Locations
In this fifth episode from Fieldfisher's Data & Privacy Matters podcast, Nuria Pastor and Sophia Steiger round up the key data and privacy news that has caught their attention throughout May 2024.
First up, they look at legislative updates governing Artificial Intelligence in both the EU and USA. On 21 May, the Council of the EU approved the EU AI Act meaning we are very close to the first global significant piece of AI legislation entering into force. Colorado has also passed a landmark AI bill taking a similar risk-based approach to the EU AI Act.
The episode then looks at recent developments from regulators, following the EDPB's opinion on facial recognition technology to streamline airport passengers' flow to the ICO's strategic approach to regulating AI. Data scraping updates are covered, as the EDPB offers a report from their ChatGPT's taskforce and the Dutch DPA issues guidance on data scraping, stating that it is "almost always illegal".
Last but not least, the recent headlines covering public sector data breaches in the UK are covered, as the Ministry of Defence's payroll system suffered a data breach and the ICO announced their plans to fine the Police Service of Northern Ireland. And we had to cover the update from Finland as the hacker behind the historic Vastaamo hacking case is sentenced.
With the volume of continuous developments in the data and privacy ecosystem, it can be hard to stay on top of the key news stories. This is a must-listen podcast to catch up on notable data and privacy news in the past month and consider what your business or organisation needs to be doing in response.
Sources of the news discussed:
Legislative updates:
- EU AI Act approved - Artificial intelligence (AI) act: Council gives final green light to the first worldwide rules on AI - Consilium (europa.eu)
- Colorado Artificial Intelligence Act - Understanding Colorado Comprehensive Artificial Intelligence Law (natlawreview.com)
EDPB:
- EDPB Opinion on Facial Recognition Technologies - Opinion 11/2024 on the use of facial recognition to streamline airport passengers’ flow (compatibility with Articles 5(1)(e) and(f), 25 and 32 GDPR | European Data Protection Board (europa.eu)
- EDPB Report on ChatGPT Taskforce edpb_20240523_report_chatgpt_taskforce_en.pdf (europa.eu)
ICO updates:
- ICO's update on Snap Inc's "My AI" - We warn organisations must not ignore data protection risks as we conclude Snap ‘My AI’ chatbot investigation | ICO
- Join the Triboo Limited's Appeal - First-tier Tribunal ruling on Join the Triboo appeal | ICO
- ICO's strategic approach to regulating AI - Regulating AI:The ICO’s strategic approach
NIST's AI RMF Generative Profile
- NIST Announcement - AI Risk Management Framework | NIST
- Draft profile - NIST.AI.600-1.GenAI-Profile.ipd.pdf
Data Breaches:
- Ministry of Defence data breach - MoD data breach: UK armed forces' personal details accessed in hack - BBC News
- ICO fines Police Service of Northern Ireland - PSNI facing a £750k fine following spreadsheet error that exposed the personal information of its entire workforce | ICO
- Vastaamo hacker Aleksanteri Kivimäki - Court hands Kivimäki 6-year prison sentence in historic hacking case | Yle News | Yle
Dutch DPA Scraping Guidance
- Dutch DPA statement - AP: scraping almost always illegal | Dutch Data Protection Authority (DPA) (autoriteitpersoonsgegevens.nl)
- Guidance (only available in Dutch) - Handreiking scraping door particulieren en private organisaties.pdf (autoriteitpersoonsgegevens.nl)
ICO Enforcement