The DPIA is a bitesize assessment of the impact of the most significant, interesting and important-to-know data protection issues.
The DPIA is an assessment of the impact of the most significant and important-to-know data protection issues from around the globe. It’s not the full story, just a quick 3-minute read, collated and condensed to keep you updated with the latest news in our ever-evolving industry.
Data protection checklist for mergers and acquisitions
In our latest blog, we explore data protection considerations for mergers and acquisitions (M&A) transactions. We cover how data protection compliance can affect deals, what buyers and sellers should consider, and provide a checklist of essential data protection documents.
Both buyers and sellers have responsibilities to ensure the right documentation is in place and that data protection governance is sound. This will build trust and mitigate risks, ultimately facilitating a smooth transition.
On 22 April 2024, the UK’s Financial Conduct Authority (FCA) published an update to their approach to Artificial Intelligence (AI). In response to the UK government’s AI White Paper, the FCA outlines the roles and objectives for regulating the adoption of AI in UK financial markets.
Highlighting the promotion of the safe and responsible use of AI, the FCA’s twelve-month plan includes enhancing existing regulatory frameworks, conducting thorough risk assessments related to AI deployment, and providing educational resources and guidance to financial firms on best practices.
ICO publishes transparency guide for health and social care
On 15 April 2024, the Information Commissioner’s Office (ICO) published new guidance on transparency in health and social care organisations. The guide seeks to ensure transparency with individuals regarding the use of their personal data and is aimed at any organisation that delivers health or social care services and processes personal data.
Key considerations:
The necessity and proportionality of using personal data
Data protection by design, with safeguards to protect individuals’ data
How to provide transparency
When to do a Data Protection Impact Assessment (DPIA)
EDPB confirms ‘consent or pay’ models should offer real choice
On 17 April 2024, the European Data Protection Board (EDPB) issued an opinion on the validity of consent for processing personal data in the context of ‘consent or pay’ models used by large online platforms for behavioural advertising. These models typically force users to choose between consenting to personal data processing or paying a fee.
The EDPB’s opinion is that such models do not comply with valid consent requirements. Instead, platforms should offer an ‘equivalent alternative’ that does not involve payment. This free alternative should include a form of advertising that processes less or no personal data.
The EDPB also emphasised that obtaining consent does not exempt controllers from other GDPR principles.
EU Parliament proposes framework for accessing financial data
On 18 April 2024, the European Parliament took a significant step by proposing a harmonised framework for accessing financial data at the EU level. This includes various categories of customer financial information, including:
Mortgages and loans
Savings, investments, and insurance-based products
Pension rights
The proposed framework would allow financial institutions to access customer financial data to create personalised products and services, but only with explicit permission.
House votes to reapprove law allowing warrantless surveillance of US citizens
On 12 April 2024, the US House of Representatives voted to reauthorise Section 702 of the Foreign Intelligence Surveillance Act (FISA) for two more years, with 273 in favour and 147 against.
The decision followed a contentious debate. Critics argued that Section 702 allows for warrantless surveillance of Americans and impacts individual privacy. Proponents view it as a crucial counterterrorism tool. The split in opinion highlights the ongoing tension between protecting personal data rights and maintaining effective national security measures.
Meta’s claim rejected by court
In a ruling issued on 15 March 2024, US District Judge Randolf Moss rejected Meta’s claim that the Federal Trade Commission (FTC) hearings violate the Constitution. Meta (formerly Facebook) had argued that the FTC’s structure, including in-house hearings, denies companies due process of law.
The ruling means the administrative hearing will proceed, and the FTC can continue its investigation into Meta's practices regarding monetising teen data.
South Korea’s PIPC publishes impact assessment guide
On 18 April 2024, the Personal Information Protection Commission (PIPC) in South Korea announced the publication of a guide for Personal Information Impact Assessments (PIAs).
The PIPC aims to enhance privacy protection and promote responsible data handling.
The guide includes essential aspects of PIAs, including the specific evaluation criteria, the applicability of the assessment for public institutions, and the legal consequences of failing to conduct a PIA.
To support our ongoing requirement to continuously grow our remarkable and extraordinary #ONETEAM, we are seeking candidates for the following positions:
Data Protection Officers (United Kingdom)
Data Protection Officers (The Netherlands)
Data Subject Access Request (DSAR) Officer
If you are looking for a new and exciting challenge, and the opportunity to work for both a Great Place to Work-Certified™ company and one of the UK's Best Workplaces in Consulting & Professional Services,apply today!
You have been sent this newsletter under legitimate interest, for more information please read our Privacy Notice
The DPO Centre is a limited company registered in England and Wales (Company Number: 10874595) Registered Office: Suffolk Enterprise Centre, Felaw Street, Ipswich, IP2 8SJ, United Kingdom
The DPO Centre, 50 Liverpool Street, London, Greater London EC2M 7PR, United Kingdom