An introductory overview of the data protection challenges arising from the processing of Neurodata

Experts in ethics, data protection and data security have been discussing the recent development of new devices and methodologies for using information directly taken from the brain. These new advances are focused on understanding how the human brain works. As there is not an agreed definition of neurodata, concepts such as: “personal brain data” (defined […]
AI algorithms in the civil service: Managing risks and safeguarding rights

In our monthly ‘What the tech?’ series, our team of subject matter experts, social scientists, data scientists, engineers, ethicists, and legal experts explore the most recent trends in tech and AI, discussing the social implications and providing practical, actionable solutions. AI is everywhere. You might be hearing reports from its evangelists convinced it’s going to […]
The new EU-US Data Privacy Framework: the solution to transatlantic data flows?

The ability to transfer data between countries is the bedrock of trade and international relations. To facilitate barrier-free transfers of data between the EU and US, the European Commission (EC) adopted an adequacy decision under Article 45 of the GDPR on the new EU-US Data Privacy Framework (the DPF) on 10 July 2023. As the […]
Italian Data Protection Authority (DPA) imposes fine on the use of publicly available personal data

Despite the lack of official guidance on the topic of processing publicly available personal data, some General Data Protection Regulation (GDPR) provisions apply to the processing of such data. In general, the GDPR sees publicly available data as ‘data that have not been obtained from the data subject’. Furthermore, Article 86 and Recital 154 GDPR […]
The ICO announces a publication on challenges and possibilities in generating anonymous synthetic data

The Information Commissioner’s Office (ICO), together with the Financial Conduct Authority and the Alan Turing Institute, hosted a joint roundtable to discuss the challenges of synthetic data validation in the financial sector. As a result, the Research Paper “Exploring Synthetic Data Validation – Privacy, Utility and Fidelity” was recently published on the ICO website. Synthetic […]
An Introduction to the ICO’s Guidance on Privacy-Enhancing Technologies

In June 2023, the UK Information Commissioner’s Office (ICO) published its guidance on enterprise privacy-enhancing technologies (PETs). Alongside it, the regulator has issued a call for organisations to adopt PETs within the next five years. Leaders will want to understand these technical, privacy-preserving solutions to capture the benefits of data collection, sharing and analysis in […]
Engaging young minds in the fight against air pollution

Trilateral works with local communities on their net zero and air quality targets, encouraging behaviour change, improving health, and encouraging community engagment. With Project Trim, we’ve deployed a range of sensors and created the bespoke Meath Environmental Platform to deliver insights to Meath County Council, helping them understand existing problems and plan for the future. […]
ICO Publishes New Guidance on Responding to Subject Access Requests (SARs)

Background On May 24, the UK Information Commissioner’s Office (ICO) published New Guidance, in the form of a Q&A, for businesses and employers on responding to Subject Access Requests (SARs). Subject Access Requests form part of the UK General Data Protection Regulation (UK GDPR) in Art.15 of the UK GDPR and Data Protection Act 2018 […]
Information Governance: know what you have, know why you have it

‘Everybody gets so much information all day long that they lose their common sense.’ – Gertrude Stein It is important for any business or organisation to know what information they hold, where they hold it, and why. Information can be highly sensitive, private or valuable. Sometimes it can be all these things at once. When […]
Data protection by design and default: what data controllers need to know and do

The Future of Privacy Forum (FPF), a prominent Washington thinktank, published a May 2023 report reflecting on data protection by design and by default. Data controllers’ duty to implement appropriate technical and organisational measures (‘TOMS’) was a novel obligation introduced into EU data protection law in 2018 through Article 25 GDPR. The law requires controllers […]