Latest News: Data
ICO’s Latest Announcements
The ICO has dropped some big updates for in-house counsel to take note.
Data Breaches: The Ripple Effect
The ICO Commissioner isn’t sugarcoating the impact of data breaches. According to him, these aren’t just “admin errors”—they’re serious failures that affect people’s privacy and security. Here’s a shocking stat: the ICO estimates that around 55% of the UK population has had their personal data exposed in a breach, and if you count data scraping, that number could skyrocket to 99.9%. So, nearly everyone in the UK has likely had their data floating around out there at some point.
Global Collaboration to Tackle Data Scraping
The ICO also teamed up with 16 global data protection authorities to issue a statement about data scraping, stressing that even if data’s publicly accessible, it still deserves privacy protections. The ICO’s message is clear: "publicly available" doesn’t mean "free for all." This international effort is a reminder of the serious privacy issues that come with handling even “public” data.
Enforcing the Children’s Code
The ICO’s third big update is all about stepping up enforcement of the Children’s Code. The office has been closely questioning platforms on whether they’re following the code to protect children. This effort comes at a crucial time, as new, deeply concerning cases illustrate just how much protection children need online. Recently, AI-created child abuse images have surfaced, and the BBC reported on chatbots that disturbingly replicate the voice and mannerisms of real young people, including Molly Russell —a teenager whose tragic death highlighted the urgent need for better safeguards online.
Molly’s story had a profound impact on the UK, raising awareness about the dangers of harmful online content and leading to stronger advocacy for the Online Safety Act. Her case serves as a powerful reminder of the responsibilities platforms have when it comes to protecting vulnerable users.
Other Developments Worth Watching
EU’s Battle with Temu
The EU Commission is taking a close look at Temu, the Chinese shopping app that’s been everywhere since it launched in April 2024. With 90 million active users, Temu’s now under fire for allegedly selling unsafe or illegal products and for using “gamification” to hook users. The Guardian reported that on Temu, even budget items like reading glasses are nearly sold out, highlighting its aggressive tactics.
The Environmental Impact of Everyday Tech
Chris Stokel-Walker’s piece in The Guardian broke down the environmental footprint of digital habits, reminding us that even small actions online have a cost. For example, sending an email? That’s 17 grams of CO2—the same as boiling half a kettle of water. And as Microsoft rushes to build new data centers, it’s clear that digital consumption has a real-world environmental impact.
EDPB’s New Guidance on Legitimate Interest
The European Data Protection Board (EDPB) just released guidance on when to use “legitimate interest” as a legal basis under the GDPR. They boiled it down to three core questions data processors need to answer. This is a big help for any organisations trying to stay compliant without getting tangled up in complex rules.
More News on Privacy and Data
Data (Use and Access) Bill hit the House of Lords : The bill had its first reading, so it’s officially in the works. See our recent article explaining.
Meta Brings Back Facial Recognition: Three years after saying goodbye to facial recognition for tagging, Meta announced it’s bringing it back for identity verification and scam prevention. But here’s the catch: Meta’s avoiding the EU, UK, and some US states (like Texas and Illinois) where it’s still hashing out the details with regulators.
Irish DPC Slaps LinkedIn with €310m Fine: LinkedIn took a hit for GDPR violations tied to behavioural analysis and targeted ads. The Irish DPC found that LinkedIn didn’t get proper consent and failed to follow rules for fair and lawful processing, resulting in this hefty penalty.
NOYB’s Complaint Against Pinterest: Privacy group NOYB filed a complaint with France’s CNIL, saying Pinterest’s default tracking for personalised ads violates user privacy rights. The complaint asks CNIL to impose a fine and require Pinterest to delete the data it’s using for ads.
CPCA Working with ICO on New Privacy Certification: The Coalition for Privacy Compliance in Advertising (CPCA) is partnering with the ICO to create a privacy certification for ad tech. They aim to launch in 2025, and big names in digital advertising are on board.