Data Protection News Update 22 April 2024

IGS
April 22, 2024

United Kingdom

ICO reprimands housing association for insufficient data security

The UK Information Commissioner’s Office (ICO) has issued a reprimand to the Clyde Valley Housing Association in Lanarkshire after residents’ personal information was left accessible to others in an online portal.
A resident discovered they could access documents related to anti-social behaviour cases and view personal information about other residents, including names, addresses and dates of birth.
Following a mass email to residents promoting the online portal, four more residents reported the same breach, and the new system was suspended.

ICO publishes guidance to improve transparency in health and social care

The Information Commissioner’s Office (ICO) is supporting health and social care organisations to ensure they are being transparent with people about how their personal information is being used.
The new guidance published provides regulatory certainty on how these organisations should keep people properly informed.
Under data protection law, people have a right to know what is happening to their personal information, which is particularly important when accessing vital services.

United States

Change Healthcare’s new ransomware nightmare goes from bad to worse

Ransomware group RansomHub claims it is selling US citizens medical and financial records following a cyberattack on Change Healthcare in February.
The stolen data allegedly includes medical and dental records, payment claims, insurance details, and personal information like Social Security Numbers and email addresses.
Threat analyst Brett Callow stated that it is likely an attempt to collect additional ransom payments from the health care companies involved in the breach, and less about actually selling the personal data of individuals.
Change Healthcare has faced mounting losses since the ransomware attack, and recently reported that they have spent USD $872 million responding to the incident as of 31^st March.

House passes bill to limit personal data purchases by law enforcement, intelligence agencies

The US House of Representatives passed the “Fourth Amendment is Not for Sale Act,” which bars law enforcement and intelligence agencies from buying personal information from data brokers without obtaining a search warrant.
However, the Office of Management and Budget issued a statement on behalf of the White House opposing the Bill, and another statement supporting the House Bill to re-authorise Section 703 of Foreign Intelligence Surveillance Act.
Privacy advocates cheer the Bill’s passage, after arguing that the government’s purchase of large quantities of personal information via commercial companies and third-party data collectors represented an end-around the US Constitution’s Fourth Amendment.

Europe

EDPB opinion on legality of pay-or-consent models in EU GDPR context

The European Data Protection Board (EDPB) issued a highly anticipated opinion on Wednesday.
The opinion stated that large online platforms implementing pay-or-consent models will, “in most cases,” not comply with the EU General Data Protection Regulation which requires obtaining valid consent for processing personal data.
While the opinion only applies to large online platforms, the EDPB stated it would issue further guidance later this year on pay or consent to smaller platforms.
The decision is non-binding and either Ireland’s Data Protection Commission, or the three data protection authorities that referred the matter (the Dutch, Norwegian, and Hamburg authorities), will issue their final decision on the legality of pay-or-consent models in the context of the GDPR, furthering their investigation of Meta.

Data Act explained

The European Commission has published guidance on the Data Act.
The law raises rules on who can access and use data generated in the EU across all economic sectors while establishing the conditions upon which public sector entities can obtain data from businesses “where there is an exceptional need.”

International

Google finds AI agents pose fresh ethical challenges

A Google DeepMind report found that artificial intelligence assistants could pose ethical problems if they contain bias and if their purpose is misaligned with a given use case.
As AI agents become more human-like and personalised, they become more helpful, but they also make people vulnerable to inappropriate influence, which introduces new issues around trust and privacy.
Researchers found that as AI becomes more able to give advice, it raises questions about how the model makes those determinations.

China orders Apple to remove popular messaging apps

China ordered Apple to remove some of the world’s most popular chat messaging apps from its app store in the country, the latest example of censorship demands on the iPhone seller in the company’s second-biggest market.
The Cyberspace Administration of China ordered WhatsApp, Signal and Telegram to be removed for national security reasons.
An individual familiar with this decision stated that it was due to political content that is shared on the apps, which Apple disputed.

Two Conceptions of Algorithmic Fairness: The Case of Generative AI

Algorithmic fairness is perhaps one of the most cited values when people talk about AI ethics. However, there is also deep disagreement about what it

Data Protection News Update 29 April 2024

United Kingdom ICO fines two companies a total of £340,000 for making aggressive and unwanted marketing calls Grindr facing UK data lawsuit for allegedly sharing

Data Protection News Update 15 April 2024

United Kingdom Information Commissioner’s Office seeks views on accuracy of generative AI models United States US Senator says TikTok divestiture deadline could be extended to