Data Protection News Update 16 October 2023

IGS
October 16, 2023

United Kingdom

ICO looking for entrants for it’s 2024 Regulatory Sandbox

“If you’re part of an organisation that’s tackling complex data protection considerations as you create innovative new products and services, the ICO’s Regulatory Sandbox team wants to hear from you”.
Current areas of focus that the ICO is accepting expression of interest in are:
- Biometric processing;
- Emerging technologies; or
- Exception innovations.

Court of Appeals rules that the ICO acted lawfully in SAR complaint litigation

This ruling comes after a long running battle over a SAR complaint.
According to the ICO, this case “raised important questions about how far the ICO has to go in investigation and reaching a decision on the merits of every complaint.”
You can find the judgment here: https://caselaw.nationalarchives.gov.uk/ewca/civ/2023/1141
The original facts involved a Mr Delo putting through a complaint to the ICO when he was refused information in a SAR to a financial institution. The ICO responded that the financial institution had complied with its obligations, and that no further action would be taken. Mr Delo then brought a claim for judicial review, which was dismissed.
The latest appeal ruling focused on two questions:
- 1) “Is the Commissioner obliged to reach a definitive decision on the merits of each and every such complaint or does he have a discretion to decide that some other outcome is appropriate?
- (2) “if the Commissioner has a discretion, did he nonetheless act unlawfully in this case by declining to investigate or declining to determine the merits of the complaint made by the claimant?”

United States

FTC and CFPB Settlement to Require Trans Union to Pay 15 million dollars

The settlement comes after Trans Union failed to ensure accuracy of tenant screening reports.

Europe

EU General Court rules against interim measures to pause the implementation of the EU – US Data Privacy Framework

The Court ruled that Latombe – the French Member of European Parliament that filed against the transfer agreement and subsequent adequacy decision – could not prove the individual or collective harm the agreement raises.

AEPD updates controllers’ data breach response tool

Spain’s data protection authority has announced updates to its in-house tools that help data controllers respond to breaches.
The tools in question are Gap Advisor: https://www.aepd.es/guias-y-herramientas/herramientas/asesora-brecha and Communicate Gap: https://www.aepd.es/guias-y-herramientas/herramientas/comunica-brecha-rgpd.

International

New Zealand privacy commissioner shares its two cents on CCTV use in school bathrooms

Schools want to know if they can install CCTV networks in the bathrooms of children and other young people, to tackle negative behaviour such as vaping and bullying.
The Office of the Privacy Commissioner recommends schools looking to do this to do a privacy impact assessment beforehand.

Data Protection News Update 22 April 2024

United Kingdom ICO reprimands housing association for insufficient data security ICO publishes guidance to improve transparency in health and social care United States Change Healthcare’s

Data Protection News Update 15 April 2024

United Kingdom Information Commissioner’s Office seeks views on accuracy of generative AI models United States US Senator says TikTok divestiture deadline could be extended to

Asking (and answering) an obvious but important question: why does data confidentiality matter, ethically speaking?

In my last article, I focused on the ethical significance of one of the most prominent failure of data governance in recent times; namely, the

Data Protection News Update 08 April 2024

United Kingdom ICO sets out priorities to protect children’s privacy online ICO joins global data protection and privacy enforcement programme United States US and UK