We value your privacy

We use cookies to enhance your browsing experience, serve personalised ads or content, and analyse our traffic. By clicking "Accept All", you consent to our use of cookies.

Customise Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorised as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyse the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.

No cookies to display.

Data Protection Updates - November 2024

17 Dec

1. AI FOR RECRUITMENT

The ICO published a report on using and developing AI tools for recruitment. The report provides seven key principles to keep in mind: (1) fairness, (2) transparency and explainability, (3) data minimisation and purpose limitation, (4) data protection impact assessments, (5) data controller and processor roles, (6) explicit processing instructions, and (7) lawful basis and additional condition.

The recommendations highlight the expectation for AI providers and employers to ensure they comply with their data protection obligations.

2. DIRECT MARKETING

The Financial Conduct Authority, the Information Commissioner’s Office (ICO) and The  Pension’s Regulator issued a joint statement providing clarity for firms and pension scheme trustees and managers.

They explain that pension scheme trustees and managers can provide regulatory communication messages to customers, even if they have not obtained direct marketing permissions, provided that they provide neutral and factual information enabling customers to make informed decisions.

3. PRIVATE INVESTIGATORS

The ICO published a Code of Conduct for private investigators to which they can sign up. Signing up to the Code will indicate which investigators are compliant with data protection requirements. The Code is aimed at helping investigators in balancing their investigations with people’s right to privacy.

4. CYBER RESILIENCE ACT

The EU Cyber Resilience Act has been published in the Official Journal of the European Union.  It sets  cybersecurity requirements for the design, development, production and market availability of products that have digital elements.

Products compliant with the Act will bear the CE marking to allow customers to identify compliant products.

Whilst some requirements will apply from 11 June 2026, full compliance will only be required from 11 December 2027.

5.  META v SCHREMS

In C-446/21 (Schrems v. Meta), the Court of Justice of the European Union (CJEU) ruled in favour of Max Schrems, significantly limiting the use of personal data for advertising by enforcing the principle of data minimisation. Additionally, the court restricted the use of publicly available personal data to its originally intended purposes, clarifying that information made public later (such as Max Schrems’ sexual orientation) cannot retroactively justify earlier data processing for different purposes (in this case, advertising

6.  COMBATTING FRAUD

The ICO released new advice urging organisations to share personal information responsibly to combat scams and fraud. It emphasises that data protection laws do not prevent fair and proportionate data sharing, and this guidance aims to help organisations understand how to protect their customers effectively while complying with legal requirements.

For more information, feel free to contact our Data Specialist Deborah Tastiel at Deborah.Tastiel@asserson.co.uk or our Commercial Law partner and Head of Technology, Simon Weinberg at Simon.Weinberg@asserson.co.uk.