Skip to main content
Hafan

Updates on previous technologies

Download options

Contents

Introduction

Each Tech Horizons report features regulatory snapshots of technologies projected to significantly affect personal data. We select technologies through structured horizon-scanning and prioritisation. Our reports represent the start of our work to understand emerging technologies, not its conclusion.

Here, we present updates on our continued work to prepare for the effect of emerging technologies featured in our previous Tech Horizons reports. 

Consumer health tech

Consumer health tech continues to develop, as do its implications. Smart watches can now collect more health-related data such as sleep apnoea detection 105. Other consumer tech has received US Food and Drug Administration approval for use as hearing aids 106 . Research continues into the capabilities of smart fabrics to monitor health metrics.

We continue to scrutinise this market. An ICO-commissioned poll of women’s health app users revealed widespread concern about developers’ approaches to privacy, including transparency and data security practices 107.  This concern led to our recent review of a range of these apps. We set out several practical recommendations for developers including the need to:

  • be transparent and accountable; 
  • obtain valid consent where appropriate; and 
  • establish an appropriate lawful basis 108.  

These recommendations also apply to health app developers more generally.

Commercial use of drones

The use of drones continues grow rapidly in the UK. The UK Civil Aviation Authority (CAA) published its roadmap for the development of drones for use on beyond visual line of sight (BVLOS) in Autumn 2024, setting a target of establishing routine BVLOS operations in the UK by 2027.

Several trials are underway to support this, exploring use cases noted in the second edition of Tech Horizons report including deliveries to consumers by drone, medical deliveries and remote infrastructure inspection.

We continue to work on the commercial use of drones through our Regulatory Sandbox. Kestrix entered our Regulatory Sandbox in 2024, seeking to explore the use of drones to capture mass thermal images to enable energy retrofits of existing buildings at scale. We will publish a report on our data protection conclusions at the end of our engagement with Kestrix later this year.

Personalised AI

AI and its applications in industry and the home has been a topic of widespread interest. We continue to develop our position on responsible use of information in these innovative systems. As the technology matures, personalised AI on-device could empower users, without controllers needing large-scale data collection and processing.

In early 2024, at the time of the publication of the Tech Horizons report on personalised AI, we launched a series of calls for views as part of a consultation on how data protection law should apply to the development and use of generative AI models. Generative AI is developed and deployed in ways that are distinct from simpler AI models used in classification or prediction.

Our response to the consultation series on generative AI summarises some of the key themes from the consultation responses. It also sets out our thinking on how areas of data protection law apply to generative AI systems and makes a commitment to update existing guidance in line with the consultation findings and response.

Next-generation IoT

The IoT industry is becoming increasingly sophisticated and integrated with AI, including in examples of novel smart-home devices. This includes embedding new versions of generative AI and large-language models in powerful smart-home devices to improve the understanding of complex verbal and written queries 109

We held a roundtable with IoT manufacturers to understand the challenges manufacturers face and conducted a citizen’s jury 110 to understand the public’s perceptions and expectations of IoT. The research explored six areas of data protection: consent, transparency, profiling and advertising, individual rights, accountability and security.

The results of the citizen’s jury will inform our drafting of guidance on consumer IoT, which we will publish this spring. The guidance will help to provide certainty and clarity to industry and developers, encouraging them to build in privacy by design and default. 

Since publishing the Tech Horizons report chapter on next-generation IoT, we’ve accepted an IoT project into our Sandbox from Eclipse Digital Solutions and Geutebruck (UK) to explore the privacy aspects of their novel IoT system. This system uses a combination of sensors and AI to predict and prevent falls in such settings as hospitals and adult social care 111.

Quantum technologies

Quantum computing and communications technologies continue to advance, with research making wider long-term deployment more viable. Developments in hardware, software and error mitigation are helping pave the way to a more advanced, scalable quantum computer. In quantum communications, researchers from the UK have used existing subsea network infrastructure to show that quantum key distribution is possible over longer distances. 

The ICO’s tech futures report on quantum technologies explores the issues raised in the previous Tech Horizons report chapter on quantum computing in far more detail, and explores the transition to post-quantum cryptography. The report covers the range of quantum technologies, from quantum sensing, timing and imaging to quantum computing and quantum communications. It considers use cases such as medicine, finance, communications and law enforcement and explores how long they may take to develop.

In December we published an update to our previous work on Quantum technologies with the DRCF. This reflection on developments in the quantum ecosystem covers advances in the technologies, as well as providing insight into evolving thinking on regulation and standards.

Neurotechnologies

International interest in neurodata and its privacy implications has continued to increase in the past year. Forthcoming reports include UNESCO’s Recommendation on the Ethics of Neurotechnology and papers from the Global Privacy Assembly and the International Working Group on Data Protection in Technology (IWGDPT). 

Neurotechnologies have continued to develop, with uses such as home treatment for mental health purposes being discussed as devices become cheaper and more available. In the US, two new laws regulating ‘neural data’ have been passed in Colorado and California, each clarifying that neural data is ‘sensitive data’ under both states’ underlying consumer privacy laws. This is a different approach to that of other countries where the creation of new ‘neurorights’ expands existing privacy laws instead. 

In 2023 we published our tech futures report on neurotechnologies, a rapidly developing sector that uses information directly taken from the brain. This information can be used to predict, diagnose and treat complex physical and mental illnesses. It will probably lead to applications in the workplace, education, sport and entertainment.

We will address areas of concern by producing neurotechnology-specific guidance. The guidance will meet the need for regulatory clarity and set clear expectations about the definition and use of neurodata in a responsible manner, compliant with data protection law.

Immersive futures and technologies

The immersive technology industry continues to expand as new devices are launched and further use cases established. Advances in augmented reality capabilities include increased smart-phone integration, allowing for a wider user-base than standalone head-mounted devices. Consumer use cases include gaming, entertainment and immersive shopping experiences. Elsewhere in industry, organisations are using extended reality (XR) technology for virtual training and collaboration across a broad range of sectors including manufacturing and health.  

Our work on immersive technologies spanned the first and second editions of our Tech Horizons reports, initially reviewing privacy concerns related to extended reality hardware and expanding into the more nuanced visions of future virtual worlds. 

We have progressed this work in collaboration with other digital regulators within the DRCF, culminating in an Immersive Technologies Foresight Paper. The paper considers how immersive environments might evolve and the key uncertainties that could drive changes to them. It also sets out the potential regulatory implications that may arise across privacy, competition, financial and communication policy in the UK. 

We have also continued our work on immersive technologies through accepting an augmented reality (AR) based application into our Regulatory Sandbox. CrossSense, developed by Animorph Co-operative, is designed to empower people living with dementia to maintain their independence, using smart glasses and AR technology.

Genomics

As genomic analysis continues to mature technologically and as an industry, we are seeing initiatives aimed at helping people understand the fundamental scientific principles behind it. 

These initiatives focus on resolving concerns by enabling conversations about genomics more widely. Part of addressing distrust and fear around genomic technologies is normalising the discussion of them, which projects like Only Human (of which Genomics England is a founding partner) seek to do. 

Set against a background of increasing interest and investment in applications including health insurance and education, the ICO Tech Futures: emerging genomics report expands on the thinking in our previous Genomics Tech Horizons report chapter. The report includes insight on when genomic data may be considered personal information and the challenges around the use of intrinsic third-party information. It also highlights the significant risks of bias and discrimination that can emerge from processing genomic information. 

The report outlines our commitment to engage with the public to better understand their concerns about the use of genomics and privacy. Facilitating engagement and increasing knowledge about genomics will help to strengthen people’s abilities to play an informed role in the technology as it develops. By continuing to engage with key stakeholders across industry, regulation, academia and civil society, we will ensure that building data protection into uses of genomic information is fundamental to their development. This will include inviting organisations to work with our Regulatory Sandbox.

105 A ZDNET article on the Samsung Galaxy Watch's FDA clearance

106 An NPR article about the FDA approving some Apple AirPods as hearing aids

107 ICO to review period and fertility tracking apps as poll shows more than half of women are concerned over data security | ICO

108 ICO urges all app developers to prioritise privacy

109 A CNET article on Google integrating AI into search

110 The ICO's report on the results of its IoT citizen's jury

111 Current projects within the ICO's sandbox