Get a good background to data protection law and view practical guidance focused on data protection matters for commercial transactions. See also our UK GDPR compliant pro-party clauses for use in commercial agreements.
Protect trade secrets and know-how using the law of confidentiality. Get information and a set of pro-party confidentiality agreements here.
View a range of trackers to enable horizon scanning and monitoring of key developments. The trackers are maintained - making them useful for keeping up-to-date and for business development.
It’s our online practical guidance product for contentious and non-contentious lawyers dealing with Data Protection, Confidential Information, Privacy, Cybersecurity and Freedom of Information issues.
The European Union Agency for Cybersecurity (ENISA) has published the ENISA NIS360 2026 report assessing the cybersecurity maturity and criticality of...
The Information Commissioner’s Office (ICO) has published final guidance on the application of UK data protection law and the Privacy and Electronic...
The Irish Presidency of the Council of the EU has published its programme for 1 July 2026 to 31 December 2026, outlining its priorities and direction....
The European Data Protection Board (EDPB) has adopted a common template for personal data breach notifications under Regulation (EU) 2016/679 ((the...
This week’s edition of Information Law weekly highlights includes a hand-picked summary of news analysis, updates and new content related to laws...
The freedom of information (FOI) case tracker records and summarises key decisions and case law rulings relating to the enforcement of the Freedom of...
This Practice Note provides a high level summary of key themes of divergence between the UK and EU in relation to the extent of their data protection...
This Practice Note links to a report produced by Bird & Bird that reviews the laws governing the use of cookies and other storage and access...
This Practice Note provides an overview of the rules about using storage and access technologies (SATs), including cookies, in the UK under the...
This Practice Note addresses frequently asked questions (FAQs) on the new lawful basis of recognised legitimate interest which has been added to...
Address of Website OperatorDear [insert organisation name]Notice and take-down letterWe act for [insert client details], on whose instructions we are...
ARCHIVED: This Precedent has been archived and is not maintained. It is for background information only. It links to international data transfer...
[insert address of sender]Our ref: [insert reference]Your ref: [insert reference][Insert address of recipient]Date: [insert date]Dear [insert...
This Agreement is made on [date]Parties1[Insert name of party] [of [insert address] OR a company incorporated in [England and Wales] under number...
[insert address of sender]Our ref: [insert reference]Your ref: [insert reference][insert address of recipient]Date: [insert date]Dear [insert...
The UK General Data Protection Regulation (UK GDPR)—NavigatorThis Practice Note serves as a reference guide to the Retained Regulation (EU) 2016/679...
Privacy law—misuse of private informationThe tort of misuse of private information is focused on ‘the protection of human autonomy and dignity—the...
Confidentiality agreement—mutualThis Agreement is made on [date]Parties1[insert name of party] [of [insert details ] OR a company incorporated in...
The Information Commissioner’s Office (ICO)The Information Commissioner’s Office (ICO) is the UK’s independent regulator designed to uphold...
The UK General Data Protection Regulation (UK GDPR)This Practice Note provides a summary of the UK GDPR regime. For a higher-level introduction to UK...
Letter of claim—breach of confidence[Insert name and address of recipient]Dear [insert organisation name],[Name of client] and confidential...
Trade secrets and confidential information—protection and enforcementThis Practice Note sets out the protection available for trade secrets and...
Introduction to the EU GDPR and UK GDPRThis Practice Note provides a high-level introduction to the EU’s General Data Protection Regulation,...
Data protection, privacy and confidential information case law trackerThis Practice Note tracks noteworthy High Court, Court of Appeal and Supreme...
Commercial use of photographs—data protection and privacy issuesThis Practice Note addresses issues affecting professional photographers taking...
Letter of claim—breach of data protection law[Insert name and address of recipient]Dear [insert organisation name],[Name of client] and breach of data...
What does IP completion day mean for Information Law? [Archived]ARCHIVED: This Practice Note has been archived and is not maintained.11 pm (GMT) on 31...
Confidential information, privacy and injunctionsThis Practice Note deals with the general principles of obtaining an injunction relating to...
The Data Protection Act 2018This Practice Note introduces the UK’s Data Protection Act 2018 (DPA 2018).For higher-level introductions to data...
Many websites use Adobe Flash to display graphics, interactive animations and other enhanced functionality. Flash cookies (also known as local shared objects) are data files stored on a user’s computer to facilitate the Flash functionality. Flash cookies can track similar parameters to HTTP cookies but they can also provide information on a person’s use of the specific feature that the cookie is enabling. For example, if it facilitates the display of a video then an operator can be provided with details of how much of the video was watched and when viewing stopped.
Commonly refers to an external-facing data protection policy (or ‘notice’) addressing the information and transparency requirements under data protection and privacy laws.
A key objective of the EU GDPR is to achieve a level of consistency in relation to how data protection is implemented and enforced across the EU. Under Article 51 of the EU GDPR, Member States can provide one or more independent public authorities to be responsible for monitoring the application of the EU GDPR, ie a ‘supervisory authority’. Under UK GDPR, the Information Commissioner is the equivalent authority in the UK but falls outside of the EU GDPR regime.