Data Protection Quarterly News Roundup (October to December ...
As we step into 2025, it's time to review the data protection developments that took place in the final quarter of 2024.
New audit framework from the ICO
In October, the ICO introduced a new audit framework aimed at helping organizations evaluate their compliance with data protection laws. This framework is expected to empower organizations to enhance their data protection practices.
European Data Protection Board (EDPB) opinion on AI models
The EDPB published an opinion regarding the compliance of AI models with the EU GDPR. This opinion delves into various aspects, including the anonymity of AI models, legal bases for AI processing, and implications of using AI models developed with unlawfully processed data.
ICO report on data protection in generative AI
The ICO released a detailed report focusing on data protection in generative AI. The report highlights areas of concern such as transparency in training data and the incorporation of individual rights into AI models.
ICO report on the use of AI tools in recruitment
In November, the ICO published outcomes of audits conducted on developers and providers of AI tools used in recruitment. The report included nearly 300 recommendations for developers and recruiters to enhance their practices.
Open AI receive €15 million fine
Italian data protection authority imposed a €15 million fine on Open AI for issues related to ChatGPT, along with additional requirements for a messaging campaign to educate users.
EDPB opinion on controller accountability in sub-processing chains
The EDPB released an important opinion regarding controller accountability in sub-processing chains, emphasizing the responsibility of controllers throughout the processing chain, including international transfers.
Changes at Google draw attention from the ICO
Google's decision to allow fingerprinting techniques has raised concerns, leading the ICO to publish a statement expressing its views on the matter and its potential impact on user privacy.
Data subject compensation claims
A recent case in the German Federal Court of Justice shed light on data subject compensation claims, indicating a more favorable stance towards data subjects seeking compensation for non-material damages.
The effects of data breaches
The ICO highlighted the devastating impact of data breaches on individuals in a blog post, urging organizations to prioritize data protection efforts.
Fines in the UK
While fines under the GDPR remained low in the UK in 2024, there were notable penalties for breaches of PECR during the quarter.
Data protection reform
Progress on data protection reform is underway, with expected legislative changes by spring 2025.
EDPB guidelines on Technical Scope of Article 5(3) ePrivacy Directive
The EDPB issued guidelines on the Technical Scope of the ePrivacy Directive, addressing various technologies beyond cookies and their implications for data protection.
