Privacy Transformation - Issue 240
Curated privacy, security & tech news, insights & resources with a focus on Irish and EU developments.
PRIVACY
EDPB: Application of the GDPR successful, but sufficient resources are necessary to tackle the challenges of the future
During its latest plenary, the EDPB adopted its contribution to the European Commission’s report on the application of the GDPR. The EDPB considers that the application of the GDPR in the first 5 and a half years has been successful. While a number of important challenges lie ahead, the EDPB considers it premature to revise the GDPR at this point in time and calls on the co-legislators to swiftly adopt the new Regulation laying down additional procedural rules relating to the cross-border enforcement of the GDPR. In addition, the EDPB stresses that the DPAs and the EDPB need sufficient resources to continue carrying out their tasks.
🔍 Analysis: GDPR cyber liability and compensation rights clarified by EU court
Businesses are not automatically in breach of EU data protection laws in cases where there has been unauthorised disclosure of, or unauthorised access to, personal data they are responsible for, the EU’s highest court has ruled.
EDPB: cookie pledge initiative should help protect fundamental rights and freedoms of users
During its latest plenary, the EDPB adopted a letter in response to the European Commission regarding the cookie pledge voluntary initiative. The EDPB welcomes the Commission’s initiative, which aims to help protect the fundamental rights and freedoms of users, to empower them to make effective choices, and to increase transparency towards users.
🔗 RELATED:
- EDPB reply to the Commission’s Initiative for a voluntary business pledge to simplify the management by consumers of cookies and personalised advertising choices
- EDPB Letter to MEP Körner regarding 'Do Not Track’ function in Internet browsers
SECURITY & TECH
2023: Europe’s landmark year for technology
This 2023 will be remembered as the year of the AI Act with EU policymakers reaching a deal on the file, that of crucial regulatory developments for digital platforms, such as WhatsApp or TikTok, and a period that saw France and Germany’s industrial policy grow further apart, for example, in the case of the cloud sector.
💡 Insights: How to prepare for evolving global AI legislation
As the popularity of AI technologies has continued to grow in 2023, so has the number of laws and regulations seeking to address the potential risks and societal harms that may arise. The evolving legislation and calls to action by regulators, politicians, and policy advocates are likely familiar to those who have been operating in the data protection and technology space in recent years. Key to navigating this legal landscape is adopting an adaptable yet sustainable approach to AI governance that embraces common legal standards both globally and locally, focusing on the core values and principles underpinning these requirements.
The Obscure Google Deal That Defines America’s Broken Privacy Protections
Google’s doomed social network Buzz led US regulators to force Google and Meta to monitor their own data use. Insiders say the results were mixed, as pressure mounts for a federal privacy law.
DATA BREACH
10,000 people's data stolen in genetic testing company Asper Biogene leak
Personal and health data belonging to approximately 10,000 people has been illegally downloaded from the Tartu-based genetic testing company Asper Biogene's database, the State Prosecutor's Office said on Thursday. Those affected are in the process of being notified.
ENFORCEMENT
Irish DPA: Inquiry into Microsoft Ireland Operations Limited - November 2023
In November 2023, following an inquiry concerning a complaint received against Microsoft Ireland Operations Limited (Microsoft), the Data Protection Commission (DPC) adopted a decision. The DPC commenced this inquiry on 29 June 2023, on foot of a complaint that Microsoft failed to comply with two erasure requests submitted by the complainant in March and October 2021.
RESOURCES
European Commission: Artificial Intelligence – Q&A
This Q&A addresses how the new AI legal framework will apply to both public and private players deploying AI systems, the various risk categories that apply and how general-purpose AI models will be regulated.
NIST: Guidelines for Evaluating Differential Privacy Guarantees - Initial Public Draft
This publication is about differential privacy, a privacy-enhancing technology that quantifies privacy risk to individuals when their information appears in a dataset. In response to President Biden’s Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence, SP 800-226 is intended to help agencies and practitioners of all backgrounds—policy makers, business owners, product managers, IT technicians, software engineers, data scientists, researchers, and academics—better understand how to evaluate promises made (and not made) when deploying differential privacy, including for privacy-preserving machine learning.
🎙 IAPP Podcast: Privacy and data protection in 2023: A year in review
To help flesh out some of the big takeaways from 2023, IAPP Editorial Director Jedidiah Bracy caught up with IAPP Research & Insights Director Joe Jones, who joined the IAPP at the outset of the year.
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with your fellow privacy practitioners? Please do drop me a note!