This week, the IAPP settled in London for its annual Data Protection Intensive: UK 2024. Privacy professionals were on the receiving end of many clear messages that should be prioritized in 2024. U.K. Information Commissioner John Edwards laid down his agenda, saying children's privacy, third-party advertising cookies and artificial intelligence will be at the forefront of the ICO's work program this year.
Edwards said the ICO will build on what it is already doing in the children's privacy space, cookie banners will be an enforcement priority and must be as easy to reject as they are to accept, and "2024 cannot be the year that consumers lose trust in AI." Edwards also hinted at the ICO's ambition to create a memorandum of understanding with European regulators. Overall, privacy pros should expect "more enforcement, faster enforcement," he said.
The U.K.'s approach to regulating AI was also widely featured during the speeches of both Parliamentary Under Secretary of State (Minister for AI and Intellectual Property) in the Department for Science, Innovation and Technology Viscount Camrose, whose department is leading the U.K.'s AI White Paper effort and Lord Chris Holmes, who recently introduced AI regulation. The two shared common aspirations that the U.K. combine a pro-innovation and pro-safety approach — not either/or. The two also agreed trust must be a cardinal principle. Holmes briefly commented on the EU AI Act, questioning whether the European approach would further enable and empower citizens across the EU.
Back on the continent a few things of note happened this week:
- The European Data Protection Board formally launched its third Coordinated Enforcement Framework. This year's action focuses on access rights, following last year's CEF focused on the appointment and role of data protection officers. Over the coming months, 31 participating data protection authorities will send fact-finding questionnaires to organizations in their territory, possibly identifying the need for — and launching — formal investigations.
- The European Parliament adopted its European digital identity framework. A political agreement had been reached in November 2023, following what Parliament's rapporteur Romana Jerković dubbed "tiring and difficult negotiations."
The regulation aims to facilitate digitalization of public services across the EU. All citizens will be able to have an EU Digital Identity Wallet to access public and private online services in full security and protection of personal data all over Europe. The wallet will store citizens' identity and will allow users to "open bank accounts, make payments and hold digital documents, such as a mobile Driving Licence, a medical prescription, a professional certificate or a travel ticket." The European Commission will drive the development of technical specifications for the EU Digital Identity Wallet and for certification through the first year of a two-year implementation period.
Not to miss, the IAPP AI Governance Global 2024 is coming to Brussels 4-5 June. The agenda is available and sessions with global thought leaders will span key privacy and AI governance themes, including how to implement AI governance at scale, navigating AI procurement, AI auditing, disinformation, AI incidents, bias, synthetic data, AI and marketing, risk management and much more.