blog

FISA Section 702 Reauthorisation Bill Signed Into Law

Introduction  President Biden recently signed into law a bill that reauthorizes Section 702 of the Foreign Intelligence Surveillance Act (FISA) while incorporating reforms to enhance the protection of privacy and civil liberties for Americans.  This legislation has been a focal point for policy and privacy professionals in recent months, sparking discussions about potential amendments to […]

FISA Section 702 Reauthorisation Bill Signed Into Law Read More »

Unveiling the American Privacy Rights Act of 2024

Introduction Representative Cathy McMorris Rodgers (R-Wash.), Chair of the U.S. House Committee on Energy and Commerce, alongside Senator Maria Cantwell (D-Wash.), Chair of the Senate Committee on Commerce, Science, and Transportation, unveiled a groundbreaking legislative proposal on April 7. This initiative aims to establish the United States inaugural comprehensive data privacy law at the federal

Unveiling the American Privacy Rights Act of 2024 Read More »

Exploring and Balancing the Pitfalls of Microsoft Copilot

Microsoft Copilot is a groundbreaking addition to the Microsoft 365 suite, revolutionizing the way users interact with applications such as Teams, Outlook, SharePoint, and OneNote. Positioned as an enterprise-grade generative AI product, Microsoft Copilot harnesses the power of a vast language model and integrates seamlessly with various Microsoft 365 applications, offering unparalleled assistance to enhance

Exploring and Balancing the Pitfalls of Microsoft Copilot Read More »

Enhancing Security: California’s GenAI Risk Assessment Framework (SIMM 5305-F)

Background In response to the imperative need for safeguarding state-owned information assets, protecting privacy, and ensuring the well-being of California’s populace, the Statewide Information Management Manual (SIMM) 5305-F, Generative Artificial Intelligence (GenAI) Risk Assessment has been formulated.  This manual presents a structured risk assessment methodology tailored to assist state entities in comprehensively evaluating the potential

Enhancing Security: California’s GenAI Risk Assessment Framework (SIMM 5305-F) Read More »

EU Commission Faces Scrutiny Over Microsoft 365 Data Breach: EDPS Imposes Corrective Measures

Introduction  An inquiry into the European Union’s utilization of Microsoft 365 has concluded that the Commission violated the bloc’s data protection regulations in its adoption of the cloud-based productivity software. The European Data Protection Supervisor (EDPS) announced its findings through a press release, stating that the Commission breached “several crucial data protection rules while employing

EU Commission Faces Scrutiny Over Microsoft 365 Data Breach: EDPS Imposes Corrective Measures Read More »

New Executive Order Seeks to Protect Americans Sensitive Personal Data

Introduction On February 28, 2024, President Biden signed Executive Order 14117, titled “Preventing Access to Americans’ Bulk Sensitive Data and United States Government-Related Data by Countries of Concern” (EO), marking a significant step in safeguarding national security and personal privacy. This executive action responds to the urgent need to protect Americans’ sensitive personal data and

New Executive Order Seeks to Protect Americans Sensitive Personal Data Read More »

CPPA Releases Latest Draft Regulations on Automated Decision-Making Technology (ADMT) Under CCPA

BACKGROUND – 27TH NOVEMBER, 2023 ADMT DRAFT (OLDER ONE) The California Privacy Protection Agency (CPPA) unveiled its highly awaited draft regulations concerning the utilization of automated decision-making technology (ADMT) on November 27, 2023. Marking a significant development, these draft regulations provide a detailed framework for the oversight of ADMT and artificial intelligence (AI) by the

CPPA Releases Latest Draft Regulations on Automated Decision-Making Technology (ADMT) Under CCPA Read More »

ISO/IEC 42001:2023 as a A Commitment to Trustworthy AI

l. ISO/IEC 42001:2023 On December 18, 2023, the International Organization for Standardization (ISO) published the ISO/IEC 42001:2023 – Information Technology – Artificial Intelligence – Management System standard. ISO/IEC 42001:2023 has been developed by the International Organization for Standardization / International Electrotechnical Commission (ISO/IEC) Joint Technical Committee (JTC) 1, Information technology, Subcommittee (SC) 42, Artificial intelligence.

ISO/IEC 42001:2023 as a A Commitment to Trustworthy AI Read More »

CNIL fined Amazon France Logistique and Yahoo for GDPR Breaches

CNIL fined Amazon France Logistique! Introduction On December 27, 2023, the French Data Protection Authority (CNIL) fined AMAZON FRANCE LOGISTIQUE €32 million. This was due to the company’s use of excessively intrusive technology to monitor employee activities and performance. Furthermore, the corporation was penalised for using video monitoring without giving necessary information or security safeguards.

CNIL fined Amazon France Logistique and Yahoo for GDPR Breaches Read More »

Closing the Gap: California’s Proposal to Bolster Children’s Privacy

Introduction  As children today grow up in an increasingly digital world, their online activities leave behind a trail of data that shapes their digital footprint. Shockingly, by the time a child reaches the age of 13, online advertising firms have already amassed an average of 72 million data points about them. Against this backdrop, the

Closing the Gap: California’s Proposal to Bolster Children’s Privacy Read More »

Brief on Digital Markets Act

About the Act  While general EU competition regulations apply to Big Tech platforms like Apple, Google, Microsoft, and Meta, there have been instances of these digital platforms engaging in unfair activities and abusing their market strength. For example, in June 2023, the EU antitrust commission ordered Google to change its advertising business and accused it

Brief on Digital Markets Act Read More »

Copyright Wars in the AI Age

Introduction In recent legal developments, The New York Times has taken decisive action against OpenAI and Microsoft, filing a complaint in the Southern District of New York on December 27, 2023. The crux of the matter revolves around the alleged utilization of the Times’s copyrighted works in the development of generative artificial intelligence (AI) products,

Copyright Wars in the AI Age Read More »

Pay or consent offering and the legal challenge of free and genuine choice

#inadequate data processing #lawfulness of processing #consent #personalised advertising #digital platforms #competition #dma 2023 had a significant privacy weight for Meta. Regulators from different European countries penalised the Californian technology conglomerate for inadequate data processing practices. The lawfulness of combining data across Meta’s suite of social platforms for personalised advertising purposes, dubbed as super-profiling, was

Pay or consent offering and the legal challenge of free and genuine choice Read More »

The New York Times is suing OpenAI and Microsoft over Copyright Infringements

 Contentions of The Times The New York Times has launched a copyright infringement case against OpenAI and Microsoft. According to the Times, millions of its stories were used to train automated chatbots, notably ChatGPT, without permission. The newspaper claims that these chatbots are now competing with The Times as a source of information, potentially harming

The New York Times is suing OpenAI and Microsoft over Copyright Infringements Read More »

The Impact of GDPR on AI

In a recent publication, the EU Parliament’s research unit delves into the intricate relationship between the General Data Protection Regulation (GDPR) and the realm of Artificial Intelligence (AI). This comprehensive study explores the challenges and opportunities arising from the convergence of these two domains, shedding light on the ways in which law and technology can

The Impact of GDPR on AI Read More »

Unlocking the Power of Explainable Artificial Intelligence (XAI)

In today’s fast-paced world, businesses increasingly rely on artificial intelligence (AI) systems to make decisions that can significantly impact individual rights, human safety, and critical business operations. But how do these AI models derive their conclusions? What data do they use? And can we trust the results they produce? Addressing these critical questions is the

Unlocking the Power of Explainable Artificial Intelligence (XAI) Read More »

Navigating Transparency and Fairness in Employment: The New York City Bias Audit Law

Introduction In an era marked by ever-increasing technological advancements, New York City has taken a pioneering step in ensuring accountability and transparency in the use of automated decision systems, particularly within the realm of employment. The New York City Local Law 144-21, often referred to colloquially as the NYC Bias Audit Law, stands as a

Navigating Transparency and Fairness in Employment: The New York City Bias Audit Law Read More »

Consumer Profiling Audits Unveiled. EDPB and EDPS recommendations on Article 15 in the DMA

Introduction  In today’s digital landscape, consumer profiling techniques have become a central aspect of core platform services offered by tech giants. Recognizing the importance of safeguarding user privacy and promoting fair competition, Article 15 of the Digital Markets Act has introduced a key obligation:    an audit of these profiling techniques This pivotal regulation mandates

Consumer Profiling Audits Unveiled. EDPB and EDPS recommendations on Article 15 in the DMA Read More »

Preparing for Compliance: California’s Draft Cybersecurity Audit Regulations

Introduction  As the California Privacy Protection Agency (CPPA) prepared for its board meeting scheduled for September 8, 2023, the privacy landscape is abuzz with anticipation. This heightened interest stems from the recent release of two pivotal documents by the CPPA: the draft Cybersecurity Audit Regulation and the draft Risk Assessment Regulation. Despite their preliminary status,

Preparing for Compliance: California’s Draft Cybersecurity Audit Regulations Read More »

CCPA’s Draft Assessment Regulation: Preparing your business for compliance

INTRODUCTION In a significant development, the California Privacy Protection Agency (CPPA) recently unveiled a trove of crucial materials on August 28, 2023, laying the groundwork for its upcoming board meeting scheduled for September 8, 2023. Among these materials are two pivotal documents that have garnered substantial attention within the privacy sphere: the draft Cybersecurity Audit

CCPA’s Draft Assessment Regulation: Preparing your business for compliance Read More »

Tighter rules for digital services

Starting with 25th of August 2023 the designated Very Large Online Platforms (VLOPs) and Very Large Online Search Engines (VLOSEs) must comply with the obligations laid down in the Regulation 2022/2065 or otherwise known as the Digital Services Act (DSA). Context The Digital Services Act is an update to the e-Commerce Directive 2000. It regulates:

Tighter rules for digital services Read More »

Regulation laying down harmonized rules on AI and amending certain Union legislative act. Key findings

On April 21, 2021 the EU Commission unveiled the draft Regulation laying down harmonized rules on AI and amending certain Union legislative acts together with a new coordinated plan with Member State. The released draft reveals a comprehensive approach of an area which didn’t benefit of much framing up until the date. The draft comprises a set

Regulation laying down harmonized rules on AI and amending certain Union legislative act. Key findings Read More »

Privacy harms and the importance of preserving the fundamental rights of individuals

Among others, one of the main preoccupations of the GDPR is to safeguard the interests and fundamental rights and freedoms of the data subjects. Understanding and being able to recognize what stands behind these concepts is paramount for any data privacy professional involved in the work of advising their companies on the path of compliance

Privacy harms and the importance of preserving the fundamental rights of individuals Read More »

EU and US reach out to a political agreement on Trans-Atlantic Data Privacy Framework

The political communication.  On March 25th, 2022, the U.S. President Joe Biden, and the European Commission President Ursula von der Leyen announced in a joint press conference that they reached a political agreement on trans-Atlantic data transfers. “We have found an agreement in principle on a new framework for transatlantic data flows. This will enable predictable and

EU and US reach out to a political agreement on Trans-Atlantic Data Privacy Framework Read More »

Safeguarding the Digital Frontier: An overview of India’s Privacy Rights and Digital Data Protection Bill 2023

Introduction. The technological advancements, increasing digitization of the society and the shift of nearly all economic activities and human interactions to online platforms has elevated the importance of data privacy rights. [1] In recent years, many countries have initiated measures to implement data protection requirements, or are actively considering such actions. Likewise, India is also taking initiatives in

Safeguarding the Digital Frontier: An overview of India’s Privacy Rights and Digital Data Protection Bill 2023 Read More »

The Cyber Resilience Act. An atypical legal act in EU product safety legislation

On September 15, 2022, the E.U. Commission published the Cyber Resilience Act (CRA) draft setting out cybersecurity requirements for products with digital elements placed on the internal market and amending Regulation (EU) 2019/1020 on Market Surveillance and Compliance of Products.    To date, software has not been a central part of the E.U. product safety

The Cyber Resilience Act. An atypical legal act in EU product safety legislation Read More »

CNIL publishes draft recommendation on retention of traceability data

This article was first published by the IAPP in the Privacy Advisor  On May 28, France’s data protection authority, the Commission nationale de l’informatique et des libertés, launched a public debate over its draft recommendation relating to terms of retention and use of data logs. According to the CNIL, maintaining data logs is an essential

CNIL publishes draft recommendation on retention of traceability data Read More »

New rules for transborder data flows

Data flows of personal data which are undergoing processing or are intended for processing after transfer to a third-country or to an international organization are allowed only if enforceable data subjects rights and legal remedies to data subjects are available.   Starting with 27th of June 2021 organizations are able to use the European Commission’s long-awaited

New rules for transborder data flows Read More »

Determine and manage privacy risks

Following already long-standing development in the area of innovative technologies the benefits of the digital economy are rooted in personal data collections and flows through a complex data ecosystem. Given the complexity of the digital products, systems and services individuals might find it hard to get their heads around the consequences this innovative technologies and

Determine and manage privacy risks Read More »