France's data protection authority, the Commission nationale de l'informatique et des libertés, indicated the European certification scheme for cloud services currently lacks proper requirements to protect sensitive data from authorities in third countries. The agency recommends using a service provider subject to European law to prevent possible risks with disclosures and unauthorized access.Full story
The Netherlands' data protection authority, Autoriteit Persoonsgegevens, issued a public call for vigilance among everyday citizens and elected officials related to the deployment of artificial intelligence. The AP's latest AI and Algorithmic Risks Report analyzed how generative AI can spread misinformation and how municipal governments have little control over the use of their own AI systems. It also recommended the establishment of a national AI strategy.
A three-judge panel for the U.S. Court of Appeals for the Ninth Circuit is considering overruling a prior decision from a federal court preventing the implementation of the California Age-Appropriate Design Code, Bloomberg reports.
A TechCrunch review found the U.S. Postal Service was using a tracking pixel to collect postal address information about users and sharing it with Meta, LinkedIn and Snap. The USPS said it did not know about the practice and has stopped upon being notified.Full story
IAPP Managing Director, Europe, Isabelle Roccia, CIPP/E, breaks down the new EU leadership following the European elections and takes a look back at the previous term.
The European Parliament wrapped-up the ninth parliamentary term in June 2024. In these five years, many new laws in the digital field were proposed, negotiated and adopted. This IAPP chart provides a partial overview of Parliament's legislative outputs during the last term and a glance at where files stand as the next term kicks off.Full story
The EU Artificial Intelligence Act will be important and consequential to the governance of AI in the EU and worldwide. Covered entities must begin to understand the potential impacts of the act as provisions are phased in and implemented over the coming months.
The European Data Protection Board adopted a statement indicating EU data protection authorities are best positioned to handle national-level enforcement of the Artificial Intelligence Act.
South Korea's Personal Information Protection Commission published guidance to clarify the use of publicly available data to help train artificial intelligence models. The guide clarifies legal standards for data collection and use toward AI training and outlines minimum standards for appropriate safety measures that could be applied depending on the type of business or AI deployment.
Ireland's Data Protection Commission published guidance on the relationship between large language models and data protection obligations. The DPC said LLM developers may have a tendency to use vast amounts of personal data during training phases without the data subject's knowledge or agreement and that inaccurate training data may create biases when training a model.