Privacy Transformation - Issue 204
Curated privacy news, insights & resources, with a focus on Irish and EU developments.
PRIVACY
ChatGPT is entering a world of regulatory pain in Europe
ChatGPT has set itself up for a rough ride with Europe's powerful privacy watchdogs. The chatbot is the hottest sensation of artificial intelligence technology but was hit with a temporary ban in Italy last month on the grounds that it could violate Europe's privacy rulebook, the General Data Protection Regulation.
🔗 RELATED:
- European data protection authorities launch task force on ChatGPT
- Spain asks EU data protection board to discuss OpenAI's ChatGPT
- Irish Data Protection Commission sends staff on courses in artificial intelligence
- Three Samsung employees reportedly leaked sensitive data to ChatGPT
- Germany considers ChatGPT ban
- Public to be warned about potential scams due to ‘frightening’ advances in AI
MEPs to call for renegotiation of EU-US data transfer framework
EU lawmakers are set to adopt a non-binding resolution urging the European Commission not to endorse the Data Privacy Framework for transatlantic data flows until fundamental rights concerns are fully addressed.
Tesla workers shared ‘intimate’ car camera images, ex-employees allege: ‘Massive invasion of privacy’
Tesla assures its millions of electric car owners that their privacy “is and will always be enormously important to us”. The cameras it builds into vehicles to assist driving, it notes on its website, are “designed from the ground up to protect your privacy”.
🔗 RELATED: Special Report: Tesla workers shared sensitive images recorded by customer cars
Coalition showdown over plan for gardaí to get facial recognition technology amid Green Party pressure on Harris
Justice Minister Simon Harris could be forced to scrap plans to give An Garda Síochána powers to use Facial Recognition Technology (FRT) as part of new body camera legislation as the Green Party escalates its opposition to the plan.
🔗 RELATED: Oireachtas committee wants to scrutinise use of facial recognition technology by gardaí
Some 35,000 KBC mortgage borrowers hit by data error after transfer to Bank of Ireland
Tens of thousands of former KBC Bank Ireland mortgage borrowers whose loans were sold to Bank of Ireland have been affected by an error that occurred after the transfers in February, which has resulted in the lender not filing monthly loan performance updates to the Central Credit Register.
Google criticised for ‘forgetting’ articles about prostitution ring under EU privacy law
Google has been criticised after “forgetting” press coverage about criminals behind a prostitution ring that used trafficked women and girls, some as young as 15.
Austria challenges EU newspapers’ pay-or-cookie walls
In an EU-wide first, Austria’s data protection authority DSB ruled that readers can specifically say ‘yes’ or ‘no’ to cookie paywalls, a widely used model by news media that requires readers to consent to data processing practices or pay for a subscription.
✍🏻 OPINION: Privacy is at risk as HIPAA fails to keep pace with digital health
Nearly three decades old, HIPAA appears obsolete and riddled with new technology-induced gaps. Why it matters: With regulators unable and politicians unwilling to address the shortcomings of the Health Insurance Portability and Accountability Act, private companies are offering a fix.
Irish regulator has month to make order on EU-US Facebook data transfers
Ireland's data regulator has one month to make an order on blocking Facebook's transatlantic data flows, European Union regulators said on Thursday.
🔗 RELATED: EDPB resolves dispute on transfers by Meta and creates task force on Chat GPT
SECURITY & TECH
Expert fears it will take another HSE style attack to change approach to cybersecurity
A cybersecurity expert believes an event similar to the HSE cyberattack, but on a larger scale, is only a matter of time and that it will take this to change attitudes towards cybersecurity.
How the Netherlands is taming Big Tech
Dutch government and educational organizations have had remarkable success in compelling Big Tech companies to make major privacy changes. Their carrot-and-stick approach engages high-level Silicon Valley executives in months of highly technical discussions and then makes it worth their while by negotiating collective agreements allowing firms to sell their vetted tools to different government ministries and the nation’s schools. And the Dutch efforts to prod change could provide a playbook for other small nations wrangling with tech superpowers.
The takeaways from Stanford’s 386-page report on the state of AI
Writing a report on the state of AI must feel a lot like building on shifting sands: By the time you hit publish, the whole industry has changed under your feet. But there are still important trends and takeaways in Stanford’s 386-page bid to summarize this complex and fast-moving domain. - See Resources section for Report.
DATA BREACH
UK criminal records office confirms cyber incident behind portal issues
The UK's Criminal Records Office has finally confirmed, after weeks of delaying issuing a statement, that online portal issues experienced since January 17 resulted from what it described as a "cyber security incident."
RESOURCES
▶ IAPP Keynote: Panel Discussion on GDPR - IAPP Global Privacy Summit 2023
A dynamic keynote conversation between well-known experts on the EU General Data Protection Regulation’s most challenging issues in 2023, including enforcement, advertising technology and international data transfers.
📕 Report: Stanford AI Index Report: Measuring trends in Artificial Intelligence
The AI Index is an independent initiative at the Stanford Institute for Human-Centered Artificial Intelligence (HAI), led by the AI Index Steering Committee, an interdisciplinary group of experts from across academia and industry. The annual report tracks, collates, distils, and visualizes data relating to artificial intelligence, enabling decision-makers to take meaningful action to advance AI responsibly and ethically with humans in mind.
📗EDPB: The Schengen Information System - a guide for exercising data subjects’ rights: the right of access, rectification and erasure
Any individual is guaranteed the right of access to his/her own data, the right to rectification of inaccurate data and the right to erasure of unlawfully stored data in the Schengen Information System. This Guide describes the modalities for exercising those rights.
📘 ETSI: Securing Artificial Intelligence - Explicability and transparency of AI processing
This document identifies steps to be taken by designers and implementers of AI platforms that give assurance of the explicability and transparency of AI processing.
📚 EDPB Studies
- Study on the national administrative rules impacting the cooperation duties for the national supervisory authorities
- Study on the enforcement of GDPR obligations against entities established outside the EEA but falling under Article 3(2) GDPR
EDPB letters to EUIs on data sharing for AML-CFT purposes in light of the Council’s mandate for negotiations
- Letter to the European Parliament on data sharing for AML-CFT purposes in light of the Council’s mandate for negotiations
- Letter to the European Commission on data sharing for AML-CFT purposes in light of the Council’s mandate for negotiations
- Letter to the Council on data sharing for AML-CFT purposes in light of the Council’s mandate for negotiations
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with your fellow privacy practitioners? Please do drop me a note!