The AI & Privacy Explorer #31 (29 July – 4 August)

🤖 The EU AI Act entered into force

The European Commission issued a press release on 1 August celebrating that the AI Act, the world’s first comprehensive AI regulation, is now in force. It highlights that the AI Act ensures AI systems in the EU are trustworthy by introducing a risk-based approach and categorizes AI systems into four risk levels: minimal, specific transparency, high, and unacceptable. High-risk systems face strict requirements, while unacceptable-risk systems are banned.

Read Commission’s press release here.

⚔️ Meta is sued in Argentina for using data from WhatsApp to train its AI

Two data protection lawyers filed a complaint against Meta, accusing the company of misusing personal data from WhatsApp and other platforms to train AI systems without user consent. The complaint was filed with the Argetine data protection authority and calls for detailed explanations on Meta’s data practices, privacy policy updates, and compliance with local laws. The case underscores Argentina’s outdated data protection laws and reflects growing global scrutiny of AI practices, similar to recent actions taken in Brazil and Europe.

Read more here.

🎵AI Music Generator Suno Admits It Trained it’s AI on ‘Essentially All Music Files on the Internet’

Suno, the AI music generator company, revealed in court that its tool was trained on “essentially all music files of reasonable quality” available online, totaling tens of millions of recordings. This admission came amid a major lawsuit filed by top record labels, accusing Suno and Udio, another AI music generator, of using copyrighted material without permission. Suno argues that its AI’s use of these recordings falls under Fair Use, a claim that could set an important legal precedent for the future of AI-generated content.

Read more here.

🕵️ Argentina’s AI Crime Prediction Plan Raises Human Rights Concerns

Argentina’s government, led by President Javier Milei, has created the Artificial Intelligence Applied to Security Unit to predict future crimes using AI. The unit will analyze historical crime data, employ facial recognition, and monitor social media to anticipate criminal activity. Human rights organizations, including Amnesty International, have raised concerns about potential violations of privacy and freedom of expression. Critics warn that certain societal groups may face disproportionate scrutiny, echoing fears of state repression reminiscent of Argentina’s dictatorial past.

Read more here.

🌐 New York AG Launches Website Privacy Guides

The New York State Attorney General’s Office released a guide on website privacy controls to help businesses ensure their tracking practices comply with New York law. The guide addresses common mistakes businesses make with privacy disclosures and controls, such as uncategorized tags, misconfigured tools, and misleading interfaces. It emphasizes the importance of accurate and truthful privacy representations and provides recommendations for effective privacy disclosures and user-friendly controls. The guide aims to prevent deceptive practices and enhance consumer privacy protection.

Read more here.

⚖️ FTC Sues TikTok for Violating US Children’s Privacy Law (COPPA)

The FTC has filed a lawsuit against TikTok and its parent company ByteDance for violating the US Children’s Online Privacy Protection Act (COPPA). The lawsuit claims TikTok knowingly collected data from millions of children under 13 without parental consent, in breach of a 2019 FTC order. Despite internal concerns, TikTok allegedly continued collecting and sharing children’s data, failed to delete accounts upon parental request, and allowed children to bypass age verification. The suit seeks civil penalties and a permanent injunction to prevent further violations.

Read more here.

📊 Noyb Publishes 2023 Annual Report

In 2023, NOYB continued its pivotal role in enforcing data protection rights across Europe, filing over 40 new complaints, including significant actions against Meta’s controversial “Pay or Okay” system and unlawful credit scoring practices. Key victories included substantial fines against Meta (€1.5 billion) and Spotify (€5 million).

Read more here.

📝 noyb Sues Hamburg DPA over “Pay or OK” in Der Spiegel

noyb has filed a lawsuit against the Hamburg Data Protection Authority (DPA) after it approved the controversial ‘Pay or OK’ system used by DER SPIEGEL, which forces users to choose between consenting to data tracking or paying for a subscription. The Hamburg DPA’s decision, which took nearly three years, has been criticized for lack of impartiality, as the complainant was not consulted and critical facts were ignored.

Read more here.