GDPR Radio – Episode 120 – My AI, Online Safety and ICO Enforcements

GDPR Radio’s latest episode, episode 120, covered a variety of topics in the data protection and privacy landscape. The hosts Charlotte Hogg, Phil Brining, and Joe Kirk discussed various news items, including WhatsApp and Signal’s protest against the UK’s Online Safety Bill, the launch of Snapchat’s new AI, ‘MyAI,’ and the reprimand of the Surrey and Sussex police by the Information Commissioner’s Office for data protection breaches.

The hosts also delved into recent news related to cybersecurity. A report by Bitdefender highlighted that cybersecurity is now a critical business issue due to the increase in cyber attacks that can impact a business’s reputation, financial stability, and regulatory compliance. The report also showed that phishing and ransomware attacks were the most common types of attack. However, the NCSC breaches survey revealed a different picture, with only around 32% of businesses and 24% of charities reporting any kind of cyber security breach or attack in the last 12 months.

The hosts also discussed the recent fine of £130,000 issued by the UK’s ICO to Join The Triboo Limited for bombarding people with spam emails. The company sent 107 million emails to 437,324 people between August 2019 and August 2020.

The Washington State Legislature passed the My Health, My Data Act or MHMDA, which applies to any legal entity that conducts business in the state, targets products or services to Washington consumers, or determines the purpose and means of collecting, processing, sharing, or selling consumer health data. The law covers any consumer whose data is collected in Washington and has a broad definition of “consumer health data.”

In the first article discussed in the episode, Bristows analyzed the ICO’s investigation outcomes for 2022, categorizing the incidents and investigations as “cyber” and “civil.” They found that 9% of cyber incidents and 85% of civil incidents progressed to investigations, with advice and reprimands being the largest categories of further activity by the ICO in relation to investigations conducted. The data also shows the ICO’s revised approach to enforcement against public authorities.

The second article reports that the Frasers Group, which owns the House of Fraser and Sports Direct, is facing backlash for using live facial recognition cameras to identify people who have been banned from their stores. The UK’s Information Commissioner’s Office has raised concerns about the practice, but it has not done anything to stop it.

The third article reports that slow progress is being made in the US towards drafting comprehensive privacy legislation, despite President Joe Biden’s call for it in his State of the Union address. While the US Privacy Act of 1974 established rules and regulations regarding US government agencies’ collection, use, and disclosure of personal information, there is still a lack of federal privacy legislation that covers the private sector.

GDPR Radio aims to make data protection easy to understand and easy to implement. With over 1200 subscribers and over 10K plays on Spotify, their weekly podcast is gaining popularity. Each episode covers a new topic, providing listeners with updates on the latest data protection and privacy news from around the world. The hosts provide insightful commentary and analysis, helping listeners navigate complex issues in an accessible and engaging way.

Listeners are encouraged to tune in to GDPR Radio’s free weekly podcast to stay informed about the latest developments in data protection and privacy. The podcast provides a welcoming and informative community for individuals and businesses looking to better understand and comply with data protection regulations.