On Oct. 18, 2022, the UK Information Commissioner’s Office (ICO) updated its “Guidance on Direct Marketing Using Electronic Mail,” providing refreshed FAQs regarding what constitutes electronic mail marketing, related rules and responsibilities, and miscellaneous clarifications to compliance questions such as “are tracking pixels covered by the electronic mail marketing rules?” (Short answer: technically no, but

The long-awaited UK data transfer mechanism has been published by the Information Commissioner’s Office (ICO), resolving the question of how international transfers of personal data from the UK will be handled post-Brexit. As a refresher, the European Commission published four new versions of the EU standard contractual clauses (SCCs) in June 2021. However, these new

We have a deal! After several months of negotiations, on 24 December 2020, the EU and the UK announced that they have finally agreed on an agreement regulating trade and cooperation between the UK and the remaining 27 member states after 31 December 2020 (Trade Agreement). From a data protection perspective, this is welcome news

The UK is nearing the end of its Brexit transition period (the Transition Period), which expires Dec. 31, 2020. Although the UK has not been a party to the European Economic Area (EEA) agreement since the passage of Brexit, it has been treated as an EEA member during the Transition Period. Because of this status,

It depends.

Many lawyers (and clients) incorrectly assume that attorneys must be processors because they are service providers of their clients. In some situations, a service provider has a role in determining the purposes and means of processing; when that occurs the service provider is, like its client, considered a “controller” or a “joint controller.”