Anna Rawlinson

This Practice Note explores age assurance in online environments, emphasising its importance for compliance with a number of legal frameworks. It provides a practical introduction to age verification and age estimation methods and associated technologies. It highlights their role in compliance with legal frameworks like the United Kingdom General Data Protection Regulation, Assimilated Regulation 2016/679 (UK GDPR) and the Online Safety Act 2023, among others. It also provides an overview of the global context, and discusses key enforcement actions and the role of stakeholders in implementing age-appropriate measures, including those aimed at the protection of children.

This Practice Note provides guidance on the set of standard contractual clauses (SCCs) for international transfers of personal data published by the European Commission in June 2021 (the 2021 EU SCCs).

This Practice Note discusses Binding Corporate Rules (BCRs), which are one of the mechanisms that allow for the transfer of personal data outside of the EEA in compliance with Chapter V of the EU’s General Data Protection Regulation, Regulation (EU) 2016/679 (EU GDPR). BCRs enable a group of companies to demonstrate appropriate safeguards when they transfer personal data internationally between the group’s entities.

This Practice Note covers two recent legislative developments in the EU’s digital market, Regulation (EU) 2022/868, the Data Governance Act (the DGA) and Regulation (EU) 2023/2854 the Data Act (the DA). These two acts are the main deliverables of the European Strategy for Data, presented by the European Commission in February 2020. The European Strategy for Data, is part of the European Commission’s broader action plan to ensure Europe’s digital sovereignty by 2030, and is complementary to the European strategy on AI.