Argentina’s AAPI Proposes Draft Personal Data Protection Bill
Argentina’s data protection authority, the Agency of Access to Public Information, submitted a draft Personal Data Protection Bill to the Honorable Chamber of Deputies of the Nation. The proposed draft amends Personal Data Protection Act 25.326. Provisions under the proposed draft include language to facilitate transborder data flows, enhanced basic data subject and children’s privacy rights, obligations for data controllers and more.
Council of the European Union’s New Leadership Addresses AI Act Plans
The new Spanish Presidency of the Council of the European Union outlined priority topics for its negotiations on the proposed Artificial Intelligence Act. As it works toward a political agreement among member states, the Spanish presidency plans to address the proposal’s definition of AI, high-risk classification, list of high-risk use cases and fundamental rights impact assessments.
US finalizes EU-US Data Privacy Framework Requirements, Awaits EU Adequacy Decision
The U.S. Department of Justice and the Office of the U.S. National Intelligence Director announced the completion of commitments under President Joe Biden’s executive order concerning the EU-U.S. Data Privacy Framework. According to Secretary of Commerce Gina Raimondo, the DOJ designated EU member states along with Iceland, Liechtenstein and Norway as “qualifying states” whose citizens are able to file for redress through the proposed Data Protection Review Court while obtaining enhanced U.S. privacy protections. The designations take effect upon finalization of the European Commission’s adequacy decision with the U.S. Meanwhile, the ODNI released the policies and procedures the U.S. intelligence community will follow as part of the executive order.
European Commission proposes rules to strengthen GDPR enforcement
The European Commission is proposing new “concrete procedural rules” to strengthen EU General Data Protection Regulation enforcement in cross-border cases. The proposal harmonizes requirements for cross-border complaints, gives parties under investigation the right to be heard “at key stages” including during dispute resolution, and streamlines the dispute resolution mechanism. While the commission said it will mean “quicker remedies for individuals and more legal certainty for businesses,” the European Consumer Organisation said the proposal “is unlikely to be of much help to consumers.
AI Systems Analyzing License Plate Scanning Cameras Pose Constitutional Questions
In a drug trafficking case in New York’s Westchester County, an artificial intelligence-powered Automatic License Plate Recognition system analyzed the county’s 480 traffic cameras and scanned 16 million license plates a week for a two-year period. The suspect’s attorney claimed the information obtained on his client was a “systematic development and deployment of a vast surveillance network” per his motion to suppress evidence. He alleged any New York police officer would be able to initiate an investigation using the system without any court oversight.
European Commission, CFPB Start Dialogue on Financial Consumer Protection
European Commissioner for Justice and U.S.Consumer Financial Protection Bureau announced an “informal dialogue” between their agencies “on a range of critical financial consumer protection issues.” Areas of discussion will include “automated decision making and processing of data in financial services,” including artificial intelligence and “digital transformation that ensures fair choice and access to financial services for consumers, including the unbanked, underbanked, and consumers who want to protect their own data.”
US Announces Smart Device Cybersecurity Labeling Program
The Biden administration announced the “U.S. Cyber Trust Mark” program. Under the cybersecurity labeling program for smart devices, anticipated to launch in 2024, consumers will find a logo on products meeting established criteria published by the National Institute of Standards and Technology. The administration said “several major electronics, appliance, and consumer product manufacturers, retailers, and trade associations” have voluntarily committed to increasing cybersecurity for their products.
US Senators Propose Amendments Addressing AI, Privacy in Defense Act
U.S. senators offered a slew of amendments to the National Defense Authorization Act, with many addressing artificial intelligence, privacy and social media regulation, The Washington Post reports. Amendments concerning AI include requiring financial institutions to issue reports detailing how they use AI and the creation of a task force to “assess the privacy, civil rights, and civil liberties implications” of using AI. Other privacy-centric amendments include the Stop CSAM Act being folded into the legislation, which would allow victims to sue platforms for exploitation, and legislation that would ban TikTok for U.S. consumers.
CPPA Supports Four Privacy Bills
The California Privacy Protection Agency unanimously voted in support of four state privacy bills that support its mission of “protecting the privacy rights of Californians.” Assembly Bill 947 would include personal information that reveals citizenship or immigration status as sensitive personal information under the California Consumer Privacy Act. Assembly Bill 1194 relates to reproductive privacy protections, Assembly Bill 1546 covers the CCPA’s statute of limitations, and Senate Bill 362 would transfer administration and rulemaking authority over the data broker industry to the CPPA.
Biden Calls for Children’s Online Privacy Protections
U.S. President Joe Biden called on lawmakers to pass legislation protecting children’s online privacy and safety. Referencing a Thursday hearing of the Senate Commerce Committee on the Kids Online Safety Act and Children and Teens’ Online Privacy Protection Act, Biden said he has been urging legislation for two years. “It matters. Pass it, pass it, pass it, pass it, pass it,” he said.
SEC Adopts Rules to Update Cybersecurity Incident Reporting
The U.S. Securities and Exchange Commission announced the adoption of new rules pertaining to how public companies report cybersecurity incidents. The SEC will now require disclosures related to “material cybersecurity incidents (companies) experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy, and governance.” SEC Chair Gary Gensler said the aim is to make disclosures “consistent, comparable, and decision-useful” for investors.
Doctors using AI could Run Afoul of Health Privacy Law
U.S. physicians using artificial intelligence technologies, like chatbots, may be violating the Health Insurance Portability and Accountability Act. Many physicians are using AI, like ChatGPT to consolidate notes, find quick clinical answers, transcribe, etc. Once this happens, the information is no longer internal to the healthcare system and is technically a data breach.