European Commission crafting facial-recognition regulations

(Aug 22, 2019) The Financial Times reports the European Commission is exploring potential regulations focused on giving EU citizens rights regarding facial-recognition data. A commission official said "the indiscriminate use of facial recognition technology" by companies or in public would be curbed with any regulations, and people would know when any data is being used. The decision to draw up regulations comes after the U.K. Information Commissioner's Office opened an investigation into the use of facial-rec... Read More

ICO discusses data minimization, privacy-preserving tactics for AI

(Aug 22, 2019) The U.K. Information Commissioner's Office has published a blog post to better inform the public on data minimization and privacy-preserving techniques related to artificial intelligence systems. The post from AI Research Fellow Reuben Binns and Technology Policy Adviser Valeria Gallo is part of the ICO's call for feedback on its AI Auditing Framework. In the piece, Binns and Gallo break down what organizations may face when adopting AI systems, as well as provide the techniques to meet data min... Read More

Irish DPC finds SEC acted properly following data breach

(Aug 22, 2019) The Irish Data Protection Commission determined the State Examinations Commission acted properly following a data breach last August, reports. The SEC’s fees department accidentally sent an email to several individuals regarding applications for a medical card exemption from exam fees. No personal or financial information was exposed in the incident; however, the SEC formally notified the DPC within 72 hours. The SEC told the agency it would contact all the individuals affected by ... Read More

Swedish DPA issues first GDPR fine

(Aug 21, 2019) The Swedish data protection authority, Datainspektionen, announced that it has issued its first fine for violations of the EU General Data Protection Regulation. A school in Skelleftea has been fined SEK 200,000 for mishandling personal information of students in a facial-recognition pilot program that tracks student attendance. The authority said the school did not obtain proper consent for its data collection and that the software was not a necessary tool for documenting attendance.Full Story... Read More

Ga. Supreme Court hears case on data breach damages

(Aug 21, 2019) The Atlanta Journal-Constitution reports the Georgia Supreme Court has heard arguments in a case to determine whether those affected by data breaches are entitled to damages despite a lack of immediate harm. Three patients from a 2016 breach at Athens Orthopedic Clinic claim the clinic was responsible for the breach and are seeking a court decision on whether future harm or threat from the breach justifies compensation, which is a statute not included in Georgia law. A Court of Appeals ruled 2-1... Read More

Supreme Court warns Indian government on connecting Aadhaar with social media

(Aug 21, 2019) India's Supreme Court has heard from social media platforms on the possibility of the government linking the country's Aadhaar identification system to social media accounts, The Economic Times reports. After hearing pleas from Facebook and WhatsApp, Justice Deepak Gupta said such a connection would infringe on citizens' privacy, adding that the court will eventually have to balance fundamental rights to privacy and security. Talk of the grouping of Aadhaar and social media accounts together beg... Read More

US state sen. plans to reintroduce biometric privacy law to Fla. lawmakers

(Aug 20, 2019) The Florida Record reports U.S. State Sen. Gary Farmer, D-Fla., has plans to propose a previously rejected biometric privacy bill when the state legislature reconvenes. "[Sen.] Farmer does plan on filing it again. He sees it as an issue that we not only expect to face in the future, but in many respects are facing now," said Jay Shannon, a legislative assistant in Farmer's office. Farmer's bill is said to draw parallels to the Illinois Biometric Information Privacy Act. Congressional critics say... Read More

ICO updates guidance timeframe for DSAR responses

(Aug 19, 2019) The U.K. Information Commissioner's Office has announced an update to its guidance on timescales for responses to data subject access requests. The timescale has been modified to include the day the request is received as "day one" of the scale rather than having the scale begin the day after the request comes in. The changes to the ICO's guidelines come in response to a recent ruling by the Court of Justice of the European Union.Full Story... Read More

Robocall surge traced back to small telecoms

(Aug 19, 2019) The Wall Street Journal reports telecommunication industry officials have discovered that small carriers are largely behind the mass amount of robocalls circulating around the U.S. Large telecoms have traced the robocalls back to their source, revealing the role of small carriers. Regulators are having difficulty penalizing the large telecoms for not limiting the small carriers' work for various reasons, including no required checks on whether a robocall is legal or illegal. "There are definitel... Read More

Dixon talks enforcement timeline as Irish DPC nears end of first GDPR probe

(Aug 16, 2019) Reuters reports the Irish Data Protection Commission has almost concluded its first investigation into a multinational organization under the EU General Data Protection Regulation. Irish Data Protection Commissioner Helen Dixon said in an interview with The Irish Independent the office’s first major GDPR ruling will likely involve its probe into WhatsApp; however, a formal decision is still a ways off. “I’d like to say that we could do it in 48 hours, but it has to be in the order of months, to ... Read More