Weekly Newsletter: 28 June – 2 July 2021
GDPR EU Representative

July 5, 2021

Will the proposed EU AI rules become the GDPR for biometrics? 

[#ArtificialIntelligence #Biometrics #Technology #EU]

“After several high-profile cases, it’s understandable that governments would want to start regulating artificial intelligence (AI), and biometric technology in particular. The Clearview AI scandal has shown that people are really ‘not OK’ with the knowledge that companies scraped the internet for private images in order to train a facial recognition AI solution they then turned around and sold to law enforcement agencies. […]

[…] In its current form, the AIA looks similar to GDPR in what it seeks to accomplish: a means to give end-users a way to control the collection and use of their personal data and digital likeness. In a word: transparency. […]

From an industry standpoint, a common set of regulations governing the use of AI would be a great way to reduce friction when introducing biometrics-based solutions to different markets across large markets like the EU constituent countries and fifty U.S. states. “

To read more: Click here


Data protection: Commission adopts adequacy decisions for the UK 

[#EUCommission #AdequacyDecision #UKadequacydecision #UKGDPR] 
BREAKING NEWS: “Commission adopts adequacy decisions for the UK”

The Commission has today adopted two adequacy decisions for the United Kingdom – one under the General Data Protection Regulation (GDPR) and the other for the Law Enforcement Directive.

Personal data can now flow freely from the European Union to the United Kingdom where it benefits from an essentially equivalent level of protection to that guaranteed under EU law.

[…] Both adequacy decisions include strong safeguards in case of future divergence such as a ‘sunset clause’, which limits the duration of adequacy to four years.”

Read the press release here

Data for 700M LinkedIn Users Posted for Sale in Cyber-Underground

[#Linkedin #Databreaches #Hackers] 
“After 500 million LinkedIn enthusiasts were affected in a data-scraping incident in April, it’s happened again – with big security ramifications. […]

Analysts from Privacy Sharks stumbled across the data put up for sale on RaidForums by a hacker calling himself “GOD User TomLiner.” The advertisement, posted June 22, claims that 700 million records are included in the cache, and included a sample of 1 million records as “proof.” […]

According to LinkedIn, no breach of its networks has occurred this time, either. […] The good news is that credit-card data, private message contents and other sensitive information is not a part of the incident, from Privacy Shark’s analysis. That’s not to say there aren’t serious security implications though.”

To read more: Click here

EU approves UK data flows deal

[#UKAdequacy #GDPR #UnitedStates] 
“The adequacy decision, as the data flows deal is known, will allow personal data to be transferred from the EU to the U.K., avoiding a no-deal scenario that could have cost the British economy as much as £1.6 billion. […]

Despite the announcement, the decision has faced heavy criticism from European lawmakers, regulators and privacy activists, who argue that the U.K.’s surveillance rules and exemptions for immigrants merited further scrutiny from Brussels. Responding to concerns, Commission Vice President Věra Jourová said Brussels had baked in safeguards that allow it to intervene if Britain diverges too far from EU data protection standards. […]

U.K. adequacy is likely to come under intense scrutiny in the coming months and years, with several campaigners preparing legal cases against the decision, inspired by successful challenges against similar data flows deals with the United States.”

To read more: Click here

To Protect Consumer Data, Don’t Do Everything on the Cloud

[#Cybersecurity #Cloud #DataCollection] 
When collecting consumer data, there is almost always a risk to consumer privacy. Sensitive information could be leaked unintentionally or breached by bad actors. For example, the Equifax data breach of 2017 compromised the personal information of 143 million U.S. consumers. Smaller breaches, which you may or may not hear about, happen all the time. As companies collect more data — and rely more heavily on its insights — the potential for data to be compromised will likely only grow. […]

Furthermore, technology has offered us all the tools we need to safeguard privacy without impacting business intelligence. By leveraging edge computing and AI technologies, companies may apply the design choices of sufficiency, aggregation, and alteration at the data collection stage. With a carefully designed architecture, we may obtain the desired insights and secure the privacy of consumers’ data at the same time. Contrary to conventional wisdom, we can have our (privacy) cake and eat it too.”

To read more: Click here

Why Brussels went easy on Britain in its data deal 

[#UKAdequacy #EUDataTransfers #EuropeanCommission] 
“Afraid of appearing too difficult, the European Commission pressured regulators and MEPs to sign off on a data flows agreement. […]

The Commission wrote to the regulators in an email obtained by POLITICO that if their own “critical opinions” are adopted “without being significantly rebalanced,” this will “show that our model is not credible as a global solution and that adequacy is basically ‘mission impossible’ if even a former Member State that has decided to essentially keep the same data protection rules is not considered adequate.” […]

Washington’s data flows negotiator Chris Hoff suggested the EU’s model is outdated. “There have been 13 adequacy decisions in the past 26 years and one [for the U.S.] keeps getting knocked down. So interoperable frameworks … have to be the future.” A senior EU official hit back, dismissing the comments as “just a fancy way of saying please allow the free flow of data, whatever the safeguards in the country of destination.”

To read more: Click here

German privacy tsar tells ministries to shut Facebook pages

[#PersonalData #Germany #Facebook] 
“German government organisations have until the end of the year to close their Facebook (FB.O) pages after the data protection commissioner found the social network had failed to change its practices to comply with German and European privacy laws. In a letter to government departments and agencies earlier this month, commissioner Ulrich Kelber said Facebook had provided no way to run pages for institutions, whose feed users can subscribe to by clicking “like”, in an EU-compliant way. […]

The German government’s official Facebook page has over a million followers, and the platform has become an increasingly important tool for reaching citizens who are less likely than in the past to follow the mass media where governments advertise. […]

“Given the continuing violation of personal data protection, there is no time to waste,” Kelber wrote to the government organisations. “If you have a fan page, I strongly recommend you switch it off by the end of the year.””

To read more: Click here

Hoff: EU, US ‘not at the beginning’ of Privacy Shield negotiations

[#EUdatatransfers #Privacyshield #UnitedStates] 
“During an IAPP LinkedIn Live event, U.S. Department of Commerce Deputy Assistant Secretary for Services Christopher Hoff, CIPP/E, CIPP/US, CIPM, offered a window into the progress on the Privacy Shield talks, assuring privacy professionals the negotiations between the European Union and U.S. are not stuck at the starting line. […]

“I definitely would assuage anyone’s fears that we are at the beginning of this negotiation. We are not at the beginning of this negotiation,” said Hoff. […]

The summit between the EU and U.S. recently concluded, which included the creation of the EU-U.S. Trade and Technology Council. While the trade council may have been top story, Hoff said Privacy Shield negotiations were a major part of the summit talks.”

To read more: Click here