The DPIA is a bitesize assessment of the impact of the most significant, interesting and important-to-know data protection issues.
The DPIA is an assessment of the impact of the most significant and important-to-know data protection issues from around the globe. It’s not the full story, just a quick 3-minute read, collated and condensed to keep you updated with the latest news in our ever-evolving industry.
What is a DPA and why do you need one?
A Data Processing Agreement (DPA) is a necessary requirement between data controllers and data processors operating under the General Data Protection Regulation (GDPR). But aside from legal compliance, what is the benefit of having a DPA?
In our latest blog, we look at the main reasons why you need a DPA, some of the common misconceptions surrounding its use, and the key elements you should include in your documents.
UK’s ICO says separate AI regulation is not needed
In an interview with Infosecurity magazine on 28 February 2024, John Edwards, UK Information Commissioner confirmed that he did not believe there was a need for a bespoke AI regulation at this time. He emphasised that protecting data is a top priority when it comes to AI technologies, but he doesn’t expect a UK equivalent of the EU’s AI Act.
This stance follows the government’s recent response to last year’s White Paper consultation on regulating AI. As expected, the ‘pro-innovation’ approach remains unchanged. Instead of introducing an AI regulator in the UK, the government is adopting a cross-sector framework to be implemented by regulators across the various domains, including the ICO, Ofcom, and the Financial Conduct Authority (FCA).
The UK recognises the probable need for AI legislation, especially for General Purpose AI Systems (GPAI), but believes it must first be better understood.
UK’s financial watchdog meets City firms to discuss staff WhatsApp use
The Financial Conduct Authority (FCA) has been holding discussions with a number of City of London firms regarding employee WhatsApp use. This follows a clampdown by regulators in the US on communications in banking over text and private messaging apps. 16 banks in the US, including Barclays, Citigroup, and Goldman Sachs, were fined $1.8 billion in the US when staff were found to have discussed deals on private apps.
The FCA has reminded firms that electronic communications used for activities that fall within its scope must be ‘recorded and auditable’.
A new era for AI regulation: EU’s AI Act passes
On 13 March 2024, the world’s first comprehensive legislation on artificial intelligence was passed. First proposed by the European Commission on 21 April 2021, the AI Act aims to establish a common regulatory and legal framework for the use of AI in the European Union. It sets out rules for developers and restrictions on how the technology can be used.
Viewed as a landmark decision, the Act will undoubtedly be a catalyst for further legislative developments across the globe. In much the same way as the General Data Protection Regulation (GDPR) has set the global standard for data protection laws, the AI Act is poised to become the benchmark for AI governance.
European Commission’s use of Microsoft 365 violates EU data protection laws
On 8 March 2024, the European Data Protection Supervisor (EDPS) found that the European Commission’s use of Microsoft 365 did not comply with several key data protection rules. The Commission failed to provide adequate safeguards for personal data transferred outside the European Economic Area (EEA) and did not specify the types of personal data collected and their purposes.
The Commission has until 9 December 2024 to bring all processing operations using Microsoft 365 into compliance with Regulation (EU) 2018/1725.
Canada’s police now need a warrant to obtain a person’s IP address
On 1 March 2024, the Canadian Supreme Court ruled that police must have a warrant or court order to obtain IP addresses. The decision was based on the case of Andrei Bykovets, who was convicted of online fraud in 2017. Bykovets argued that the way police obtained his IP address from a third-party payment processing company (without a warrant) violated his rights under Section 8 of the Charter of Rights and Freedoms.
The Supreme Court’s ruling establishes a precedent that IP addresses are considered private and demonstrates how private companies, like internet providers (ISPs), play an important role in privacy issues.
US Bill to protect Americans’ Data from Foreign Adversaries introduced to House of Representatives
On 5 March 2024, House Bill 7520, known as the Protecting Americans’ Data from Foreign Adversaries Act of 2024, was introduced to the House of Representatives. The bill aims to prevent the sale or transfer of US individuals’ sensitive data to foreign adversary countries or entities controlled by them.
The bill defines foreign adversaries as specified under US Code, including North Korea, China, Russia, and Iran. Data brokers are outlined as entities that sell or share data they didn’t directly collect from individuals. And sensitive data is detailed as belonging to various personal categories, including government identifiers, health information, biometrics, and financial data.
China’s TC260 publishes basic security requirements for generative AI services
On 1 March 2024, China’s National Information Security Standardisation Technical Committee (TC260) published the Technical Document on Basic Requirements for Security of Generative Artificial Intelligence Services.
The Technical Document outlines the security requirements and details security assessment methods. Specifically, it sets the security requirements for data collection, IP, personal information use, and risk mitigation. The document also identifies the main risks to training data and generated content.
To support our ongoing requirement to continuously grow our remarkable and extraordinary #ONETEAM, we are seeking candidates for the following positions:
Data Protection Officers (UK, Netherlands)
Data Privacy Officers (Canada)
Copywriter
Marketing Assistant
Project Administrator
Recruitment Coordinator
Senior HR Advisor
If you are looking for a new and exciting challenge, and the opportunity to work for both a Great Place to Work-Certified™ company and one of the UK's Best Workplaces in Consulting & Professional Services,apply today!
You have been sent this newsletter under legitimate interest, for more information please read our Privacy Notice
The DPO Centre is a limited company registered in England and Wales (Company Number: 10874595) Registered Office: Suffolk Enterprise Centre, Felaw Street, Ipswich, IP2 8SJ, United Kingdom
The DPO Centre, 50 Liverpool Street, London, Greater London EC2M 7PR, United Kingdom