The DPIA is a bitesize assessment of the impact of the most significant, interesting and important-to-know data protection issues.
The DPIA newsletter is a round-up of the most interesting and need-to-know privacy issues from the past two weeks. A quick 3-minute read to keep you on top of the news.
Knowledge nuggets for busy privacy professionals
EU-US Data Privacy Framework: 3rd time lucky?
With challenges already being filed against the EU-US Data Privacy Framework (DPF), organisations are asking what they should use for their trans-Atlantic data transfers. In our latest blog, we delve into the essential information about the new framework, including eligibility criteria, details about the new controls, and general advice on whether to continue using EU Standard Contractual Clauses. Read the blog
Important findings released about cyber-crime ecosystem and ransomware attacks
The National Cyber Security Centre (NCSC) and the National Crime Agency (NCA) have released a joint white paper on the growing evolution of organised cybercriminal groups and extortion attacks. The study highlights a significant shift towards “ransomware as a service” and mentions increased attacks on hospitals, schools, and businesses. Security Minister Tom Tugendhat urges strong cybersecurity practices as a vital necessity and for organisations to sign up for the NCSC’s free Early Warning service.
New ICO guidance to help employers manage sensitive health data
The UK’s Information Commissioner’s Office (ICO) has published new guidance for organisations to ensure the secure processing of sensitive health information about employees. The guidelinesinclude practical advice with checklists for details such as handling sickness records, occupational health programs, medical examinations, and sharing worker information. The guidance addresses the significant responsibility of safeguarding health data and emphasises the need for compliance with data protection regulations. Read the guidance
EU-US Data Privacy Framework: Litigation begins
As the privacy world awaits further news on potential disputes against the EU-US Data Privacy Framework (DPF), French Member of European Parliament Phillippe Latombe has submitted two challenges to the European Union General Court. The first calls for an immediate suspension of the trans-Atlantic agreement for data transfers, and the second questions the legality of the DPF’s text, potentially setting a precedent for future international data transfer frameworks.
Dutch data protection authority publishes report on algorithms and AI risks
On 31 August 2023, the Dutch data protection authority, Autoriteit Persoonsgegevens (AP), released a report exploring the dangers of algorithms and AI. The report highlights the potential for misinformation, privacy breaches, and copyright violations. Risks already encountered in the Netherlands include bias and discrimination in law enforcement, errors in monitoring payment transactions, and algorithmic assessments to estimate fraud in municipal social benefits. The report recommends regulations to protect data subjects’ rights from algorithmic processing. Read the report
TikTok fined $368 million for failing to protect children's privacy
On 15 September 2023, TikTok received its first ever penalty for breaching European rules on the processing of children’s personal data. The Chinese-owned popular video sharing app was served with a $368 million fine by Ireland’s Data Protection Commission (DPC) for GDPR violations between 31 July and 31 December 2020. Investigations found the sign-up process for teen users automatically set their accounts to public and under 13s could access the app due to ineffective age verification.
TikTok disagrees with the decision and level of the fine, stating changes were made to address concerns long before the investigation. The penalty serves as a reminder of the strict privacy laws in Europe and raises questions about the way social media platforms are collecting and using children’s data.
Health Canada releases draft guidance for machine learning-enabled medical devices
A draft pre-market guidance for machine learning-enabled medical devices (MLMDs) was released by Health Canada on 30 August 2023. The guidance outlines best practices for the MLMD lifecycle and covers risk management, data selection, clinical validation, transparency, and post-market monitoring. It emphasises the need for manufacturers to conduct rigorous risk assessments and provide information on the selection and management of the data, including an explanation of how bias in the dataset has been controlled during development. Read the draft guidance
Data Protection Bill approved by Cabinet of Seychelles
The Cabinet of Seychelles approved the Data Protection Bill on 22 June 2023, replacing the Data Protection Act 2003. This new bill applies to data processing within the Republic of Seychelles by both private and public organisations but exempts certain activities such as criminal investigations, national security, or personal use. Key features include definitions of terms, establishing data subject rights, outlining controller and processor obligations, Data Processing Impact Assessment (DPIA) requirements, cross-border transfers, and penalties for non-compliance. View the Bill
We are recruiting!
To support our ongoing requirement to continuously grow our remarkable and extraordinary #oneteam, we are seeking candidates for the following positions:
Data Protection Officers (based in the United Kingdom or The Netherlands)
Data Protection Officer (German Speaking)
Data Protection Support Officer (DPSO)
Corporate Events Executive to join our #oneteam
If you are looking for a new and exciting challenge, and the opportunity to work for a Great Place to Work-Certified™ company, apply today!
You have been sent this newsletter under legitimate interest, for more information please read our Privacy Notice
The DPO Centre is a limited company registered in England and Wales (Company Number: 10874595) Registered Office: Suffolk Enterprise Centre, Felaw Street, Ipswich, IP2 8SJ, United Kingdom
The DPO Centre, 50 Liverpool Street, London, Greater London EC2M 7PR, United Kingdom