The Information Commissioner’s Office (ICO) has released its ICO Audit a Year in Focus. This report outlines the ICO’s regulatory activities and rulings over the last year and provides crucial insights for data protection officials. The takeaways below make clear the current Commissioner approach to setting priorities to areas where the most impact to individuals will be felt. As we will see for the outgoing year, it is protection of children’s data. Here are the key points…
Employee monitoring has become common practice for many employers in the UK. Monitoring is often part of an organization’s security procedures to secure personal information or prevent loss of property, often deployed for health and safety reasons, or companies may even have to monitor employees to comply with legal requirements (for example, in the financial services sector). Increasingly, employers are monitoring employee office attendance as many organisations are requiring their staff back into the office…
With the passage of the Data Protection (Adequacy) (United States of America) Regulations 2023 (Adequacy Regulation), the UK government has made good on its intention to establish a data bridge with the US. This follows the commitment-in-principle reached by President Joe Biden and UK Prime Minister Rishi Sunak on June 8 2023, when the EU-US Data Privacy Framework (“DPF”) was still being evaluated by the European Commission under the EU GDPR. With the DPF’s completion and…
The ICO has published the first phase of draft guidance on biometric data and biometric technologies for public consultation. Why? The ICO set out the reasoning for publishing this draft guidance on biometric data in an Impact Assessment (here). The ICO stated in the Impact Assessment that it anticipates the use of biometric recognition systems is likely to increase significantly in the next decade. These technologies are expected to be used in sectors such as…
In brief As Artificial Intelligence (AI) technology advances at a rapid pace, global efforts to establish appropriate legislative frameworks are also fast developing. Since the beginning of 2023, there have been announcements from several countries, including the United Kingdom, highlighting the developing legislative actions being implemented to keep pace with this era of emerging technological development. The trend from the UK is that it intends to take a relatively conservative approach to legislation by leaving AI…
The Competition and Markets Authority (CMA) has been focusing lately on the adverse impacts of Online Choice Architecture (OCA) and how it can hurt competition and consumers. The situations in which people make decisions and how alternatives are presented to them are described by choice architecture. In online settings, choice architecture is the environment in which users act, including the display and positioning of options as well as the design of interfaces. OCA issues tend…
Brief refresher on the Data Governance Act (DGA): We covered the new wave of EU data-centric legislation that is being implemented to usher in stronger regulatory guardrails for data in our recent article on the EU Data Strategy, with one of the discussed laws being the Data Governance Act. The Data Governance Act (DGA) is aimed at increasing accessibility to data by regulating the re-use of publicly held protected data, increasing data sharing through the…
Brief refresher on the Children’s Code: In 2020, the ICO published its Age appropriate design: a code of practice for online services (the “Code”). The Code set out 15 standards applicable to information society services (“ISS”) aimed at or likely to be accessed by children, requiring the “best interests” of the child to be the primary driver of product and service design. We have published an article setting out the aims of the Code and…
In today’s digital economy, the ability to access and use data effectively is critical for economies to grow and drive innovation. Global data production is expected to increase by 530% between 2018 and 2025. In response to this opportunity, the European Commission (“EC”) outlined the European Data Strategy in 2020, one of its main objectives being to create a single common data market based on a harmonised framework for data exchange. This framework encompasses new…
As businesses become more data-centric, there is an emerging trend to seek smarter ways to use the massive volumes of data generated, Utilizing and sharing that data, however, comes with associated risks, for example a loss of control of confidential information or sensitive personal data, thereby limiting the potential of how such vast datasets can be used. But maybe not anymore! The production and use of synthetic data is poised to become one of the…