Free tools and resources for Data Protection Officers!

Tag Archives for " law "

This Is What the Future of A.I. Regulation Could Look Like

The German Data Ethics Commission has produced a series of recommendations for regulating algorithms and artificial intelligence. Its ideas will likely influence new EU rules.

The commission insisted that algorithmic systems should be designed safely, to respect people’s rights and freedoms, protect democracy, be secure, and avoid bias and discrimination.

It said systems presenting a significant risk of harm, such as those that show different people different prices based on their profiles, should in some cases require licensing. And systems with an “untenable potential for harm”—killer robots, for example—should be banned outright.

Source: This Is What the Future of A.I. Regulation Could Look Like | Fortune

EDPB Issues Final Guidelines on ‘Necessary for the Performance of a Contract’ Legal Basis

The European Data Protection Board has issued issued final guidelines on the “necessary for the performance of a contract” legal basis for processing data under the General Data Protection Regulation (GDPR).

To use this legal basis, you need to show:

  • The processing is carried out in the context of a valid contract with the individual.
  • The purpose for the processing in question is clearly specified and communicated to the relevant individual, in line with the company’s purpose limitation and transparency obligations (even if not in the body of the contract).
  • The processing needs to be objectively necessary to achieve this particular purpose.
  • There are no realistic, less intrusive processing alternatives.

Source: EDPB Issues Final Guidelines on ‘Necessary for the Performance of a Contract’ Legal Basis

EBF publishes proposals on Cyber incident reporting

In order to ensure that financial institutions are able to quickly and effectively report cyber incidents without at the same time sacrificing a proper incident management and recovery process, The European Banking Federation (EBF) published its proposals on cyber incident reporting.

In particular EBF makes the following proposals for supervisors and regulators:

  • Establish a central reporting and coordination hub in each Member State;
  • Harmonise reporting thresholds and create a common taxonomy for cyber security incidents;
  • Foster public-private real-time collaboration between regulators, supervisors, law enforcement, financial institutions and other cross-sectoral infrastructure actors;
  • Further involve national CERTs in information sharing;
  • Introduce a regular bi-directional information flow between regulators/ supervisors and the industry.

Full report: EBF position on Cyber incident reporting

U.S. Using Trade Deals to Shield Tech Giants From Foreign Regulators

The Trump administration has begun inserting legal protections into recent trade agreements that shield online platforms like Facebook, Twitter and YouTube from lawsuits, a move that could help lock in America’s tech-friendly regulations around the world even as they are being newly questioned at home.

The administration’s push is the latest salvo in a global fight over who sets the rules for the internet. While the rules for trading goods have largely been written — often by the United States — the world has far fewer standards for digital products. Countries are rushing into this vacuum, and in most cases writing regulations that are far more restrictive than the tech industry would prefer.

Source: U.S. Using Trade Deals to Shield Tech Giants From Foreign Regulators – The New York Times

Centrist Democratic Lawmakers Back Pro-Business Privacy Law

A group of more than 100 centrist Democratic House lawmakers is throwing its weight behind a privacy bill that has been praised by alliances of software and internet giants.

The bill would allow consumers to opt out of the collection, storage and sharing of their data. It would require companies to get consumers to approve any use of sensitive data such as financial or health information and oblige companies to furnish “plain language” privacy policies.

Source: Centrist Democratic Lawmakers Back Pro-Business Privacy Law – Bloomberg

Amazon Calls for Government Regulation of Facial Recognition Tech

Amazon said it believes that governments should act to regulate the use of facial recognition technology to ensure it is used appropriately.

The company said it will back US federal privacy legislation “that requires transparency, access to personal information, ability to delete personal information, and that prohibits the sale of personal data without consent.”

Source: Amazon Calls for Government Regulation of Facial Recognition Tech | SecurityWeek.Com

Amazon is writing facial recognition law

Amazon’s Chief Executive Jeff Bezos said the company’s public policy team is working on proposed regulations around facial recognition, a fledgling technology that has drawn criticism of the technology giant’s cloud computing unit.

Critics have pointed to technology from Amazon and others that struggled to identify the gender of individuals with darker skin in recent studies. That has prompted fears of unjust arrests if the technology is used by more law enforcement agencies to identify suspects.

Source: Amazon CEO says company working on facial recognition regulations – Reuters

New US ransomware bill passed

The US Senate has passed a bill that is aimed to protect public institutions like schools and law enforcement, from ransomware.

The DHS Cyber Hunt and Incident Response Teams Act would authorise the Department of Homeland Security (DHS) to create teams to help both private and public entities defend against attacks.

Additionally the cyber hunt and incident response teams, will provide support and technical advice, as well as provide incident response assistance.

Source: #Privacy: New US ransomware bill passed

Ecuador Is Latest Country to Consider GDPR-like Privacy Law

Ecuador is considering a GDPR – like privacy law. A massive data breach in Ecuador has sparked a new push to pass data protection legislation that would mirror the European Union’s privacy regime.

The National Assembly is debating a bill that allows citizens to access, correct, eliminate and oppose the use of their personal data and sets up a new data protection authority to enforce the law and sanction bad actors.  President Lenin Moreno sent the bill for debate shortly after the personal data of 20 million Ecuadorians was discovered on a server in Miami earlier this month.

Source: Ecuador Is Latest Country to Consider GDPR-like Privacy Law

Germany approves “numerous adaptations to German data protection regulations”

The Federal Council (‘Bundesrat’) announced, on 20 September 2019, that it had approved several amendments to the draft law on the adaptation of data protection legislation in relation to the General Data Protection Regulation (GDPR) and the Data Protection Directive with Respect to Law Enforcement (‘the Law Enforcement Directive’).

The Amendments outline, among other things, that the obligation to appoint a data protection officer (DPO) will apply to companies with at least 20 employees, and that employees’ consent to data processing will have to be provided in writing or electronically. The Draft Law will now pass to the President of the Federal Government for signing, and will come into force the day after its promulgation.

Source: Germany: Bundesrat approves “numerous adaptations to German data protection regulations”