Privacy Transformation - Issue 231
Curated privacy news, insights & resources, with a focus on Irish and EU developments.
PRIVACY
DPC inquiry into Irish Central Bank data breach compounds regulator’s embarrassment
The Central Bank, which has happily doled out more than €400 million of fines to financial institutions and individuals in the past 17 years for all manner of wrongdoing, has seen the tables turned on it, with confirmation on Friday that the Irish Data Protection Commission has started an inquiry into the regulator.
🔗 RELATED: Central Bank faces historic fine for major GDPR breach
Disputes among national watchdogs over Big Tech fines are ‘no problem’ - Europe’s chief data regulator
The Finnish chair of the European Data Protection Board, the central body of national regulators overseeing EU data privacy laws, defends opposition to Irish watchdog’s fines.
AI Act: EU countries headed to tiered approach on foundation models amid broader compromise
The EU approach to powerful AI models is taking shape as European countries discuss possible concessions in the upcoming negotiations on the world’s first comprehensive Artificial Intelligence (AI) rulebook.
🔗 RELATED: EU countries mull options on fundamental rights, sustainability, workplace use
EDPB picks topic for 2024 Coordinated Action
During its October plenary, the EDPB selected the topic for its third coordinated enforcement action, which will concern the implementation of the right of access by controllers. Further work will now be carried out to specify the details in the upcoming months and the action itself will be launched in 2024.
✍🏻 Open Rights Group: The UK data bridge: a sneak peek at the UK privacy race to the bottom to come
On 12 October, the UK extension (Data Bridge) to the EU – US Transatlantic Data Privacy Framework (DPF) will come into force. This is a voluntary scheme US companies can use to share personal data freely with the European Union, and it was introduced after the Court of Justice (CJEU) found that the previous framework, Privacy Shield, did not provide sufficient protection against unlawful surveillance of US state agencies.
SECURITY & TECH
Signal says there is no evidence rumored zero-day bug is real
Signal messenger has investigated rumors spreading online over the weekend of a zero-day security vulnerability related to the 'Generate Link Previews' feature, stating that there is no evidence this vulnerability is real.
ChatGPT Can 'Infer' Personal Details From Anonymous Text
New research shows how popular LLMs are able to accurately guess a user’s race, occupation, or location, after being fed seemingly trivial chats.
UK’s AI safety summit set to highlight risk of losing human control over ‘frontier’ models
An early draft summit communiqué, seen by Euractiv, considers the possibility of highly capable AI models escaping human control or being used to produce catastrophic harm – for instance, to produce bioweapons – among the most significant risks.
Google says data-scraping lawsuit would take 'sledgehammer' to generative AI
Google has asked a California federal court to dismiss a proposed class action lawsuit that claims the company's scraping of data to train generative artificial-intelligence systems violates millions of people's privacy and property rights.
DATA BREACH
Hacker leaks millions more 23andMe user records on cybercrime forum
The same hacker who leaked a trove of user data stolen from the genetic testing company 23andMe two weeks ago has now leaked millions of new user records.
GUIDANCE & OPINIONS
EDPB-EDPS: Joint Opinion on the Proposal for a Regulation of the European Parliament and of the Council on the establishment of the digital euro
The European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) issued a Joint Opinion on the proposed Regulation on the digital euro as a central bank digital currency. The digital euro aims to provide individuals with the possibility to make payments electronically, both online and offline, as an additional means of payment alongside cash.
EDPS: Opinion on the Proposals for two Directives on AI liability rules
EDPS Opinion 42/2023 on the Proposal for two Directives on AI liability rules
RESOURCES
📕 ENISA: Threat Landscape 2023
This is the eleventh edition of the ENISA Threat Landscape report, an annual report on the status of the cybersecurity threat landscape. It identifies the top threats, major trends observed with respect to threats, threat actors and attack techniques, as well as impact and motivation analysis. It also describes relevant mitigation measures.
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with your fellow privacy practitioners? Please do drop me a note!