Government Position Paper: Transparency obligation for Dutch government in use of algorithms The College sees the transparency requirement for algorithms as an elaboration of the motivation principle. It also explains what transparent means in practice. The information given about algorithms must be both comprehensible and complete. A reference to information from the algorithm register is part of this. The legislator is called
Literature Causal foundations of bias, disparity and fairness The study of biases, such as gender or racial biases, is an important topic in the social and behavioural sciences. However, the literature does not always clearly define the concept. Definitions of bias are often ambiguous or not provided at all. To study biases in a precise manner, it is
Media Google changes privacy policy to include scraping data for AI Google changed its privacy policy: "we may collect information that’s publicly available online or from other public sources to help train Google’s AI models and build products and features, like Translate, Bard and Cloud AI capabilities". https://mastodon.social/@LukaszOlejnik/110642930748110311
Media Ireland: Questionable GDPR procedures now "confidential" Ireland: Questionable GDPR procedures now "confidential" Yesterday, the Irish DPC managed a narrow win in Parliament and got a new law passed that shall make criticism of DPC procedures impossible. https://noyb.eu/en/ireland-questionable-gdpr-procedures-now-confidential
Guidance Guarding health data privacy in Europe: The limits and challenges of current regulations The GDPR demonstrates the capacity of the European Union to prioritise data protection and privacy. The collection and use of health data by private corporations makes privacy protections critically important. Taken together, the provided policy recommendations here create comprehensive steps forward. https://edri.org/our-work/guarding-health-data-privacy-in-europe-the-limits-and-challenges-of-current-regulations/
Guidance EU: International data transfer rules for non-personal data Global flows of personal data have been a source of geopolitical concern for many years now. The Court of Justice of the European Union’s “Schrems II” judgement has revived the debate and organisations around the world now have to map personal data flows and conduct transfer impact assessments, while
Media NOYB files complaint over alleged cellphone data misuse Privacy rights group NOYB submitted a complaint to Belgium's data protection authority, the ADP, against U.S.-based companies over alleged privacy violations concerning cellphone data use. The complaint alleges telecommunications provider BISC and fraud prevention firm TeleSign improperly collected and shared data between them on Europeans' cellphone activity.Full
Government New DPIA and DTIA on AWS for Dutch central government: all high risks solved The outcome of this Data Protection Impact Assessment (DPIA) is that there are no longer any known high risks if Dutch government organizations follow the recommended mitigation measures in this DPIA. As a result of the negotiations between SLM Rijk and AWS, AWS has taken organizational and contractual measures to
Government DPIA of Dutch government's use of Facebook pages Data Protection Impact Assessment of the processing of personal data on Government Facebook pages The Human Rights Impact Assessment for Facebook pages has also been published: https://zoek.officielebekendmakingen.nl/blg-1096157.pdf https://zoek.officielebekendmakingen.nl/blg-1096154.pdf
Supervisory Authorities Italy's DPA issues combined 415K euro fines over abortion-related privacy violations Italy's data protection authority, the Garante, fined Rome's city council and third-party property management firm Ama a combined 415,000 euros over privacy violations related to sensitive data breaches of individuals who have undergone abortions. The Garante found the city council was allowing the Ama to disclose the names of
Guidance Reed Smith LLP - Data protection and privacy in AI Key takeaways Privacy laws around the world contain core principles and requirements (such as data minimization) that present new challenges for those using and developing AI At the same time, variations in approach and detail, specifically as regards consent and the use of publicly available data, mean that it is
Media TeleSign secretly profiles half of the world’s mobile phone users TeleSign secretly profiles half of the world’s mobile phone users TeleSign generates a “reputation score” and sells it to various clients. TeleSign secretly received the mobile phone data from BICS, a Belgian company that provides interconnection services. https://noyb.eu/en/telesign-profiles-half-worlds-phone-users
Guidance FPF Releases Report on Verifiable Parental Consent Today, FPF released a new report on the effectiveness of a key federal children’s privacy requirement known as verifiable parental consent (VPC). The Children’s Online Privacy and Protection Act (COPPA) requires operators of child-directed services to provide parents with detailed, direct notice and obtain parents’ affirmative express consent
Case law EU Court of Justice: Personal data must be interpreted broadly Court of Justice EU June 22, 2023, IT 4301, ECLI:EU:C:2023:501 (J.M.v. Pankki) In this case, for the benefit of J.M., who worked for a while at the bank Pankki S and was also a customer there himself, some questions are put to the
Supervisory Authorities Personalised advertising: CRITEO fined EUR 40 million Background information CRITEO specialises in “behavioral retargeting”, which consists of tracking the navigation of Internet users in order to display personalised advertisements. To this end, the company collects the browsing data of Internet users thanks to the CRITEO tracker (cookie) which is placed on their terminals when they visit certain
Media Ethnically diverse students screened for fraud remarkably often by Financial Aid Office The hunt for alleged fraudsters by student finance provider Duo affects almost only students with a migration background. Duo is unaware of any wrongdoing and plans to quadruple the number of checks in September. By Anouk Kootstra, Bas Belleman and Belia Heilbron for De Groene Amsterdammer on June 21, 2023
Supervisory Authorities EDPB adopts template complaint form and a final version of Recommendations on the application for approval and on the elements and principles to be found in Controller BCRs Brussels, 21 June - During its latest plenary, the EDPB has adopted a template complaint form to facilitate the submission of complaints by individuals and the subsequent handling of complaints by Data Protection Authorities (DPAs) in cross-border cases. EDPB Chair, Anu Talus said: “The template is one of the commitments
Literature Research WODC Deepfakes: are our legal frameworks adequate? It will not have escaped anyone's notice that the application of AI has advanced by leaps and bounds. Among other things, advances in technology mean that today it is possible to use so-called "deepfakes. These are imitations of people that, through advanced technology, are barely distinguishable from the real thing.
Media Advocacy groups voice redress concerns in proposed GDPR enforcement harmonization Twenty-four nongovernment organizations wrote the European Commission urging consideration of maintaining appropriate consumer redress as the commission works on legislation to harmonize EU General Data Protection Regulation enforcement, Euractiv reports. The European Commission is expected to publish a proposal in July that would help expedite administrative procedures for GDPR enforcement.
Media Belgian, Netherlands' transport agencies claim debt collectors illegally obtained citizen data Belgium's Federal Public Service Mobility and Transport and the Netherlands' vehicle authority allege Transport for London's debt collection agency unlawfully obtained citizens' information to issue fines, the Guardian reports. The Dutch authority said European Parking Collection requested individuals' names and addresses through an Italian government agency that was not authorized
Media The EU should uphold its values at its borders: a few words on World Refugee Day Read EDPS Wojciech Wiewiórowski's blogpost to mark World Refugee Day as we pay respect to the courage of refugees that have to flee their countries to escape war, persecutions and other disasters.Welcome back to our podcast, the Newsletter Digest. In episode 5, learn more about XAI, processing data to
Media Under the hood of a fraud detection system: what's not 'normal' is suspicious What's the news? The government was using the fraud detection tool SyRI until 2020, the exact operation of which no one knew. It was unclear how it selected 'suspicious' addresses. Now it turns out that it leaned on a comprehensive range of 'risk indicators' that meant that even an old
Case law ING collection fraud justifies registration Amsterdam District Court May 25, 2023, IT 4295; ECLI:NL:RBAMS:2023:3210 (Applicant/ING) This case involved a large-scale collection fraud in which the applicant was involved. On an online platform of Universe.com, people could register events and buy tickets to these events. The payment transactions were arranged
Supervisory Authorities Latest enforcement actions undertaken by EU DPAs The U.K. Information Commissioner's Office fined two energy companies a combined GBP250,000 for making illegal marketing phone calls to citizens and entities on the country's 'do not call' register. Maxen Power Supply and Crown Glazing were fined GBP120,000 and GBP130,000, respectively. France's data protection authority, Commission
Supervisory Authorities ICO weighs in on generative AI's privacy implications The U.K. Information Commissioner's Office called on businesses leveraging generative artificial intelligence tools "to address the privacy risks" while announcing "tougher checks on whether organisations are compliant with data protection laws." ICO Executive Director of Regulatory Risk Stephen Almond said at Politico's Global Tech Day that companies must consider
