Lauren Wills-Dixon Reacts to Whether GDPR is Being Outpaced by Technological Developments in Compliance Week

Lauren Wills-Dixon, a solicitor at Gordons and privacy legislation specialist, has been quoted in Compliance Week  on whether the General Data Protection Regulation (GDPR) is being outpaced by technological developments and their use of data.

A change on the horizon

It has been four years since the European Union’s flagship data privacy legislation came into force. However, concerns are already being raised about its longevity with the ongoing developments in innovation.

Lauren said: “As ever, regulators are catching up with innovative tech. We are seeing more and more profiling, biometric data processing, and other uses of AI which, by their nature, are privacy-intrusive. UK data protection laws require significant (arguably burdensome) analysis and assessment before undertaking such practices as well as ensuring individuals (‘data subjects’) are provided with sufficient transparency as to how their data is being used.

“The UK plans to reform its data protection regime to become a leader in the tech space whilst maintaining ‘adequacy’ status with respect to its privacy laws – this is by no means a simple task and it will be interesting to see how we strike an appropriate balance here between allowing innovation and protecting privacy rights.

“In 2020 the Dutch Data Protection Authority fined a Dutch company for using biometric (fingerprint) data when it could have used less privacy-intrusive means to do so. The fine was in the region of 725,000EUR. Many organisations wish to use biometrics which enhances efficiencies, however, the GDPR requires significant conditions are met to allow its use, arguably creating a barrier to using new technologies.

The UK’s vision within the data space

“The UK sees itself as a leader in the data space and wishes to reform the legacy GDPR regime to allow for innovation whilst reducing the burden on organisations with respect to compliance. However, any updates will be under the watchful eye of the European Commission who could revoke the UK’s adequacy decision and make it more burdensome for the UK to share data with Europe, which would clearly have a counter-productive effect and require more time and cost for businesses who share data internationally.

“Organisations should use ICO tools and other resources available to them to undertake appropriate assessments and fully document their analysis of the effects of these technologies on individual privacy rights, as required under GDPR. As ever, creating an audit trail and being able to justify business decisions rather than implementing without thought is integral to compliance, and to defending claims.”

If you are needing help with any GDPR or data privacy enquiries, please do contact Lauren Wills-Dixon here.