Privacy notices – the ICO follows the lead of the EU data protection authorities in their interpretation of Article 13 UK GDPR

Photo of Marcus Evans (UK)Photo of Lara White (UK)By Marcus Evans (UK) and Lara White (UK) on Posted in General
Introduction On 15 May, the ICO published the monetary penalty notice (MPN) in relation to the £12.7 million fine it imposed on TikTok in April. This MPN and its accompanying annexes set out details of TikTok’s non-compliance with data protection law and the reasons why the ICO considered that a fine was appropriate. Whilst a … Continue reading

Schrems II – Irish DPC finally issues its decision – suspension order, deletion/ repatriation of data and fine

Photo of Lara White (UK)Photo of Marcus Evans (UK)Photo of Christoph Ritzer (DE)Photo of Jurriaan JansenPhoto of Nadège Martin (FR)By Lara White (UK), Marcus Evans (UK), Christoph Ritzer (DE), Jurriaan Jansen and Nadège Martin (FR) on Posted in General
Introduction: On 22 May, the Irish Data Protection Commissioner (the DPC) published its decision against Meta Platform Ireland Ltd (Meta Ireland) in relation to Facebook’s transfer of user’s personal data to the US (the Decision). In it, the DPC ordered Meta Ireland to suspend Facebook’s future transfers of personal data to the U.S. within five … Continue reading

NIST Proposes Revised Security Guidelines For Federal Contractors

Photo of Dan Pepper (US)By Dan Pepper (US) on Posted in General
In response to the constantly evolving landscape of cybersecurity threats, the National Institute of Standards and Technology (NIST) has recently updated their guidelines for Special Publication NIST 800-171, making its guidance more prescriptive, and potentially making it harder for contractors to comply. NIST 800-171 is a set of guidelines created to help federal agencies and … Continue reading

The AI Act – A step closer to the first law on Artificial Intelligence

Photo of Lara White (UK)Photo of Marcus Evans (UK)By Lara White (UK) and Marcus Evans (UK) on Posted in General
On 11 May 2023, members of the European Parliament passed their compromise text of the AI Act (the AI Act) at the committee stage, taking this law a step closer to being finalised. The compromise text (the Parliament Draft), which amends the Commission’s original proposal, includes quite a large number of amendments, some of which … Continue reading

Everyone is using ChatGPT what does my organisation need to watch out for

Photo of Marcus Evans (UK)Photo of Lara White (UK)Photo of Steve Roosa (US)By Marcus Evans (UK), Lara White (UK) and Steve Roosa (US) on Posted in Cybersecurity, Fintech
In December 2022, OpenAI released ChatGPT, a powerful AI-powered chatbot that could handle users’ questions and requests for information or content in a convincing and confident manner. The number of users signing up to use the tool increased very rapidly, with users using the tool to write letters, edit text, generate lists, prepare presentations and … Continue reading

Biden restricts U.S. government use of commercial spyware

Photo of Steve Roosa (US)Photo of Susan Ross (US)Photo of Daniel Rosenzweig (US)Photo of Gerar Mazarakis (US)By Steve Roosa (US), Susan Ross (US), Daniel Rosenzweig (US) and Gerar Mazarakis (US) on Posted in General
Governments state that they use commercial spyware exclusively for criminal investigations, but critics claim such spyware has purportedly been used for human rights abuses targeting journalists, human rights defenders, lawyers, and political dissidents.  Moreover, the U.S. Government and its employees have been allegedly targeted by such spyware.  To set an example for governments globally—both authoritarian … Continue reading

Italian Garante bans Chat GPT from processing personal data of Italian data subjects

Photo of Pietro Altomani (IT)By Pietro Altomani (IT) on Posted in General
IntroductionBy way of an interim measure adopted on 30 March 2023, the Italian Data Protection Authority (Garante per la protezione dei dati personali) (the Garante) ordered  the US company Open AI LLC to temporarily stop ChatGPT’s processing of personal data relating to individuals located in Italy, pending the outcome of the Garante’s investigation into the … Continue reading

Building Cyber Resiliency In the Energy Sector

Photo of Imran Ahmad (CA)Photo of John Cassell (CA)By Imran Ahmad (CA) and John Cassell (CA) on Posted in Cybersecurity, Data Protection
For the energy sector, cybersecurity has been a top-of-mind issue for some time. This is particularly true given some of the high-profile cyber-attacks seen in recent years that have grabbed not only media headlines but also resulted in operational disruption, financial losses and legal exposure. The challenge with cybersecurity is attacker tactics are constantly evolving … Continue reading

Validating State Privacy Law Opt-Out Signals

Photo of Steve Roosa (US)Photo of Daniel Rosenzweig (US)By Steve Roosa (US) and Daniel Rosenzweig (US) on Posted in CCPA, Data Protection, Privacy law
State privacy laws, such as the California Consumer Privacy Act (CCPA), require companies to implement opt-out solutions and honor applicable privacy requests. But if you have implemented an opt-out, how do you know it actually works? Read the full NT Analyzer blog, “Validating State Privacy Law Opt-Out Signals.”… Continue reading

UK AI White Paper

Photo of Marcus Evans (UK)Photo of Lara White (UK)By Marcus Evans (UK) and Lara White (UK) on Posted in Data Protection, General
At last, UK Government publishes its White Paper on AI – “A pro-innovation approach to AI regulation” – an opportune start, but as expected, a framework with detail to follow… The Department for Science, Innovation and Technology, has finally published its AI regulation white paper (the ‘White Paper’). Here are the key elements: What AI … Continue reading
LexBlog