Data Protection News Update 15 May 2023

IGS
May 15, 2023

United States

Open AI CEO to testify before Congress

OpenAI CEO Sam Altman is to testify before the US Senate Judiciary Committee on the 16^th of May.
The topic of the hearing will be about the efforts to regulate AI.

Senator Michael Bennet introduces Assuring Safe, Secure, Ethical, and Stable Systems for AI Act

The Act would establish a task force to oversee the federal government’s use and application of AI.

Europe

Austrian DPA rules on the use of Clearview AI

Nyob published the decision of the Austrian DPA on the use of Clearview AI.
Clearview AI is a company selling facial recognition software to law enforcement agencies in the US, scraping photos from websites to establish a permanent searchable database of biometric profiles.
It was decided that the use of Clearview AI is illegal, that the company was no longer allowed to process biometric data of the complainant and that the existing data must be deleted. Furthermore, Clearview AI is ordered to appoint a representative in Europe. However, no fines or ban were issued.

CNIL fines Clearview AI

Just days before the Austrian DPA, CNIL ordered Clearview AI to pay a fine of 5.2 million euros due to the fact that the company failed to comply with a previous order.
Back in 2022, Clearview AI was ordered to pay 20 million euros for being in breach of the GDPR. Clearview was given two months to comply and failed to do so and to send any proof of compliance.

Dutch DPA fines Social Insurance Bank

Social Insurance Bank is required to pay 150,000 euros for potentially allowing unauthorized access to personal details of pension recipients by failing to confirm the identity of callers to its help desk.
Around 5 million people in the Netherlands depend on the services of Social Insurance Bank, which is why ‘it is vital that privacy policies are watertight’.

International

Toyota suffers data breach affecting 2 million Japanese customer

Toyota disclosed that a ‘human error’ lead to a data breach leaving identification numbers and location data of vehicles of 2 million Japanese customers publicly available.
The customers signed up for Toyota’s main cloud service platform and that cloud system was accidently set to ‘public’ instead of ‘private’.
‘Toyota said it would introduce a system to audit cloud settings, establish a system to continuously monitor settings, and thoroughly educate employees on data handling rules’

Canada’s Office of the Privacy Commissioner releases statement on Privacy reform bill

The commissioner states that the Bill C-27 is a ‘step in the right direction, but it can and must go further to protect the fundamental privacy rights of Canadians while supporting the public interest and innovation’.
15 key recommendations are made, including the recognition of privacy as a fundamental right, the limitation of organizations’ collection, use and disclosure of personal information to specific and explicit purposes that take into account the relevant context and the expansion of the list of violations qualifying for financial penalties.

WhatsApp under criticism due to user allegation

A WhatsApp user claims the app activated their cellphone’s microphone without their consent. WhatsApp has come under a lot of criticism for this on Twitter and claims that a bug within the Android operating system was to blame for this issue.
Elon Musk tweeted that WhatsApp could not be trusted.

United Kingdom

ICO addresses the issues of law enforcement agencies when using personal data during investigations

Emily Keaney – ICO’s Deputy Commissioner for Regulatory Policy – published a piece on ICO’s blog addressing the issues that law enforcement agencies face when processing personal data during investigation.
She concludes that law enforcement agencies need to ask themselves whether the use of personal data is necessary and proportionate and what its effects on others are. This way, she claims, ‘police can make informed decisions about how to respect people’s data protection rights during fast-moving and high-profile investigations while still getting the job done’.

UK Information Commissioner claims UK GDPR reform will not disturb EU-UK adequacy

John Edwards – UK Information Commissioner – does not think that the planned Data Protection and Digital Information Bill will be a breach of the EU-UK adequacy agreement if it is passed. He claims that the European Commission will find the adequacy requirements of the reform equivalent to the protection offered by the UK GDPR.

Data Protection News Update 22 April 2024

United Kingdom ICO reprimands housing association for insufficient data security ICO publishes guidance to improve transparency in health and social care United States Change Healthcare’s

Data Protection News Update 15 April 2024

United Kingdom Information Commissioner’s Office seeks views on accuracy of generative AI models United States US Senator says TikTok divestiture deadline could be extended to

Asking (and answering) an obvious but important question: why does data confidentiality matter, ethically speaking?

In my last article, I focused on the ethical significance of one of the most prominent failure of data governance in recent times; namely, the

Data Protection News Update 08 April 2024

United Kingdom ICO sets out priorities to protect children’s privacy online ICO joins global data protection and privacy enforcement programme United States US and UK