Jurisdiction(s):
United Kingdom

Age assurance for online services: UK GDPR and Online Safety Act compliance, methods and certification, advertising and AVMS rules, enforcement, with EEA and global context

Published by a LexisNexis Information Law expert

Practice notes

STOP PRESS:

On 19 June 2025, the Data (Use and Access) Bill secured Royal Assent, transforming into the Data (Use and Access) Act 2025 (DUAA 2025), with certain elements taking effect that same day. Provisions of DUAA 2025 addressing, among other things, replies to data subject access requests and the delegation of powers to make further regulations, commenced immediately on 19 June 2025. Other measures, covering notices issued by the Information Commissioner and particular facets of law enforcement processing, began on 19 August 2025 (two months after the date of Royal Assent). The greater part of DUAA 2025’s measures still await implementing regulations, in the form of statutory instruments, before they commence. Further commencement dates will hinge on those instruments being made first. Parts 5 and 6 of DUAA 2025 revise portions of UK data protection and ePrivacy law, including the United Kingdom General Data Protection Regulation, Assimilated Regulation (EU) 2016/679 (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications (EC Directive) Regulations 2003, SI 2003/2426...

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

Lorna Louise Cropper

Fieldfisher

Lorna advises on data protection compliance and strategy across a range of sectors including technology, gaming, social media, cloud computing, retail and healthcare. She has in depth experience of working on extensive GDPR compliance projects including accountability, an area of particular expertise. As the topic of regulating children's data and children's activity online grows exponentially and with the ICO's Age Appropriate Design Code now in force, Lorna has become a go to expert in children's data.She has an in depth knowledge of working on complicated, large scale data subject access requests (DSAR) including contentious employee DSAR as well as dealing with complaints made by data subjects to the regulator and managing subsequent regulatory investigations.During 2019 – 2020 Lorna undertook a secondment to the Information Commissioner's Office. A keen supporter of Fieldfisher's pro bono work, Lorna is also a regular contributor to...

Anna Rawlinson

Fieldfisher

Anna is a Senior Associate in Fieldfisher's Privacy, Outsourcing and Technology team. She advises on a wide range of data protection issues in various commercial context, including comprehensive data protection compliance, data processing and data sharing arrangements, cross-border data transfers, DPIAs, data breaches, data protection issues in corporate transactions, as well as data audits, information rights and e-marketing. She is a member and contributor of the International Association of Privacy Professionals and holds CIPP/E and CIPM certifications. Anna has a broader corporate background, including roles as a corporate associate at a top tier City law firm and an in-house secondee at a major U.S. energy company. Before qualifying as a solicitor in the UK, Anna worked as a legal adviser in Poland and holds PhD in civil law....

Tessa Waite

Fieldfisher

I have worked on an array of matters, ranging from M&A due diligence, commercial contracts, advising on direct marketing and cookies, and GDPR projects. Prior to joining Fieldfisher, I worked in Brussels for multi-national corporations including BP and Johnson & Johnson in government and regulatory affairs. During my time in Brussels, I advocated company policy positions on the GDPR and Network and Information Security Directive to the UK government and EU institutions. When working in the medical devices sector, I was responsible for coordinating teams across EMEA to ensure regulatory compliance of products for multi-million dollar markets. Here I gained experience working with international teams and regulatory bodies on technically challenging compliance matters across the EU, Russia and Saudi Arabia. Known for my pro-active attitude and aptitude for building strong relationships, I enjoy working closely with clients to...

Web page updated on 21/05/2026

Popular documents

Using the Judicial College Guidelines to assess general damages in personal injury claims

When evaluating a general damages claim, the practitioner ought initially to refer to the Judicial College Guidelines (JCG)...

Tomlin orders in England and Wales: CPR guidance on drafting, confidentiality, approval, variation, enforcement, limitation, CCA issues, court-specific requirements, sample wording and precedents

This Practice Note This Practice Note reviews mechanisms used in settling litigation. A Tomlin order consists of a consent order paired with a schedule. It operates to stay proceedings on terms that have been agreed. The provisions contained in the schedule may remain confidential. This Practice Note describes the scope of confidentiality attaching to the schedule and sets out how it differs from a standard consent order. Sample wording for a Tomlin order is included, alongside links to precedents, as well as guidance on court approval. It also addresses varying, setting aside and enforcing a Tomlin order, including the considerations the court will take into account when handling applications for each. Further guidance is provided on interpreting and applying the relevant provisions of the CPR; however, some courts and divisions impose very specific requirements for both drafting and approval, and for approaching the schedule and confidentiality issues. Accordingly, you must consider the particular rules and court guide provisions in the forum where your claim is proceeding when drawing up the Tomlin order...

Precedent: Deed of Surrender of Lease with Optional Premium, Settlement and Release, Landlord, Mortgagee and Guarantor Consents, Reimbursement and HM Land Registry Provisions (England and Wales)

Date [ date ] Parties [ name of Landlord ] [ of OR incorporated in England and Wales (company registration number [ number ]) with its registered office at ] [ address ] (Landlord) [ name of Tenant ] [ of OR incorporated in England and Wales (company registration number [ number ]) with its registered office at ] [ address ] (Tenant) [ [ name of Guarantor ] [ of OR incorporated in England and Wales (company registration number [ number ]) with its registered office at ] [ address ] (Guarantor) ] [ [ name of Mortgagee ] [ of OR incorporated in England and Wales (company registration number [ number ]) with its registered office at ] [ address ] (Mortgagee) ] Definitions Within this Deed, the terms below shall be interpreted as follows: [ Annual Rent • the annual sum reserved under the Lease; ] [ Insurance Rent • the Tenant’s share of the Landlord’s costs of insuring the Property (as set out in the Lease); ] Lease • the lease of the Property dated [ date ], entered into between (1) [ the Landlord OR [ name ...

Precedent Statutory Declaration: Standard Wording under the Statutory Declarations Act 1835

I, [ name ], of [ address ], solemnly and sincerely state that: [ Matters to be verified, set out in numbered paragraphs ] I make this solemn statement in good conscience, believing it to be true, and pursuant to the provisions of the Statutory Declarations Act 1835. DECLARED at [ details ] this [ day ] day of [ month and year ] Before me ................................................................................ [ signature of the person before whom the declaration is made ] A [ commissioner for oaths OR [ solicitor OR [ insert other qualification ] ] authorised to administer oaths ]...