrictions on certain online functionalities that the Government has identified as harmful to children.

The announcement follows the conclusion of the Department for Science, Innovation and Technology’s (“DSIT”) consultation, “Growing up in the online world,” which received more than 116,000 responses (we originally wrote about that consultation here). The Government intends to bring the first regulations to Parliament before the end of the year using powers created by the Children’s Wellbeing and Schools Act 2026 (“CWSA”), with protections expected to come into force in Spring 2027. Today’s announcement is the latest in a series of significant developments reshaping the UK’s online safety framework. We summarize some of these latest developments below.

Continue Reading Online Safety in the UK: Social Media Ban for Under 16s and Other Recent Developments

On May 1, 2019, the UK’s Department for Digital, Culture, Media and Sport (“DCMS”) launched a public consultation (“Consultation”) regarding plans to pursue new laws aimed at securing internet connected devices. The Consultation follows the UK’s publication of its final Code of Practice for Consumer IoT Security (“Code of Practice”) last October (the subject of another Covington blog available here) and is targeted at device manufacturers, IoT service providers, mobile application developers, retailers and those with a direct or indirect interest in the field of consumer IoT security.
Continue Reading IoT Update: The UK Announces Plans for New Connected Device Laws

On 9 April 2019, the European Data Protection Board (“EDPB”) adopted new guidelines “on the processing of personal data under Article 6(1)(b) GDPR in the context of the provision of online services to data subjects.”

In general, the GDPR requires that processing of personal data be justified under a legal basis in Article 6 GDPR.  One such legal basis is Article 6(1)(b), which covers data processing that is “necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.”  The new EDPB guidelines consider the meaning of this basis, and in particular whether it can be used as the basis for data processing by online services for purposes such as service improvement, fraud prevention, targeted advertising, and service personalization.
Continue Reading EDPB Begins Consultation on New Guidelines on Use of the “Performance of a Contract” GDPR Legal Basis by Online Services

On 20 November 2018, the UK government published its response (the “Response”) to the June 2018 consultation (the “Consultation”) regarding the proposed new Centre for Data Ethics and Innovation (“DEI”). First announced in the UK Chancellor’s Autumn 2017 Budget, the DEI will identify measures needed to strengthen the way data and AI are used and regulated, advising on addressing potential gaps in regulation and outlining best practices in the area. The DEI is described as being the first of its kind globally, and represents an opportunity for the UK to take the lead the debate on how data is regulated.
Continue Reading IoT Update: The UK Government’s Response to Centre for Data Ethics and Innovation Consultation