Regulations, Guidelines & Opinions

CNIL Launches Its FAQ On The Latest Data Privacy Framework

French CNIL has published its own FAQ (in french) regarding the latest Data Privacy Framework adopted by the European Commission on July 10th 2023. The FAQ goes over the main questions linked with this new framework such as :key components to the privacy framework, actions the receiving organization is not on the list of the U.S. Department of Commerce or the consequences of this decision for organizations wishing to transfer data to the United States.The link below redirects to the original text in French.

Click to read more

France CNIL Publishes MR007 and MR 008

The French data protection authority (CNIL) has adopted two new reference frameworks (MR-007 and MR-008) for accessing the National Health Data System (SNDS) data. The MRs prioritize data protection, allow research flexibility, ensure data stays within the EU, and streamline research on SNDS ( French national health Data repository) data by bypassing CNIL's authorizations. MR007 pertains to the public sector, while MR008 is relevant to the private sector. The link below redirects to the original text in French.

Click to read more

New Proposed Regulation For Health Data Hosting In France

The French government has proposed a law regarding the hosting of health data. The law has gone through several stages of review and amendment in the Senate and National Assembly.  The current version of the law, Article 10 Bis A, requires that sensitive health data be stored with cloud providers who guarantee protection against unauthorized access by foreign authorities. There is debate over the need for a European sovereign cloud to protect against extraterritorial laws, versus the practicality of using French or European providers. The law has implications for both businesses and citizens in terms of data security and migration. The link below redirects to the original text in French.

Click to read more

EDPB Picks Topic For 2024 Coordinated Action

During its October plenary, the European Data Protection Board (EDPB) selected the topic for its third coordinated enforcement action, which will concern the implementation of the right of access by controllers. Further work will now be carried out to specify the details in the upcoming months and the action itself will be launched in 2024.

Click to read more

Biotech and Healthtech

Precision Medicine Startups Increase Focus on Data Access and Privacy

Low-cost genetic sequencing is fueling investments in bioinformatics, with companies like Sano Genetics facilitating patient-centric precision medicine research through a subscription model. AI and ML are revolutionizing disease classification by detecting patterns in health data, while the industry explores secure methods like blockchain for gathering and storing health data.

Click to read more

Biopharma’s Path to Value with Generative AI

A study from the Boston Consulting Group (BCG) highlights the European approach to AI, particularly in cross-border cases impacting individuals, and references ISO/IEC 22989:2022 for continuous AI training, addressing ambiguity in AI provider definitions. It discusses AI systems in administrative, law enforcement, and high-risk contexts, while expressing concerns about exceptions and exclusions, emphasizing the importance of clear rules and safeguards in AI regulation.

Click to read more

Artificial Intelligence

EDPS Final Recommendation on AI

European Data Protection Supervisor details its final recommendation on AI, particularly in cross-border cases affecting individuals and references ISO/IEC 22989:2022 for continuous training in AI. It also raises concerns about AI systems in administrative and law enforcement use, exceptions for high-risk AI systems, the scope of the AI Act, access to data and documentation, and emphasizes the importance of clarity and safeguards in AI regulation.

Click to read more

Memory Capacity in AI /LLMS: Llama2 vs GPT2

AI company Sarus, which focuses on developing solutions for differential privacy, highlights through a publication that Large Language Models (LLMs) have the capability to retain information from their training datasets, including outlier data that isn't pertinent to their training, underscoring the privacy risks linked to such models.

Click to read more

The Foundation Model Transparency Index

The rise of foundation models in AI has led to increased generative applications but also a decrease in transparency, reminiscent of issues seen with earlier digital technologies. To address this, the "Foundation Model Transparency Index 2023" has been introduced, assessing ten leading developers, including OpenAI, Google, and Meta, against 100 detailed indicators. The findings highlight a lack of substantial information on the broader impacts of their models, and the index aims to set a transparency benchmark to promote better governance and industry norms.

Click to read more

Data Breach & Cybersecurity

OCR Publishes Resources On Telehealth Privacy, Security Risks

On October 19, 2023, the US HHS Office for Civil Rights (OCR) released two resource documents aimed at assisting providers in communicating telehealth privacy and security risks to patients. These documents, titled “Educating Patients about Privacy and Security Risks to Protected Health Information when Using Remote Communication Technologies for Telehealth” and “Telehealth Privacy and Security Tips for Patients,” are designed to explain risks in simple terms and guide patients on basic cyber hygiene practices.

Click to read more

23 and Me - Data Breach

A subset of 23andMe users' data was compromised. The company clarified that its systems were not breached, but attackers guessed login credentials and scraped data from the "DNA Relatives" feature. • Data Details and Sale: Hackers claimed the data contained 1 million data points about Ashkenazi Jews and many users of Chinese descent. The data, sold between $1 and $10 per account, includes display name, sex, birth year, and some genetic ancestry details but not raw genetic data.

Click to read more

Data Privacy Enforcement

EU General Court Denies Interim EU-US Data Privacy Framework Halt

The European Union General Court ruled against interim measures to pause the implementation of the EU-U.S. Data Privacy Framework. The decision came in response to French Member of European Parliament Philippe Latombe filing against the transfer agreement and subsequent adequacy decision. The court said Latombe cannot prove the individual or collective harm the agreement raises.

Click to read more

Clearview AI, Wins Appeal Against UK Privacy Sanction

Clearview AI, a US facial recognition company, successfully appealed against a £7.5 million (~$10 million) privacy sanction issued by the U.K.'s Information Commissioner’s Office (ICO) in 2022. The appeal was won on jurisdiction grounds, with the tribunal ruling that Clearview's activities fall outside the jurisdiction of U.K. data protection law due to an exemption related to foreign law enforcement.

Click to read more

Podcasts

EU-US Data Transfer Agreements: An Endless Disagreement? Discussion With Max Schrems

Interview featuring Max Schrems discussing the recent data transfer pacts. Schrems delves into the inception of NYOB and reviews the latest data privacy accord, noting that its essence remains akin to earlier versions due to the US authority's ability to access EU data. He further elaborates on the present data exchange between the EU and US under the DPF and attempts to reverse the framework.

Click to read more

Tackling Data Deletion

This week’s episode of ADCG’s Privacy & Cybersecurity Podcast features a discussion with Jeff Jockisch about his new company, Avantis Privacy, which specializes in data deletion services. Jeff is a renowned privacy researcher, the CEO of PrivacyPlan and CPO of Avantis Privacy. In this episode, they discuss the daunting prospect of managing one’s personal data, data brokers and what they do, and the process of requesting personal be deleted. Jeff discusses the approach taken by Avantis Privacy and offers thoughts on anonymization and what is driving this type of service.

Click to read more

OWKIN - An AI Biotech That Enables Doctors to Share Research To Cure Diseases

At AI biotech company Owkin, cofounder and CEO Thomas Clozel is rethinking cancer and disease research through an entirely new lens—and aiming to break down barriers in healthcare along the way. In this week’s Leaders in Innovation podcast, he shares how his company is bridging the gap between academic research and the pharmaceutical industry.

Click to read more

Home

Discover our latest newsletter

View All Newsletters
Nov 2024
Regulations & Guidelines
Podcasts
AI
Data Breach & Cybersecurity
Data Privacy Enforcement

Newsletter #19

In October, key developments in data privacy, AI, and cybersecurity emerged, including new GDPR accountability guidance for controllers, the introduction of the UK’s Data Bill 2024, and the FDA's call for coordinated AI regulation in healthcare. High-profile data breaches also highlighted vulnerabilities in health data, underscoring the need for stronger, globally aligned privacy standards.

Oct 2024
Data Privacy Enforcement
Healthcare
Regulations & Guidelines
AI
Biotech & Healthtech

Newsletter #18

Get up to speed with the latest in data protection regulations and healthtech innovations, including updates from Brazil, the UK, and California, along with advancements in AI-driven healthcare solutions. Plus, explore major privacy enforcement actions and key developments shaping the future of digital health.

Sep 2024
AI
Regulations & Guidelines
Biotech & Healthtech
Data Governance
Data Privacy Enforcement

Newsletter #17

August was a busy month for data protection in the life sciences—here's your summer recap!