Morrison Foerster is an international law firm with lawyers practicing throughout the United States, Asia, and Europe. Click to discover more.

mofo_share_image.jpg

Morrison Foerster

common-default.jpeg

Terms / Notices

Cookies

Privacy Policy

Reporting Hotline

Attorney Advertising

Alumni

  Linkedin

MoFo LinkedIN

  Facebook

MoFo Facebook

YouTube

MoFo Youtube

Morrison Foerster - Footer

Agentic AI: The ICO’s Early Signals on Data Protection Risk

You have not solved the recaptcha challenge yet or session expired, try again.

Email Disclaimer

Disclaimer

Unsolicited e-mails and information sent to Morrison Foerster will not be considered confidential, may be disclosed to others pursuant to our <a href="https://www.mofo.com/about/privacy-policy.html">Privacy Policy</a>, may not receive a response, and do not create an attorney-client relationship with Morrison Foerster. If you are not already a client of Morrison Foerster, do not include any confidential information in this message. Also, please note that our attorneys do not seek to practice law in any jurisdiction in which they are not properly authorized to do so.

Feedback

mofo-logo-2022.svg

People

Capabilities

Resources

About

Community

Offices

Careers

Stay Connected

As agentic AI systems move from experimentation to deployment, the UK Information Commissioner’s Office is beginning to signal...

<h3>Sorry, we weren’t able to find the terms you entered.</h3>Please try a different term or keyword.

People

Capabilities

Resources

Not Found Cards

We are Morrison Foerster — a global firm of exceptional credentials. Our clients include some of the largest financial institutions, investment banks, and Fortune 100, technology, and life sciences companies. Our lawyers are committed to achieving innovative and business-minded results for our clients, while preserving the differences that make us stronger.Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Prior results do not guarantee a similar outcome.

About Morrison Foerster

people-default-header-desktop.jpg

people-default-header-mobile.jpg

Default Meta Data

As agentic AI systems move from experimentation to deployment, the UK Information Commissioner’s Office is beginning to signal how it expects organisations to manage the associated data protection risks. In an article first published in Privacy Laws & Business UK Report (March 2026), Annabel Gillham and Michelle Luo examine the ICO’s latest Tech Futures report, highlighting key concerns around transparency, human oversight, purpose creep and data minimisation – and how to mitigate such risks in practice through governance frameworks, technical controls and even use of agentic AI DPO agents.Read the <a href="https://media2.mofo.com/v3/assets/blt5775cc69c999c255/bltb7b6405f89fa7f72/69b948fa6b74d35d833c6885/260317-agentic-ai-the-ico-s-early-signals-on-data-protection-risk.pdf" target="_blank">full article</a> (republished with permission from Privacy Laws & Business).

Agentic AI: The ICO’s Early Signals on Data Protection Risk

Sign Up

As a member of our renowned global data privacy team, Annabel Gillham specializes in employee data protection and data crisis management. Described by clients as “excellent, very pragmatic, efficient and completely client-oriented”, she works across a variety of sectors, including technology, retail, and financial services, and frequently manages multi-jurisdictional advice for international clients. Her practice includes advice on:<ul><li>cross-border labor and employment matters</li><li>employee litigation</li><li>data privacy compliance management</li><li>data security breach management</li><li>internal and regulatory investigations</li></ul>Annabel regularly helps senior management and HR executives with the “people” aspects of takeovers, restructuring projects, business and share sales, and outsourcings. She also advises employers in relation to sensitive claims, such as unlawful discrimination, equal pay, and whistleblowing. Annabel also advises on team moves.She supports her clients on all aspects of General Data Protection Regulation compliance and regularly advises organizations facing ICO enforcement action. She has developed particular specialties in complex areas, such as the collection and use of data relating to criminal offenses and the application of data protection law to insolvency practitioners.As an experienced litigator with experience in helping clients defend group litigation, Annabel helps clients develop their strategy for responding to regulatory action and court claims relating to the use of employee and customer personal data. She regularly designs and presents employment and data protection law training and updates to senior managers and HR executives and is involved in preparing responses to UK government consultations.In addition, Annabel is qualified to practice in the British Virgin Islands, where she spent three years advising on cross border commercial litigation and insolvency matters, including high value board and shareholder disputes, freezing orders, and third-party disclosure orders.

Annabel Gillham

Partner

Michelle Luo is an associate in the firm’s London office and a member of the Technology Transactions, Intellectual Property and Global Privacy Groups.Michelle advises domestic and international clients on their commercial contracts, IP, cybersecurity, AI and data protection issues. She has experience advising organisations in relation to their regulatory and compliance requirements, including in relation to:<ul><li>data protection laws (e.g., regarding cross-border data transfers, privacy policies, cookie compliance, and individual rights requests);</li><li>the EU AI Act (e.g., conducting risk analyses and helping clients with their AI governance processes);</li><li>cybersecurity laws (e.g., assessing applicability and compliance with NIS2, CER and CRA and assisting with registration); and</li><li>online safety and consumer regulations (e.g., advising on risk assessments and age assurance requirements under the UK Online Safety Act).</li></ul>Michelle also assists with commercial negotiations of services agreements, IP development and assignment agreements, SaaS-based and software licensing agreements. She has a particular focus on addressing the commercial, IP, liability and other legal consequences of AI technology in the context of commercial agreements. She has worked on a wide range of technology based commercial arrangements (such as drafting online terms of use and other digital agreements supporting clients’ channels to market). And she has worked extensively on the IP, IT, data-related and commercial contracts aspects of M&A transactions.Michelle actively contributes to the firm’s pro bono initiatives by supporting a number of charities with their commercial agreements and privacy obligations, as well as supervising free legal advice sessions on IP, technology, and commercial issues.Michelle studied Jurisprudence at St Catherine’s College, University of Oxford and subsequently completed her MSc in Law, Business and Management at the University of Law with distinction. She is qualified as a solicitor in England and Wales.