4 min read

Data, Privacy & Cyber Bulletin – November 2023

Read More

By Patrick Hill, Hans Allnutt and Jade Kowalski

|

Published 06 December 2023

Overview

The latest edition of our Data, Privacy and Cyber Bulletin carries a distinct international flavour with our team providing coverage of developments across the United Kingdom, Europe and Latin America.

The DAC Beachcroft Data, Privacy and Cyber Team recently attended the IAPP European Data Protection Congress in Brussels. Our key takeaways highlight significant discussion of artificial intelligence and the uncertain regulatory landscape. Continuing that theme, we consider the United Kingdom's approach to AI regulation as part our 'AI Explainer' series, and the publication of the first set of guidelines by the French Data Protection Authority, CNIL, on complying with the GDPR when researching and developing AI systems.

Moving into 2024, the Latin American region will continue to be a hotspot for cyber-attacks. With many countries in the region continuing to develop their own data protection laws, colleagues from our Santiago de Chile and London offices provide a wide-ranging analysis of the key issues facing governments, directors and policymakers.

Another hot topic at IAPP Congress was future regulation of the AdTech industry and the complexity of complying with user transparency and control in respect of online advertising activities. The recent crackdown on cookies across the UK and Europe indicate the importance of these issues for organisations' agendas. We address those recent developments across both the UK and EU, including a specific analysis of the recent binding decision by the European Data Protection Board on the processing of personal data for behavioural advertising by Meta.

On the legislative front, the Data Protection and Digital Information Bill has concluded the journey through the House of Commons. We assess the continued concerns about data adequacy and other amendments introduced at the report stage.

The recent report by the International Data Transfers Expert Council is also evaluated, providing an overview of the report's recommendations, and the challenges faced in achieving a sustainable and scalable approach to international data transfers.

Concluding this month's content, we review details of recent reprimands issued by the ICO, and what they mean for data controllers and organisations.

 

The DACB AI Explainer - Article 3: The UK Approach - What is the United Kingdom's approach to AI Regulation?

The third article in our DACB "AI Explainer" series focuses on the United Kingdom's approach to AI Regulation and the important takeaways from the recent AI Safety Summit in Bletchley Park.

Read more

 

Key takeaways from the IAPP European Data Protection Congress 2023

We review the key takeaways from the 2023 IAPP Congress. Developments in technology, in particular AI, will produce challenges for both regulators and privacy professionals in the coming year, and there was extensive discussion on the future regulation of the AdTech industry.

Read more

 

French data protection agency CNIL issues first AI guidance

We consider the recent how-to guidance issued by the French Data Protection Authority, CNIL, directed at the creation of datasets for the development of artificial intelligence systems, specifically those based on the collection and use of personal data in machine learning systems and systems based on logic and knowledge.

Read more

 

Securing Tomorrow: Why Latin America should top Global Cyber Insurers' Lists

Our Santiago de Chile and London practices discuss the key issues facing the Latin American region, including recent cyber-attacks, data protection compliance requirements and opportunities in the cyber insurance market.

Read more

 

Cookie crackdown across UK and Europe

We analyse the draft new guidelines on the EU ePrivacy Directive which potentially extend the legislation's application to emerging technologies. The ICO also issued a statement warning UK companies of potentially enforcement action if their advertising cookies do not comply with data protection law, and we examine the content and implications.

Read more

 

EDPB imposes EEA-wide ban on Meta processing personal data for behavioural advertising

The long-running saga into the data processing operations of Meta services, Instagram and Facebook, took a further twist as the European Data Protection Board issued an instruction to bring about a permanent ban on Meta processing personal data for behavioural advertising. We review the background to this decision, and the challenges to Meta's new 'pay or okay' mechanism.

Read more

 

Data Protection and Digital Information Bill moves to the House of Lords

The Data Protection and Digital Information Bill has moved to the House of Lords for scrutiny following completion of the report stage and third reading in the House of Commons. We assess a number of the amendments introduced at report stage, and continued concerns around the European Commission's finding of adequacy in respect of the UK.

Read more

 

International Data Transfers Expert Council new report: recommendations for a sustainable and scalable approach to international data transfers

We discuss the independent report by the International Data Transfers Expert Council, and the numerous challenges that exist with the current approach to international data transfers.

Read more

 

ICO decisions demonstrate willingness to issue reprimands to organisations of all sizes

We review the power of the ICO to issue reprimands, and how their most recent decisions show a particular concern with the measures taken by organisations to secure their data and the response to cyber incidents when they take place.

Read more

Authors