The DPIA is a bitesize assessment of the impact of the most significant, interesting and important-to-know data protection issues. It’s not the full story, just a brisk, 3-minute resumé, collated and condensed especially for busy privacy professionals to ensure you’re aware of what’s happening in our fascinating, dynamic and engaging industry.

AI and GDPR compliance

The DPO Centre’s latest blog explores the complications of artificial intelligence and compliance with data protection laws, outlining the GDPR’s principles and what organisations should be aware of. Since the explosion of AI chatbots and LLMs, EU lawmakers are pushing ahead with the AI act. If passed, it will become the first law on artificial intelligence by a major regulator. In contrast, the UK’s proposal is to regulate AI in a pro-innovation manner.

New adequacy decision for EU-US data flows

On July 10, the European Commission agreed on the new EU-US Data Privacy Framework for personal data being transferred from the EU to the US. This adequacy decision means companies participating in the Framework will not need to implement additional data protection measures. A relief for organisations navigating the complexities of transatlantic data flows. President Ursula von der Leyen said it is “...to provide trust to citizens that their data is safe, to deepen our economic ties between the EU and US...”. The Framework is an important upgrade to the Privacy Shield mechanism that was previously invalidated under the Schrems II ruling of 2020.

Read the full press release from the European Commission

ICO lambasted for failure to impose suitable enforcements

Law professionals and data protection specialists have spoken out against the ICO’s recent reprimands of Thames Valley Police (TVP) and the Ministry of Justice (MoJ). The limited enforcement decisions are deemed to be inadequate in light of the serious consequences of the data breaches. TVP released unredacted information and disclosed the address of a witness, who was forced to move house. The MoJ left 14 bags of confidential documents in an insecure location for 18 days, with the contents being read by a number of prisoners. Data protection professionals have said the lenient enforcements give little incentive for organisations to implement the correct frameworks for data protection compliance.

UK-Singapore data and tech agreements signed

During a recent visit to Singapore, the UK Deputy Prime Minister Oliver Dowden signed two Memoranda of Understanding with Singapore’s Minister for Communications and Information, Josephine Teo. The agreements are to “deepen research and regulatory cooperation” and to “increase digital trade between the countries”. The sharing of research, publishing anonymised government datasets and establishing strategies to discuss domestic data regulation, protection and international data transfers are included in the commitments of the agreements. The Deputy PM said, “The UK and Singapore are global leaders in technology, and these new agreements will help to cement that position”. Read the full details of the data and tech agreements here.

EU reaches agreement to give users more control over their data

The EU has agreed to grant individuals more control over their data and enhance privacy measures. Negotiators from the European Council reached a deal with the European Parliament over the data act, which was first proposed in February 2022. The new data law will come into effect from 2025 and aims to make data sharing between companies and their customers more transparent. New rules include safeguards against cloud service providers unlawfully transferring data, and ways to make it easier to switch data processing services. European Commissioner for Internal Market Thierry Breton said the agreement was “reshaping the digital space”. The Computer & Communications Industry Association (CCIA) said the new law “risks hampering data-driven innovation.”

European Commission pledges initiative to phase out cookies

Following discussions earlier this year, the European Commission has shared notes with participants of three working groups regarding online advertising and technology. The Commission states that cookie banners often provide insufficient information for consumers, so they propose that platforms need to inform customers better of the business model of an organisation and the tracking methods being used. The working group had three separate meetings to consider data sharing in the online advertising arena, the alternatives to tracking–based advertising, and the technical and automatic solutions for rationalising consumer choice.

California Chamber of Commerce announces delay in enforcement of revised CCPA

In a ruling issued on June 30, the Sacramento Superior Court agrees with the California Chamber of Commerce (CalChamber) in delaying the regulation enforcements of the revised California Consumer Privacy Act of 2018 (CCPA). The CCPA came into effect in March 2023 however any regulation enforcement will now be postponed for one year. CalChamber argued it would be unfair to enforce the regulations when businesses were not fully aware of their requirements. The CCPA must now align enforcement deadlines to the implementation date of each individual rule, and 12 months following the date they came into effect.

Argentinian data protection authority (AAIP) submits personal data protection bill

The AAIP has submitted a bill to amend the existing Argentinian data protection law. The bill aims to expand data subjects’ rights and introduces key provisions, including a new principle of extraterritoriality and establishes mechanisms to allow the cross-border flow of personal data. In terms of data subjects, the bill sets out certain rights, such as the right to be informed and the right of access. Data controllers have several obligations, relating to privacy impact assessments. In a press release, the head of the AAIP said it was important to “harmonise policies with regional and international standards”.
Read the bill here (only available in Spanish).

We are recruiting!

To support our ongoing requirement to continuously grow our remarkable and extraordinary #oneteam, we are seeking candidates for the following positions:

Data Protection Officers (based in the United Kingdom or The Netherlands)
Data Protection Officer (German Speaking)
Data Protection Support Officer (DPSO) to join our #oneteam

If you are looking for a new and exciting challenge, apply today!

You have been sent this newsletter under legitimate interest, for more information please read our Privacy Notice

The DPO Centre is a limited company registered in England and Wales (Company Number: 10874595)
Registered Office: Suffolk Enterprise Centre, Felaw Street, Ipswich, IP2 8SJ, United Kingdom