Data dispatch - July 2024

Welcome to the fifth edition of Data Dispatch from the Data Advisory team at RPC. Our aim is to provide you on a regular basis with an easy-to-digest summary of key developments in data protection law.

The format makes it easy for you to get a flavour of each item from a short summary, from which you can click "read full article".

Please do feel free to forward on the publication to your colleagues or, better still, recommend that they subscribe to receive the publication directly.

If there are any issues on which you'd like more information (or if you have any questions or feedback), please do let us know or get in touch with your usual contact at RPC.

Key developments

DPDI Bill falls in 'wash up' ahead of General Elections

The Data Protection and Digital Information Bill has been dropped in the Parliamentary 'wash up' process following the announcement of the general elections this summer.

Read the full article.

ICO consults on "consent or pay" business model

The ICO has called for views on the use of "consent or pay" business models which will contribute to the ICO's final regulatory position on this issue.

Read the full article.

AI Update

The EU AI Act has been signed. In the UK, the AI and Digital Hub has been set up to provide one-stop-shop regulatory advice on innovative tech .

Read the full article.

Enforcement action

ICO orders Serco Leisure and community leisure trusts to stop processing biometric data for the purposes of monitoring their employees

On 23 February 2024, the Information Commissioner's Office (ICO) announced the issuing of enforcement notices ordering Serco Leisure, Serco Jersey, and seven associated community leisure trusts to stop using facial recognition technology, and fingerprint scanning, to monitor their employees' attendance at work (see here).

Read the full article.

CJEU finds that a press release by the European Anti-Fraud Office indirectly identified the subject of a fraud investigation

On 7 March 2024, the Court of Justice of the European Union (CJEU), annulling a finding of the General Court of the European Union (GC), confirmed that, to determine if a data subject is indirectly identifiable, it is necessary to view the information in its entirety and to consider 'all the means reasonably likely to be used' by individuals to identify a data subject.

Read the full article.

Need to know

The ICO has issued guidance on the use of fines under the UK GDPR  

Read the full article.

The ICO plan to create an AI tool to identify websites which are using non-compliant cookie banners

Read the full article.

UK's ICO and USA's FCC collaborate to tackle unwanted communications

 The UK's Information Commissioner's Office (ICO) and USA's Federal Communications Commission (FCC) have announced that they have signed a Memorandum of Understanding (the Memorandum) regarding the protection of consumers from unsolicited communications.

Read the full article.