The DPIA is a bitesize assessment of the impact of the most significant, interesting and important-to-know data protection issues.
The DPIA is an assessment of the impact of the most significant and important-to-know data protection issues from around the globe. It’s not the full story, just a quick 3-minute read, collated and condensed to keep you updated with the latest news in our ever-evolving industry.
How to identify a phishing email: Safeguarding your organisation
According to cybersecurity reports, phishing is responsible for more than 22% of all data breaches, globally. The anti-phishing working group (APWG) states that 2023 was the worst year on record, with almost 5 million attacks.
In our latest blog, we discuss the impact of phishing attacks on businesses and the red flags you should look out for. Cybercriminals are becoming increasingly sophisticated in their attacks, and it is important to understand their various tactics and the types of phishing emails they use.
Artificial Intelligence (Regulation) Bill passes second reading
On 22 March 2024, the Artificial Intelligence (Regulation) Bill successfully passed its second reading in the UK’s House of Lords. The private members’ bill, proposed by Lord Holmes of Richmond, seeks to establish comprehensive regulations for the development, deployment, and use of AI within the UK.
Notably, the bill calls for any business involved in developing, deploying, or using AI, to appoint an AI Officer to ensure the safe, ethical, unbiased, and non-discriminatory use of AI within the business.
The bill is now anticipated to proceed to the Committee stage, where it will be further examined, and any potential amendments raised.
ICO publishes view on the Data Protection and Digital Information Bill
On 15 March 2024, the UK’s Information Commissioner’s Office (ICO) published its view on the Data Protection and Digital Information (DPDI) Bill. Overall, the ICO supports the Bill’s objectives but highlights the need for further revisions to enhance its effectiveness.
The ICO welcomes amendments to the Data Protection Framework to ensure legal clarity and maintain high data protection standards. However, the ICO expresses the importance of clearer definitions for high-risk processing and suggests incorporating a list of high-risk activities similar to Article 35(3) of the UK GDPR. This would enable organisations to better assess whether their processing activities adhere to legal requirements.
The ICO had initially raised concerns about the Bill’s potential narrow interpretation of personal data. In this latest statement, the ICO notes that the government has since clarified that personal data identification doesn’t depend on the controller’s subjective intention, and this stance will be emphasised in future guidance.
Dutch Data Protection Authority calls for input on AI algorithms and democracy
The Algorithm Coordination Directorate of the Dutch Data Protection Authority (AP) is seeking input on the impact of algorithms and AI in democratic processes. Experts, scientists, policymakers, and technologists are invited to contribute their insights by 12 April 2024.
The collected input will help the AP with early risk identification regarding the development and use of algorithms and AI. The AP will publish these risks in the upcoming Report on AI & Algorithm Risks in the Netherlands (RAN) scheduled for publication in summer 2024.
CNIL publishes latest guide to support organisations with IT security compliance
In March 2024, the French Data Protection Agency (CNIL) released the 2024 edition of its practice guide for the security of personal data. This updated guide includes essential precautions and security measures for safeguarding data. There are also fact sheets on topics such as artificial intelligence, mobile applications, cloud computing, and APIs.
To help stakeholders track updates in the guide editions, CNIL has also included a new change log. This will assist in identifying the necessary changes to security measures within organisations.
Court rejects Meta’s claim that FTC hearings violate constitution
Meta (formerly known as Facebook) has encountered another setback in its attempt to block an administrative hearing conducted by the Federal Trade Commission (FTC). The FTC's in-house hearing is underway and could potentially result in a ban on monetising teenagers’ data.
Meta claims the hearings have a significant risk of bias due to the commission’s dual role of prosecutor and judge. Judge Randolf Moss referenced previous Supreme Court rulings that upheld similar arrangements and denied the request.
Meta has appealed the judge’s decision, and a spokesperson for the company stated, ‘We remain committed to investing in privacy programmes that protect people’s privacy, and we will continue to vigorously fight the FTC’s baseless and unlawful action.’
Google introduces new security and privacy protections
In March 2024, Google rolled out enhanced security and privacy features for Chrome users on both desktop and iOS. Google claims these new updates will provide a 25% increase in detecting and blocking phishing attacks.
Chrome now provides real-time protection during browsing, sending rapid checks on URLs against an updated list of malicious sites. There are also predictive phishing protections such as site isolation, sandboxing, and predictive phishing protections. With automatic updates every 6 weeks to ensure users always have the latest security features and fixes.
Google says, ‘If we suspect a site poses a risk to you or your device, you’ll see a warning with more information.’
UN General Assembly adopts landmark resolution on AI
On 21 March 2024, the UN General Assembly officially adopted a landmark resolution on artificial intelligence (AI) systems. The resolution focuses on the promotion of ‘safe, secure, and trustworthy’ AI systems and emphasises the importance of human rights in the whole life cycle of AI, from design to utilisation.
The United States-led resolution was backed by more than 120 other Member States and represents the collective commitment to ensuring data safety in the evolution of AI technologies. The Assembly recognises that AI systems have the potential to accelerate progress towards achieving the 17 Sustainable Development Goals (SDG).
To support our ongoing requirement to continuously grow our remarkable and extraordinary #ONETEAM, we are seeking candidates for the following positions:
Data Protection Officers (UK, Netherlands)
Data Privacy Officers (Canada)
Data Subject Access Request (DSAR) Officer
Marketing Assistant
Project Administrator
Senior HR Advisor
If you are looking for a new and exciting challenge, and the opportunity to work for both a Great Place to Work-Certified™ company and one of the UK's Best Workplaces in Consulting & Professional Services,apply today!
You have been sent this newsletter under legitimate interest, for more information please read our Privacy Notice
The DPO Centre is a limited company registered in England and Wales (Company Number: 10874595) Registered Office: Suffolk Enterprise Centre, Felaw Street, Ipswich, IP2 8SJ, United Kingdom
The DPO Centre, 50 Liverpool Street, London, Greater London EC2M 7PR, United Kingdom