Regulations

Artificial Intelligence Act: Deal on Comprehensive Rules for Trustworthy AI

European Parliament and Council negotiators have reached a provisional agreement on the Artificial Intelligence Act, focusing on safe and ethical AI while promoting innovation. The Act bans high-risk AI applications that threaten fundamental rights and sets strict obligations for law enforcement and high-risk AI systems. It also supports innovation and SMEs through regulatory sandboxes and imposes substantial fines for non-compliance, positioning Europe as a leader in responsible AI development.

Click to read more

European Commission's AI Act: Explained in a Comprehensive Q&A

The European Commission has developed a comprehensive Q&A resource to explain the EU AI Act, providing clear and accessible information about the legislation's purpose, scope, and implications. This Q&A aims to enhance understanding of the Act's key elements, such as the risk-based classification of AI systems, and the responsibilities and obligations it imposes on AI providers and users. It also elucidates the enforcement mechanisms and penalties for non-compliance, thereby aiding stakeholders in navigating and adhering to the Act's provisions.

Click to read more

EU Parliament Revises European Health Data Space Framework

The European Parliament has adopted an amended proposal in Plenary as the negotiating foundation with the Council on the framework of the European Health Data Space (EHDS). Negotiations are underway based on this proposal. Key points include: Enhancing patient rights to data access,compliance assessment procedures for EHR systems and discussions on the secondary use of health data.

Click to read more

Proposed Revisions to CCPA

The California Privacy Protection Agency has released proposed amendments to the current California Consumer Privacy Act. These updates aim to expand the scope and penalties of the act, and include modifications regarding dark patterns and responsibilities pertaining to the rights of data subjects.

Click to read more

EDPB: GDPR Implementation Successful, Future Challenges Require More Resources

At its latest plenary, the European Data Protection Board (EDPB) acknowledged the successful application of the GDPR over its first 5.5 years, deeming it premature to revise it at this stage. The EDPB emphasized the need for adequate resources for Data Protection Authorities (DPAs) and itself to meet future challenges, especially given the evolving technological landscape and new digital economy legislation. Additionally, the EDPB is focusing on enhancing international data transfer agreements and developing cooperation with third countries, while also planning to issue guidelines on the 'pay or ok' model.

Click to read more

China's First Personal Information Certification For Cross-Border Data Transfer

On December 25th, China's Cybersecurity Review Technology and Certification Centre (CCRC) issued the first personal information certification for cross-border data transfer to the University of Macau, marking a significant advancement in China's personal information protection and governance. This certification, which encompasses a comprehensive technological framework for data lifecycle management, is an alternative to the security assessment and China SCC under the PIPL, and extends beyond cross-border data transfer applications. Following this, on December 26th, the CRCC awarded personal information protection certification to five additional companies, indicating a growing importance of personal information certification in China's data protection landscape and suggesting a busy year ahead for privacy professionals with the introduction of new regulations in 2024.

Click to read more

PETs - Privacy Enhancing Technologies

Breaking Down Privacy Risks: How 'Anonymous' Synthetic Data Can Be Exposed

The study titled "On the Inadequacy of Similarity-based Privacy Metrics: Reconstruction Attacks against Truly Anonymous Synthetic Data'" uncovers critical flaws in the use of empirical evaluations to ensure privacy in synthetic data. It introduces ReconSyn, an attack that exploits these weaknesses, demonstrating its effectiveness by reconstructing sensitive training data from synthetic datasets that were deemed private. This work challenges the reliability of current privacy metrics and emphasizes the need for rigorous privacy-preserving methods in the creation of synthetic data.

Click to read more

Healthcare

A French Comprehensive Cancer Center's Data Strategy and Implementation Experience

In a comprehensive cancer center, effective data strategies are crucial for evaluating practices, understanding cancer, and developing better treatments. The Center Léon Bérard (CLB) employs a variety of data collection methods, including EMRs, clinical trials, and research projects, utilizing techniques like natural language processing for in-depth analysis. To enhance cancer research and patient outcomes, CLB emphasizes the importance of secure, regulated data sharing, leveraging real-world data and standardizing data formats for collaboration and improved patient-centered research.

Click to read more

Artificial Intelligence

Towards a Standard for Identifying and Managing Bias in Artificial Intelligence

The National Institute of Standards and Technology (NIST) has released a document titled "Towards a Standard for Identifying and Managing Bias in Artificial Intelligence," addressing the critical issue of AI bias. It categorizes AI bias into systemic, statistical, and human types and discusses the challenges in mitigating these biases, emphasizing the need for a comprehensive approach involving datasets, testing, evaluation, validation, verification, and human factors. Additionally, the document promotes a socio-technical systems approach, integrating societal values and impacts into AI development, and provides guidance and recommendations for addressing a broader spectrum of biases and their societal implications.

Click to read more

Adaptive Machine Unlearning

Back in 2021 NeurIPS paper "Adaptive Machine Unlearning" introduced a novel approach for efficient data deletion in machine learning, challenging previous methods with poor guarantees against adaptive deletion sequences. It proposes a robust, model-agnostic framework combining differential privacy and max-information techniques, proven effective in experiments with datasets like CIFAR-10 and MNIST. The paper's insights into vulnerabilities of algorithms and practical applications for enhancing data privacy marked significant advancements in the field.

Click to read more

Google Launches MedLM Generative AI Models For The Healthcare Industry

Google is advancing its AI capabilities with MedLM, a healthcare-dedicated AI available on its Vertex AI platform for U.S. Cloud customers, and in preview in select markets abroad. The MedLM suite, which includes models based on the medically adept Med-PaLM 2, offers tools for diverse tasks ranging from complex analytics to scalable operations. These innovations are being adopted across the healthcare sector for applications like enhancing patient care, accelerating drug development, and improving medical documentation efficiency.

Click to read more

A Quality Standard and Certification for AI

New ISO/IEC 42001 International Standard for AI : This novel certification outlines the criteria for organizations to develop, implement, maintain, and enhance an Artificial Intelligence Management System (AIMS). It targets providers and users of AI-based solutions, promoting ethical creation and application of AI technologies.

Click to read more

Cybersecurity

23andMe Data Breach Impacts 6.9M Users

Genetic testing company 23andMe revealed a data breach impacting 0.1% of its customers, about 14,000 individuals, and potentially a significant number of other users linked through ancestry profiles. Further details indicated that around 5.5 million people using the DNA Relatives feature and 1.4 million with Family Tree profiles had their personal information accessed. This breach, initially disclosed in October and attributed to password reuse by customers, ended up affecting nearly half of 23andMe's 14 million customers, with hackers gaining access to sensitive DNA and personal data.

Click to read more

Integris Health Patients Get Extortion Emails After Cyberattack

Integris Health experienced unauthorized system access on November 28, 2023, leading to potential data breaches. Hackers extorted patients on December 24th, claiming to have stolen personal data of over 2 million individuals, including sensitive information like Social Security Numbers. The attackers have set up a dark web site for selling or deleting this data, with Integris Health advising patients against responding to these extortion emails, highlighting the risks of further exploitation and the uncertainty of data deletion even after paying ransoms.

Click to read more

Data Privacy Enforcement

USA: HHS Announces $480,000 Settlement with Lafourche Medical Group Over HIPAA Violations

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced a settlement with Lafourche Medical Group following a phishing attack that compromised the health information of about 34,862 individuals. This marks OCR's first settlement involving a phishing attack under HIPAA, highlighting the growing concern over cyberattacks in healthcare. As part of the settlement, Lafourche Medical Group will pay $480,000 and implement a corrective action plan, including enhanced security measures and staff training on HIPAA compliance and cybersecurity.

Click to read more

Imposing Administrative Fines: The Criteria of Wrongful GDPR Infringement

The Court of Justice has defined the criteria for national supervisory bodies to levy administrative fines on one or more data controllers for breaching the General Data Protection Regulation (GDPR). It emphasizes that for a fine to be imposed, there must be evidence of wrongful behavior, meaning the infringement was either intentional or due to negligence. Additionally, when the entity facing the fine is part of a corporate group, the fine's calculation should consider the group's total turnover.

Click to read more

Home

Discover our latest newsletter

View All Newsletters
Nov 2024
Regulations & Guidelines
Podcasts
AI
Data Breach & Cybersecurity
Data Privacy Enforcement

Newsletter #19

In October, key developments in data privacy, AI, and cybersecurity emerged, including new GDPR accountability guidance for controllers, the introduction of the UK’s Data Bill 2024, and the FDA's call for coordinated AI regulation in healthcare. High-profile data breaches also highlighted vulnerabilities in health data, underscoring the need for stronger, globally aligned privacy standards.

Oct 2024
Data Privacy Enforcement
Healthcare
Regulations & Guidelines
AI
Biotech & Healthtech

Newsletter #18

Get up to speed with the latest in data protection regulations and healthtech innovations, including updates from Brazil, the UK, and California, along with advancements in AI-driven healthcare solutions. Plus, explore major privacy enforcement actions and key developments shaping the future of digital health.

Sep 2024
AI
Regulations & Guidelines
Biotech & Healthtech
Data Governance
Data Privacy Enforcement

Newsletter #17

August was a busy month for data protection in the life sciences—here's your summer recap!