Welcome to the week of Data Protection- officially this time. Though this week probably marks a first where I don’t ramble on about DP for the majority of the post.
Happy belated data protection day!
🔏 Data Protection & Privacy
28th of January marks Data Protection Day- the anniversary of the Council of Europe’s Convention 108, the first binding international law on individuals’ right to protection of their personal data.
The IAPP published the 2023 Global Legislative Predictions. This document was my highlight of the week. So many jurisdictions, so many different predictions. I am the toddler at the sweets shop.
CJEU issued its decision in C-205/21 re. genetic databases and criminal records. The decision states that the systematic collection of biometric and genetic data of any accused person in order for them to be entered in a police record is contrary to the requirement of ensuring enhanced protection with regard to the processing of sensitive personal data. Cut it out with the blanket laws, essentially.
The Office of the Privacy Commissioner of Canada (“OPC”) found that Home Depot failed to obtain customer consent before sharing personal data with Meta. The company forwarded the information of customers who chose to receive e-receipts to Meta but did not notify the customers due to the risk of “consent fatigue”. Alas, “consent fatigue is not a valid reason for failing to obtain meaningful consent.” – and with you is the quote of the week.
📑 Policy
The European Declaration on Digital Rights and Principles for the Digital Decade has been published in the Official Journal. Here’s a mini mind-map from the first time we caught a glimpse of the Declaration.
🔐 Cybersecurity
European Union Agency for Cybersecurity (“ENISA”) published its report the latest work on how technologies can support personal data sharing in practice. The report zooms in on data sharing practices in the health sector, via third-party services, and on the exercising the rights of data subjects.
🤖 Artificial Intelligence
The National Institute of Standards and Technology of the U.S. (“NIST”) has released its Artificial Intelligence Risk Management Framework (AI RMF 1.0), a guidance document for AI actors with approaches that increase the trustworthiness of AI systems, and the responsible design, development, deployment and use of AI systems over time.
The French Supervisory Authority (“CNIL”) is setting up an AI Department to strengthen its expertise on these systems and its understanding of the risks to privacy while preparing for the implementation of the European regulation on AI. The Department will be proposing initial recommendations on learning databases soon.
AI to be used in the 2024 Paris Olympics for security? Things just got interesting. Apparently, facial recognition has been snubbed, but smart video devices (as a less invasive technology) are still in consideration. Read more, here.
I’ve saved the news we didn’t want to hear for last: DoNotPay has announced that they are withdrawing from the (what we called here) AI as an attorney project for now. Apparently, State Bars have objected and noted that unauthorized practice of law is a misdemeanor punishable up to six months in jail.
🛒 E-Commerce & Digital Consumer
The French General Directorate for Competition, Consumer Affairs and Fraud Control (“DGCCRF”) issued a press release on investigations on influencers. According to the press release, 60% of the influencers targeted randomly by DGCCRF since 2021 did not comply with regulations on advertising and consumer rights. Several procedures have been initiated against non-compliant influencers.
📄 Recommended Readings
Here is a couple of readings that I’d like to share that looked interesting as ever. Sharing is caring, folks.
Murky Consent: An Approach to the Fictions of Consent in Privacy Law by Daniel J. Solove
From privacy to partnership: The role of privacy enhancing technologies in data governance and collaborative analysis by The Royal Society
I am in no way affiliated with the authors or publishers in sharing these, and I try to include mostly open access publications due to, well you know, accessibility of knowledge and science.
