DPAS Data Protection Bulletin – February 22 2024

dpas bulletin - february 22

Welcome back to our monthly DPAS bulletin, where we cover the latest data protection news from all around the world.

What lawsuit of former President Trump’s was rejected by a UK high court judge? Why did the ICO reprimand two police organisations? And how many signatures has a petition against benefit claimant bank account checks surpassed?

Read about all this and more in our latest DPAS Data Protection Bulletin.

Key Insights

ICO approves legal services certification scheme

The Information Commissioner’s Office kicked off February with the approval of a new certification scheme – the Legal Services Operational Privacy Certification Scheme (LOCS) – designed to assist legal service providers with demonstrating their compliance with UK data protection law. This scheme is the fifth set of UK GDPR certification criteria approved by the ICO.

Read about this new scheme here.

Donald Trump’s data protection lawsuit dismissed by London high court judge

Former US president Donald Trump had a data protection claim for damages over allegations of taking part in “perverted sex acts” and bribing Russian officials – rejected by a high court judge in London early this month. These allegations were made in a dossier – a report to investigate Russian influence on the 2016 US presidential campaign – by Christopher Steele of Orbis Business Intelligence in 2016. This was then published by BuzzFeed in 2017.

The 2024 Republican candidate frontrunner claimed that his data protection rights had been breached, and had expressed a willingness to bring evidence to court. The ruling, however, was that the claim was made too late, falling outside the six-year period of “limitations”, and was therefore in favour of Orbis Business Intelligence.

Read more about this case here.

ICO urges app developers to ensure they are prioritising privacy

Following a review of period and fertility apps (that thankfully identified “no serious compliance issues or evidence of harms”), the ICO has issued a reminder to all app developers to ensure that the privacy of their users is being prioritised.

The Commissioner provides four practical tips: to be transparent, to obtain valid consent, to establish the correct lawful basis, and to be accountable for the personal data being processed.

Read the ICO’s advice here.

Report by Coveware reveals that fewer ransomware victims are paying

In the latest quarterly report by Coveware, it has been discovered that the percentage of victims of ransomware attacks that opted to pay the ransom has dropped to a record low – 29%. This has fallen from 41% in Q3 2023, 34% in Q2, and 45% in Q1.

This drop is said to be the result of numerous variables. Some examples are an increased awareness of what can be reasonably expected from a paid ransom, a decrease in trust that cybercriminals will actually refrain from publishing or misusing the stolen data, and companies becoming increasingly better at recovering from these incidents without the use of a decryption tool.

Read the full report here.

OpenAI introduces “Sora”, a new text-to-video model

OpenAI has just announced a brand new text-to-video model called Sora, capable of generating full videos (of up to a minute long) based on the user’s text prompts. This technology is able to “generate complex scenes with multiple characters, specific types of motion, and accurate details of the subject and background”.

To combat concerns around authenticity and privacy, OpenAI states that they are implementing a variety of safety measures so that videos made using Sora are identified as such, and hateful content, bias, and IP theft are made impossible through the rejection of certain prompts.

Read more about this new model here.

ICO publishes Valentine’s Day advice for small beauty and wellbeing businesses

The Information Commissioner’s Office went against the standard flowers and chocolates this year, opting instead to gift small businesses with a piece of advice: to prove to customers that their personal data is protected and respected.

The ICO advises these businesses, in a nutshell, that to earn and maintain customer trust, it’s vital to demonstrate that they demonstrate a genuine care and concern for the protection of the personal information they’re responsible for, and compliance with all relevant data protection legislation.

Read the ICO’s advice here.

Government Regulatory Activity

Petition against benefit claimant bank account checks surpasses 20,000 signatures

A petition – started by Wendy Scott – urging the UK Government not to introduce regular bank account checks on benefits claimants has exceeded 20,000 signatures. The petition stresses that most people claiming benefits are “not fraudsters”, and that Ministers are “taking too aggressive an approach towards benefit claimants, in a way which denies freedom and rights of privacy”.

On the 5th February, the Government gave a response to this, stating that the measure does not allow DWP to access claimants’ bank accounts, and “will only flag information if it is relevant to someone’s eligibility for the benefits they are receiving”.

View this petition and the response here.

Secretary of State brings motion to extend DPDI bill before it lapses

Michelle Donelan, Secretary of State for Science, Innovation and Technology, brought a motion on 7th February to extend the time before the Data Protection and Digital Information (DPDI) Bill lapses to 12th December 2024.

The previous intention was for the government to get the Bill to Royal Assent by this spring, but by 12th December, the country will be a maximum of a month away from a general election. While this motion itself does seem to indicate that the government is keen to get the Bill to the finish line, if time did end up running out on it, it would be up to the next government to decide on the continued development of UK data protection law.

Read more about this here.

UK Government publishes response to AI regulation consultation

The Government published a response on 6th February 2024 to the 12-week consultation on its AI Regulation White Paper – which sets out five principles for regulating AI – published in March of last year.

In this response, the Government states that the five principles have received “strong support”, and that some UK regulators have already begun implementing them. It also lays out some of their next steps for 2024. These include continuing progress on promoting AI’s benefits and combating the risks that AI could pose, by, for example, establishing an international dialogue to acknowledge risks shared between nations with regards to concerns like electoral interference.

Read the full response here.

Temporary CSAM detection solution extended to April 2026

In late January, the Civil Liberties Committee (LIBE) endorsed the extension of temporary rules that allow the detection of online Child Sexual Abuse Material (CSAM). This detection is normally prohibited in EU legislation, but the derogation in place, originally set to expire in August 2024, permits certain measures to aid the combating of this material.

On 15th February, this temporary solution received an agreed extension, which will be in place until April 2026, a compromise between the May 2025 date suggested by EU lawmakers, and the 2027 date requested by member states.

Read more about this news here.

Home Office changes to immigration exemption welcomed by ICO

Data Protection and Digital Information (No. 2) Bill (DPDI)

Draft regulations set to amend the immigration exemption in the Data Protection Act have been met with approval from the ICO after the Home Office consulted them about the proposed changes. Deputy Commissioner for Regulatory Policy, Emily Keaney, states that they “particularly welcome that the legislation now sets out that use of exemption must be necessary and proportionate, and applied on a case-by-case basis, taking into account the potential vulnerability of the person concerned, and the impact on their rights and freedoms.”

Read the ICO’s full response here.

European Parliament Committees vote overwhelmingly in favour of AI Act

On 13th February, the Internal Market and Civil Liberties Committees voted in favour of the result of negotiations on the Artificial Intelligence Act (AI Act), with an overwhelming 71-8 vote (with 7 abstentions). The AI Act regulates the deployment and development of AI systems, banning applications deemed too dangerous, and putting rules in place that protect individuals’ rights and freedoms in relation to, for example, ways that their personal data can be “scraped” for the purposes of AI training.

Read more about this here.

Government Regulatory Activity

ICO issues final reprimands to both Dorset, and Devon and Cornwall Police

As a result of continuous infringement of Article 12(3) of the UK GDPR and Part 3, Chapter 3, Section 54 of the DPA 2018 over the last four years, the ICO has decided to issue final reprimands to Chief Constable Dorset Police and Chief Constable Devon and Cornwall Police. In these particular instances, the organisations were found to fail to respond to subject access requests within the required timeframe – backlogs that have existed since 2018.

Read more about the Chief Constable Dorset Police reprimand here, and the Chief Constable Devon and Cornwall Police reprimand here.



After weeks of meticulous planning, our 2024 data protection and information security conference is finally behind us!

We’re thrilled to say that the talks from our expert speakers, workshop delivered by the Regional Cyber Crime Unit (RCCU) and the full day of networking were all a great success, and we simply can’t wait to host our next event.

You can read all about our conference in one of our latest blog posts here.

Check out our page on the DPDI Bill

The developments surrounding the Data Protection and Digital Information Bill (No. 2) (DPDI) can be quite daunting to get your head around at first. There’s a lot of new information to take in, and it can be difficult to understand what the proposed changes really mean.

This is why we’ve added a new page to our website all about this, so that you have a one-stop-shop to familiarise yourself with the DPDI Bill and what each individual change seeks to amend.

You can read all about this on our new webpage.


If you need any support in ensuring your organisation is complying with the relevant legislation, or require training in the areas of data protection and information security, get in contact with us.

Either call us on 0203 3013384, email us at info@dataprivacyadvisory.com, or visit our website at www.dataprivacyadvisory.com and fill out a contact form. Our dedicated team will get back to you as soon as possible.

related posts

Get a Free Consultation