France's data protection authority, the Commission nationale de l'informatique et des libertés, fined rental scooter company Cityscoot 125,000 euros for collecting and maintaining a record of vehicles' geolocation data.
The Atlantic reports that while artificial intelligence chatbots are built using data available online, there is "an uncomfortable disparity between who does the work that enables these AI models to function and who gets to control and profit from them." Chatbots are created "by ingesting books and content that have been published on the internet by a huge number of people.
Spain’s data protection authority, the Agencia Española de Protección de Datos, published guidance to help public administrations manage risks around data exchanges.
The state of Arkansas brought lawsuits 28 March against social media companies TikTok and Meta, alleging the companies deceived consumers about children’s safety on their platforms, ABC News reports. In total, two lawsuits were brought against TikTok and its parent company, ByteDance, and another against Meta for alleged violations of the state’s deceptive trade practices act.
Both chambers of the French legislature approved draft legislation to temporarily utilize "intelligent surveillance systems" during the 2024 Paris Olympics and Paralympics, The Associated Press reports. The systems "combine cameras with artificial intelligence software to flag potential security concerns." A human operator would then evaluate if a flagged security concern necessitates action.
The U.K. Regulatory Policy Committee, a government oversight entity, published its opinion on the proposed Data Protection and Digital Information Bill. The RPC's "fit for purpose" opinion examined the impact assessment conducted on the latest draft of the bill, including its amendments for the scientific research exemption, legitimate interest-based processing and use of existing data transfer mechanisms.
In an interview with the Australian Financial Review, Australian Information Commissioner Angelene Falk discussed her office's hopes for pending Privacy Act reforms. Falk called current data handling practices "very complex and difficult to understand," creating the need for improved guardrails that "ensure all personal information handling is fair and reasonable." She added that requiring private and public entities to perform risk assessments and consider privacy before collecting data must become the standard rather than relying on user consent.
Euractiv reports the European Commission published its 2023-2024 work program and budgeting for the Digital Europe Programme. The multiannual plan outlines key technology policy focus areas for the coming years, including 113 million euros dedicated to initiatives on cloud services, data and artificial intelligence. More specifically, the program will work toward improved cloud security, creation of AI Testing and Experimentation Facilities, and open data sharing in various sectors.
The IAPP announced the appointment of a new chair and three additions to its board of directors for 2023. Vodafone Global Privacy Officer Mikko Niva will assume the role of chair while the new directors include Workday Vice President and Chief Privacy Officer Barbara Cosgrove, CIPP/E, Zoominfo Chief Compliance Officer Simon McDougall, CIPP/E, CIPM, CIPT, and Apple Director of User Privacy Erik Neuenschwander. IAPP President and CEO J.
The U.S. Securities and Exchange Commission proposed a new rule and amendments to recordkeeping rules to address cybersecurity risks. The proposal includes requiring regulated companies to immediately notify the commission of a "significant cybersecurity incident," public disclosures to improve transparency and records-retention requirements. The SEC is currently accepting comments on the proposed changes. Full Story