12 May Navigating the Intersection of AI, Privacy, and Regulation: Key Updates from Around the World
AI and GDPR Compliance: Guidance from France’s CNIL
The French CNIL (National Commission on Informatics and Liberty), tasked with data protection, has recently issued a set of recommendations addressing the intersection of Artificial Intelligence (AI) and privacy. The guidelines focus on ensuring AI systems comply with the General Data Protection Regulation (GDPR). Key topics covered include selecting the appropriate legal basis for AI operations, adhering to data protection principles during both development and application stages, and more. For those fluent in French, detailed insights can be found on CNIL’s official page.
France Adopts EU Digital Regulations
The French law “SREN” has been passed, incorporating the EU’s Digital Services Act (DSA) and Digital Markets Act (DMA) into national legislation. This law includes provisions specifically aimed at digital platforms, like mandatory age verification on adult websites operating in France but outside the EU. Critics argue the law may impose restrictions on internet anonymity. For further details, visit L’Informaticien.
SHEIN Recognized as a ‘Large Platform’ under EU DSA
The fast-fashion giant SHEIN has been classified as a “large platform” under the EU Digital Services Act, signaling increased regulatory oversight due to its significant market influence.
France’s ANSSI Initiates NIS2 Directive Implementation
The French National Agency for the Security of Information Systems (ANSSI) is preparing for the transposition of the NIS2 Directive, set to expand the scope of regulated entities from around 500 to at least 10,000. This extensive initiative underscores the growing importance of cybersecurity regulations across various sectors.
Updates on Surveillance Laws in the USA: FISA Becomes RISA
In the USA, the controversial Foreign Intelligence Surveillance Act (FISA) has been replaced by the Rights of Individuals in Surveillance Act (RISA). Despite the rebranding, concerns persist as the new legislation retains similar provisions, with a temporary reduction in its validity period from five to two years. This change underscores ongoing debates over privacy and surveillance.
TikTok’s Troubles with US Congress
US Congress has demanded that TikTok sever ties with its Chinese parent company, ByteDance, citing a 2017 Chinese law that could compel the company to surrender user data for national security investigations. Failure to comply could lead to TikTok being banned in the USA. ByteDance has initially resisted these demands.
European Response to Big Tech’s Data Practices
The European Data Privacy Board has criticized the prevalent “consent or pay” model used by major platforms for data handling and advertising. The board advocates for an alternative that offers users ad-limited, non-targeted content without charge. Moreover, any consent given must comply with GDPR, ensuring it is informed and voluntary.
Legal Challenges for META Over Data Security
The EU Commission has initiated legal proceedings against META Group (formerly Facebook) for potential breaches of the Digital Services Act, especially concerning vulnerabilities that could affect the upcoming European elections. This action recalls the 2016 US Presidential election controversies involving data misuse on Facebook.
OpenAI Faces Legal Scrutiny in Austria
In Austria, the Noyb association has filed a complaint against OpenAI, alleging that ChatGPT violates GDPR by retaining and disseminating incorrect personal data without adequate correction mechanisms.