United Kingdom
Privacy’s impact on publishers: Assessing the head of consent role
- Publishers are increasingly worried about the regulatory risks and commercial costs of not being transparent on how and by whom their data is being used, especially with the emergence of AI.
- Publishers are beginning to look ahead of the potential crisis privacy infringements can cause, and are creating roles to deal with privacy proactively. News U.K. has recently created a head of consent role to ensure the publisher’s data practices are legally and ethically sound, and balancing these commitments with the publisher’s commercial objectives.
- Privacy for publishers involves uncovering if dark patterns manipulate consent, controlling how user data is shared and the impact of privacy law developments.
United States
US Justice Department says it disrupted Russian social media influence operation
- US Justice Department disrupts a Russian operation that used fake social media accounts enhanced by AI to spread pro-Kremlin messages in the US and abroad. This was allegedly organised through a private intelligence agency in Russia, and approved and funded by the Kremlin.
- The fake profile accounts were made to look like real Americans, and have been banned on X. Posts by the accounts included videos of the Russian President Vladimir Putin, and criticized the Ukrainian government.
- The US presidential election is considered a potential target for hacking and social media influence attempts by foreign adversaries to disrupt the vote.
- This is the first time the US has publicly accused a foreign government of using generative AI in a foreign influence operation.
Microsoft’s climbdown over its creepy Recall feature shows its AI strategy is far from intelligent
- Copilot+ PCs, launched by Microsoft in May, were marketed as “designed for AI”, enabling you “to do things you can’t do on any other PC”, including a feature called Recall that allows users to find and remember what appeared on their PC.
- Recall takes constant screenshots in the background which you use your computer, and the machine learning tech then scans the screenshots to make a searchable database of these (and stores this on the computers disc). This includes remembering your passwords, including bank access logins. This feature was on by default, and required turning it off via settings.
- On the 7th of June, Microsoft made the Recall opt-in, and introduced extra security precautions (including user authentication and no decryption of data stored by the tool until after the search query).
Europe
Disconnected rules in a connected world: ideas for AI innovation and regulation
- The US approach to AI-regulation has been light-touch and industry driven, prioritizing innovation with minimal regulatory hurdles. Federal and state regulatory bodies are vowing to regulate first by enforcing existing laws on AI, while regulators take a light-touch approach.
- The EU approach has been more proactive and regulation-first. The EU Artificial Intelligence Act (AI Act) classifies AI systems on risk level, implementing stricter requirements and bans.
- While it has been easier for companies to set up cloud instances in different regions to comply with the GDPR, this does not translate to AI innovation as the product is based on the model learning. Separation of products for different consumer groups in different regions presents practical challenges for AI especially.
Microsoft-owned adtech Xandr accused of EU privacy breaches
- Adtech business Xandr (owned by Microsoft) has been accused of GDPR breaches by the European privacy advocate non-profit NOYB. The complaint asks the data protection authority to investigate, order compliance and impose a fine of up to 4% of annual revenue of Xandr’s parent (which is Microsoft).
- The breaches include transparency failings, use of inaccurate information about people by the company, and breaches of data access rights to make microtargeted advertising sold through programmic ad auctions.
- Xandr is accused of failing to respond to data access requests from individuals who want their data deleted or corrected. The complaint by NOYB links to a “hidden” web-page showing Xandr has denied every single access request in 2022.
International
Pakistan authorises spy agency to intercept phone calls
- Army-run spy agency in Pakistan has been authorised to tap telephone calls and messages. This power has raised alarm given the military has the power to ‘make or break’ governments in Pakistan.
- The Law Minister, Azam Nazeer Tarar, has emphasized the measure is restricted to tracking criminal and terrorist activities (and is not meant to infringe on people’s privacy).
- Opposing politicians and social media users spoken out about potential misuse and privacy violations.
Indonesia says it has begun recovering data after major ransomware attack
- Indonesia suffered a major ransomware attack last month which affected over 160 government agencies and encrypted data. The attack impacted government services (including immigration and operations at airports) and a bulk of the data had not been backed up.
- The attackers, Brain Cipher, initially asked for $8m in ransom, later apologising and releasing the decryption key.
- Indonesia is now beginning to recover encrypted data, but it is not clear if they are using the decryption key from Brain Cipher.