The DPIA is a bitesize assessment of the impact of the most significant, interesting and important-to-know data protection issues.
The DPO Centre_DPIA_Newsletter

The DPIA is an assessment of the impact of the most significant and important-to-know data protection issues from around the globe. It’s not the full story, just a quick 3-minute read, collated and condensed to keep you updated with the latest news in our ever-evolving industry.

International Data Transfers: Explaining EU SCCs, UK Addendum, and UK IDTA  

From 21 March 2024, all contracts using the old EU Standard Contractual Clauses must be transitioned to the International Data Transfer Agreement (IDTA) or the new EU SCCs with the UK Addendum. In our latest blog, we look at EU SCCs, UK Addendum, and UK IDTA and the suitability of each mechanism for transferring EU and UK personal data.

Read our latest blog here

UK News

ICO launches consultation series on generative AI 

The UK’s Information Commissioner’s Office (ICO) calls for views on the consultation series, which examines how data protection laws should apply to AI technology development and use. The first chapter considers the lawful basis for web scraping to train generative AI models. 

Stephen Almond, Executive Director for Regulatory Risk, said, ‘This call for views will help the ICO provide industry with certainty regarding its obligations and safeguard people’s information rights and freedoms.’ A range of stakeholder views are required, including AI developers and users, legal advisors, and consultants. The first consultation is open until 1 March 2024.

Read and comment on the ICO’s Generative AI first call for evidence 

Summary of ICO's 2023 penalties and enforcements

In 2023, the ICO fined 18 businesses over £14.3 million for data misuse, with TikTok receiving the largest fine of £12.7 million for unlawful use of children’s data. Three marketing organisations, two energy companies, a business support consultancy, and an appliance service company were fined for unsolicited marketing and violation of the ‘do not call’ register. In addition, 36 companies were reprimanded, 19 enforcement notices were issued, and 4 businesses were prosecuted. The ICO has previously emphasised that any penalty issued is intended to be effective, proportionate, and dissuasive, with the goal of helping organisations comply with the law and prevent data misuse. 

DSPT Audit
EU News

EU Commission announces review conclusion of 11 existing adequacy decisions  

In a press release on 15 January 2024, the European Commission announced the successful conclusion of its review of 11 existing adequacy decisions. The Commission confirmed that adequacy decisions adopted for these 11 countries and territories can continue:  Andorra, Argentina, Canada, Faroe Islands, Guernsey, the Isle of Man, Israel, Jersey, New Zealand, Switzerland and Uruguay. 
With a total of 16 adequacy decisions in place, the EU Commission will now turn its attention to the upcoming review of the UK’s adequacy decision, which may or may not be affected by the proposed changes to UK data protection legislation with the Data Protection and Digital Information Bill (DPDI). 

EDPB identifies areas of improvement to promote the role and recognition of DPOs 

The European Data Protection Board (EDPB) has released a report following an EU-wide investigation regarding the current obstacles faced by DPOs, with recommendations on further strengthening their role. Anu Talus, EDPB Chair, said, ‘DPOs play an important part in contributing to compliance with data protection law and promoting the effective protection of data subject rights.’ The report lists recommendations for organisations to strengthen DPOs’ independence and ensure they have the resources and training opportunities needed to carry out their tasks.

Read the EDPB report 

Belgian, Austrian & Spanish SAs publish new guidance on cookies 

The Belgian Supervisory Authority’s (SA) cookie checklist was released on 23 October 2023, available in Dutch and French. It includes guidance about how publishers of websites and mobile applications should avoid using the same cookie for multiple purposes. 

The Austrian SA published its FAQs on cookies and data protection on 20 December 2023, with guidance on using advertising cookies. Those used for personalised ads require consent, even if the ads are necessary for the company’s financial viability. 

The Spanish SA’s updated cookie guidance was published on 11 January 2024 and includes a list of the analytics cookies that are deemed strictly necessary and the specific measurements they perform.    

The DPO Centre DPO Academy
International News

Chile’s Data Protection Bill passes Senate 

On 3 January 2024, the Chilean Senate approved Bill No. 11144-07 Regulating the Processing and Protection of Personal Data and Creating the Personal Data Protection Authority. The bill aims to improve data privacy protections, setting forth principles to govern the use of personal data and new subject rights. It includes international data transfer regulations and establishes a difference between data transmission and assignment. Data transmission is where data is disclosed to a third party without disclosing the data source, whereas the assignment of data requires the fulfilment of additional requisites and makes the assignee responsible for the data.

Track the Bill’s further progress here (Spanish only) 

US Bill introduced to establish AI guidelines for Federal Agencies and vendors 

On 10 January 2024, Congressmembers Ted W. Lieu, Zach Nunn, Don Beyer, and Marcus Molinaro introduced the Federal Artificial Intelligence Risk Management Act to the House of Representatives and the Senate in Washington. The bill is intended to guide federal agencies and vendors in managing the risks associated with the use of AI. It would require federal agencies to adopt the NIST framework and promote AI safety, transparency, and data security whilst leveraging AI’s potential benefits.

Read a one-page overview of the bill 

Join Us!

We are recruiting!

To support our ongoing requirement to continuously grow our remarkable and extraordinary #ONETEAM, we are seeking candidates for the following positions:

  • Data Protection Officers (based in the United Kingdom or The Netherlands)
  • Junior Copywriter (Ipswich/hybrid)
  • Marketing Assistant (Ipswich/hybrid)
  • Project Administrator (Ipswich/hybrid)
  • Recruitment Coordinator (Ipswich/hybrid) 

If you are looking for a new and exciting challenge, and the opportunity to work for both a Great Place to Work-Certified™ company and one of the UK's Best Workplaces in Consulting & Professional Services, apply today!

Copyright © 2024 The DPO Centre, All rights reserved. 

You have been sent this newsletter under legitimate interest, for more information please read our Privacy Notice

The DPO Centre is a limited company registered in England and Wales (Company Number: 10874595)
Registered Office: Suffolk Enterprise Centre, Felaw Street, Ipswich, IP2 8SJ, United Kingdom

The DPO Centre, 50 Liverpool Street, London, Greater London EC2M 7PR, United Kingdom

Manage preferences