24 December 2024

Data protection 2024: Key trends and predictions for 2025

It has been a transformative year for data protection, from innovative legislation and landmark CJEU decisions to a global movement towards responsible artificial intelligence.

In our final blog of 2024, we look back at the year’s highlights, anticipate global trends for 2025, and provide businesses with key strategies for staying ahead of the evolving data protection landscape.??

?Read our final blog of 2024

DUA Bill could make international data transfers easier

The proposed Data (Use and Access) Bill introduces a new ‘data protection test’ into the UK’s international transfers regime. The new test requires data protection in third countries to be ‘not materially lower’ than in the UK. It is not yet clear how this will differ from the current ‘essentially equivalent’ standard, but data protection experts suggest this could potentially lower the threshold for adequacy.??

?The change could make it simpler for:?

• The UK government and the Information Commissioner’s Office (ICO) to declare more countries as adequate for data transfers?
• Businesses to assess and manage risks when transferring data using safeguards?

The Bill will also introduce a transfer blacklist, that will prohibit organisations from transferring personal data to certain countries, where the restriction is in the public interest.??

Read more on the implications for international data transfers?

ICO take regulatory action against 4 public authorities

The Information Commissioner’s Office (ICO) has taken regulatory action against four public authorities that failed to meet their obligations under the Freedom of Information Act (FOIA).?

The City of London Police have been issued with an enforcement notice for its FOI failings, which include a low compliance rate of 68% for 2023/24 and a large backlog of older requests. As part of the enforcement notice, the force must develop an action plan for timely responses and clear the existing backlog of requests within 6 months.??

The ICO also issued practice recommendations to Staffordshire Police, Dorset Police, and Goldsmiths, University of London. The recommendations set out improvements each organisation can make to better comply with their legal obligations under the FOIA, such as improving information rights practices and ensuring transparency.??

For more information on Freedom of Information requests and how to respond, read our blog,?FOI vs DSAR: What’s the difference??

EU Cyber Resilience Act enters into force?

On 10 December 2024, the EU Cyber Resilience Act (CRA) entered into force. The Act aims to enhance the cybersecurity of products with digital components by introducing essential requirements for their design, development, production, and vulnerability handling.??

Obligations for manufacturers include:?

• Conducting conformity and risk assessments?
• Exercising due diligence when integrating third-party components?
• Establishing appropriate policies and procedures?
• Taking corrective measures for non-conforming products?
• Providing instructions for users?
• Reporting incidents to governing agencies and impacted users?

Read the Cyber Resilience Act?

EU and UK hold second cyber dialogue?

On 5-6 December 2024, the European Union and the United Kingdom held their second cyber dialogue in London, as part of the EU-UK Trade and Cooperation Agreement. The annual dialogue aims to address the growing importance of cybersecurity in international relations, ensuring that both the EU and UK remain aligned on cybersecurity policies and can effectively respond to emerging cyber threats.??

Key topics included:?

• Approaches to cyber resilience, secure technology, and digital identity?
• Strategies to deter cyber threats and combat cybercrime, including ransomware?
• Promoting responsible State behaviour in cyberspace?
• Developing cyber skills and building capacity for better incident response?

Read more about the dialogue?

Michigan Senate passes SB 1082 on reproductive health data?

On 5 December 2024, the Michigan Senate passed Senate Bill 1082, also known as the Reproductive Health Data Privacy Act. The Bill aims to regulate the collection, processing, and selling of reproductive health data.??

Key provisions include:?

• Requiring explicit consent from individuals?before their reproductive health data is collected, processed, or sold?
• Data minimisation and retention practices?to ensure that only necessary data is collected and retained for the minimum period required?
• Geofencing restrictions?to prohibit the use of geofences around facilities that provide reproductive health services??
• Disclosure regulations?to ensure such data is not shared without explicit consent?

Read Senate Bill 1082?

US Senators introduce Health and Location Data Protection Act?

On 10 December 2024, US Senators introduced the Health and Location Data Protection Act 2024, aiming to safeguard individuals’ sensitive health and location data from being exploited by data brokers.??

The proposed bill would:?

• Prohibit data brokers from selling or transferring health and location data?
• Enhance privacy protections for consumers?
• Ensure robust enforcement of the Act’s provisions?
• Provide $1 billion in funding to the Federal Trade Commission?

The Act would also provide exceptions for data handling that complies with existing privacy laws, such as the Health Insurance Portability and Accountability Act (HIPAA).?

Read the Bill?

New Zealand’s OPC receives record number of privacy complaints

According to its Annual Report 2024, the Office of the Privacy Commissioner (OPC) of New Zealand received a record 1,003 privacy complaints in the last financial year. The OPC said the complaints could signal that citizens are more aware of their privacy rights but are more likely due to poor privacy practices across the country, as businesses also reported 864 data breaches.??

The OPC has proposed four amendments to the Privacy Act 2020 to modernise data protection practices and keep pace with technological advancements. These include:?

• Enhancing privacy rights for individuals?
• Establishing a stronger penalty regime?
• Requiring agencies to demonstrate compliance?
• Stronger protections for automated decision-making?

Read the OPC’s Annual Report 2024?

We are recruiting!

To support our ongoing requirement to continuously grow our remarkable and extraordinary?#ONETEAM, we are seeking candidates for the following positions:

• Data Protection Officers (United Kingdom)
• Data Protection Officer - Life Sciences (United Kingdom/The Netherlands)
• Data Protection Officers (The Netherlands)
• Data Privacy Officers (Canada)
• Data Protection Support Officers (United Kingdom)
• Copywriter (United Kingdom)
• Partnerships Account Manager (United Kingdom)

If you are looking for a new and exciting challenge, and the opportunity to work for a?Great Place to Work-Certified? company, one of the UK's?Best Workplaces for Women?and?Best Workplaces in Consulting & Professional Services,?apply today!