Lord Clement-Jones has introduced a Public Authority Algorithmic and Automated Decision-Making Systems Private Members’ Bill (Bill) into the House of Lords. Currently at the second reading stage, the Bill addresses increasing reliance on AI and algorithmic systems by public authorities in the UK, and aims to mitigate the potential risks associated with their use. The
Latest from Data Protection Report - Page 4
Don’t throw the AI baby out with the data leakage bath water: Reading “AI Snake Oil” with a spirit of optimism
The privacy-cyber world seems preoccupied with issues related to the nexus between personal data and AI. Those issues, although important, are dwarfed by a more pressing and fundamental question: can we get AI to do useful things reliably and accurately in the realm of predicting significant human outcomes, such as health, criminal propensity, credit risk,
New York Department of Financial Services addresses cybersecurity risks from artificial intelligence
On October 16, 2024, the New York Department of Financial Services (“NYDFS” or “DFS”) issued guidance raising awareness about combatting cybersecurity risks arising from artificial intelligence (“AI”) used by DFS licensees, such as insurers and virtual currency businesses. Risks revolve around both threat actors’ use of AI offensively and businesses’ increasing AI reliance. The short
California and Artificial Intelligence Watermarking Law
On September 19, 2024, California enacted another law relating to artificial intelligence, this time relating to watermarking. The new law (SB 942) requires making certain AI detection tools available at no cost to users. The new law does not take effect until January 1, 2026.
AI Detection Tools (SB 942)
This bill, the
Announcing NT Analyzer 2.0: Combating Privacy Risks, Powered by AI
NT Analyzer Refresher: Why Network Traffic Analysis?
Keeping track of where all the data is going can be devilishly difficult for companies, given the increasingly data-centric economy, massive changes in browser/mobile platforms, and the necessary use of a variety of modularized services and hosted solutions to make any website or mobile app function properly. All of
Lessons on international transfers to the US to organisations caught by the GDPR
The Dutch data protection authority, the Autoriteit Persoonsgegevens (AP) announced a fine of €290 million on Uber Technologies Inc. (UTI) and Uber B.V.,(UBV) (together Uber) with press releases in Dutch and English. The fine relates to the transfer of drivers’ personal data to the US. Uber has announced that it will appeal the fine.
Recent regulatory developments in training AI models under the GDPR
In 2024, many organisations have been eager to look at how they can use the data they hold to debut or build on their artificial intelligence (AI) programme. Many are looking to use that data to train AI models, or fine-tune third-party models. That data will almost certainly include personal data, meaning that the processing
EDPB opines on the use of facial recognition in airports
Co-written by Swaathi Balajawahar, Trainee Solicitor
Introduction
On 23 May 2024, the European Data Protection Board (EDPB) issued Opinion 11/2024 on the use of facial recognition to streamline airport passengers’ flow (the Opinion). The Opinion considered the use of facial recognition technology (FRT) by airport operators and airline companies for the purpose of streamlining passenger
Ontario government introduces new bill for strengthening cybersecurity and for responsible AI
The Government of Ontario recently introduced the Strengthening Cyber Security and Building Trust in the Public Sector Act, 2024 (Bill 194) seeking to strengthen cybersecurity programs in the public sector and provide the groundwork for the responsible use of artificial intelligence (AI) among various public sector entities. If passed, Bill 194 will enact the Enhancing
The EU AI Act – the countdown begins
The EU AI Act was entered into the EU’s statute books on July 12, 2024. A transition period will begin from 1 August when it enters into force. The geographic scope is very broad, with obligations falling on organisations using or involved in the supply of AI in the EU and organisations operating outside the