Comment: We are in lockdown but privacy work accelerates

There does not seem to be much of an impact on privacy staffing due to Covid-19, but new issues have arisen that burden DPOs – testing of employees and monitoring of staff working from home, for example. HR departments and DPOs together have an important task in ensuring that employees do not fall victims of unnecessary processing of sensitive data, including on our wellbeing. Read on p.12 more about these issues.

Brexit is round the corner and it is quite possible that the UK will not be granted adequacy if the trade negotiations fail. Read about the House of Lords’ concerns regarding data transfers (p.11).

At the end of October, the European Parliament adopted proposals on how to regulate AI, and the EU Commission is expected to publish draft legislation next year. It is hoped that at EU level, legislation will provide a formal definition of AI and guidance on how to identify “high risk” processing. The ICO has now helpfully clarified its thinking on AI, and says that a zero-tolerance approach to risk in the use of AI is not realistic (p.20).

The National Data Strategy (p.8) has caused a stir amongst commentators. The government says that it will agree ambitious data provisions in the trade negotiations. Maybe by the time we publish our next issue in January, we will have clarity on what has been agreed and what happens to the UK DP regime.

The ICO’s proposed guidance on regulatory action is important reading for any DPO, especially in light of the recent fines for BA and Marriott (p.1). Will mass claims for data privacy breaches be the new norm (p.15 and p.18)?

The European Data Protection Board has issued guidance on controllers and processors (p.1) – a topic that also features in our Germany data protection series of webinars and a recent podcast with a Swedish member of the EDPB taskforce.

Laura Linkomies
Editor, Privacy Laws & Business

November 2020