Andreea Lisievici, Author at The PrivacyCraft Blog

IAPP AI Governance in Practice Report 2024

AI, IAPP | June 19, 2024

The “AI Governance in Practice Report 2024” addresses the critical need for robust AI governance amidst rapid advancements in machine learning technology. These breakthroughs have significantly disrupted various sectors, emphasizing the responsibility of leaders to manage AI risks. The report outlines the essential principles, laws, policies, processes, and standards required for AI governance. It highlights transparency, bias mitigation, privacy, and security as key areas of focus. The report provides actionable insights to help organizations implement effective AI governance strategies and ensure the safe, responsible deployment of AI technologies.

IAPP AI Governance in Practice Report 2024 Read More »

Cyber Security Agency of Singapore Publishes IoT Device Security Advisory

cybersecurity, IoT, Singapore | June 19, 2024

The Cyber Security Agency of Singapore (CSA) issued an advisory on securing Internet of Things (IoT) devices. With IoT devices revolutionizing daily life and business, they also attract cyber threats. Common vulnerabilities include weak passwords, insecure network services, and outdated software. The advisory provides measures to protect these devices, such as using strong passphrases, enabling automatic updates, buying from reputable manufacturers, and implementing physical access controls. CSA also advises on steps to take if IoT devices are compromised.

Cyber Security Agency of Singapore Publishes IoT Device Security Advisory Read More »

Hong Kong’s New AI Data Protection Framework Released

AI, Hong Kong | June 19, 2024

The Office of the Privacy Commissioner for Personal Data (PCPD) in Hong Kong published the “Model Personal Data Protection Framework” for AI on 11 June 2024. This framework provides detailed recommendations for enterprises on procuring, implementing, and managing AI systems while ensuring data privacy. It emphasizes a risk-based approach, human oversight, and compliance with the Personal Data (Privacy) Ordinance (PDPO). The framework aims to promote ethical AI use, aligning with global standards and Hong Kong’s digital economy goals.

Hong Kong’s New AI Data Protection Framework Released Read More »

CNIL launches new public consultation on practical guidelines for developing AI systems

AI, CNIL, DPA guidance, EU law, GDPR | June 19, 2024

The CNIL launched a second public consultation on developing AI systems, releasing new practical guides and a questionnaire to help professionals balance innovation with privacy rights. These “AI how to sheets”, available for consultation until 1 September 2024, cover key issues like web scraping, open-source models, and data subjects’ rights. This follows initial recommendations published in April 2024, aiming to clarify GDPR application to AI.

CNIL launches new public consultation on practical guidelines for developing AI systems Read More »

CNIL’s Recommendations on GDPR Compliance for AI Systems

AI, CNIL, DPA guidance, EU law, GDPR | June 19, 2024

On 7 June 2024 CNIL released the English translation of its recommendations for applying GDPR to AI system development (published in April), addressing the misconception that GDPR hinders AI innovation. These guidelines – “AI how-to Sheets” 1 to 7 – emphasize responsible handling of personal data, essential for model training. Key aspects include defining a clear objective for AI systems, determining responsibilities, establishing a legal basis for data processing, ensuring lawful data reuse, minimizing data usage, setting data retention periods, and conducting Data Protection Impact Assessments (DPIAs).

CNIL’s Recommendations on GDPR Compliance for AI Systems Read More »