The Lens Newsletter - February 2025

Bank IT outages: Treasury Committee requests answers from banks and building societies

The House of Commons Treasury Committee (the Committee) has published letters it has sent to CEOs of the UK's nine largest banks and building societies to request information on the scale and impact of IT failures which have affected their... Read more 

Consent or pay may be okay: new ICO guidance

The UK Information Commissioner’s Office (ICO) has published its consent or pay guidance. This largely reflects the ICO’s initial position in its call for views last year (see our previous blog). By way of reminder, consent or... Read more 

First provisions of EU AI Act now apply: what you need to know about AI literacy

The first provisions of the EU AI Act started to apply this Sunday (2 February). Companies that provide or deploy AI systems are now required to ensure that there is AI literacy within their operations, and certain AI practices are now... Read more 

DSARs: Implications of recent legal updates

The challenges of complying with the ever-increasing volume of data subject access requests (DSARs) was a topic for discussion at our Data Privacy Forum (DP Forum) in December. Legal developments since then have added to the understanding of the... Read more 

How to train your GPAI model: a first look at the EU’s data summary requirements

The European AI Office has recently unveiled its preliminary proposals on the template for the summary of training data that general-purpose AI (“GPAI”) model providers will be required to publish under the EU AI Act.   While at first glance... Read more 

Blurring the “big picture”: latest decision in Getty v Stability AI highlights challenges in complex representative claims

As we enter 2025, buzz around AI (and generative AI in particular) shows no signs of slowing down. As a result, Getty v Stability AI is being followed with great interest in the UK as a key test case for how IP infringement claims against use of... Read more 

The benefit of PETs (and pseudonymisation): new UK and EU guidance

Eighteen months on from the UK Information Commissioner, John Edwards, calling for all organisations sharing large volumes of data to consider using “privacy enhancing technologies” (PETs) (explained in this blog), regulatory focus on this area is... Read more 

UK Pro-Growth Agenda: ICO puts forward ideas

The Information Commissioner’s Office (ICO) has published its letter (ICO Letter) in response to the UK Government’s request of 24 December 2024 that the UK’s main regulators set out their ideas for reform that could boost economic growth. Whilst... Read more 

Cookies: The heat is on….

The UK Information Commissioner’s Office (ICO) is continuing to focus on cookies and other tracking technologies with the publication of guidance and related regulatory action. In late December, the ICO released an updated version of its... Read more 

Navigating Türkiye's Updated International Data Transfer Rules: What You Need to Know

In 2024, Türkiye introduced significant updates to its international data transfer rules, aligning them more closely with the GDPR. Following this legislative update, Türkiye’s data protection authority (KVKK) published SCC-like clauses and an... Read more