Registration window open (1 Jan - end of Feb)

If you use personal data in your work you are legally obliged to register during January and February each year.
NEW REGISTRATION? View guidance and create new registration here
EXISTING REGISTRATION? Sign-in to Registrations Portal here

Beyond our shores - September 2023 summary

Published: 4 October 2023

This is the ODPA's monthly round-up of data-related developments from around the world.
On 1 September, the BBC reported that X, formerly known as Twitter, will collect biometric data on its users, such as a photograph of their face, in an update to its privacy policy: https://www.bbc.co.uk/news/technology-66679922
On 4 September, the UK Parliament’s Science, Innovation and Technology Committee Government published an interim report on the governance of artificial intelligence which the government has two months to respond to: The governance of artificial intelligence: interim report - Science, Innovation and Technology Committee (parliament.uk)
On 6 September, the House of Lords passed the third reading of the UK Online Safety Bill. There was widespread coverage in the national media including the following:
Lords complete examination of Online Safety Bill - UK Parliament
Online Safety Bill - Hansard - UK Parliament
UK: 'Spy clause' in Online Safety Bill could lead to mass surveillance | Amnesty International UK
A Lord, a tech bro and a rabble rouser: The ragtag band fighting the UK’s encryption crackdown – POLITICO
UK ministers seek to allay WhatsApp and Signal concerns in encryption row | Digital media | The Guardian
UK has not backed down in tech encryption row, minister says | Reuters
On 7 September, the UK’s Information Commissioner’s Office (ICO) announced plans to review period and fertility tracking apps amid concerns over data security: ICO to review period and fertility tracking apps as poll shows more than half of women are concerned over data security | ICO
On 7 September, a French MP announced plans to challenge the new transatlantic deal allowing companies to freely transfer data between the EU and US before the European Union’s General Court: 
French lawmaker challenges transatlantic data deal before EU court – POLITICO
On 7 September, Google rolled out a new ad platform on Chrome which tracks the web pages visited and generates a list of advertising topics that “it will share with web pages whenever they ask”: https://arstechnica.com/gadgets/2023/09/googles-widely-opposed-ad-platform-the-privacy-sandbox-launches-in-chrome/
On 8 September, the UK’s Information Commissioner’s Office (ICO) published a summary of the ‘consensual audit’ of the Police Service of Northern Ireland which took place in May 2023 (before PSNI accidentally released details of their staff): Police Service of Northern Ireland | ICO
On 12 September, reports focused on the Google anti-trust trial in Washington DC. During the hearing, the tech giant dismissed arguments that it is the world’s biggest search engine because of illegal practices: https://www.bbc.co.uk/news/business-66790608
On 14 September, Tesla CEO Elon Musk says there was "overwhelming consensus" for regulation on artificial intelligence after tech heavyweights gathered in Washington to discuss AI: https://www.bbc.co.uk/news/technology-66804996.amp
On 15 September, Ireland’s Data Protection Commission (DPC) announced €345 million fine for TikTok for violations around children’s data: Irish Data Protection Commission announces €345 million fine of TikTok | 15/09/2023 | Data Protection Commission
On 20 September, the House of Lords passed the UK Online Safety Bill: Online Safety Bill: Online Safety Bill: Crackdown on harmful social media content agreed - BBC News
On 21 September, the UK-US Data Bridge was announced by the UK’s Department for Science, Innovation and Technology (DSIT) on 21 September and is due to enter into force on 12 October. If companies meet certain conditions, they will be able to transfer personal data to the US without using legal safeguards, such as Binding Corporate Rules (BCRs) and Standard Contractual Clauses (SCCs). This UK-US instrument follows the recently adopted EU-US version: UK-US data bridge: explainer - GOV.UK (www.gov.uk)
On 21 September, cybersecurity news publication the Record (from Recorded Future News) reported that the British government had sacked all members of an independent advisory board of experts intended to hold public sector bodies to account: British government quietly sacks entire board of independent AI advisers (therecord.media)
On 24 September, the BBC reported on AI-generated naked images of young girls from a small town in southern Spain. The pictures were created using photos of the targeted girls fully clothed, many of them taken from their own social media accounts and processed by an app that generates an imagined image of the person without clothes on: AI-generated naked child images shock Spanish town of Almendralejo - BBC News
On 24 September, Spotify announced it had no plans to completely ban content created by AI from the music streaming platform: https://www.bbc.co.uk/newsround/66922847
On 26 September, the BBC reported that a hospital trust had failed to send out 24,000 letters from senior doctors to patients and their GPs after they became lost in a new computer system: Newcastle Hospitals says computer error lost patient letters - BBC News