Tag: International Privacy

  • EPIC Urges UK ICO to Prohibit “Consent or Pay” Business Models

    On April 17, EPIC submitted comments to the UK ICO on its call for views relating to “Consent or Pay” business models. In its comments, EPIC urged the ICO to prohibit the use of the facially illegal business model due to the clear violation of the UK GDPR’s definition of consent.

    • Big Data

    • Consumer Privacy

    • Data Protection

    • International Privacy

    • International Privacy Laws

    • Privacy Laws

    • Updates

  • What U.S. Regulators can Learn from the EU AI Act

    On March 13, the European Union Parliament passed the Artificial Intelligence Act (“AI Act” or “the Act”), taking the penultimate step in a years-long legislative process. Originally proposed in early 2021, the sweeping, harms-based Act categorizes artificial intelligence systems by preconceived risks to fundamental rights, public safety, and public health into prohibited, high-risk, or low or no-risk systems.

    • AI Policy

    • Artificial Intelligence and Human Rights

    • Data Protection

    • Face Surveillance & Biometrics

    • International Privacy

    • Surveillance Oversight

    • Analysis

  • EPIC Urges UK Department for Education to Consider Privacy and Safety of Transgender Children in New Guidance

    On March 12, EPIC submitted comments to the UK Department for Education regarding its draft consultation on gender questioning kids. The Draft Consultation is meant to guide schools and colleges in England on policies regarding requests by transgender children to socially transition, such as name and pronoun changes.

    • Data Protection

    • International Privacy

    • Student Privacy

    • Updates

  • Summary: What does the European Union Artificial Intelligence Act Actually Say?

    Covering everything from ChatGPT to the systems used to build freight truck cabins, the European Union’s Proposed Artificial Intelligence Act (“AI Act” or “the Act”) is a piece of tech legislation rivaled only in scope by the GDPR. The sweeping harms-based structure categorizes artificial intelligence systems by preconceived risks to fundamental rights, public safety, and public health (prohibited, high-risk, and low or no-risk systems).

    • AI Policy

    • Artificial Intelligence and Human Rights

    • Data Protection

    • International Privacy

    • International Privacy Laws

    • Privacy Laws

    • Analysis

  • EU Lawmakers Clinch Deal on Landmark Artificial Intelligence Legislation

    Late Friday night, EU policymakers reached a political agreement on the final terms of the Artificial Intelligence Act.

    • AI Policy

    • Artificial Intelligence and Human Rights

    • Data Protection

    • International Privacy

    • International Privacy Laws

    • Privacy Laws

    • Updates

  • Top EU Court Rules Against Use of Automated Decision-Making Algorithms in Credit Information Industry

    The CJEU ruled that the creation of an automated “probability value based on personal data concerning his or her ability to meet payment commitments in the future” by a credit information agency constitutes an “automated individual decision making” within the meaning of Article 22.

    • AI Policy

    • Artificial Intelligence and Human Rights

    • Data Protection

    • International Privacy

    • International Privacy Laws

    • Privacy Laws

    • Screening & Scoring

    • Updates

  • EDPB Clarifies Ban on Meta’s Processing of Personal Data for Targeted Advertising

    On December 7th, the EDPB clarified that a contract is not a legitimate purpose for Meta’s processing of personal data, striking down the subscription service model.

    • AI Policy

    • Artificial Intelligence and Human Rights

    • Big Data

    • Commercial AI Use

    • Consumer Privacy

    • Data Protection

    • International Privacy

    • International Privacy Laws

    • Privacy Laws

    • Social Media Privacy

    • Updates

  • EPIC Urges UK ICO To Address Law Enforcement Use of Private Data/Systems, Security Issues, AI, and “Soft Biometrics” in Draft Biometric Data Guidance

    In comments filed October 20th, EPIC urged the UK ICO's Identity and Trust Team (Technology Policy) to make updates to its draft biometric data guidance. In particular, we recommend that the guidance be expanded to (i) address the pervasive ties between law enforcement and private companies' biometric data and systems; (ii) establish baseline security standards for biometric processing, including a template risk assessment; and (iii) detail the risks of scale and scope of harm present where AI is integrated into biometric systems.

    • Data Protection

    • Enforcement of Privacy Laws

    • Face Surveillance & Biometrics

    • International Privacy

    • International Privacy Laws

    • Privacy in Public

    • Privacy Laws

    • Surveillance Oversight

    • Updates

  • Microsoft Adapts AI Governance Blueprint for India

    Microsoft recently published a white paper adapting its AI Governance Blueprint for India, setting out policy ideas and recommendations tailored to India's governance and regulatory structure

    • AI Policy

    • Artificial Intelligence and Human Rights

    • Commercial AI Use

    • Data Protection

    • Government AI Use

    • International Privacy

    • Updates

  • India Passes Digital Personal Data Protection Bill

    India's Digital Personal Data Protection Bill has passed both the upper and lower houses of Parliament and will soon be signed into law.

    • Data Protection

    • International Privacy

    • International Privacy Laws

    • Privacy Laws

    • Updates