• 02 Oct 2023
• •
• 2 min read

Data Protection Quarterly News Roundup (July to September 2023)

As we move from a rather wet summer into autumn our data protection highlights from the last three action packed months are set out below:

International data transfers

To start with there is big news in relation to international transfers. The first legal challenges in respect of the EU-US Data Privacy Framework (DPF) have been lodged but more importantly for UK organisations the UK extension to the DPF (aka the UK / US data bridge) has been approved and will come into effect on 12 October 2023. It is important to note though that this is a limited data bridge allowing UK organisations to transfer personal data (without the need for further safeguards like the UK addendum plus EU standard contractual clauses and without the need to carry out a transfer risk assessment) only to US organisations certified under the DPF. You can find more information here: https://www.gov.uk/government/publications/uk-us-data-bridge-supporting-documents/uk-us-data-bridge-explainer.

Harmful website design

The Information Commissioner’s Office (ICO) and the Competition and Markets Authority issued a position paper (which you can read here https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2023/08/it-s-time-to-end-damaging-website-design-practices-that-may-harm-your-users/) in relation to harmful website design, which includes amongst other things commentary in relation to appropriate cookie banners.

ICO guidance

At the end of August the ICO published two sets of interesting guidance:

• firstly relating to email and security (most notably the use of blind copy in emails): https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2023/08/ico-publishes-new-guidance-on-sending-bulk-communications-by-email/.
• secondly, guidance about the processing of information about workers’ health by employers: https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/employment-information/information-about-workers-health/.

The Children’s Code

The ICO has also published some updates in relation to its Children’s Code and the concept of ‘likely to be accessed’ by children: https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/childrens-information/childrens-code-guidance-and-resources/likely-to-be-accessed-by-children/.

Artificial Intelligence

Finally, the ICO has published some guidance to help organisations understand the much discussed topic of AI: https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/artificial-intelligence/explaining-decisions-made-with-artificial-intelligence/part-1-the-basics-of-explaining-ai/

Our data protection team have many years of experience in advising organisations on their compliance with UK data protection law. To speak to one of the team you can get in touch here or call us on 0800 2800 421. 

If you have not received this article directly, but would like to receive articles and data protection news alerts from Trethowans, please contact [email protected].