The DPIA is a bitesize assessment of the impact of the most significant, interesting and important-to-know data protection issues.
The DPIA Newsletter

The DPIA is an assessment of the impact of the most significant and important-to-know data protection issues from around the globe. It’s not the full story, just a quick 3-minute read, collated and condensed to keep you updated with the latest news in our ever-evolving industry.

Quebec’s Law 25: A guide to support compliance

Our latest blog explores Quebec’s new privacy legislation: Law 25. The law applies to all organisations, located anywhere, that collect, process, and store the personal information of Quebec individuals and marks a complete overhaul of Quebec’s privacy regime. 

 

In our exploration of Law 25, we discuss its key elements and provide a guide towards compliance. We also present advice to help organisations prepare for the final stage of the legislation, which comes into effect on 22 September 2024.  

 

Read our blog here
United Kingdom

Information Commissioner says data breaches are ‘failing’ people living with HIV 

At the end of April, Information Commissioner John Edwards released a statement condemning data protection standards at health services for people living with HIV and calling for the use of BCC on emails to be stopped – something the Information Commissioner’s Office (ICO) previously requested in August 2023. 

 

Mr Edwards said: ‘People living with HIV are being failed across the board when it comes to their privacy and urgent improvements are needed across the UK. We have seen repeated basic failures to keep their personal information safe - mistakes that are clear and easy to avoid.’ 

 

The statement comes after the ICO issued fines and reprimands to numerous organisations who experienced data breaches due to email mistakes involving sensitive communications.  

 

Read the ICO’s statement 

ICO announces new tool for creating a privacy notice

On 4 May 2024, the Information Commissioner’s Office (ICO) announced the launch of their new privacy notice generator. The tool replaces the previous privacy notice template and has been specifically designed for sole traders, start-ups, SMEs and charities.  

 

Users can create bespoke privacy notices for customers and suppliers and/or staff and volunteers. The generator has been designed for general businesses, including retail and manufacturing. 

 

The ICO also announced that sector-specific generators will be launching in summer 2024.  

 

Find the privacy notice generator here 
PrivSec Global

European Union

Dutch AP says data scraping ‘creates privacy risks’

The Dutch Data Protection Authority, Autoriteit Persoonsgegevens (AP), has issued guidance on data scraping - the automatic collection and storage of information from the internet.  

 

The AP said that there had been a general misconception that the practice is legal in relation to public information but in reality, it is ‘almost always’ a violation of the EU General Data Protection Regulation (GDPR).  

 

The guidance focuses on the concept that publicity is not consent. It considers that scraping is only possible on the basis of legitimate interest and helps organisations to assess whether they can rely on that basis. 

 

Read the guidance

European Commission opens formal proceedings against Meta Platforms Inc 

On 30 April 2024, the European Commission opened formal proceedings to assess whether the provider of Facebook and Instagram may have breached the Digital Services Act (DSA). The platforms were designated as 'Very Large Online Platforms' in April 2023 and, as such, must comply with a series of obligations set out in the DSA.  

 

The proceedings will focus on the suspected use of deceptive advertisements and disinformation, visibility of political content, and the mechanism to flag illegal content.  

 

Read the European Commissioners article 
The DPO Centre DPO Academy

North America

Ring LLC settles with FTC after cameras were used to spy on customers 

Amazon’s Ring – a smart security manufacturer specialising in doorbell cameras and home video systems – has agreed to pay $5.6 million after failing to implement security safeguards, allowing hackers to take control of customers’ accounts and devices.  

 

The Federal Trade Commission said all employees and contractors for the video doorbell company had access to customers’ private videos, even when it was not necessary for their role, leading to ‘egregious violations of users’ privacy’. 

 

Read the article  

U.S. Senators introduce bill for securing AI 

On 1 May 2024, U.S. Senators Mark Warner and Thom Tillis introduced a bill for the Secure Artificial Intelligence Act of 2024 to congress. The bill aims to establish regulatory tracking mechanisms for artificial intelligence (AI) and to update cybersecurity reporting systems to better incorporate AI technologies.  

 

The legislation intends to improve information sharing between the federal government and private companies and would also create a voluntary database to record AI-related cybersecurity incidents.  

 

Read Senator Warner’s press release 
International

Airline app exposed sensitive customer information to random users 

On 1 May 2024, several Qantas Airways customers reported that they could view other users’ travel details, including personal information and boarding passes. The airline confirmed the reports, stating a misconfiguration in its app had exposed sensitive traveller information to random users.  

 

Qantas released a further statement, confirming the issue is now resolved. They recommend customers log out of their accounts as a safety precaution and remain vigilant about any potential scams on social media related to this incident. Cyber attackers can often use incidents like these to exploit vulnerabilities and trick people into revealing sensitive information. 

 

Read our blog: How to identify phishing emails 
We Are Recruiting!

We are recruiting!

To support our ongoing requirement to continuously grow our remarkable and extraordinary #ONETEAM, we are seeking candidates for the following positions:

  • Data Protection Officers (United Kingdom)
  • Data Protection Officers (The Netherlands)
  • Data Subject Access Request (DSAR) Officer

If you are looking for a new and exciting challenge, and the opportunity to work for both a Great Place to Work-Certified™ company and one of the UK's Best Workplaces in Consulting & Professional Services, apply today!

Copyright © 2024 The DPO Centre, All rights reserved. 

You have been sent this newsletter under legitimate interest, for more information please read our Privacy Notice

The DPO Centre is a limited company registered in England and Wales (Company Number: 10874595)
Registered Office: Suffolk Enterprise Centre, Felaw Street, Ipswich, IP2 8SJ, United Kingdom

The DPO Centre, 50 Liverpool Street, London, Greater London EC2M 7PR, United Kingdom

Manage preferences