fbpx

Download free GDPR compliance checklist!

Tag Archives for " guidance "

IAB issues guidelines on AI in marketing

The Interactive Advertising Bureau (IAB) has issued a guidance on the use of artificial intelligence (AI) in marketing.

IAB guide is designed to help brand marketers and their agencies identify the opportunities that artificial intelligence and machine learning present, the range of options available, and some recent best practices for applying AI to marketing and advertising. It provides real-world examples of AI marketing and the results delivered by such use.

Read guidance: IAB Artificial Intelligence
in Marketing

UK ICO Issues Draft Guidance on Explaining Decisions Made by AI

The UK’s Information Commissioner’s Office (“ICO”) has issued and is consulting on draft guidance about explaining decisions made by AI. The ICO prepared the guidance with The Alan Turing Institute, which is the UK’s national institute for data science and artificial intelligence.

The guidance sets out key principles to follow and steps to take when explaining AI-assisted decisions — including in relation to different types of AI algorithms — and the policies and procedures that organizations should consider putting in place.

Guidance is out for consultation until January 24 2020.

Acces ICO AI guidelines.

UK ICO publishes new guidance on special category data

On November 14, 2019, the UK Information Commissioner’s Office (ICO) published detailed guidance on the processing of special category data.

The guidance sets out

  • what are the special categories of data,
  • the rules that apply to the processing of special category data under the General Data Protection Regulation (GDPR) and UK Data Protection Act 2018 (DPA);
  • the conditions for processing special category data; and
  • additional guidance on the substantial public interest condition, including what is an “appropriate policy document”.

Source: UK ICO publishes new guidance on special category data

European cities share 10 principles for using citizen data

The guidelines outline key principles for using citizen data responsibly. They were developed with and includes real-world examples from several European cities.

The cities of Bordeaux, Barcelona, Debrecen, Edinburgh, Eindhoven, Florence, Ghent, Helsinki, Manchester, Rijeka and Zaragoza collaborated on the guidelines.

This data is discussed in the context of being traced, collected, measured, stored, used, managed and processed by both public and private entities.

Source: European cities share 10 principles for using citizen data – Smart Cities World

French Supervisory Authority publishes guidance on facial recognition

On November 15, 2019, the French Supervisory Authority (CNIL) published guidance on the use of facial recognition. The guidance is primarily directed at public authorities in France that want to experiment with facial recognition.

The guidance warns that this technology risks leading to biased results and sets out three general requirements for deploying facial recognition on an experimental basis.

First, facial recognition can only be used if there is an established need to implement an authentication mechanism that ensures a high level of reliability, and there are no other less intrusive means that would be appropriate. Second, the experimental use of facial recognition must respect the rights of individuals. Third, the use of facial recognition on an experimental basis must have a precise timeline and be based on a rigorous methodology setting out the objectives pursued and the criteria for success.

Source: French Supervisory Authority publishes guidance on facial recognition

Spanish Supervisory Authority and EDPS release guidance on hashing for data pseudonymization and anonymization purposes

On November 4, 2019, the Spanish Supervisory Authority (“AEPD”), in collaboration with the European Data Protection Supervisor, published guidance on the use of hashing techniques for pseudonymization and anonymization purposes. In particular, the guidance analyses what factors increase the probability of re-identifying hashed messages.

The guidance provides examples of how controllers can make the re-identification of hashed messages more difficult. These examples include encrypting the message (prior to hashing), encrypting the hash value, or adding “salt” or “noise” (i.e., a random number) to the original message.

Source: Spanish Supervisory Authority and EDPS release guidance on hashing for data pseudonymization and anonymization purposes

EDPB Issues Final Guidelines on ‘Necessary for the Performance of a Contract’ Legal Basis

The European Data Protection Board has issued issued final guidelines on the “necessary for the performance of a contract” legal basis for processing data under the General Data Protection Regulation (GDPR).

To use this legal basis, you need to show:

  • The processing is carried out in the context of a valid contract with the individual.
  • The purpose for the processing in question is clearly specified and communicated to the relevant individual, in line with the company’s purpose limitation and transparency obligations (even if not in the body of the contract).
  • The processing needs to be objectively necessary to achieve this particular purpose.
  • There are no realistic, less intrusive processing alternatives.

Source: EDPB Issues Final Guidelines on ‘Necessary for the Performance of a Contract’ Legal Basis

U.S. Chamber of Commerce Releases Principles on Artificial Intelligence

The U.S. Chamber’s Technology Engagement Center and Center for Global Regulatory Cooperation recently released a set of ten principles essential for attaining the full potential of AI technologies.

The principles, drafted with input from more than 50 Chamber member companies, stress the importance of creating a sensible and innovation-forward approach to addressing the challenges and opportunities presented by AI.

Source: U.S. Chamber of Commerce Releases Principles on Artificial Intelligence

CoE launches public consultation on human rights impact of algorithmic systems

The Steering Committee on Media and Information Society (CDMSI) of the Council of Europe has published draft recommendation on the human rights impacts of algorithmic systems  and invites comments from the public.

Draft recommendation outlines that private sector actors should actively engage in participatory processes with consumer associations and data protection authorities for the design, implementation and evaluation of their complaint mechanisms, including collective redress mechanisms.

In addition, private sector actors must adequately train the staff involved in the review of algorithmic systems on, among other things, applicable personal data protection and privacy standards.

Source: Have your say on the draft recommendation on the human rights impacts of algorithmic systems! – Newsroom

The ICO Updates Its Data Sharing Code of Practice

On 9 July 2019 the UK data protection authority (ICO) updated its Data Sharing Code of Practice (first published in 2011).

The Code is publicly available for consultation until 9 September 2019. Once finalised, the Code will become a statutory code of practice under the DPA. Non-compliance with the code will likely be considered non-compliance with data protection laws.

Source: The ICO Updates Its Data Sharing Code of Practice

1 2 3 34
>