- In a privacy lawsuit against Vimeo and its AI-based video creation and editing platform (Magisto), it was claimed that the platform collected and stored the user’s biometric data and that this was done without the user’s consent.
- Vimeo denies any wrongdoing but agreed to pay a 2.25 million USD nonetheless.
- The lawsuit was brought forward in the US District Court for the Northern District of California.
- It is alleged that Tesla employees could access video footages and images of customer’s vehicle cameras and shared them for their amusement in their internal messaging system.
- Reuters reports that the AEPD officially urges the EDPB to review ChatGPT’s compliance with the GDPR.
- It is also said that the AEPD envisions a ‘coordinated decision at European level’ towards ChatGPT and that ‘harmonised actions can be implemented within the framework of the application of the General Data Protection Regulation’
- The case was brought forward by Ireland’s Data Protection Commission (DPC).
- In its binding decision, the EDPB settles whether an administrative fine and/or an additional order to bring processing into compliance must be included in the DPA’s final decision.
- The decision has not yet been made public.
- The DPC has now one month to implement the decision.
- In the plenary meeting of the 13th of April 2023, the EDPB discussed the enforcement action by the Italian data protection authority against OpenAI and ChatGPT and decided to launch a dedicated task force to ‘foster cooperation and to exchange information on possible enforcement actions conducted by data protection authorities’.
- The two complaints received by CNIL concern the personal data use by ChatGPT.
- Furthermore, French digital minister, Jean-Noël Barrot declared that ChatGPR is in violation of the GDPR but argues that it still should not be banned.
- In Canada, federal political parties are exempt from federal privacy rules. This means that they can collect and process personal data from Canadian voters with no oversight. Safeguards that are imposed on private companies and most public institutions do not apply to them.
- The liberal government intends to change that and suggests the implementation of a ‘uniform federal approach’ to the data processing of all political parties.
- South Korea’s Supreme Court decided that Google must provide information if it shared the personal data of South Korean citizen with third parties.
- The original complaint alleges that personal data was shared with the US National Security Agency’s PRISM surveillance program.
- ‘The Supreme Court’s decisions […] are in line with South Korea’s recent tendency to take a tough stance on regulatory matters concerning foreign technology giants’
- The ICO welcomes the ambitious approach by the government to AI regulation which is described as ‘pro-innovation’.
- The ICO notes that the white paper should clarify on the respective roles of the government and the regulators in issuing of guidance and advice as a result of the proposals in the AI White Paper.
- The ICO gives guidance on the five principles introduced in the AI White Paper which have been discussed in a previous Monday news update. It says that the principles should be interpreted in a way that is compatible with the data protection principles in the UK GDPR, so that additional burden or complexities for businesses can be avoided.
- Concerns were raised about surveillance and the use of ‘management by algorithm’.
- They also voice worries that the UK government is about to weaken the protection that was provided by the GDPR, since the GDPR was used in a number of cases where employees fought for their rights in the workplace, using the GDPR to bridge ‘the gaps in employment law’.
- The government’s AI white paper was dismissed by campaigners as ‘basically just a bunch of intentions with no firepower behind it’.