Data Protection News Update 19 February 2024

United Kingdom

ICO approves legal services certification

  • The UK Information Commissioner’s Office approved a certification scheme for legal service providers in compliance with the EU General Data Protection Regulation.
  • Certification schemes were introduced under the UK GDPR to help organisations demonstrate compliance with data protection requirements and in turn, inspire trust and confidence in the people who use their products, processes and services.
  • The Legal Services Operational Privacy Certification Scheme is the fifth set of UK GDPR certification criteria that the ICO has approved.
  • “Legal service providers such as law firms and barristers’ chambers process large amounts of sensitive data…this certification scheme will provide them with certainty that they are adhering to data protection standards and reduce time and resource spent assessing third party data processors,” said Emily Keany, ICO Deputy Commissioner.

ICO responds to Home Office’s draft regulations to the immigration exemption

  • The Information Commissioner’s Office has welcomed proposed government changes to provide clearer safeguards around how people in a potentially vulnerable position within the immigration system are able to access the information held about them.
  • The draft regulations will amend the immigration exemption in the Data Protection Act after a case was brought by the3million and Open Rights Group where the ICO was an interested party.
  • The case raised that the exemption was not clear enough and did not contain sufficient built-in safeguards to prevent abuse and protect people’s rights. December’s Court of Appeal ruling that required the government to make the exemption clearer.
  • The Home Office consulted with the ICO about the new regulations, and it was determined they satisfy the requirements of the judgement.

United States

Caribou school abandons plan to track students with fingerprint technology

  • A Caribou, Maine school district dropped plans to use biometrics to track student attendance.
  • Principal Jamie Selfridge sent a letter to families on 24th January about the school’s plan to use identiMetrics, a biometric system that scan students’ fingerprints to store data on attendance.
  • IdentiMetrics is based in Pennsylvania and launched in 2002 as a digital identification system for schools looking to keep more accurate student records and avoid issues with missing student ID cards, according to their website.
  • Parents and the American Civil Liberties Union of Maine were concerned about the fingerprinting system’s use within a school. School administrators have decided not to implement identiMetrics due to this.


Artificial Intelligence Act: committees confirm landmark agreement

  • European Parliament committees approved the proposed Artificial Intelligence Act.
  • This regulation aims to protect fundamental rights, democracy, the rule of law and environmental sustainability from high-risk AI whilst boosting innovation and establishing Europe as a leader in the AI field.
  • The Committee on Internal Market and Consumer Protection and the Committee on Civil Liberties, Justice and Home Affairs voted 71-8 (7 abstentions). 
  • The text awaits a formal adoption in an upcoming Parliament plenary session and final Council endorsement.

AEPD fines utility company 6.1M euros for GDPR violations

  • Spain’s data protection authority, the Agencia Española de Protección de Datos, fined a utility company called Endesa Energía 6.1 million euros for alleged EU General Data Protection Regulation violations.
  • The AEPD claimed the company had insufficient data security measures and did not notify consumers of a data breach.


Implementation of Sri Lanka’s Personal Data Protection Act ‘likely to be hampered by political interference’

  • Sri Lanka’s Personal Data Protection Act (PDPA) could face political interference issues during the implementation.
  • The chairman of Communication, Data Protection and Technology Law of LAWASIA shared that the PDPA aims to safeguard personal data held by various entities, including government bodies, banks, telecom operators and hospitals.
  •  “This piece of legislation, the first of its kind in South Asia, was developed transparently. All the provisions in the Act are on par with international standards, but due to the volatility in the social and political situation in Sri Lanka, it will not serve its purpose,” IT legal expert Sunil Abeyaratne said.
  • Sri Lanka’s Data Protection Authority is expected to commence full operations early this year, with vital responsibilities such as developing guidelines, investigating complaints, imposing penalties, and raising awareness of data protection rights among individuals and organisations.

Hong Kong police chief Raymond Siu backs government plan to install 2,000 surveillance cameras by end of year

  • Law enforcement agencies in Hong Kong plan to install 2,000 surveillance cameras in densely populated and high-crime areas to combat crimes and ensure resident safety by the end of 2024.
  • Commissioner of Police Raymond Siu shared that 7.3 million surveillance cameras have been installed throughout the UK since 1990s, adding that Singaporeans are happy to welcome such measure.
  • Siu added that cameras would be installed in cities to manage crime and provide security to high-crime areas.


More Posts

Send Us A Message