Celebrating the Fifth Anniversary of the UK GDPR
In a special episode of the Data Protection Made Easy podcast, hosted by Data Protection People, data protection practitioners from around the world gathered to celebrate the fifth anniversary of the General Data Protection Regulation (GDPR). The hosts of the podcast, Jasmine Harrison, Joe Kirk, and Philip Brining, joined the live audience to discuss the latest updates and insights in the field of data protection.
The Data Protection Made Easy podcast has become a go-to resource for individuals passionate about data protection. Week after week, the hosts provide expert opinions and analysis on a wide range of topics, keeping listeners informed and engaged. This celebratory episode marked a milestone for both the GDPR and the podcast itself.
The episode kicked off with a discussion on the challenges of AI technology in school security. The hosts highlighted a recent report by the BBC, which revealed that an AI scanner used in hundreds of US schools had missed knives during security checks. This news raised concerns about the effectiveness of AI systems in ensuring safety and emphasised the need for rigorous testing and validation before implementing such technologies.
Another topic that caught the hosts’ attention was Amazon’s palm-scanning technology, which allows users to purchase drinks without ID verification. The Verge reported on the convenience of this technology, but it also raised questions about privacy and data protection. The hosts delved into the implications of using biometric data for age verification and the need for robust safeguards to protect individuals’ personal information.
The episode also covered significant developments in data protection enforcement. One noteworthy event was the record fine imposed on Meta (formerly Facebook) by Ireland’s Data Protection Commission. The company was fined €1.2 billion for breaching data export restrictions under the GDPR and was ordered to terminate transfers of personal data to the US within five months. This decision highlighted the importance of compliance with data protection laws and the consequences for non-compliance.
The hosts further discussed the actions taken by major technology companies regarding AI privacy concerns. Apple, for instance, decided to restrict the use of ChatGPT, an AI language model, by some employees due to concerns about mishandling and leaking of confidential data. Similar measures were taken by Microsoft’s Github Copilot and Samsung with OpenAI’s ChatGPT. This raised important questions about the responsible use of AI technologies within organisations and the need for safeguards to protect sensitive information.
The European Data Protection Board (EDPB) also made headlines with its adoption of guidelines on facial recognition technologies in law enforcement. The guidelines addressed relevant stakeholders, including EU law-making bodies, law enforcement authorities, and officers using facial recognition technology. These guidelines provided valuable insights into the responsible and lawful use of facial recognition technology and were relevant not only to EU organisations but also to those operating in the UK.
The episode also touched upon the Information Commissioner’s Office (ICO) taking action against public authorities for delays in responding to Subject Access Requests (SARs). Plymouth City Council and Norfolk County Council were reprimanded for repeatedly failing to meet the legal deadline for responding to SARs. The ICO’s actions highlighted the importance of timely and compliant handling of SARs by public authorities.
Furthermore, the ICO fined two companies a total of £180,000 for making unlawful marketing calls to businesses registered with the UK’s ‘Do not call’ register. Ice Telecommunications Ltd and UK Direct Business Solutions Limited received fines for persistent and rude marketing practices. The ICO’s announcement coincided with the launch of video resources aimed at helping small businesses and sole traders ensure their marketing activities comply with relevant legislation.
In international news, the French Supervisory Authority, CNIL, unveiled its action plan on artificial intelligence. The plan aimed to support the deployment of AI systems while ensuring respect for personal data. It included activities such as understanding the impact of AI on individuals, guiding the development of privacy-respecting AI, and investigating complaints related to AI, including generative AI. This demonstrated the proactive approach of regulatory bodies in addressing the challenges posed by AI technologies.
Finally, the hosts covered a story about real estate agents in Australia resisting proposed privacy law changes. The agents argued that additional responsibilities and increased regulatory risks could burden small businesses. They suggested a Code of Practice as an alternative solution to ensure the protection of customer and tenant data.
As the episode drew to a close, the hosts expressed their gratitude to the Data Protection Made Easy community. This network of like-minded individuals, consisting of data protection practitioners and enthusiasts, has made the podcast a resounding success. The hosts promised to return next week with an episode titled ‘Beyond Consent – Understanding Different Lawful Bases For Data Processing (Part 2)’.
And that concludes this week’s episode of Data Protection Made Easy. Stay tuned for more updates and insights on data protection in our upcoming episodes. Remember to subscribe and join our community of data protection professionals.