By Jade Kowalski, Hans Allnutt & Patrick Hill

|

Published 09 April 2024

Overview

The latest edition of our Data, Privacy and Cyber Bulletin covers a wide range of topics starting with the latest edition of our AI explainer series covering the latest developments surrounding the passage of the European Union AI Act. We also review the issue of a report by Lloyds which covering the rapid development and transformative impact of generative AI on the cyber risk landscape.

Our maritime team have provided a detailed introduction to cyber security for ships as part of an ongoing series focussing or maritime cyber security.

From a data protection perspective, there are a number of developments reviewed including the important decision of the European Data Protection Supervisor finding that the European Commission's use of Microsoft 365 is in breach of Regulation 2018/1725 (the GDPR equivalent applicable to EU institutions). Our Santiago de Chile office discusses the passage of the Chilean Law on Cybersecurity and Critical Infrastructure, the first of its kind in Latin America. The ICO continues to generate news with the publication of new fining guidance and the issue of a call for views on 'consent or pay' business models.

Concluding, we discuss the publication of a report by the FCA on the use of synthetic data in financial services and the launch of a House of Lords inquiry into UK data adequacy.

 

The DACB AI Explainer: EU AI Act Approved by EU Parliament – What are prohibited AI practices? What does this mean for my business?

the comprehensive EU AI Act (Act) was approved by the European Parliament on 13 March, and is now set to become law from May. A key part of the Act is prohibited AI practices. But what are they, and what does this mean for businesses? This article in the DACB AI Explainer series covers these questions.

Read more

 

Generative AI: A means to an end or an end to means?

Lloyds has published a report on the rapid evolution of Generative AI which considers its transformative implications on the cyber risk landscape, the widespread impact of cyber threats on national security and businesses presently and the measures which must be taken to mitigate the frequency, severity, and diversity of smaller scale cyber losses which are inevitably due to grow over the next one to two years.

Read more

 

An introduction to maritime cyber security for ships

The maritime industry is unique in many ways, but its reliance on IT infrastructure and telecommunications make it as vulnerable as any other industry to cyber-attack. In this article, which is our first in a series of three focussing on maritime cyber security, we outline the threats to the industry and the guidance currently available to help companies respond to those threats.

Read more

 

Stepping up in Latin America: Chile enacts a new Cybersecurity Law

The Chilean Law on Cybersecurity and Critical Infrastructure aims to bolster Chile's cybersecurity as organisations in scope will have to increase their cybersecurity to prevent cyber-attacks. This legislation is likely to result in a significant increase in the purchase of cyber policies, and may encourage other countries in the Latin American region to take note.

Read more

 

Not to be missed! Our comments on the ICO's new Fining Guidance

The Information Commissioner's Office has published new Data Protection Fining Guidance which aims to provide certainty and clarity for organisations. The guidance is vital reading for organisations to understand the circumstances when the Commissioner considers the issuing of a penalty notice to be appropriate and the approach taken to determine the amount of a fine.

Read more

 

ICO issues call for views on 'consent or pay' business models

The Information Commissioners Office has issued a call for views on 'consent or pay' business models, also referred to as 'pay or ok' models. Following the lead of European data protection authorities, this call for views will form part of the ICO's ongoing work on the complex issue of cookie compliance.

Read more

 

EDPS finds the European Commission's use of Microsoft 365 to be in breach of Regulation 2018/1725

The European Data Protection Supervisor has found that the European Commission's use of Microsoft 365 is in breach of Regulation 2018/1725 (the GDPR equivalent applicable to EU institutions). This decision is likely to have a significant impact on data protection provisions in contracts with cloud based processors such as Microsoft.

Read more

 

FCA issues its Report on synthetic data in financial services

The Financial Conduct Authority has published a report on the use of synthetic data in financial services, reflecting the expected increase in use of synthetic data. Authored by the Synthetic Data Expert Group, the report focuses on 3 key themes across the data lifecycle, giving examples and applying those themes to synthetic data in financial services.

Read more

 

EU - UK Data Transfers: UK Parliament launches Inquiry into UK Data Adequacy

The House of Lords European Affairs Committee has launched an inquiry into data adequacy and its significance to the UK-EU relationship, in anticipation of the June 2025 'sunset clause' for existing adequacy decisions.

Read more

Authors