Data Protection News Update 19 June

IGS
June 19, 2023

United States

Google forced to postpone Bard chatbot’s EU launch over privacy concerns

Google’s generative AI tool ‘Bard’ will not debut in the EU until the company satisfies the privacy concerns raised by Ireland’s Data Protection Commission.
The Irish DPC has said that the tech grant has failed to provide sufficient information regarding how Bard will protect European’s privacy, to justify an EU launch.
Since March, Google has rolled out its competitor to ChatGPT in 180 countries, including both the US and the UK.
It has stayed away from EU countries.

The US intelligence community pushes for reauthorization of FISA Section

FISA Section 702 is the law permitting the US government to conduct targeted surveillance of foreign persons located outside the US.
Officials from US intelligence agencies backed the reauthorization of this law ahead of a USA Senate subcommittee hearing on Tuesday.
One such official stated that ‘(…) more sweeping proposals [to FISA 702] (…) would force the government to turn a blind eye to threat information (…) with potentially grave consequences to our nation’s security’.
This can be seen as a response to a letter from CDT and Rights Groups that urged reform of the law.

Google may face an EU break-up order over its anti-competitive AdTech practices

The European Commission plans to file an antitrust complaint aimed at breaking up Google’s AdTech business.
This will likely require Google to sell many of its AdTech tools, many of which are driven by data collection and profiling.
This comes after the European Commission opened an investigation two years ago, looking into how Google favours its own advertising services.
This poses high stakes for Google, as its advertising business accounted for 79% of its total revenue last year.

Europe

T he Swedish Privacy Authority has fined Spotify SEK58 million for violation of GDPPR transparency principle

The fine, equivalent to just over 4 million pounds, stems from Spotify’s insufficient response to data access requests.
According to the authority, Spotify responds to data access requests but “does not inform clearly enough about how this data is used by the company”.

The European Parliament has adopted its position on the AI Act with overwhelming majority

Now, interinstitutional negotiations are the last step before the world’s first comprehensive law on AI.
The Act introduces a tiered approach for AI models that do not have a specific purpose, and a stricter regime for foundation models on which other AI systems can be built.
It also prohibits practices such as biometric categorization, predictive policing, and emotion recognition software in law enforcement, border management, workplace and education.

International

Nigeria’s president Tinubu has signed Data Protection Bill into law

The Act creates the Nigeria Data Protection Commission, replacing the Nigeria Data Protection Bureau.
To head the Commission, a National Commissioner will be appointed, to be responsible for the daily administration and execution of its policies will be appointed for a term of four years, renewable once.
Part of the mandates of the Commission includes fostering the ‘development of personal data protection technologies, in accordance with recognized international good practices’.

Singapore identifies Hallucinations as one of the key risks of generative AI

A report from Singapore’s Infocomm Media Development Authority identifies the top risks of generative AI and proposes a framework to address them.
In addition, it has established a foundation that seeks to develop test toolkits to mitigate the risks of adopting AI.
According to the report, some of the key risks of generative AI are hallucinations, accelerated disinformation, copyright challenges and embedded biases.

United Kingdom

ICO warns businesses should not be blind to risks of AI

The ICO warns it will check whether businesses have addressed the privacy risks of generative AI before adopting the technology.
The authority reiterates that organizations must also check whether they are a controller or processor of personal data, prepare a DPIA, work out how to limit unnecessary processing and decide how to comply with individual rights requests.
Organizations also need to assess whether generative AI would make solely automated decisions.

BA, BBC and Boots have been hit with cyber security breach with contact and bank details exposed

The BBC, British Airways, Boots and Aer Lingus have all fallen prey to a cyber-attack by a ransomware group named Clop.
The group have claimed that victims who refuse to pay a ransom will be named and shamed on the group’s website.
The incident arose from a vulnerability in the MOVEit Transfer software, used by all the companies, which was exploited by Clop.

Data Protection News Update 14 May 2024

United Kingdom Organisations must do more do more to combat the growing threat of cyber attacks Northern Ireland police obtained reporters’ phone data, tribunal hears

Data Protection News Update 07 May 2024

United Kingdom Information Commissioner: Persistent sensitive information breaches failing people living with HIV OnlyFans faces UK investigation into age-verification measures United States UnitedHealth CEO tells

Two Conceptions of Algorithmic Fairness: The Case of Generative AI

Algorithmic fairness is perhaps one of the most cited values when people talk about AI ethics. However, there is also deep disagreement about what it

Data Protection News Update 29 April 2024

United Kingdom ICO fines two companies a total of £340,000 for making aggressive and unwanted marketing calls Grindr facing UK data lawsuit for allegedly sharing