Data & Privacy Matters: EP1 Legal Updates – January 2024

In this first episode of Fieldfisher's new Data & Privacy Matters podcast, Lorna Cropper, Chloe Abbott and trainee Sophie Milne round up the key data and privacy news from January 2024.

They examine the legislative developments from the EU in the month that the EU Data Act entered the Official Journal and the draft EU AI Act was leaked. Recent ICO actions, such as its generative AI consultation and the positive response to its cookie enforcement, are discussed before attention turns to some key regulatory fines.

A spotlight is also aimed at the EDPB's One-Stop-Shop case digest focused on the Security of Processing and Data Breach Notifications. The case digest report was finalised before the CJEU's judgment in the Bulgarian matter (case C-340-21). Whilst the podcast does not discuss this case, it considered appropriate security measures with the judgment holding that the controller needs to prove that "appropriate" technical and organisational measures were adopted to prevent a data breach. Please see the link below for further information

With the volume of continuous developments in the data and privacy ecosystem, it can be hard to stay on top of the key news stories. This is a must-listen podcast to catch up on notable data and privacy news in the past month and consider what your business or organisation needs to be doing in response.

Sources of the news discussed

EU Data Act

• Text of the Act - Regulation - EU - 2023/2854 - EN - EUR-Lex (europa.eu)
• Fieldfisher article – The_New_EU_Data_Act_-_An_Overview_-_2024_oqizes.pdf (cloudinary.com)

EU AI Act

• European AI Office - Commission Decision Establishing the European AI Office | Shaping Europe’s digital future (europa.eu)

ICO AI Consultation

• ICO Gen AI - ICO's consultation series on generative AI
• ICO Fining Guidance - ICO consultation on draft Data Protection Fining Guidance | ICO

EDPB DPO Enforcement Action:

• EDPB Report - Coordinated Enforcement Action, Designation and Position of Data Protection Officers | European Data Protection Board (europa.eu)

EDPB One Stop Shop Case Digest:

• EDPB Report - One-Stop-Shop case digest on Security of Processing and Data Breach Notification | European Data Protection Board (europa.eu)

EDPB Website Auditing Tool

• EDPB Announcement - EDPB launches website auditing tool | European Data Protection Board (europa.eu)

ICO Advertising Cookies

• ICO Update Jan 2024 – ICO warns organisations to proactively make advertising cookies compliant after positive response to November call to action | ICO
• ICO Statement Nov 2023 - Commissioner warns UK’s top websites to make cookie changes | ICO

ICO Generative AI consultation

• ICO Statement - Information Commissioner’s Office launches consultation series on generative AI | ICO

Fines

• Amazon appeals CNPD fine - MLex | Amazon’s appeal of record GDPR fine to go to Luxembourg court in January 2024 (paywall)
• Amazon CNIL fine – Employee monitoring: French SA fined Amazon France Logistique €32 million | European Data Protection Board (europa.eu)
• Yahoo! CNIL fine - Cookies: CNIL fined Yahoo! €10 million | CNIL
• Tiger Black Belgian DPA fine - Belgian SA sanctions Black Tiger Belgium | European Data Protection Board (europa.eu)
• Hello Fresh ICO fine - Grocery Delivery E-Services UK Ltd t/a HelloFresh | ICO