Data protection essentials

Data protection laws in both the UK and EEA (the EU plus Iceland, Norway, and Liechtenstein) are intended to ensure information about living individuals (within the definition of ‘personal data’) is used fairly and responsibly.

To help ensure that, both the UK and EEA data protection laws impose a large number of obligations on those ‘processing’ personal data (and on controllers of such processing) and grant rights to those whose personal data is processed (the ‘data subjects’). In summary, ‘processing’ includes doing almost anything with personal data, including storing, sharing, deleting or using it.

UK data protection law is largely derived from EEA data protection laws and is therefore generally based on similar principles, although there are some detailed differences.

This subtopic provides certain core resources commonly required by commercial lawyers when addressing UK and EEA data protection laws under:

•
the EU’s General Data Protection Regulation, Regulation (EU) 2016/679 (EU GDPR) regime, which applies under the

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

TAKE A FREE TRIAL

Latest Commercial News

CMA opens consultation on releasing Google from Privacy Sandbox commitments

The Competition and Markets Authority (CMA) has launched a consultation on releasing Google from its Privacy Sandbox commitments following Google's April 2025 announcement abandoning plans to prompt Chrome users about third-party cookie blocking. The commitments, which ensured Google's Privacy Sandbox development didn't favour its own ad-tech services, are deemed no longer necessary by the CMA. The consultation closes on 4 July 2025. The CMA notes it retains intervention powers under the Digital Markets, Competition and Consumers Act 2024 and Competition Act 1998 should future competition concerns arise.

European Commission pushes on with AI models Code of Practice despite possible law delay

MLex: The European Commission is pressing ahead with finalising a Code of Practice for general-purpose AI (GPAI) model developers, intended as a key compliance tool for the likes of OpenAI, Anthropic and Microsoft, for application in August 2025, even though discussions on pausing the EU AI Act that underpins it are now formally on the table. The Code, GPAI guidelines, the template to disclose training datasets and related guidelines are expected by the first week of July 2025. Leading AI companies are being engaged to secure their support for the Code, though they are still in the dark on the critical copyright-related parts.

Data (Use and Access) Bill passes through Parliament and heads for royal assent

Parliament passed the Data (Use and Access) Bill (DUA Bill) on 11 June 2025. First introduced in October 2024, this passage concludes a protracted legislative process as a notable amount of legislative 'ping pong' (nine rounds of back-and-forth) took place between the two Houses. Central to these discussions was the contentious issue surrounding the use of copyright works in the development of AI systems. During the last debate on 11 June 2025, the House of Lords opted against insisting once more on its amendment, which would have required further government legislation on copyright infringement and transparency in AI. Instead, the peers accepted an amendment in lieu from the Commons, which mandates the Secretary of State for Science, Innovation and Technology to lay a progress statement before Parliament within six months of the DUA Bill’s enactment, outlining advancements on the review. The DUA Bill will now move forward for royal assent at a date yet to be confirmed.

DEFRA publishes consultation outcome on food origin and production labelling reforms

The Department for Environment, Food & Rural Affairs (DEFRA) has published its consultation outcome regarding proposed reforms to food labelling requirements. The consultation, which received 31,011 responses between March and May 2024, focused on country of origin and method of production labelling. While acknowledging strong public support for enhanced country of origin information and animal welfare labelling, DEFRA indicated it will consider these reforms as part of broader UK food policy development, noting implementation barriers raised by stakeholders.