The Privacy and Data Protection Journal has published an article by Duc Tran (Of Counsel) of our Digital TMT, Sourcing & Data team. Please click here to access the full article.
The article examines why 2026 may represent the next “great refresh” for privacy notices as a combination of developments is placing renewed pressure on organisations’ existing privacy disclosures including amendments introduced by the UK’s Data (Use and Access) Act, increasing regulatory scrutiny of transparency at EU level and the rapid expansion of AI‑enabled processing across business functions.
In particular, the article identifies five areas where privacy notices are most at risk of falling behind current expectations:
- DUAA amendments - including recognised legitimate interests, changes to automated decision‑making lawful bases and new PECR cookie exemptions
- AI‑related processing - where existing notices often fail to describe AI use cases, data sources and purposes with sufficient clarity
- Electronic marketing and adtech - reflecting regulators’ growing intolerance of high‑level or generic disclosures
- Children’s data - where child‑centred transparency requirements remain unevenly implemented
- International data transfers – where transfers are made to jurisdictions subject to heightened scrutiny
Upcoming EDPB enforcement activity and work programme for 2026-27 reinforces the message that many organisations’ privacy notices have drifted out of step with regulatory expectations, making proactive review and refresh in 2026 increasingly difficult to avoid.
Disclaimer
The articles published on this website, current at the dates of publication set out above, are for reference purposes only. They do not constitute legal advice and should not be relied upon as such. Specific legal advice about your specific circumstances should always be sought separately before taking any action.