Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: EU Data Protection

Data Is What Data Does: Regulating Based on Harm and Risk Instead of Sensitive Data

Data Is What Data Does: Regulating Based on Harm and Risk Instead of Sensitive Data, 118 Nw. U. L. Rev. 1081 (2024). “Heightened protection for sensitive data is becoming quite trendy in privacy laws around the world. Originating in European Union (EU) data protection law and included in the EU’s General Data Protection Regulation, sensitive data singles out certain categories of personal data for extra protection. Commonly recognized special categories of sensitive data include racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sexual orientation and sex life, and biometric and genetic data. Although heightened protection for sensitive data appropriately recognizes that not all situations involving personal data should be protected uniformly, the sensitive data approach is a dead end. The sensitive data categories are arbitrary and lack any coherent theory for identifying them. The borderlines of many categories are so blurry that they are useless. Moreover, it is easy to use nonsensitive data as a proxy for certain types of sensitive data. Personal data is akin to a grand tapestry, with different types of data interwoven to a degree that makes it impossible to separate out the strands. With Big Data and powerful machine learning algorithms, most nonsensitive data give rise to inferences about sensitive data. In many privacy laws, data giving rise to inferences about sensitive data is also protected as sensitive data. Arguably, then, nearly all personal data can be sensitive, and the sensitive data categories can swallow up everything. As a result, most organizations are currently processing a vast amount of data in violation of the laws. This Article argues that the problems with the sensitive data approach make it unworkable and counterproductive as well as expose a deeper flaw at the root of many privacy laws. These laws make a fundamental conceptual mistake—they embrace the idea that the nature of personal data is a sufficiently useful focal point for the law. But nothing meaningful for regulation can be determined solely by looking at the data itself. Data is what data does. To be effective, privacy law must focus on harm and risk rather than on the nature of personal data. The implications of this point extend far beyond sensitive data provisions. In many elements of privacy laws, protections should be proportionate to the harm and risk involved with the data collection, use, and transfer.”

Complaint filed against Alphabets plans to intercept 100s of billions of messages to train Bard

LinkedIn, Alexander Hanff: “Today I filed a complaint [included with lead link] with the Data Protection Commission Ireland as an open letter against Alphabets plans to introduce their Bard AI into Android Messages app and to intercept 100s of billions of confidential communications for the purpose of training their AI. This is a direct breach… Continue Reading

Meta unlawfully ignores the users’ right to easily withdraw consent

Noyb.eu: “Since the beginning of November, Instagram and Facebook users who don’t want to be tracked have to pay a “privacy fee” of up to € 251.88 per year. While one (free) click is enough to consent to being tracked, users can only withdraw their consent by going through the complicated process of switching to… Continue Reading

Antisemitism has moved from the right to the left in the US − and falls back on long-standing stereotypes

Via LLRX – Antisemitism has moved from the right to the left in the US − and falls back on long-standing stereotypes – Prof. Arie Perliger, director of the graduate program in Security Studies at the School of Criminology and Justice Studies at the University of Massachusetts, Lowell addresses the fact the the U.S. is… Continue Reading

AI in Banking and Finance, October 15, 2023

Via LLRX – AI in Banking and Finance, September 15, 2023 – This semi-monthly column by Sabrina I. Pacifici highlights news, government reports, industry white papers, academic papers and speeches on the subject of AI’s fast paced impact on the banking and finance sectors. The chronological links provided are to the primary sources, and as available,… Continue Reading

IBM promised to back off facial recognition then signed a $69.8M contract to provide it

The Verge: “The company denies its new government deal enables ‘general purpose’ biometric surveillance. Human rights advocates disagree. IBM has returned to the facial recognition market — just three years after announcing it was abandoning work on the technology due to concerns about racial profiling, mass surveillance, and other human rights violations. In June 2020,… Continue Reading

Social media giants urged to tackle data-scraping privacy risks

Tech Crunch: “A joint statement signed by regulators at a dozen international privacy watchdogs, including the U.K.’s ICO, Canada’s OPC and Hong Kong’s OPCPD, has urged mainstream social media platforms to protect users’ public posts from scraping — warning they face a legal responsibility to do so in most markets. “In most jurisdictions, personal information… Continue Reading

How governments are looking to regulate AI

Economist Intelligence – EIU: The EU has taken the lead with the strictest rules, which will have the biggest impact globally Chinese rules are also strict, but their impact is domestic, and geared towards keeping control and power with the ruling party The US favours innovation, and its political system hinders any attempt at regulation,… Continue Reading

The Coolest Library on Earth

Hakai Magazine:  “At the University of Copenhagen, researchers store ice cores that hold the keys to Earth’s climate past and future…Copenhagen is one of several places in the world where pieces of ice cores drilled from our planet’s extremities are kept safely cold. Other large research freezers are located in the United States, Australia, France,… Continue Reading

Do Foundation Model Providers Comply with the Draft EU AI Act?

Stanford University Center for Research on Foundation Models, Rishi Bommasani and Kevin Klyman and Daniel Zhang and Percy Liang: “Foundation models like ChatGPT are transforming society with their remarkable capabilities, serious risks, rapid deployment, unprecedented adoption, and unending controversy. Simultaneously, the European Union (EU) is finalizing its AI Act as the world’s first comprehensive regulation… Continue Reading

Data Act: Commission welcomes political agreement on rules for a fair and innovative data economy

European Commission: “The Commission welcomes the political agreement reached today between the European Parliament and the Council of the EU, on the European Data Act, proposed by the Commission in February 2022. Today, the Internet of Things (IoT) revolution fuels exponential growth with projected data volume set to skyrocket in the coming years. A significant… Continue Reading

Top EU Tech Regulator – Twitter to Face Stress Test This Month

WSJ [free link to article]: “European Union regulators plan to subject Twitter to a stress test to determine how well it complies with Europe’s new digital-content law, a top EU tech regulator said, ramping up the bloc’s preparations for enforcing the West’s most far-reaching digital-content law. A team of roughly five to 10 digital specialists… Continue Reading