The past week in data protection

It’s the end of another week in the world of data protection so it's time for another bite-sized round up of the past seven days or so:

• The ICO has published the second edition of its “Tech Horizons Report”. This looks at the privacy and data protection implications of eight new and emerging technologies (genomics, immersive virtual worlds, neuro-technologies, quantum computing, commercial drones, personalised AI, next-generation search and central bank digital currencies). Whilst the report should not be read as a list of enforcement priorities, it does give an early indication of the ICO’s thinking on where the main risks lie across these topics as well as being a useful introduction to each.
• The UK government has published a new AI policy paper which concluded that it is not the right time to implement new laws regulating AI, and that the UK should wait until the understanding of the risks posed by AI has matured. This continues to demonstrates the fundamental differences in approach between the UK and the EU, where the landmark AI Act is nearing formal adoption.
• The Brazilian data protection authority has issued guidance on the use of legitimate interests for processing personal data under the Brazilian data protection law (LGPD), including how to apply the required balancing exercise. This will obviously be familiar territory to EU and UK practitioners, and the Brazilian guidance broadly follows the three step process required under the GDPR in terms of assessing: (i) purpose; (ii) necessity; and (iii) balancing and safeguards. This level of alignment is encouraging for those operating global compliance programs, although of course one must always carefully check local nuances when carrying out legitimate interests assessments.
• Amazon and Reach (the UK's largest publisher) have announced a partnership for the sharing of "contextual" first party data to facilitate ad sales. In a “cookie-less” world, it is clear that sophisticated (and AI driven) contextual tools will be crucial to help brands to reach their intended audiences and publishers to successfully monetise their content.
• The ICO has now concluded its review of period and fertility apps, which involved contacting app providers and users. Whilst the ICO did not identify any serious compliance issues or evidence of harms, the ICO did highlight some areas for improvement and issued a reminder to all app developers on the importance of protecting personal data (and especially sensitive personal data).