Tech & Sourcing @ Morgan Lewis

The UK Information Commissioner’s Office has launched two consultations as part of the transition to the Data User and Access Act framework. These consultations will be of particular interest to organisations operating UK-facing websites, analytics tools, and online advertising services.

Clauses dealing with intellectual property (IP) rights in commercial agreements can present nuanced challenges, particularly when they relate to information exchange. Two such clauses that often surface in technology contracts are residuals clauses and affirmative feedback licenses. While both relate to information shared during the course of a commercial relationship, they serve very different purposes and have distinct implications for IP ownership, confidentiality, and future use.

Published in August 2025, the CrowdStrike Global Threat Report 2025 provides a detailed overview of the evolving cyber threat landscape, drawing on data from millions of endpoints and cloud workloads worldwide.

Today’s retail operations depend on far more than the products on store shelves or the design of an ecommerce site. Behind the scenes, a fulfilment provider may rely on regional couriers, a payment processor on a cloud host, and a call center on an outsourced customer service team. These multi-tiered networks enable retailers to meet rising expectations for speed, convenience, and availability, but they also introduce points of failure that can disrupt service, delay deliveries, or compromise sensitive customer data.

On 19 June 2025, the UK Parliament enacted the Data (Use and Access) Act 2025 (DUAA), marking the most significant UK data protection reform since the UK General Data Protection Regulation (UK GDPR). Rather than overhauling the current regime, DUAA introduces targeted amendments to the UK GDPR, the Data Protection Act 2018, and Privacy and Electronic Communications Regulations (PECR), aiming to support responsible data use while preserving core privacy protections.

Join us for an enlightening webinar hosted by Morgan Lewis, Dawn of the GENIUS Era: Crypto Week, Stablecoin Summer, and What's to Come, at 11:00 am–12:00 pm EST on August 6, 2025.

Our Morgan Lewis colleagues recently wrote on the US administration’s new artificial intelligence action plan, specifically as the plan seeks to foster innovation and expedite the development of AI data centers and the necessary energy infrastructure required for such expansion.

In an era when data is everything, everywhere, all at once and computation has almost no limit, ensuring privacy while leveraging data analytics is paramount. The US Department of Commerce’s National Institute of Standards and Technology (NIST) recently published NIST Special Publication 800-226 (the Guidelines), a comprehensive guide for evaluating and achieving differential privacy, a cutting edge approach to protecting individual privacy when using and relying on large datasets.

In a recent report, a team of Morgan Lewis lawyers discussed enforcement of the US Department of Justice’s (DOJ’s) Data Security Program (DSP). The report outlines critical considerations for companies and entities that may be affected by the extensive requirements of this national security initiative.

In June 2025, cybersecurity researchers discovered a leak of 16 billion passwords in one of the largest data breaches ever, impacting a wide range of platforms and placing billions of users’ information at risk. This incident underscores the urgent need for companies to adopt proactive cybersecurity measures and remain vigilant in the face of evolving threats.