This week’s picks coincide with a very important date very near and dear to my heart. Today marks the 100th year of my home country, the Republic of Turkey. Here’s to many, many more!
🤖 Artificial Intelligence
The EDPS recently issued an Opinion on the AI Act as it nears finalization. The Opinion emphasized the EDPS’s role in overseeing AI across EU institutions, with a call for clear demarcations around AI systems that might impinge on individual rights. The opinion includes that all AI systems already on the market or in use should be included in the scope. The Proposal had earmarked EDPS for diverse roles, from notifying bodies to market surveillance, however, the EDPS calls for clearer role definitions and adequate resources—because wearing multiple hats requires a balanced head. Also, a thumbs up from the EDPS for including the right of the AI-impacted to effective judicial remedy. The opinion concludes that the AI Act lacks a precise definition for the duties of AI operators who recalibrate pre-set AI systems or employ continuously learning AI mechanisms. Consequently, the AI Act should determine if these ‘re-trainers’ qualify as providers. The EDPS also calls to adapt the conformity assessment to the effect that an ex ante third party assessment must generally be carried out for high-risk AI systems. Riveting read.
🔏 Data Protection & Privacy
The CJEU ruled that a patient has the right to obtain a first copy of his or her medical records free of charge. The decision comes after a patient challenged his dentist over the costs associated with obtaining a copy of his dental records, referencing German law as the dentist’s defense. The Court clarified that under the GDPR, patients have a right to a free initial copy of their medical records. Subsequent requests can be charged. The dentist, as the controller of the patient’s data, must furnish the first copy without any fee. The patient need not provide reasons for the request. National laws cannot override this GDPR provision, even if they aim to protect the financial interests of healthcare providers. Additionally, patients are entitled to a comprehensive copy of their records, including all relevant medical data. The CJEU certainly didn’t brush over the details.
The FTC amended the Safeguards Rule, now requiring non-banking financial entities to report specific data breaches. Key changes include an obligation for institutions to notify the FTC within 30 days of a breach impacting at least 500 consumers, especially unauthorized access to unencrypted data. These notices must include certain information about the event, such as the number of consumers affected or potentially affected. Institutions should be alert: this amendment takes effect 180 days post its Federal Register announcement. In summary, the FTC’s move accentuates enhanced accountability in data security.
Meta is suing the Norwegian Data Protection Authority (“Datatilsynet”) over its ban on behavior-based marketing. Weekly Picks readers may remember, Datatilsynet had imposed a ban on Meta for carrying out behavioural advertising based on the surveillance and profiling of users in Norway. The ban aimed to enhance user data control, addressing behavioral advertising as a significant privacy risk, especially concerning sensitive data and potentially discriminatory practices.
🛒 E-Commerce & Digital Consumer
TikTok published its first Transparency Report as per the DSA. Per the report, TikTok actively removes harmful content, with over 4 million pieces of content and ads removed in September alone, surpassing user-reported violations. In line with the DSA, a new reporting system saw 35,000 reports in its first month, with 16.3% found to breach local laws. TikTok also claims to be deeply invested in Europe, employing over 5,000 people and ensuring content moderation in all official EU languages, supplemented by languages commonly spoken across the region. In the realm of content control, TikTok claims to not be skipping a beat. Fingers crossed this doesn’t count as a dad joke nowadays
📄 Recommended Readings
Here’s a couple –in no particular order– of recent publications that piqued my interest this week. Remember to grab a cuppa and settle in for some riveting reading.
Arbitrability of Data Protection Disputes: Personal Data, Personalized Justice? by Miloš Novović
Human Creative Contribution to AI-Based Output – One Just Can(’t) Get Enough by Kateryna Militsyna
Disclaimer: I am in no way affiliated with the authors or publishers in sharing these, and do not necessarily agree with the views contained within. I try to include mostly open access publications due to, well you know, accessibility of knowledge and science.
If you have any thoughts or suggestions on how to make this newsletter more enjoyable, feel free to drop a line. Your feedback is always welcome!
Featured image generated using DALL·E 3.
