Data Protection Developments: what to expect in 2024

As we approach World Data Protection Day on 28^th January, it is once again an opportune time to look ahead at the key data protection trends which practitioners are bracing themselves for in 2024.

UK Data Protection Bill

Staying top of the list for 2024 is data protection reform in the UK.

The Data Protection and Digital Information Bill (DPDI) (see our previous article on this subject Change is here: New UK Data Protection and Digital… | Carson McDowell (carson-mcdowell.com)) has been carried over from the previous parliamentary session and may be implemented as early as Spring 2024. However, there are still a number of parliamentary stages remaining and with the prospect of challenges from the House of Lords and a potential UK general election on the horizon the final text of the Bill may be subject to change.

Artificial Intelligence (AI)

We can expect to see an increase in AI regulation globally in 2024. At present the UK government has not given any indication that they intend to legislate in this area. In contrast, the EU reached political agreement on the text of the new EU AI Act at the end of 2023 and it is anticipated that Act will be adopted by the European Parliament prior to the June 2024 elections. Whilst the Act will not apply to the UK it will have extra-territorial effect and will therefore have an impact on UK businesses operating in the EU who are using AI. These organisations will need to ensure that their use of AI is compliant with the Act.

Children’s Privacy

Children’s privacy is expected to be another area of increased regulatory focus in the year ahead. In addition to implementing the ICO Age Appropriate Design Code (Children's Code), organisations will also have to consider the ramifications of the UK Online Safety Act 2023 as well as emerging regulation in relation to AI.

International Transfers

After a flurry of developments in 2023, international data transfers will remain a key issue in 2024. The UK government is expected to seek adequacy decisions or data bridges for third countries including Singapore and the Dubai International Finance Centre (DIFC). It is also anticipated that the EU-US Data Privacy Framework will face legal challenge in what is already been dubbed “Schrems III”.

ICO enforcement

2024 promises to be a busy year for the ICO, according to its three year strategic plan - (see ICO: ICO25 strategic plan). The ICO will be focusing on the use of AI in recruitment, data protection compliance in the financial sector, data-sharing for child protection and safeguarding purposes, mobile phone extraction for criminal investigations. We can also expect to see the ICO conduct more Privacy and Electronic Communications Regulations (PECR) audits.

In the meantime, if you would like any further information or advice on these issues please contact Laura Cunningham Senior Associate in the Commercial Law team.

*This information is for guidance purposes only and does not constitute, nor should be regarded, as a substitute for taking legal advice that is tailored to your circumstances.