Transparency, privacy policies and notices

The United Kingdom General Data Protection Regulation, Assimilated Regulation (EU) 2016/679 (UK GDPR) provides various requirements concerning data transparency.

The terms ‘privacy policy’, ‘data protection policy’, ‘privacy notice’, ‘privacy statements’, ‘fair processing notices’ and ‘data protection notice’ are interchangeable.

For an introduction to the UK GDPR, see Practice Notes: Introduction to the EU GDPR and UK GDPR and The UK General Data Protection Regulation (UK GDPR).

Assimilated law is the name given to retained EU law (REUL) which remains in force after the end of 2023. The re-categorisation of REUL (and associated terms) to assimilated law reflects a change in its status and treatment under UK law, in that it is generally to be interpreted according to ordinary domestic law and principles.

From 1 January 2024, REUL is ‘assimilated’ into domestic law by virtue of the fact it is generally stripped of EU-derived interpretive effects (eg supremacy of EU law, directly effective rights, and general principles previously

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

TAKE A FREE TRIAL

Latest Information Law News

Google announces no new Chrome cookie controls as CMA reviews Privacy Sandbox commitments

Google has announced it will maintain its current approach to third-party cookie controls in Chrome and will not implement a new standalone prompt, marking a shift from its previous Privacy Sandbox plans. The Competition and Markets Authority (CMA) is now reviewing the implications of this announcement for Google's existing commitments made under the 2022 Privacy Sandbox agreement. The decision comes as Google cites evolving privacy technology adoption, emerging AI opportunities, and regulatory changes since the Privacy Sandbox initiative launched in 2019. Google stated it will continue developing privacy-enhancing technologies and plans to launch IP Protection in Q3 2025.

The 11th Edition of the King’s Bench Guide has been published

Notable updates to the 10th Edition (published April 2024) include:

Main challenges of EU AI Act-GDPR interplay identified by Member States

MLex: Potentially conflicting legal requirements, national governance approaches to ensure regulatory consistency, as well as clear legal advice to minimise the compliance burden, are the main issues seen by EU Member States in the interplay between the EU AI Act and the EU’s General Data Protection Regulation, Regulation (EU) 2016/679 (EU GDPR). European governments have pointed out that the two laws' diverging regulatory approaches might lead to conflicting outcomes, which should be avoided with systematic cooperation between the responsible authorities.

ACER publishes guidelines to share cybersecurity information in electricity sector

Agency for the Co-operation of Energy Regulators (ACER) has published new guidelines aimed at enhancing the protection of cybersecurity information exchanged under the EU-wide network code on sector-specific rules for cybersecurity aspects of cross-border electricity flows (NCCS). The guidelines emphasise the need to maintain the confidentiality of sensitive information on cyberattacks, threats, risk assessments, and cybersecurity expenditures while ensuring that such information is shared securely amongst entities and with the relevant authorities. It recommends the use of the Traffic Light Protocol (TLP) for exchanging information and offer methods for anonymising and aggregating data, particularly when no legally binding national classification schemes are in place.

View Information Law by content type :

News