Data Protection News Update 04 March 2024

United Kingdom

ICO finds the Home Office’s pilot of GPS electronic monitoring of migrants breached UK data protection law

  • The UK Information Commissioner’s Office has issued an Enforcement Notice to the Home Office over its use of GPS ankle tags on migrants.
  • The ICO has been in discussion with the Home Office since August 2022 regarding its pilot to place ankle tags on and track the GPS location of up to 600 migrants on immigration bail, after concerns about the scheme raised by Privacy International.
  • The purpose of the pilot was to test whether electronic monitoring is an effective way to maintain regular contact with asylum claimants.
  • The ICO found the Home Office failed to sufficiently assess the privacy intrusion of the continuous collection of people’s location information, as tracking people is highly intrusive and organisations planning to do this must be able to provide a strong justification for doing so.
  • Throughout the ICO’s enquiries, the Home Office was unable to explain sufficiently why it was necessary or proportionate to collect, access and use people’s information via electronic monitoring, failing to evidence less intrusive methods.
  • The ICO has issues a formal warning alongside the Enforcement Notice, warning that any future processing by the Home Office on the same basis will be in breach of data protection law.

ICO reprimands West Midlands Police for data protection failure

  • The Information Commissioner’s Office has issued a reprimand to West Midlands Police (WMP) after the force repeatedly mixed up two people’s personal information.
  • On numerous occasions throughout 2020, 2021 and 2022, WMP incorrectly linked and merged the records of two people with the same name and data of birth.
  • Both people had been victims of crime, and one was a suspect, meaning WMP didn’t make a clear distinction between the personal information of victims and suspects of crime, a breach of the Data Protection Act 2018.
  • The mix-up led to inaccurate personal information being processed and resulted in a catalogue of errors.
  • WMP did not take steps to rectify the error quickly enough and there was a failure to stop the inaccurate linking of records reoccurring, both breaches of data protection law. The ICO also found there was a lack of regular data protection training and not enough was done to make employees aware of their responsibilities to report any inaccurate personal information.

United States

Codified raises $4 million in seed funding for AI-driven data governance platform

  • Generative artificial intelligence startup Codified announced it raised $4 million USD in seed funding.
  • Codified is a startup leveraging generative AI for data governance, with a platform designed to allow companies to author and implement data governance policies using natural language, ensuring data access aligns with business intent and reducing manual intervention.
  • Codified aims to streamline the often manual and costly process of data governance.
  • The funding will be used to grow Codified’s team, accelerate product development, and prepare for a market launch with a productive preview expected for select customers in 2024.


Concerns raised over UK Data Protection Bill’s impact on EU’s GDPR

  • Member of European Parliament, Paul Tang, said the proposed UK Data Protection and Digital Information Bill could impact the adequacy decision between the EU and the UK.
  • “The soon-to-be-voted Data Protection & Digital Information Bill (DPDI), which is the UK governments attempt to replace GDPR, risks violating the Trade and Cooperation Agreement and the rights of EU and UK citizens,” stated Tang.
  • The current adequacy agreement between the EU and UK facilitates continuous data transfers between the EU and the UK, resulting in concerns over the restructuring of current laws and that EU citizens’ data could be shared with third parties who do not meet Brussels’ data protection criteria.
  • Tang is concerned that the proposed UK reform bill will have weaker rules, and negatively impact the current adequacy agreement.

IMY invests in innovation and complaint handling

  • Sweden’s data protection authority, the Integritetsskyddsmyndigheten, released its annual report 2023.
  • The IMY stated they will continue prioritizing guidance for data protection compliance and innovative technology such as artificial intelligence.
  • The report highlighted recently completed projects on a federated learning AI model for health care systems, as well as public safety sensors to replace surveillance cameras.


Singapore’s PDPC takes enforcement actions

  • Singapore’s Personal Data Protection Commission took two recent enforcement actions.
  • In the first decision, the PDPC issued a warning to a financial advisory firm for using dictionary attack methods to generate phone numbers, failing to obtain clear and unambiguous consent, and failing to check the DNC Register before making marketing calls. 
  • In the second decision, a financial penalty of SGD $58,000 was imposed to online retailer Carousell for alleged failure to put strong data security measures in place to protect customers personal information. Carousell was also directed to review its software testing procedures.

Facial recognition trial raises concerns for Indigenous and Pasifika peoples

  • In a bid to combat repeat retail offending, a Facial Recognition Technology trial (FRT) are now being used in supermarkets in Aotearoa and Australia.
  • However, experts are concerned that the technology could discriminate against people of colour, particularly those from Indigenous and Pasifika communities.


More Posts

Send Us A Message