The DPIA is a bitesize assessment of the impact of the most significant, interesting and important-to-know data protection issues. It’s not the full story, just a brisk, 3-minute resumé, collated and condensed especially for busy privacy professionals to ensure you’re aware of what’s happening in our fascinating, dynamic and engaging industry.

The DP Index Results: Stability in uncertain times?

The first UK Data Protection Index report of 2023 was published this month. Over 550 Data Protection Officers (DPO) from across the UK now form the panel who complete a survey with a core set of questions that enable opinions to be tracked over time. This quarter's results indicate that a majority of organisations are still prioritising data protection, even in this challenging climate. It showed that a majority of DPOs predict their budgets will remain at least the same, with a third expecting their budgets to increase. The results further showed that for the first time since the Index launched in 2020, DPOs are significantly more confident in their organisation’s overall compliance. Respondents did however highlight three areas where confidence in compliance was down, these included; data retention, security of personal data and vendor due diligence. Read the full blog here

AI white paper launched

The UK Government Department for Science, Innovation and Technology announced on the 28^th of March that it has published a white paper, titled ‘AI regulation: a pro-innovation approach’, and is now seeking public consultation. In line with the National AI strategy, the white paper proposes implementing a proportionate, future-proof, and innovative framework for regulating AI. It is hoped that this new approach will help the UK harness the opportunities and benefits that AI presents. The white paper outlines the five principles created to guide and inform the responsible development of AI in all sectors, these include safety, security, and robustness; appropriate transparency and explainability; fairness; accountability and governance; and contestability and redress. You can find the consultation here, and comments can be submitted until 21^st June 2023.

Flagship service launched to help small businesses

The National Cyber Security Centre (NCSC) has launched two new flagship services that are designed to help millions of UK small businesses stay secure on line and protect their lives and businesses. The service coincides with the latest phase of the Cyber Aware campaign, which aims to raise awareness of cyber security among the country’s small organisations including microbusinesses, small businesses, and sole traders. The service is important as more than a third of small businesses have experienced a cyber attack in the past year. You can read the full article here.

EU consumer protection office presents a pledge over 'cookie fatigue'

The European Commission’s consumer protection office will launch a voluntary initiative to move away from ‘repetitive cookie banners’. The pledge was announced during the European Consumer Summit, in a session dedicated to cookies. Following the Easter break, a number of stakeholders (including publishers, consumer groups, advertisers, and tech companies) will be invited to a roundtable to discuss the proposals. The proposal takes aim at the current system where consumers across the EU are repeatedly asked whether they agree to have their personal data processed without fully understanding the implications. Due to the sheer amount of cookie banners and pop-ups we have to face, this has led many to call this ‘cookie fatigue’.

German political parties accused of breaching GDPR

Civilian data rights group, Noyb, has filed a number of complaints accusing major German political parties for violating GDPR rules during the federal election campaign in 2021. The complaints involve the major parties conducting unlawful microtargeting on Facebook. Following the complaints, the Berlin-based data protection authority will now examine its use. The issue arises as the GDPR protects the processing of ‘special category data’, which includes the processing of data involving political views. You can read Noyb’s article here.

OpenAI fixed ChatGPT bug that may have breached GDPR

It has emerged that OpenAI could have violated GDPR after titles assigned to users’ ChatGPT conversations were exposed to other users without consent. OpenAI described it as a “significant issue” with the open-source library, run by a third party, which has since been fixed. When using ChatGPT a note is started in the sidebar, this note is given an AI-generated title. However, users can change this and can add personal information. A small group of users were shown other users’ custom note titles. Legal experts have since made it clear that any legal action would be dependent on the level of harm caused by the titles appearing in the account of another person and what the information includes.

South Korea set to overhaul its data protection law

The South Korean National Assembly has recently passed an amendment to the Personal Information Protection Act (PIPA), two years after the Personal Information Protection Commission (PIPC) proposed the initial draft amendment. The amended PIPA will take effect on September 15^th, 2023. The amended PIPA will help aid the growth of Korea’s growing digital economy and is based on emerging technologies and data. The changes will include strengthening data subject rights by introducing the right to data portability and the right to object to automated decision-making; simplifying PIPA’s application for data controllers by removing provisions for online services; providing additional grounds for overseas data transfers (similar to the adequacy decision found in the EU) in addition to the current consent requirement; and shifting sanctions towards economic fines and away from criminal sanctions.

USA congress questions TikTok's CEO

TikTok’s CEO, Shou Zi Chew, faced four and half hours of questioning at a US congressional hearing, from both Democrats and Republicans. The hearing comes off the heels of EU institutions banning the app from governmental devices and questions being raised regarding TikTok’s use and transferring of personal data. The hearing has since opened up a series of questions regarding the platform’s use of US personal data. For example, during the hearing, Mr. Chew confirmed that ByteDance’s engineers (TikTok’s parent platform based in China) does have access to US data. This has raised questions on whether the Chinese government has access to US personal data that has been collected on the app and transferred to China. As this is still a developing situation, we are yet to know what the US will do with the app; however, TikTok is planning on storing all US data with an American firm, Oracle, in ‘Project Texas’.

We want you!

To support our ongoing requirement to continuously grow our remarkable and extraordinary #oneteam, we are seeking suitable candidates for the following positions:

Data Protection Officers in the UK and The Netherlands
Instructional Designer and
Marketing Coordinator to join our #oneteam

If you are looking for a new and exciting challenge, apply today!

Keep in touch

Do you have any interesting stories? Are you looking for support with your data protection compliance? We would love to hear from you!

Please email us at news@thedpia.com.

You have been sent this newsletter under legitimate interest, for more information please read our Privacy Notice

The DPO Centre is a limited company registered in England and Wales (Company Number: 10874595)
Registered Office: Suffolk Enterprise Centre, Felaw Street, Ipswich, IP2 8SJ, United Kingdom