Hello all, and happy Thursday!
By now, members of the privacy community must be getting sick of hearing news about TikTok—yet here we are again.
Montana has become the first state to ban TikTok outright. While federal and state government employees have been prohibited from downloading the app on government devices, this law prohibits offering TikTok for download whatsoever.
Specifically, any entity that offers the ability for users to access TikTok or download the app will be fined $10,000 per day they continue to do so (starting January 1st of 2024).
There will certainly be legal challenges to this law. While the law raises questions about freedom of speech and access to such speech, it is a response in part to serious allegations about the privacy of the app. A former executive, for instance, has alleged that the Chinese government has total access to user data, even data stored on U.S. servers. (It should be noted that the allegations came as part of a wrongful termination lawsuit and must be taken with a grain of salt, but they exemplify the fears that spurred the creation of Montana’s law.)
Someday, we’ll have greater insight into TikTok’s actual data collection practices. Until that day, however, we’ll have to guess at whether laws like Montana’s are smart, preemptive, and protective or reactionary and ill-informed.
Best,
Arlo
Montana becomes first US state to ban TikTok
Montana Governor Greg Gianforte has signed legislation prohibiting mobile app stores from offering TikTok by next year. Although the federal government, and more than half of US states, have prohibited the app on government devices, this marks the first time the app has been banned outright.
Texas Legislature Passes Texas Data Privacy and Security Act
As of this writing, the Texas Data Privacy and Security Act (TDPSA) has passed the Texas state legislature and now awaits Governor Abbot’s signature or veto. If enacted, the TDPSA will take effect on March 1, 2024.
AI Act: A step closer to the first rules on Artificial Intelligence
Members of the European Parliament (MEPs) have endorsed a new set of transparency and risk-management rules for AI systems. The rules are designed to ensure that AI systems are overseen by people, and are safe, transparent, traceable, non-discriminatory, and environmentally friendly.
Human DNA can now be pulled from thin air or a footprint on the beach. Here’s what that could mean.
Researchers have been able to match genetic information to individuals from a variety of environmental sources, such as footprints on the beach. As these techniques become more refined, privacy experts warn that collecting and tracking individuals’ ambient genetic markers could lead to privacy violations.
MEPs against greenlighting personal data transfers with the U.S. under current rules
In a nonbinding resolution, MEPs found that the EU-U.S. Data Privacy Framework is an improvement on prior frameworks, but is not enough to justify an adequacy decision on personal data transfers.
Clearview Fined Again By French Government For Failing To Pay Fines Already Owed To French Government
Clearview AI, which was fined for violating the GDPR over the illegal collection and sale of facial recognition data, is being fined again by the French government over failure to pay its fines. Clearview AI’s core service was to scrape facial data from web sources and use that data to train a facial recognition AI for use by law enforcement. Clearview AI has not paid the €20,000,000 it owes to the French government, resulting in an additional fine of €5,200,000.
Warnings over NHS data privacy after ‘stalker’ doctor shares woman’s records
After a woman began dating a doctor’s ex-boyfriend, that doctor—who was not involved with the woman’s care—was able to access highly sensitive personal information and subsequently harass and stalk the woman. The incident highlights issues surrounding access controls and privacy in the National Health Service (NHS) system.
More Penguins Than Europeans Can Use Google Bard
Although 450 million Europeans cannot access Google’s AI chatbot, Google has opted to make it accessible in jurisdictions such as Bouvet Island, an uninhabited island in the South Atlantic Ocean that’s home to 50,000 penguins. The preemptive blocking of Bard in the EU is believed to be a signal that Google believes generative AI technology as it exists now is fundamentally incompatible with existing and developing privacy and online safety laws in the EU.
Osano Blog: 5 red flags in a CMP implementation
It’s difficult to predict how a software implementation will go until you actually get your hands dirty—but by the time you realize an implementation is going to be a headache, it’s often too late to back out. We’ve identified five red flags you can keep an eye out for before committing to a consent management platform (CMP).
If you’re interested in working at Osano, check out our Careers page! We might have the perfect opportunity for you.