The DPIA is a bitesize assessment of the impact of the most significant, interesting and important-to-know data protection issues.
The DPIA is an assessment of the impact of the most significant and important-to-know data protection issues from around the globe. It’s not the full story, just a quick 3-minute read, collated and condensed to keep you updated with the latest news in our ever-evolving industry.
Thailand’s PDPA vs EU’s GDPR:
A comparative review
In our latest blog, we explore the similarities and differences between Thailand’s Personal Data Protection Act 2019 (PDPA) and the EU’s General Data Protection Regulation (GDPR). An overview of the key points of each piece of legislation, including scope and definitions, with a link to a useful infographic, which is ideal for organisations operating in both jurisdictions. Read our latest blog
ICO confirms 127M data subjects’ financial records breached in last 5 years
In a Freedom of Information Act (FOIA) disclosure, the Information Commissioner’s Office (ICO) has revealed that over the past 5 years, approximately 127 million individuals may have been impacted by personal data breaches involving financial data.
It is important to note that a data breach does not necessarily imply negligence or non-compliance on the part of an organisation. Even with data protection measures in place, breaches can occur due to a variety of factors, including cyberattacks, human error, or unforeseen technical problems. These figures from the ICO highlight the ongoing challenges faced by organisations across the spectrum of industry sectors. And it is a reminder that data protection is not a one-time task but a continuous process that requires regular reviews and updates. Read the ICO’s FOIA response
Organisations respond to ICO warning over advertising cookies compliance
There has been a positive response to the Information Commissioner’s Office’s (ICO) call to action regarding cookie compliance. In November 2023, the ICO contacted 53 organisations, requesting action over advertising cookies to comply with data protection law. So far, 38 organisations have changed their cookie banners, and 4 have committed to reaching compliance within the next month.
The ICO has stated they are developing an AI solution to help identify websites using non-compliant cookie banners and is planning on running a ‘hackathon’ event early in 2024 to explore how this might work in practice. The advice for all organisations is to act now and ensure data protection compliance.
French Data Protection Authority fines Yahoo! €10M
On 29 December 2023, the French Data Protection Authority (CNIL) fined web service provider Yahoo EMEA Ltd. €10 million for failing to consider a user’s cookie consent choices. After investigations, it was found that, despite the absence of expressed consent, around 20 cookies for advertising purposes were placed on a user’s terminal. The investigation committee concluded that Yahoo EMEA Ltd. had failed to fulfil its obligations under Article 82 of the French Data Protection Act.
This fine comes ahead of the EU’s proposed ePrivacy Regulation, which is likely to pass later this year. The updated regulation seeks to introduce stricter regulations on cookies and aims to strengthen the privacy of individuals in online communications in the European Economic Area (EEA).
EU Commission establishes AI office
As part of an AI innovation package to support AI startups and SMEs, the EU Commission has announced the establishment of the European Artificial Intelligence Office. The AI Office will be part of the administrative structure of the Directorate-General for Communication, Networks, Content and Technology. The office will provide guidance and ensure compliance with the forthcoming AI Act, working closely with EU member states to foster innovation whilst ensuring the ethical use of AI systems.
Political agreement on the AI Act – the world’s first comprehensive AI law – was reached on 23 Dec and it is currently in the final stages before being formally adopted. Read full details of the AI Innovation package
Federal Trade Commission’s insights on AI and data protection concerns
In a fireside chat at the California Lawyers Association’s UCL Institute event in Los Angeles on 18 January 2024, the Federal Trade Commission (FTC) Bureau of Consumer Protection Director Samuel Levine shared his concerns about data practices, citing AI as a major worry as it can be used to advance fraud and has a discriminatory impact. He said an enforcement priority will be ‘dark patterns’ that are used to drive sales and frustrate consumer choice, especially those using tracking and profiling data.
The discussions confirmed there will likely be further rulemaking decisions on data security standards for general commercial organisations, negative option subscription services, and looking at algorithms specifically designed to keep a consumer overly engaged.
With the elections potentially ushering in an FTC with different opinions, the current FTC is continuing its efforts to address data protection concerns and safeguard consumer data and privacy.
AI companies required to report their safety tests to the US government
From 29 January 2024, following the Executive Order issued by President Biden on 30 October 2023, developers of major AI systems need to disclose their safety test results to the US government. In a bid to manage the rapidly evolving technology, the Biden administration ordered companies to commit to a set of categories for the safety tests, although a common standard has yet to be implemented. The National Institute of Standards and Technology is set to develop a uniform framework for assessing AI safety as part of the Executive Order.
As countries across the globe seek to find a balance between innovation and safety, this move is seen as a step forward. However, it also highlights the potential need for international cooperation in establishing global standards for managing the risks and benefits of AI.
Thai court blocks website to avoid exposure of 55M citizens
Thailand’s Criminal Court has issued an order to block the 9near website after threats to expose the personal information of 55 million Thai citizens, supposedly obtained from vaccine registration records.
January 2024 has seen a surge of data leaks in Thailand, with large volumes of personal data circulating from at least 14 data breaches. Malicious actors are using stolen Personally Identifiable Information (PII) to defraud Thai citizens and attack financial organisations.
Thailand’s Personal Data Protection Act 2019 (PDPA) is the country’s first consolidated law, and there are strict penalties for non-compliance, including fines of up to THB 5 million (approximately $150,000) and imprisonment of up to 6 months.
To support our ongoing requirement to continuously grow our remarkable and extraordinary #ONETEAM, we are seeking candidates for the following positions:
Data Protection Officers (based in the United Kingdom or The Netherlands)
Data Subject Access Request (DSAR) Officer (Ipswich/hybrid)
Copywriter (Ipswich/hybrid)
Marketing Assistant (Ipswich/hybrid)
If you are looking for a new and exciting challenge, and the opportunity to work for both a Great Place to Work-Certified™ company and one of the UK's Best Workplaces in Consulting & Professional Services,apply today!
You have been sent this newsletter under legitimate interest, for more information please read our Privacy Notice
The DPO Centre is a limited company registered in England and Wales (Company Number: 10874595) Registered Office: Suffolk Enterprise Centre, Felaw Street, Ipswich, IP2 8SJ, United Kingdom
The DPO Centre, 50 Liverpool Street, London, Greater London EC2M 7PR, United Kingdom