We bring you a round up of articles and updates in the data sphere
27 Apr.
Health and Safety Executive breached data protection laws over 500 times in 2022
—
In 2022, it was found that the Health and Service Executive (HSE) experienced 524 data protection breaches. 200 of these breaches occurred due to bad data protection practices when giving out digital covid certificates. Independent Ireland goes on to detail the alarming breaches from leaving patient files in a public car park to patient personal data found in social media pictures. HSE has announced that all breaches that occurred were dealt with in the appropriate manner and that they are aiming to increase staff knowledge about data protection.
26 Apr.
ChatGPT can now forget conversations
—
In response to widespread criticism surrounding ChatGPT and its lack of privacy measures, Open AI have released a new feature on the chatbot. Users will be able to turn off chat history meaning that these conversations will not be used to train the AI. The data will be stored for 30 days for reviewing purposes and then deleted. OpenAI also announced that they plan to release a business version of ChatGPT which will protect data by default and not be used to train the AI. These developments come after extensive criticism that data protection and privacy were an afterthought if a thought at all.
25 Apr.
Online safety developer uses AI to accurately estimate age
—
Privately is an online safety developer that uses age assurance technology to accurately estimate the age of users on online platforms. PrivacyCheq has partnered with Privately to solve the issue of verifying the ages of minors without violating their privacy, in order to comply with the Children’s Online Privacy Protection Act (COPPA). Research has shown that over half of children’s apps on the app store are not COPPA compliant. Age-Assure AI will be integrated into ConsentCheq, which is used to make sure that mobile games and online platforms are COPPA-compliant.
24 Apr.
New Senate Bill announced to set age restrictions on social media
—
Widespread concerns about the effect of social media on children’s mental health has culminated in many efforts made to ban social media access for minors. The new bipartisan bill would require 13 to 17-year-olds to obtain consent to use social media platforms, and minors under 13 would be banned. Utah and Arkansas have already implemented laws that require minors under 18 to obtain parental consent, with Utah instructing platforms to impose a digital curfew. Like many other companies, states, and countries, the problem of age verification has presented a confusing challenge.
21 Apr.
Privacy concerns expressed regarding remote work in Ireland
—
Calls have been made by legal and employment experts for employers to update their privacy policies as more employees work from home. Employers have been reminded that they should minimize data protection risks, despite the home environment, they are still fully liable if there is a data breach. Employers have been encouraged to use remote working hubs to minimise the risk of a data breach, ensure high levels of security and keep up with good data protection practices such as the use of headphones in online meetings.
20 Apr.
Surrey and Sussex Police reprimanded for recording conversations
—
The UK’s Information Commissioner’s Office has formally reprimanded both Surrey and Sussex police forces. In 2020, the UK data watchdog found that over 1000 officers had an app installed on their work phones that unlawfully recorded all phone calls. More than 200,000 conversations, that possibly contained personal data were saved on the app. In addition, subjects to these phone calls did not know that they were being recorded. The app has since been deleted from all police phones and recordings have been discarded.
19 Apr.
Italy may reverse ban on ChatGPT if Open AI addresses privacy concerns
—
Following the temporary ban of ChatGPT in Italy after many privacy concerns and alleged violations, the chief of the Italian data protection authority, Pasquale Stanzonie, has announced that the platform could possibly be reinstated if, Open AI takes steps to address the privacy concerns prior stated. Italy has made a list of demands that must be met by OpenAI by April 30th in order for the platform to be reinstated. Further discussions have followed amongst EU Lawmakers regarding how to regulate AI properly and effectively in the midst of its massive growth.
18 Apr.
EU Commission establishes European Centre for Algorithmic Transparency
—
The Digital Services Act requires that companies that are considered to be a Very Large Online Platform or Search Engine, by the Commission, carry out risk assessments on their platform. The European Centre for Algorithmic Transparency (ECAT) will work alongside the Commission by making sure that these companies are completing risk assessments and taking the necessary steps to reduce the impact of the risks such as widespread disinformation. The ECAT will ‘evaluate algorithms’ with their scientific expertise, and suggest improvements to better manage risk factors.
17 Apr.
Bill to ban TikTok has been passed in Montana
—
The Bill to ban TikTok has been passed in Montana and is now awaiting the signature of the State Governor for the law to come into effect. If the bill is signed, app stores would no longer be able to offer TikTok however, users with the app already installed would still be able to use it. This ban follows concerns that the app is subject to Chinese government surveillance and accusations that popular ‘trends’ on the app cause harm to minors and teenagers by encouraging dangerous activities. TikTok plans to fight back and has stated that the State has ‘no clear evidence of unlawfulness’ to ban the app.
14 Apr.
Jersey government found to breach data protection laws
—
The Jersey Office of the Information Commissioner has publicly reprimanded the Jersey government due to several data breaches. In the most recent breach, the JOIC found that the government failed to promptly respond to a subject access request in addition to inaccurately redacting information and not providing all the information requested. The data protection authority also found that staff was not trained to handle such requests and that the government did not have the required systems in place. The Jersey government has since apologized and is working with the JOIC to fix these shortcomings.
06 Apr.
The ICO fines TikTok £12 million for processing children’s data
—
In a study conducted by the UK’s Information Commissioner’s Office, it was found that over 1 million minors under the age of 13 were using TikTok between May 2018 – July 2020. Despite the app’s ban on minors, the ICO discovered that there were no strong age verification systems in place or appropriate efforts made to remove minors from TikTok. It was also revealed that the personal data of children was used without parental consent. This has been described as a serious failure with severe impacts, resulting in children being exposed to age-inappropriate content. The ICO has fined TikTok £12.7m.
05 Apr.
Italy bans ChatGPT due to privacy concerns
—
ChatGPT has been temporarily blocked in Italy after the platform experienced a data breach, exposing user conversations and payment information. Ongoing privacy concerns regarding the lack of a legal basis to collect and store data and the lack of age-verification measures in place has led the Italian data watchdog, Garante to impose this temporary ban. The Italian data authority seeks to liaise with Open AI and address their issues and concerns however, they are not looking to completely ban the platform. OpenAI has stated that they are actively looking to limit the use of personal data in training generative AI systems.
04 Apr.
ICO provides data protection guidance to generative AI developers
—
With the recent demands from academics and experts alike to ban ChatGPT due to privacy concerns and lack of regulation, the ICO has released guidance on how data protection must be incorporated when developing generative AI. The ICO present 8 questions that developers and designers should consider when making these systems, centering around the 7 GDPR principles. The AI and Data protection guidance has been updated to help companies comply with data protection laws and gain public trust.
03 Apr.
Winners of the Privacy-enhancing Technology competition announced
—
UPDATE: The winners of the privacy-enhancing technology competition were announced at the Summit for Democracy. The participants in the competition consisted of experts from international tech companies and academic institutions. Teams from the U.S. and the UK were challenged to make privacy-enhancing technologies (PET) to combat financial crime and protect democratic values. The U.S. and the UK are committed to continuing their joint efforts to create and develop PET solutions.
31 Mar.
The Federal Trade Commission prepares case against Amazon
—
The Federal Trade Commission is expected to make a complaint to the Justice Department against Amazon. Details of the case are not public, however, Antitrust and the Consumer Protection Agency has investigated Amazon previously for potential violations to the Children’s Online Privacy Act (COPPA). In response to these previous investigations, Amazon has stated that it complies with COPPA, and that parental control allows for child protection on Amazon devices.
