­

Regulations & Guidelines

­

Israel's privacy law overhaul

On August 8, 2024, the Israeli Parliament passed the Privacy Protection Bill (Amendment No. 13), updating the Protection of Privacy Law (PPL) to address digital age challenges, enhance privacy protection, and combat cyber threats. Key changes include increased authority for the Privacy Protection Authority (PPA), mandatory appointment of privacy protection officers in certain organizations, reduced database registration requirements for the private sector, and stricter prohibitions on processing illegally collected personal information.

­ Click to read more­

European Commission opposes amending GDPR, focusing on enforcement instead

The European Commission does not plan to reopen the General Data Protection Regulation (GDPR), instead focusing on enforcement, as privacy in the age of artificial intelligence (AI) is becoming increasingly controversial.

­ Click to read more­

Understanding Korean PIPA: A guide for foreign businesses

Foreign businesses engaging with South Korean markets must comply with the Korean Personal Information Protection Act (PIPA), which applies when offering services or processing personal data that impacts Korean individuals. Key compliance points include notifying affected individuals and authorities within 72 hours of a data breach, publishing a Korean-language privacy policy, respecting data subject rights, obtaining consent for cross-border data transfers, and designating a domestic agent for handling privacy-related issues if the business lacks a physical presence in Korea.

­ Click to read more­

Approval of the Swiss-US Data Privacy Framework

On August 14, 2024, the Swiss Federal Council approved the Swiss-US Data Privacy Framework (DPF), certifying that US companies provide adequate data protection to allow personal data transfers from Switzerland without extra safeguards. Set to begin on September 15, 2024, this framework stipulates strict usage and sharing conditions for data, including safeguards against access by US public authorities, aiming to ensure compliance with Swiss data protection laws.

­ Click to read more­

Garante publishes information sheet on right to be forgotten in oncology

On August 9, 2024, Italy's data protection authority, the Garante, released an information sheet clarifying the 'right to be forgotten' for individuals recovered from cancer, aimed at preventing discrimination and ensuring these individuals are not required to disclose their past condition. The document, outlining the legal framework and practical guidance for enforcement, also specifies the roles of various institutions and the Garante's authority to impose GDPR sanctions to uphold the law.

­ Click to read more­

FTC clarifies hashing does not ensure data anonymization

The FTC recently reaffirmed its guidance issued in 2012 that takes the position that hashing, which is a process to convert data (such as your name or a password) into a string of characters and numbers to mask the original data, does not constitute “anonymization” of that data. To support that conclusion, the FTC also relies upon a standard for “anonymization” whereby “data is only anonymous when it can never be associated back to a person”—a potentially impossible result.

­ Click to read more

Data Breach & Cybersecurity 

Streamlining U.S. cybersecurity compliance

Digital regulatory compliance in cybersecurity is challenging due to diverse jurisdictional requirements. Efforts led by the White House Office of the National Cyber Director and legislation like the Streamlining Federal Cybersecurity Regulation Act are working to unify these regulations to improve security practices.

­ Click to read more­

U.S. Healthcare cybersecurity: privacy over continuity

­U.S. health care cybersecurity laws prioritize privacy compliance over ensuring the continuity of patient care during cyberattacks, leaving hospitals vulnerable when systems go down. Current regulations, like HIPAA, focus on protecting patient data but lack emphasis on "resilience," which would help maintain patient care during cyber incidents, leading to increased risks to patient safety when hospitals are targeted by hackers..

­ Click to read more­

­

Artificial Intelligence

­­

Google taps AI to Revamp costly health-care push marred by flops

Google is using artificial intelligence (AI) to revitalize its healthcare efforts after previous investments in the sector failed to achieve significant breakthroughs. The company aims to leverage AI to enhance healthcare delivery and efficiency, though concerns about the technology's reliability and the readiness of the healthcare industry to embrace these innovations remain.

­ Click to read more­

The importance of regular assessments in AI governance

Conducting AI assessments is crucial for companies to ensure their AI systems are reliable, ethical, and compliant with regulations. These assessments should be integrated into an AI governance program and conducted regularly throughout the AI system's lifecycle, from procurement to deployment, to address potential risks, biases, and legal obligations effectively.

­ Click to read more

Addressing hallucinations in AI-Generated medical summaries

A study has investigated how large language models like GPT-4 and Llama-3 can generate erroneous medical summaries, potentially leading to misdiagnoses and incorrect treatments, by categorizing five types of hallucinations in medical data. It details a pilot effort using 100 medical note summaries and explores automated systems to detect these inaccuracies, aiming to reduce reliance on labor-intensive human annotations.

­ Click to read more

­Large language models do not store personal data ?

According to a recent publication by the Hamburg data protection authority, storing a Large Language Model (LLM) does not constitute "processing" as defined by Article 4(2) of the GDPR because these models do not store personal data. Nevertheless, any personal data used in the input or output of an AI system that employs LLMs must comply with GDPR regulations, and despite non-compliance during the model training phase not affecting later legal usage, data protection rights of individuals must be maintained throughout the training process.

­ Click to read more

Biotech, Techbio and Healthtech

Critique of the BIOSECURE Act: A call for comprehensive DNA data protection

A critic of the BIOSECURE Act argues that it inadequately protects Americans' DNA data by unfairly targeting a few companies while neglecting others. He advocates for a broader, uniform approach, similar to HIPAA, to safeguard all DNA data and warns that the current Act could stifle genomics research, increase costs, and reduce competition.

­ Click to read more

Geographical and gender disparities in AI healthcare studies

A study titled “Disparities in Clinical Studies of AI-Enabled Applications from a Global Perspective” reveals that clinical studies of AI in healthcare are predominantly concentrated in high-income regions like North America, Europe, and East Asia, neglecting lower-income countries. It also highlights significant gender imbalances among study participants, risking health inequalities due to underrepresentation of females.

­ Click to read more

From personal crisis to pioneering audio diagnostics in healthcare

Roeland Decorte, inspired by early exposure to health issues and a misdiagnosis of his father's heart condition, pursued an innovative path in healthcare technology after studying at Cambridge. Decorte developed a technology using audio sensors integrated into everyday devices to diagnose a range of medical conditions accurately, replacing more invasive methods and aiming to streamline patient care through simpler, more accessible diagnostic tools.

­ Click to read more ­

AI and cough analysis: Pioneering disease detection with bioacoustic technology

Google Research's introduction of Health Acoustic Representations (HeAR) leverages bioacoustic signals from human sounds like coughs to detect early signs of diseases such as tuberculosis (TB) and COPD, using AI to analyze patterns in these sounds. HeAR, which outperforms other models in identifying health-related acoustic patterns, is now aiding researchers and companies like Salcit Technologies to develop more accessible and effective disease screening tools, particularly for TB in regions with limited healthcare access.

­ Click to read more ­

Data Governance

­­

EFPIA's Stance on the European Health Data Space (EHDS) regulation

The EFPIA emphasizes the critical importance of health data sharing for innovation and patient outcomes while calling for clearer implementation guidelines, particularly around data scope, IP protection, and international transfers. They advocate for a collaborative approach, involving industry stakeholders, to ensure the EHDS effectively balances privacy, utility, and economic interests

­ Click to read more­

Harmonizing global data transfers: The urgency for unified regulations

The analogy between international flights and data transfers highlights the necessity for a cohesive framework to govern international data movements, ensuring seamless and safe operations. As the global digital economy relies on data free flow, diverging national regulations complicate compliance, stressing the need for international cooperation to establish unified standards that could simplify data transfers and enhance global economic connectivity.

­ Click to read more

Data Privacy Enforcement

UK fines NHS supplier for security flaws before LockBit attack

The UK data watchdog is set to fine NHS vendor Advanced for security failures that occurred before the LockBit ransomware attack. These security lapses contributed to the vulnerability exploited during the attack.

­ Click to read more

Podcasts 

­­­

  • Assessing AI’s risks and impacts: a conversation with NIST’s Reva Schwartz

­ Click to listen

  • The Future of Privacy in AI

Click to listen

­

Seamus Larroque

CDPO / CPIM / ISO 27005 Certified

Home

Discover our latest newsletter

View All Newsletters
Dec 2024
Regulations & Guidelines
Biotech & Healthtech
AI
Data Governance
Data Privacy Enforcement

Newsletter #20

🌎 This month, key updates include Brazil’s introduction of a new SCC-based framework for international data transfers. 📋 The EDPB shared its evaluation of the EU-US Data Privacy Framework. 🤖 Advancements in AI-driven health solutions, such as Sanofi’s Muse for clinical trial recruitment, were also highlighted. 🧬 Discussions focused on genomics privacy, neural data protection, and the transformative role of AI in healthcare and compliance landscapes.

Nov 2024
Regulations & Guidelines
Podcasts
AI
Data Breach & Cybersecurity
Data Privacy Enforcement

Newsletter #19

In October, key developments in data privacy, AI, and cybersecurity emerged, including new GDPR accountability guidance for controllers, the introduction of the UK’s Data Bill 2024, and the FDA's call for coordinated AI regulation in healthcare. High-profile data breaches also highlighted vulnerabilities in health data, underscoring the need for stronger, globally aligned privacy standards.

Oct 2024
Data Privacy Enforcement
Healthcare
Regulations & Guidelines
AI
Biotech & Healthtech

Newsletter #18

Get up to speed with the latest in data protection regulations and healthtech innovations, including updates from Brazil, the UK, and California, along with advancements in AI-driven healthcare solutions. Plus, explore major privacy enforcement actions and key developments shaping the future of digital health.