United Kingdom
Northern Ireland police face £750,000 fine after data protection blunder put lives at risk
- Northern Ireland’s police service faces a £750,000 fine from the data protection regulator after mistakenly disclosing the names of all serving officers and staff in a spreadsheet published online.
- The data breach by the Police Service of Northern Ireland (PSNI) is described as the most significant in the history of UK policing.
- The Information Commissioner said the breach had led to police employees having to move house or cut themselves off from family members because of “tangible concerns of loss of life.”
- The Information Commissioner’s Office (ICO) has provisionally found the PSNI’s internal procedures and sign-off protocols for the safe disclosure of information to be inadequate.
- An enforcement notice has been issued requiring the police service to improve the security of personal information when responding to FOI requests.
Britain’s AI safety institute to open US office
- Britain’s Artificial Intelligence (AI) safety institute will open an office in the United States, hoping to foster greater international collaboration on the regulation of a fast-moving technology.
- Government officials have shared that the institute’s new office in San Francisco would open this summer, recruiting a team of technical staff to complement the organisations work in London and strengthen ties with its US counterpart.
- Britain’s technology minister, Michele Donelan, said that “opening our doors overseas and building on our alliance with the US is central to my plan to set new, international standards on AI safety.”
- In June 2023, the Information Commissioner’s Office (ICO) launched an investigation into Snap Inc’s launch of the ‘My AI’ chatbot following concerns that Snap had not met its legal obligation to adequately assess the data protection risks posed by the new chatbot.
- The investigation resulted in Snap taking significant steps to carry out a more thorough review of the risks posed by ‘My AI’ and demonstrate that appropriate mitigations have been implemented.
- The ICO are now satisfied that Snap has undertaken a risk assessment relating to ‘My AI’ that is compliant with data protection law and will continue to monitor the rollout of ‘My AI’ and how emerging risks are addressed.
United States
Proposed American Privacy Rights Act clears US House subcommittee
- The proposed American Privacy Rights Act is on the move in the US House legislative process, but the pressure points among key lawmakers are becoming clearer and more present.
- The US House Committee on Energy and Commerce Subcommittee on Data, Innovation and Commerce approved the updated APRA draft, advancing the Bill to full committee consideration.
- Despite the approval, subcommittee members were more candid during the mark-up regarding specific reservations they have on the Bill.
- Arguably, the biggest change to the latest APRA proposal was the inclusion of the Children’s and Teens’ Online Privacy Protection Act, which was tacked on to the end of the Bill instead of having a more detailed incorporation.
Europe
EU data protection board says ChatGPT still not meeting data accuracy standards
- A task force at the European Union’s privacy watchdog stated that OpenAI’s recent effort to mitigate the risk of its famous chatbot producing factually false output were not enough to ensure compliance with EU data rules.
- “Although the measures taken in order to comply with the transparency principle are beneficial to avoid misinterpretation of the output of ChatGPT, they are not sufficient to comply with the data accuracy principle,” stated the task force.
- The joint investigation conducted by national EU privacy watchdogs is still ongoing.
International
Australia takes Singtel-owned Optus to court over 2022 cyber attack
- Australia’s media regulator is taking legal action against telecom carrier Optus, owned by Singapore Telecommunications, over a cyber attack it faced in September 2022.
- In September 2022, Optus faced a massive data breach which exposed customers’ personal information, including home addresses, passport, and phone numbers.
- About 10 million Australians (40% of the population), are Optus customers and could not use smartphones, broadband internet, or landlines for much of the day of the breach.
- The Australian Communications and Media Authority is alleging that Optus Mobile failed to protect the confidentiality of personally identifiable information of its customers from unauthorised interference or unauthorised access.
South Korea, UK to host AI summit in Seoul as risks mount
- South Korea and Britain will host a global AI summit in Seoul this week, as the breathtaking pace of innovation since the first AI summit in November last year leaves governments scrambling to keep up with a growing array of risks.
- British Prime Minister Rishi Sunak and South Korean President Yoon Suk Yeol will oversee a virtual summit on Tuesday, amid calls for better regulation of artificial intelligence despite disagreements over how the technology may affect humanity.
- The AI Seoul Summit will discuss three priorities – AI safety, innovation, and inclusion, according to the Summit’s website.
- Leaders of group of Seven (G7) major powers, Singapore and Australia have been invited, and China will attend the Summit’s ministerial session, states a South Korean presidential official.
