January 31, 2024
The legal world has kept us on our toes this January! Knowledge is power so we've prepared a short article to give you the down low - let's dive in..
In a positive development to the UK extension to the EU-US Data Privacy Framework (Data Bridge), the first panel of judges were announced to the US Data Protection Review Court (DPRC). The DPRC was created as part of a redress mechanism for UK (and EU) individuals who believe their personal data has been collected by US government when conducting signal intelligence activities in breach of applicable US law (which now incorporates the Data Bridge). You can read more about the introduction of the data bridge in this article.
The Science, Innovation and Technology Committee has released a report on AI governance, highlighting that the rapid development of AI has intensified the need for effective regulation. The report identifies twelve key challenges, including bias, privacy, and transparency issues, that policymakers must address to harness AI's benefits while safeguarding against harm. The Committee’s view is that, whilst a welcome effort, the UK government’s “pro-innovation approach to AI regulation” whitepaper from March 2023 is already at risk of falling behind the pace of development of AI. The AI Act is due to introduced in the EU at some point this year. You can read more about it and what UK businesses should be thinking about here.
The CMA also published its report on AI Foundation Models (large, machine learning models trained on vast amounts of data). This sets out the proposed principles underpinning how they will scrutinise the competition law and consumer protection aspects of developing AI markets. This set of principles is not viewed as the ‘finished article’ and the CMA now plans to seek engagement on the report and the principles from a wide range of people in the UK, US and elsewhere over the coming months to maximise the potential of this technology.
The ICO have been busy this month! In addition to their naming and shaming activity, they've also published guidance which aims to help employers understand their obligations under the UK GDPR and DPA 2018 when handling the health information of the people who work for them. The guidance is divided into two main parts: the first part offers an overview of how data protection law applies to processing workers' health information, emphasising data protection principles and compliance basics with links to more detailed guidance. The second part explores common employment practices involving the processing of workers' health information, addressing legal requirements and providing good practice advice. The term 'worker' in the guidance encompasses various work relationships, including those in the gig economy, and the guidance specifies what organisations must, should, and could do to comply with the law and good practice.