Hello all, and happy Thursday!
As is always the case with new technologies, innovative AI models have outpaced regulation. But regulation has recently closed the gap a little bit.
The Council of Europe recently released the AI Convention, a framework on artificial intelligence and human rights, democracy, and the rule of law, signed by the US, UK, EU, and numerous other countries.
While the EU has its AI Act and Colorado has its AI Act, the AI Convention provides a framework for signatories to lean on when determining the legality of AI models. It’s not particularly explicit and instead provides general principles that signatories can interpret within their own legal systems. It’s likely that individual countries will develop their own comprehensive AI legislation in the future that is compatible with the overarching framework of the AI Convention.
Best,
Arlo
Hear from renowned Austrian privacy activist Max Schrems, as he chats with Arlo Gilbert about noyb and privacy rights.
Find out why spreadsheets can cause more trouble than their worth when mapping your organization’s data.
Listen to part two of our conversation with Keith Enright, Chief Privacy Officer of Google.
Today at 1PM EST! | Save Your Seat
Test your privacy skills (and win cool prizes) at booth #334 at this year’s P.S.R. conference.
Although the EU AI Act has set clear rules for the regulation of AI systems within the EU, the new AI Convention creates a common framework for AI systems applicable to the US, the UK, the EU, and other countries. The first of its kind, the Council of Europe Framework Convention on AI and Human Rights, Democracy, and the Rule of Law was signed last week by the EU, the UK, the USA, Israel, Norway, Andorra, Georgia, Iceland, the Republic of Moldova and San Marino.
The CPPA recently published its first blog post, promising to provide “guidance on protecting your personal information, information about emerging privacy issues, and deeper insights on CPPA’s ongoing activities and priorities.”
Recently, the Dutch Data Protection Authority (Dutch DPA) announced that it had imposed a 290 million fine on Uber for allegedly transferring personal data from the EU to US without an adequacy decision or appropriate safeguards in place, in breach of the GDPR. Uber had removed the standard contractual clauses included in its agreement with its Dutch entity months prior to the implementation of the EU-US Data Privacy Framework.
On September 10th, the European Commission hosted the first official meeting of the Artificial Intelligence (AI) Board, following the entry into force of the AI Act on 1 August. This inaugural session, which takes place in Brussels, marked an important step in the EU's commitment to shape a robust framework for AI governance.
US facial recognition company Clearview AI has been fined 30.5 million euros ($33.7 million) for building what the Dutch data protection authority (DPA) called an illegal database. The DPA also issued an additional order, imposing a penalty of up to 5 million euros on Clearview for non-compliance. "Clearview AI does not have a place of business in the Netherlands or the European Union, it does not have any customers in the Netherlands or the EU," Jack Mulcaire, Clearview AI's chief legal officer, told Reuters.
There's more to explore:
We go deeper into additional privacy topics with incredible guests monthly. Available on Spotify or Apple.
The book inspired by this newsletter: Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start building a privacy program from the ground up. More details here.
If you’re interested in working at Osano, check out our Careers page!