Andreea Lisievici, Author at The PrivacyCraft Blog

EDPB publishes Checklist for AI auditing

AI, DPA guidance, EDPB, EU law, GDPR | July 7, 2024

The EDPB, in collaboration with the Spanish data protection authority (AEPD), initiated a project to enhance the GDPR compliance of AI systems. This project includes the development and piloting of tools and a checklist to inspect and audit AI systems. Key elements involve model card requirements, system maps, bias identification and testing, adversarial audits, and the publication of audit reports. These measures aim to improve transparency and accountability in AI systems, facilitating better oversight by data protection authorities.

EDPB publishes Checklist for AI auditing Read More »

EDPB publishes Standardised Messenger Audit

audit, DPA guidance, EDPB, EU law, GDPR, messaging apps | July 7, 2024

The EDPB initiated the Standardised Messenger Audit project within the Support Pool of Experts program, prompted by the German Federal Data Protection Authority (DPA). Completed in November 2023 by Prof. Mathieu Cunche, the project developed a detailed test catalogue for GDPR-compliant messenger services. This catalogue, structured around GDPR requirements, assists data protection authorities and companies in evaluating and enhancing data privacy measures in messaging applications used for both personal and business communication.

EDPB publishes Standardised Messenger Audit Read More »

California AG Bonta Reminds Companies of Health Information Obligations

California, Health data, United States | July 7, 2024

California Attorney General Rob Bonta has issued reminders to major pharmacy chains and health data companies about their legal obligations under the new AB 352 law, which enhances the state’s Confidentiality of Medical Information Act (CMIA). This law, effective from 1 July 2024, prevents the disclosure of reproductive health and gender-affirming care information to out-of-state entities without patient consent. The companies are required to implement robust security measures to protect sensitive health data and avoid sharing it with law enforcement without a warrant, emphasizing the state’s commitment to safeguarding patient privacy following the repeal of Roe v. Wade.

California AG Bonta Reminds Companies of Health Information Obligations Read More »

OECD Explores AI, Data Governance, and Privacy Synergies

AI, OECD | July 7, 2024

The OECD’s report “AI, Data Governance, and Privacy: Synergies and Areas of International Co-operation,” published on 25 June 2024, examines the critical intersection of AI and privacy. Emphasizing collaboration between AI and privacy policy communities, it addresses the challenges posed by generative AI. The report covers key developments in Privacy Enhancing Technologies (PETs) and explores the complexities of applying traditional legal frameworks like “legitimate interests” to AI practices. It calls for harmonizing OECD Privacy Guidelines with AI Principles to enhance regulatory compliance and foster international cooperation.

OECD Explores AI, Data Governance, and Privacy Synergies Read More »

Arkansas AG Sues Temu for Data Theft and Privacy Violations

apps, cybersecurity, Enforcement, United States | July 7, 2024

Arkansas Attorney General Tim Griffin sued Chinese e-commerce company Temu for violating the Arkansas Deceptive Trade Practices Act and the Arkansas Personal Information Protection Act. Griffin described Temu as a data-theft business disguised as an online marketplace, alleging it illegally accessed users’ personal information and monetized the data without authorization. The lawsuit targets Temu’s parent companies, PDD Holdings Inc. and WhaleCo Inc., seeking to halt their deceptive practices, impose civil penalties, and provide monetary and equitable relief to affected Arkansas residents.

Arkansas AG Sues Temu for Data Theft and Privacy Violations Read More »