The DPIA is a bitesize assessment of the impact of the most significant, interesting and important-to-know data protection issues.
The DPIA is an assessment of the impact of the most significant and important-to-know data protection issues from around the globe. It’s not the full story, just a quick 3-minute read, collated and condensed to keep you updated with the latest news in our ever-evolving industry.
Exploring Canadian privacy laws with Ray Pathak
In our latest blog, Canadian privacy laws: PIPEDA and beyond, we speak to former Privacy Officer and current Managing Director of The DPO Centre Canada, Ray Pathak.
Ray explores some of the challenges Canadian organisations face in the wake of new privacy regulations, such as Quebec Law 25 and the proposed Digital Charter Implementation Act (Bill-C27). He gives guidance on how businesses can prepare for compliance, including completing Privacy Impact Assessments (PIAs) and adapting policies and procedures, and provides insight into the need for ongoing data management.
News last week that the UK’s Data Protection and Digital Information Bill (DPDI) has been excluded from the ‘wash-up’ process before Parliament’s dissolution has been met with widespread relief among the privacy community.
Ben Seretny, Head of DPOs and Data Protection Officer at The DPO Centre says,
‘Regardless of any particular issues with the DPDI Bill in its current form, the journey through both Houses of Parliament is an important opportunity for further scrutiny and amendments. Any changes to the UK data protection legal framework will have sizeable ramifications for the future of UK businesses, government dealings, and, most importantly, the rights of data subjects. As such, we’re pleased the Bill did not make Parliamentary wash-up. Such pivotal legislation demands the highest degree of thorough examination to uphold the integrity of data protection standards in our legal framework.’
DSIT says future of general-purpose AI is ‘remarkably uncertain’
On 17 May 2024, the Department for Science, Innovation and Technology (DSIT) published the International Scientific Report on the Safety of Advanced AI. The report examines the risks of general-purpose artificial intelligence (AI) and explores mitigating factors.
DSIT concluded that general-purpose AI (systems that can perform intellectual tasks) has great potential to advance research and increase productivity in a vast range of sectors, such as education and medicine.
However, the department said the rapid development of these systems could pose greater risks, such as large-scale unemployment and general-purpose AI-enabled terrorism. DSIT advised that policymakers and developers must continually identify and take informed action to mitigate such events.
UPD explores general attitudes towards NHS’s patient data usage
On 18 April 2024, Understanding Patient Data (UPD) published a report on public awareness, understanding and views of the NHS’s use of patient data for planning and population health management.
Overall, the report found that public awareness around how the NHS uses patient data was low, with 54% of respondents stating they knew ‘nothing or little’ about it. Regarding identifiability and choice, 54% also stated a preference for de-identified data to be used.
19% of respondents believe the NHS should not have automatic access to any type of personal data for planning and population health purposes, suggesting opt-in rather than opt-out.
UPD aims to share their findings with NHS policymakers and other healthcare organisations, to influence data usage and implement opt-out policies within existing regulations, such as the Control of Patient Information (COPI) regulation.
European Council approves first-of-its-kind AI Act
In a commitment to ensure safe and transparent artificial intelligence (AI) development and deployment within the European Union (EU), the European Council formally approved the AI Act on 21 May 2024.
This landmark legislation adopts a risk-based approach, with high-risk AI models facing stricter regulations, whilst activities such as behavioural manipulation and social scoring have been prohibited altogether.
The final approval of the AI Act coincided with the 6th anniversary week of the GDPR, perhaps hinting at its potential global impact. Just as the GDPR influenced data protection and privacy standards worldwide, the AI Act looks set to have a similar effect on AI legislation.
ACM fines Epic Games €1.1m for unfair commercial practices
The Netherlands Authority for Consumers and Markets (ACM) has fined Epic Games International more than €1.1m for using unfair commercial practices aimed at children in its videogame, Fortnite.
ACM found that the developer used various design choices, such as countdown timers, to pressure children into making in-game purchases. The authority also imposed a binding instruction, requiring them to end the violation by 10 June 2024.
Whilst the fine was not directly related to a violation of the GDPR, it highlights the importance of protecting children’s data rights and privacy. The ACM has reinforced the need for companies to have robust privacy processes, especially when targeting young users.
Colorado becomes first state to pass AI legislation
On 17 May 2024, Colorado became the first US state to pass a comprehensive artificial intelligence regulation – a crucial step in responsible AI adoption. The Colorado AI Act places strict compliance measures on developers and deployers of AI systems, particularly those that play a significant role in making consequential decisions.
By implementing such measures, the Act aims to prevent algorithmic discrimination, protecting individuals from biased or discriminatory outcomes based on their age, race, religion, and more.
On 10 May 2024, Vermont passed one of the most extensive privacy laws in the US. The Vermont Data Privacy Act introduces constraints on what personal data can be collected, prohibits organisations from selling consumer’s data, and establishes civil rights safeguards to prevent discrimination.
The new law also gives consumers the private right of action, allowing individuals to sue an organisation for violating online privacy rights. This will become effective from 2026 and will be reauthorised two years later.
World leaders at Seoul’s AI Summit agree to launch safety institutes
In further AI news, on 21 and 22 May 2024, South Korea hosted the AI Seoul Summit in partnership with the UK government.
Alongside the European Union (EU), 10 countries agreed to align their research on machine learning by developing a network of artificial intelligence (AI) safety institutes. The institutes will share information about the capabilities, limitations, and risks of various AI models, as well as monitor particular AI safety incidents as they occur.
In November 2023, The UK claimed to have created the world’s first AI Safety Institute, after an initial investment of £100m, and has since launched a free-to-use AI safety evaluation platform, known as Inspect.
To support our ongoing requirement to continuously grow our remarkable and extraordinary #ONETEAM, we are seeking candidates for the following positions:
Data Protection Officers (United Kingdom)
Data Protection Officers (The Netherlands)
Data Subject Access Request (DSAR) Officer
If you are looking for a new and exciting challenge, and the opportunity to work for both a Great Place to Work-Certified™ company and one of the UK's Best Workplaces in Consulting & Professional Services,apply today!
You have been sent this newsletter under legitimate interest, for more information please read our Privacy Notice
The DPO Centre is a limited company registered in England and Wales (Company Number: 10874595) Registered Office: Suffolk Enterprise Centre, Felaw Street, Ipswich, IP2 8SJ, United Kingdom
The DPO Centre, 50 Liverpool Street, London, Greater London EC2M 7PR, United Kingdom
