Data Protection Day: Lewis Silkin Examines the Top 5 Data Protection Issues

Technology continues to present a growling engine of change, yet with this change comes some specific challenges. Ahead of National Data Protection Day (Friday 28, January), law firm Lewis Silkin identified the top five data protection issues firms should be aware of.

Bryony Long, partner at law firm Lewis Silkin, commented:


1. Direct Marketing Crackdown

“Adtech will continue to be an area that sparks the regulators’ interest. With various guidance issued from EU and UK regulators, including the ICO’s opinion on Data protection and privacy expectations for online advertising proposals, it seems only a matter of time before we start seeing more significant fines in the area. In December Grindr suffered a €6.35m fine at the hands of the Norwegian DPA for unlawful sharing of personal data with adtech vendors and we really believe this is just the tip of the Ice burg. This coupled with the mounting noise from various EU institutions around the lawfulness of online behaviour advertising (with some MEPs calling for an outright ban) will certainly make this an interesting area over the coming year.”


2. Make or Break for NFT’s

“NFT growth will be faced with more challenges globally as the legal and regulatory framework continues to evolve. We see these challenges already, not just with advertising laws, but with various high-profile artists complaining of copyright infringement as their works have been minted into NFTs. NFT’s that contain personal information will most likely violate data protection laws, so issuers will need to think carefully about whether or not their NFT is compliant.”



3. Evolution of Ransomware

“The sophistication of, and range of tactics and tools deployed by, cyber bad actors is rapidly increasing. Cyber-attacks are no longer single events but are multi-layered and often ongoing. As the tech develops, so do the risks. Ransomware for example used to be primarily focused on seizing and encrypting information, with actors demanding payment for its return. In recent years criminals were able to simultaneously threaten to publicly release the seized information – termed double extortion.

Organisations have become more aware and able to deal with double extortion, but we’re now seeing further iterations of the model which some call triple extortion, with ransom demands being directed at a victim’s customers or suppliers to exert additional pressure. 2022 will doubtless bring new innovations by creative and profit-motivated criminals, and organisations will likewise need to evolve and adapt their measures to meet these new threats.”


4. Cyber AI and the Metaverse

“Cybercriminals will increasingly use AI to make their attacks more sophisticated. AI will also help to counteract cybercrime by identifying patterns of abnormal behaviour – this activity can be detected even when thousands of events are taking place every second. Identifying, or even predicting this behaviour, using AI and machine learning technology will save time in mitigating damage against cyber-attacks. It’s a constant but inevitable battle.

The metaverse was the buzz word for 2021 and will continue to thought provoke going into 2022. It’s a concept that many of us are still grappling with generally but from a privacy perspective, it presents a multitude of challenges to work through particularly around safeguarding data, being transparent and offering appropriate choice. Hopefully the regulators will provide some useful guidance in due course but for now it will certainly be an area that will be keeping us data practitioners busy.”


5. ‘Cookies’ Begin to Crumble

“2021 saw a significant increased focus on the use of such cookies with some eyewatering fines being issued, a specific EDPB task force being set up set up especially to address cookie law compliance, and market leaders such as Apple and Google implementing technologies specifically to restrict use cookies and other tracking technologies. Compliance is now a definite must going into 2022 and with the implementation of these technologies that will naturally have an impact on consent levels, perhaps now is the time for organisations who sail close to the wind when it comes to obtaining proper cookie consent to rethink.”