The ICO’s Tech Horizons Report 2024 is not just a technology forecast. It is a warning about how quickly privacy risk can move ahead of public understanding, legal advice and procedural safeguards. For lawyers, clients and litigants in person, the next challenge is not simply using new tools. It is understanding what personal data those tools collect, infer, combine and expose.
Publication snapshot
- Core issue: the ICO identifies eight emerging technologies likely to affect society, the economy and information rights over the next two to seven years.
- Legal risk: these technologies may collect, infer or combine highly personal information in ways ordinary users may not understand.
- LiP risk: litigants in person may struggle to challenge complex data processing, automated systems, AI search outputs and multi-organisation data chains.
- Practical answer: privacy-by-design, explainability, evidence preservation, data-rights literacy and careful use of legal technology.
Why this matters
Technology is no longer a background issue in data protection. It is becoming the environment in which personal information is collected, interpreted and acted upon. The ICO’s Tech Horizons Report 2024 identifies technologies that may reshape privacy and information rights before many users, lawyers and public bodies fully understand their consequences.
The legal problem is not simply that new tools exist. The problem is that new tools can collect new types of information, combine data across organisations, generate inferences about people, and make decisions or recommendations that are difficult to inspect afterwards.
The Legal Lens point: a person cannot meaningfully exercise a data right if they do not know who processed their data, what was inferred from it, where it moved, or how it influenced a decision.
That matters for legal professionals advising clients. It also matters for litigants in person who may need to challenge automated decisions, AI-generated search results, digital evidence, workplace monitoring, health data processing, drone surveillance or opaque data-sharing chains.
The eight technologies
The ICO’s report identifies eight priority technologies: genomics, immersive virtual worlds, neurotechnologies, quantum computing, commercial use of drones, personalised AI, next-generation search and central bank digital currencies.
Genetic and genomic information may support healthcare, research and precision medicine, but it can also reveal sensitive information about individuals and family members.
Virtual, augmented and mixed reality environments can generate behavioural, biometric, movement and interaction data at a depth ordinary websites do not.
Devices that record or process brain-related data raise difficult questions about consent, inference, mental privacy and discrimination.
Future quantum capability may undermine existing encryption and create “harvest now, decrypt later” risks for high-value personal information.
Drones used for delivery, monitoring, crowd control or inspection can collect both intended operational data and incidental data about people nearby.
AI systems tailored to a user’s preferences, searches, patterns and characteristics may process increasingly intimate behavioural data.
AI-powered, image-based, voice-based and ambient search can alter how information is found, ranked, summarised and presented as apparent truth.
Central bank digital currencies raise privacy questions about payment data, pseudonymisation, encryption and whether spending patterns can be reidentified.
The common theme is that privacy risk is becoming more inferential. The most sensitive information may not be the data a person deliberately gives, but the data a system derives from movement, voice, search behaviour, biological signals, purchases, location or interaction patterns.
Information-rights risk
The ICO’s report highlights several cross-cutting issues. Emerging technologies may collect novel types of intimate data. They may process larger quantities of personal information to personalise services. They may involve multiple organisations in the data chain. They may also create new forms of harm or discrimination if safeguards are weak.
People may not understand what data is being collected, how it is combined, or what inferences are being made.
Consent becomes harder where the user cannot realistically identify all data flows or future uses.
Rights of access, rectification, objection and complaint become harder to exercise where responsibility is split across several organisations.
That is a legal access problem as well as a technology problem. A right that exists on paper can be difficult to enforce where the affected person cannot identify the controller, the data, the inference, the decision, or the evidence trail.
Data access is not the same as data understanding
A subject access response may disclose documents or data fields. It may still fail to explain the wider processing ecosystem, model outputs, inferred profiles or decision pathway that mattered in practice.
Implications for lawyers
Legal professionals will increasingly need enough technological literacy to ask the right questions. That does not mean every solicitor must become a software engineer. It does mean that lawyers handling disputes, advice, employment, consumer claims, data protection, public law, family cases or commercial matters need to recognise when technology is central to the evidence.
For example, a workplace dispute may involve productivity monitoring, biometric access controls, AI-assisted risk scoring, or search logs. A consumer dispute may involve app profiling, drone data, automated recommendations, or payment records. A public-law or regulatory challenge may involve algorithmic triage, automated prioritisation or outsourced technology infrastructure.
Ask what technology did
Identify whether a system collected, inferred, ranked, flagged, recorded, automated or recommended anything material to the dispute.
Preserve the data trail
Request logs, policies, model documentation, DPIAs, retention information, audit records and relevant correspondence where appropriate.
Do not overtrust outputs
AI-generated, search-generated or analytics-driven outputs may be useful, but they still require verification and legal relevance.
Law firms also need to look inward. If legal advice is delivered through portals, apps, chatbots, automated workflows or remote tools, the client still needs clarity about who is responsible, what data is being processed, what safeguards exist, and when human professional judgment is required.
Implications for LiPs
For litigants in person, the risk is sharper. A represented party may have access to lawyers, experts and disclosure strategy. A LiP may be trying to work out, alone, whether a decision was made by a human, an automated system, a scoring model, a search algorithm, a third-party processor or a combination of all of them.
Digital systems can make legal help more accessible. They can also widen the gap between those who understand the technology and those who do not. A LiP may use online guidance, app-based legal help, AI tools or document generators without knowing the limits of those tools.
Unsafe framing
“The AI said I have a strong case, so the court should accept it.”
Safer framing
“The technology helped me organise the issue, but I still need evidence, legal authority, procedural compliance and a clear remedy.”
For LiPs, the practical discipline is to separate helpful digital support from legal proof. A chatbot answer, AI summary, search result or template is not a substitute for evidence. It is not authority. It may be wrong, incomplete or jurisdictionally irrelevant.
Self-representation still requires verification. Technology can help organise a case. It cannot remove the need to check the legal test, the source, the evidence and the court procedure.
Evidence and disputes
Emerging technology will change the evidence questions in many disputes. A person may need to know whether a drone recorded them, whether an AI system profiled them, whether a search engine summarised them inaccurately, whether a genomic dataset affected an assessment, or whether a digital payment trail was combined with other information.
Those questions are not abstract. They affect pleadings, disclosure, subject access requests, witness statements, expert evidence, complaints and settlement decisions.
Identify the technology
Was the issue caused by AI, search, biometrics, drone surveillance, genomic data, workplace monitoring, payment data or another system?
Identify the data
What personal data was collected, inferred, generated, shared, retained or deleted?
Identify the controller or processor
Which organisation decided the purpose and means of processing, and which organisations acted on its behalf?
Identify the legal effect
Did the data influence an employment decision, service refusal, risk score, complaint outcome, public-body decision or financial transaction?
Choose the route
The proper route may be a subject access request, complaint, disclosure request, expert instruction, regulatory complaint, claim or no action.
Practical risk map
The practical response should be proportionate. Not every technology issue needs litigation. But technology should not be ignored where it may have affected rights, evidence or outcome.
For legal professionals
Build technology questions into client intake, disclosure planning, data-rights advice and settlement risk assessment.
For litigants in person
Ask what system was used, who controlled it, what data was processed, and what decision or outcome it influenced.
For organisations
Design privacy safeguards early, keep audit trails, explain data use clearly and avoid systems that make rights difficult to exercise.
Before escalating a technology-related data concern, check:
- what technology was used and when;
- what personal data or inferred data is involved;
- which organisation controlled the processing;
- whether a subject access request or clarification request is needed;
- whether the issue affected a legal decision or merely created concern;
- whether the evidence supports complaint, disclosure, expert advice or litigation.
Source anchors
These source anchors separate the ICO report, legal technology guidance, self-representation support and regulatory standards from the article’s Legal Lens analysis.
Closing point
The ICO’s Tech Horizons Report should be read as a practical warning. Emerging technologies will not merely create new products. They will create new evidence trails, new data-rights disputes, new transparency problems and new inequalities between those who understand the systems and those who do not.
For legal professionals, the task is to ask better technology questions before the dispute is already lost in complexity. For litigants in person, the task is to avoid overtrusting digital tools while still using them carefully where they help. For organisations, the task is to design systems that make privacy, accountability and rights real from the outset.
The future of legal technology should not be measured only by speed, automation or novelty. It should be measured by whether people can understand, challenge and enforce the rights affected by those systems.
Decision support before data complaint, SAR or technology dispute
Get a free written assessment before escalating a data-rights concern
Legal Lens can help separate technology concern, evidence gap, subject access issue, regulatory complaint, litigation risk and publication wording before you escalate.
What we assess
Controller identity, SAR route, evidence gaps, data-rights issue, procedural options and publication risk.
Use it before
Complaining to the ICO, issuing a claim, challenging an automated decision, publishing criticism or relying on AI-generated legal material.
What you get
A concise written view on what is evidenced, what is missing, what route is available and whether regulated legal advice is needed.
Independent Legal Lens consultancy. This is not a regulated solicitors’ firm. A preliminary assessment is not a substitute for regulated legal advice where that is needed.

