Data Protection Commission Ireland’s Post

My colleague Dr. Tim Kraft (data protection specialist) has reviewed the guidelines the DSK (“Conference of Independent Federal and State Data Protection Authorities”) has published last week on the use of artificial intelligence. Please read his blog comment here:

For those wondering what the new government intends for data protection (surely that’s everyone?!) here’s a short summary

𝐂𝐀𝐋𝐋 𝐅𝐎𝐑 𝐏𝐔𝐁𝐋𝐈𝐂 𝐈𝐍𝐏𝐔𝐓 NPC Guidelines on the following: 𝟏. 𝐑𝐞𝐬𝐞𝐚𝐫𝐜𝐡 𝟐. 𝐃𝐚𝐭𝐚 𝐒𝐜𝐫𝐚𝐩𝐢𝐧𝐠 The Data Privacy Act of 2012 (DPA) mandates the National Privacy Commission (NPC) to monitor the country’s compliance with international standards for data protection. Pursuant to this mandate, the NPC is currently crafting the abovementioned guidelines. The NPC wants to hear from you. To create responsive regulations, the NPC requests inputs on your experiences, issues, and concerns on the following: 1. Processing of personal data for research purpose; research as a special case under the DPA’s Implementing Rules and Regulations, as amended; and 2. Processing of personal data using data scraping technologies, which collect or extract publicly accessible personal data in an automated manner online. The submission of concrete examples and use cases detailing these issues will be greatly appreciated. Your contributions will truly help in the creation of sound policies in the furtherance of the right to data privacy in the country. You may submit your comments, recommendations, and papers to 𝐩𝐨𝐥𝐢𝐜𝐲@𝐩𝐫𝐢𝐯𝐚𝐜𝐲.𝐠𝐨𝐯.𝐩𝐡 until 𝟑𝟏 𝐉𝐚𝐧𝐮𝐚𝐫𝐲 𝟐𝟎𝟐𝟒 with the following subjects: “𝐂𝐚𝐥𝐥 𝐟𝐨𝐫 𝐏𝐮𝐛𝐥𝐢𝐜 𝐈𝐧𝐩𝐮𝐭 – 𝐑𝐞𝐬𝐞𝐚𝐫𝐜𝐡” “𝐂𝐚𝐥𝐥 𝐟𝐨𝐫 𝐏𝐮𝐛𝐥𝐢𝐜 𝐈𝐧𝐩𝐮𝐭 – 𝐃𝐚𝐭𝐚 𝐒𝐜𝐫𝐚𝐩𝐢𝐧𝐠” We look forward to your responses. Thank you.

Here's a great short summary of some key topics for those wondering how UK law in tech & data may change following the Labour victory at the polls.

Fair Information Practices (FIPs) are a set of principles that serve as guidelines for the collection, use, and dissemination of personal information. These principles are designed to protect the privacy and rights of individuals, especially in the context of data processing and information systems. FIPs are commonly associated with data protection laws and regulations around the world. The key principles of Fair Information Practices typically include: 1. **Notice/Awareness**: Individuals should be informed about the collection, use, and disclosure of their personal information. This principle emphasizes transparency, and organizations are usually required to provide clear and understandable notices about their data practices. 2. **Choice/Consent**: Individuals should have the right to exercise control over their personal information. This principle allows individuals to choose whether their information is collected and how it is used, with some exceptions where consent may not be required (e.g., legal obligations or legitimate interests). 3. **Access/Participation**: Individuals should have the right to access the personal information that organizations hold about them and to request corrections or deletions if necessary. This principle aims to empower individuals to manage their own data. 4. **Integrity/Security**: Organizations are responsible for ensuring the security and accuracy of the personal information they collect, store, and process. This principle requires organizations to implement appropriate safeguards to protect against unauthorized access, data breaches, and other risks. 5. **Enforcement/Redress**: There should be mechanisms in place to enforce compliance with data protection laws and to provide remedies for individuals whose rights have been violated. This principle may involve regulatory oversight, enforcement actions, and avenues for individuals to seek redress. Fair Information Practices are foundational to many privacy laws and regulations, including the European Union's General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and various other national and regional laws. By adhering to these principles, organizations can build trust with their customers, mitigate risks associated with data processing, and demonstrate their commitment to respecting individual privacy rights.

“Data Protection: Is Your Organisation Compliant?” Just 24 hours to go until our May webinar, which is proving extremely popular with a very high sign up audience. ❓Is your organisation compliant? ❓Are you falling for common data protection myths or misconceptions? ❓Do you know about the new UK Data Protection Bill and how it might impact you? ❓Is AI legislation going to change how you do business? Find out all this and more, at 10am tomorrow. Book your place now! Moore ClearComm Moore Kingston Smith https://lnkd.in/emHdXSVe

We're excited to share that the May edition of our Data Protection Newsletter is now live! Our updates are your trusted source for the latest news, expert analyses, and practical tips on navigating the complex landscape of data protection. Read more: https://lnkd.in/e_i3Djz4

We've recently launched a new data protection newsletter which picks up key developments across Europe, the Middle East and Asia and focuses on their practical implications for organisations. Please sign up if it is of interest and let us know if it would be helpful to discuss the impact of any of the developments on your organisation. #dataprotection

This particular article is about data destruction vs deletion. It is a very important distinction within our world. Sometimes deletion is all that needs to happen. In other cases, especially in the medical and financial world, destruction is required. In this article it goes into a lot more detail for reasons why data needs to be protected. https://lnkd.in/gr4PCrKM

The Personal Data Protection Commission (PDPC) published five decisions between January and March 2024 after concluding the following investigations:   (a)       One investigation relating to the Consent and Purpose Limitation Obligations under the Personal Data Protection Act 2012 (PDPA); (b)       Two investigations relating to the Protection Obligation under the PDPA; (c)       One investigation relating to the Consent and Notification Obligations under the PDPA; and (d)       One investigation relating to a breach of the Do-Not-Call (DNC) provisions under the PDPA.   In this update, our Head of Intellectual Property, Technology & Data Chung Nian Lam and Partner Kylie Peh outline some decisions of interest relating to the enforcement of the Consent, Notification, and Purpose Limitation Obligations, as well as the DNC provision, under the PDPA.   Click on the link below to read the full update.