Privacy Transformation - Issue 228
Curated privacy news, insights & resources, with a focus on Irish and EU developments.
PRIVACY
'The Department got caught out': The story of the dossier scandal
When a whistleblower went public more than two years ago to reveal controversial information gathering techniques within the Department of Health – one family in the southwest felt worried.
Irish DPC set to get two more commissioners soon
The Irish government has posted job ads for two additional commissioners to lead the Data Protection Commission (DPC), which oversees scores of major tech firms’ compliance with the region’s data protection framework — and has the power to levy fines of up to 4% of global annual turnover for infringements of the regime.
UK Information Commissioner calls on public authorities to stop using spreadsheets in FOI responses
The UK Information Commissioner, John Edwards, has issued an advisory notice to public authorities calling for an immediate end to the use of original source excel spreadsheets when responding publicly to Freedom of Information Act requests.
🔗 RELATED:
- Advisory note to public authorities
- Checklist: Checklist for public authorities to use for the safe & appropriate disclosure of information
- Guidance: How to disclose information safely
SECURITY & TECH
TikTok Dublin office rolls out return-to-office tracking app as it changes remote working policy
TikTok, the Chinese-owned video-sharing juggernaut, has rolled out a custom data-collection app for employees in its Dublin offices to track their compliance with stricter office attendance.
Experts disagree over threat posed but artificial intelligence cannot be ignored
For some AI experts, a watershed moment in artificial intelligence development is not far away. And the global AI safety summit, to be held at Bletchley Park in Buckinghamshire in November, therefore cannot come soon enough.
Launch of the European Cybersecurity Month to focus on addressing “social engineering”
October is the European Cybersecurity Month and this year marks the 11th edition of the EU’s annual campaign dedicated to promoting cybersecurity among EU citizens and organisations, and to providing up-to-date online security information through awareness raising and sharing of good practices.
✍🏻 EDPS: Cybersecurity and Data Protection: a necessary and powerful duo
With 24% of cyber threats affecting the public sector, it is not just necessary to raise awareness about cybersecurity for the protection of our organisations and values, but also to unite as EU institutions to protect individuals.
DATA BREACH
Data breaches put domestic abuse victims’ lives at risk, UK Information Commissioner warns
The UK Information Commissioner has called on organisations to handle personal information properly to avoid putting victims of domestic abuse at the risk of further danger.
ENFORCEMENT
Poland opens privacy probe of ChatGPT following GDPR complaint
OpenAI is facing another investigation into whether its generative AI chatbot, ChatGPT, complies with European Union privacy laws. Last month a complaint was filed against ChatGPT and OpenAI in Poland, accusing the company of a string of breaches of the EU’s GDPR. The Polish authority has now taken the unusual step of making a public announcement to confirm it has opened an investigation.
Norway asks EU regulator to fine Facebook owner Meta over privacy breach
Norway's data regulator will refer the ongoing fine it has imposed on Meta Platforms to the European data authority, it said on Thursday, a move that could make the penalty permanent and widen it to the European Union.
GUIDANCE & OPINIONS
EDPB: Guidelines 01/2023 on Article 37 Law Enforcement Directive
During its latest plenary, the EDPB adopted Guidelines on Art. 37 of the Law Enforcement Directive (LED). These Guidelines aim to provide practical guidance on the application of Art. 37 LED concerning transfers of personal data by competent authorities of EU countries to third country authorities or international organisations, competent in the field of law enforcement.
EDPS: Opinion 41/2023 on the Proposal for a Regulation on European Union labour market statistics on businesses
EDPS Opinion 41/2023 on the Proposal for a Regulation on European Union labour market statistics on businesses.
Irish NCSC: Cyber Security Guidance on Generative AI for Public Sector Bodies
The Irish National Cyber Security Centre has published the cyber security advice they had previously issued to public bodies concerning the use of Generative AI.
RESOURCES
📑 ISO AI Standard: ISO 22989:2022 - AI Concepts and Terminology
The ISO has made publicly available the ISO 22989:2022 standard which establishes terminology for AI and describes concepts in the field of AI.
📗 Report: Cybersecurity of Artificial Intelligence in the AI Act
This report focuses on the cybersecurity requirement for high-risk AI systems, as set out in Article 15 of the The European Commission’s proposal for the AI Act. It presents a high level analysis in the context of the rapidly evolving AI landscape, and provides a set of key guiding principles to achieve compliance with the AI Act.
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with your fellow privacy practitioners? Please do drop me a note!