FIRST PRIVACY | Amsterdam’s Post

Protecting Privacy: A Landmark Decision by the Dutch Data Protection Authority In a significant move to uphold privacy rights, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, AP) has fined Clearview AI Inc. €30.5 million for severe violations of the General Data Protection Regulation (GDPR). The decision highlights the critical importance of protecting individuals' personal data, particularly in the realm of facial recognition technology. Clearview AI was found to have unlawfully processed biometric data of individuals in the Netherlands without a legal basis, violated transparency obligations, and failed to facilitate the exercise of data subject rights. The company also did not designate a representative in the EU, further compounding its GDPR breaches. This decision underscores our commitment to ensuring that the handling of personal data meets the highest standards of legality, transparency, and respect for individual rights. As we continue to innovate in the digital age, let this serve as a reminder that privacy is a fundamental right that must be protected at all costs. #Privacy #GDPR #DataProtection #FacialRecognition #Compliance #LegalTech https://lnkd.in/e9HXbpcN

Clearview AI has been hit with a €50 million fine by the Netherlands’ data protection authority, Autoriteit Persoonsgegevens (AP) for unauthorised collection and processing of biometric data, a serious breach under the GDPR. Interestingly, Clearview AI has argued that it should not be subject to GDPR because it does not have a physical presence in the European Union. However, the AP rejected this argument, emphasising that the GDPR applies to any company that processes the personal data of individuals within the EU, regardless of the company's location. This is in line with the broader trend in global data privacy laws, where regulatory frameworks increasingly assert jurisdiction over companies based on their handling of the citizens' data, irrespective of the company's physical presence. The AP is also considering holding Clearview AI’s executives personally liable for the violations, which could set a precedent for future enforcement actions.

The EDPS - European Data Protection Supervisor has sounded the alarm that crucial aspects of the EU's data protection and privacy regulations are currently at risk. According to Wojciech Wiewiórowski, head of the EDPS, there are growing concerns surrounding the integrity of the General Data Protection Regulation (GDPR), particularly regarding limitations on data collection and usage. As elections and potential shifts in attitudes among European lawmakers loom, there's a noticeable sense of unease regarding the GDPR's future. Any weakening of EU data protection laws, especially in response to AI pressures, could have serious implications for privacy rights. It's essential for policymakers to navigate these challenges while upholding robust data protection standards. While these rules are focussed on Europe, it’s so important for any business operating in or around the bloc to be aware of. #AI #Technology #Regulation #Compliance

💶 Clearview, a US company that provides facial recognition services to intelligence and investigative services outside the European Union, has been fined with 30.5 million euro by The Dutch DPA and with an additional penalty of up to €5.1 million that will be levied for continued non-compliance. Clearview built a searchable database of over 30 billion images populated by scraping the internet for people’s photos, including of Dutch citizens, without their consent. The authority mentioned that Clearview failed to stop the GDPR violations after the investigation concluded. Multiple countries have also taken legal action against Clearview AI, including Australia, Austria, France, Greece, Italy, and the UK. This is Clearview’s largest privacy fine yet in Europe. Read more 👇 --- #SypherPrivacyTalks Stay tuned for more:📌 follow the Sypher Solutions company page. We'll keep you updated on #dataprotection, #privacy, #privacymanagement, #GDPR, #GDPRcompliance, #DPO, #cookies, #consent.

Six years ago the GDPR came into force. It is hard to overstate the influence of this law, so I want to reflect a little on it and share how I see echoes of it in current AI regulation. One of the unique aspects of GDPR is how it regulates organizations outside of the EU. In 2018 this was a wake up call to many international companies but it reflects the growing need to be aware of trans-national legislation. Our companies aren't islands abiding only by the laws adjacent to the corporate headquarters. The other unique aspect is how the GDPR is grounded in basic human rights and emphases the right of the individual to "punch up" against larger organizations who may use (or misuse) their personal data. Recognition of privacy as a fundamental human right stems from the Universal Declaration on Human Rights, dating back to 1948. In the past few weeks the EU Parliament ratified the Artificial Intelligence Act, which in many ways extends these principles to the realm of automatic data processing for AI systems. I respect the healthy debate about regulation, but for my part I see the much to applaud about GDPR and AIA. Nearly 70% of the worlds population is covered by some privacy regulation and GDPR set the gold standard for much of the world, often at times at great cost to some commercial endeavors within the European Union. I have concerns about new forms of privacy invasion, but I'm also optimistic that as long as law is grounded in the pursuit of fundamental rights we will arrive at the right place. #gdpr #privacy #eu

🌎#NEW: Does the GDPR need fixing? The European Commission published a new report on its progress highlighting successes and areas for improvement. Key aspects of the EU Commission’s second Report on the #GDPR include: 1️⃣ The EU Commission found a growing trend of robust enforcement, with the 6,680 fines imposed by DPAs under the  GDPR totaling 4.2 billion EUR. 2️⃣ Stakeholders still report fragmentation in the application of the GDPR, including diverging interpretations of children’s consent, the processing of genetic and biometric data, and the processing of personal data related to crimes.  3️⃣ New adequacy decisions have been adopted (South Korea and the UK), while others are expected soon: adequacy talks are ongoing with Brazil, Kenya, and international organizations. 4️⃣ The GDPR is described as a cornerstone for the EU’s new legislative rulebook in the digital sphere. Read the new blog from FPF’s Global Privacy and AI Analyst Andreea Serban to learn more about the AI treaty:  https://lnkd.in/eji8ydyT

The Privacy and Other Legislation Amendment Bill 2024 represents the most significant changes to Australia's privacy landscape in decades. These reforms are long overdue. It's frankly shameful that Australia has yet to meet Article 45, the adequacy decision for GDPR compliance. Privacy Acts don't exist purely to generate administration - though ineffective GRC systems may have you thinking otherwise. Yes they can be a tick box exercise for many organisations, however as the reforms in this proposed amendment make clear, (especially examples like the doxing reforms), privacy legislations keep people safe - they keep their information safe, their most sensitive information safe, and their choices safe. Safe from misuse, abuse, profiling, and unfair treatment. So when an individual trusts your organisation with their personal information it is your job to keep it secure and to use it in the way in which you declared you would. And for automated decision-making and AI - consent must be obtained, use of the information must be made clear, and equity must be built into the logic. No-one wants to be Robodebt 2.0. #OAIC #privacyact #gdpr #AI

As part of CCIA Europe'a ongoing advocacy on #privacy, we have repeatedly sounded the alarm on the fact that the European Data Protection Board has been acting almost as a shadow legislator through guidance and opinions, with overly restrictive interpretations of the GDPR rules that result in legal uncertainty for businesses of any size. Our main worry is the impact this has on the EU’s overall capacity for #DigitalInnovation and growth. In this context, we are happy to see the #EDPB now organising stakeholder events, such as the upcoming one focused on #AImodels. This is very timely ahead of the EDPB’s adoption of an opinion that will be crucial for businesses to correctly interpret the interplay between #GDPR and #ArtificialIntelligence – particularly in the context of the training of AI models. CCIA Europe looks forward to contributing to this important discussion with the tech sector’s collective expertise.    Although #CCIAeurope will also participate in the EDPB stakeholder event on #ConsentOrPay models, we really do regret to see that this event only comes AFTER the adoption of an opinion, from which the EDPB is unlikely to deviate in its upcoming guidelines.  Organising online events is a good start but making sure that there is ample opportunity for stakeholders to engage through open consultations and constructive dialogue is crucial. Engaging in a meaningful discussion with interested parties will make sure that the EDPB fully understands the issues at stake and the solutions that are currently being developed to safeguard #DataProtection and fundamental rights. Want to know more about our position on the GDPR’s evolving interpretation? Check out our contribution to POLITICO's latest article on GDPR enforcement: https://lnkd.in/dFkFaJ9r

An article from TechCrunch illustrates how as global scrutiny on data protection intensifies, the recent fines against major tech players signal a pivotal moment in the enforcement of privacy laws like the GDPR. https://lnkd.in/gdt8dpGj This is more than just a financial reckoning; it represents a profound shift in how we view responsibility in the digital age. Could this influence complaints under #DSA #Art21?

Catch up on this week’s top privacy updates! 🌍 Swipe through for a few key highlights, including new AI legislation in California and GDPR enforcement in Europe. Want to dive deeper? Follow the link to read all the privacy updates for this week. Follow the link below to read more! 👇 https://lnkd.in/g3tYGiJB #PrivacyUpdates #DataProtection #AIRegulation #TrustArc