Portugal's National Data Protection Commission fined the National Institute of Statistics 4.3 million euros for five violations of the EU General Data Protection Regulation related to the 2021 census.
Cyber events are global issues that manifest in many ways and generally impact several countries simultaneously. It is critical to understand the requirements and procedures set by varying jurisdictions to ensure compliance and, at the same time, the security of personal data and data subjects. Mayer Brown Senior Counsel Cristiane Manzueto examines the cyber incident notification requirements in Argentina, Brazil, Colombia and Mexico.Full Story
After trying artificial intelligence-powered avatar application Lensa, MIT Technology Review Senior Reporter Melissa Heikkila said it produced nonconsensual explicit photos of her. Heikkila reported Lensa generates avatars using open-source AI model Stable Diffusion that was built from LAION-5B, which is a data set containing scraped images from the internet.
MediaPost reports 23 consumer advocacy groups wrote to U.S. House Speaker Nancy Pelosi, D-Calif., calling for a floor vote on the proposed American Data Privacy and Protection Act in the final legislative window of 2022. The groups indicated a "narrow window" is available and "the time is now to pass a comprehensive federal privacy law." Public Knowledge Senior Policy Counsel Sara Collins said a House approval would likely be "overwhelmingly bipartisan," which could "change the calculation" for Senate consideration.
New compromise amendments to the Artificial Intelligence Act, excluding general-purpose AI from high-risk systems, have been released, Euractiv reports. The 10th round of compromise amendments is expected to be discussed Dec. 14. AI systems are considered high risk if their failure or malfunction puts individuals health, safety or fundamental rights at risk. Additional wording states the high risk categorization only applies to systems with an intended purpose.
François Pellegrini, the rapporteur for France’s data protection authority, the Commission nationale de l'informatique et des libertés, recommended a 6 million euro fine for Apple's alleged breach of privacy rules, Reuters reports. Lobby group France Digitale originally lodged the complaint against Apple.Full Story
In this week’s Global News Roundup, the Court of Justice of the European Union denied Meta’s challenge of an Irish Data Protection Commission fine. The European Commission is anticipated to release its adequacy decision on EU-U.S. in short order. And Japan and the U.K. reached an agreement on a new digital partnership. (IAPP member exclusive.)Full Story
International leaders in cybersecurity and privacy are calling for the EU, U.K. and U.S. to better sync their data breach reporting requirements, The Wall Street Journal reports. Multinational companies claim reporting requirements that vary by jurisdiction can create compliance issues. U.S. National Cyber Director Chris Inglis said reporting requirements should be synchronized within U.S. government agencies. U.S.
The European Data Protection Board released the agenda for its Dec. 13 and 14 plenary session. The board will discuss the European Union General Court’s decisions regarding the EDPB’s binding decisions against Meta Platforms’ WhatsApp and Instagram.