Centre for Information Policy Leadership (CIPL)

Cloud computing has become an essential technology in the digital transformation of both private and public sector organisations, delivering IT services, operational efficiency and productivity at scale. With the accelerated developments in AI technologies, cloud computing has become an essential foundation stone for supporting the successful development, training and adoption of AI technologies across all sectors. As such, it is also crucial to the functioning and progress of our digital society. The recent Draghi Report, also, concludes that cloud plays a major role in digital infrastructure. CIPL's paper 'From Barriers to Bridges: Cloud Computing in Support of Privacy and Security' explores the complexities in navigating the regulatory landscapes in the context of providing cloud computing services and advances recommendations for the beneficial adoption of cloud computing technologies. Our key recommendations for ensuring privacy and security in the cloud: - Understand data localisation impact, including on privacy and security - Adopt a risk-based approach to international data transfers - Recognise the importance of onward transfers - Recognise and incentivise accountability-based measures - Recognise the evolving nature of GDPR concepts of controller and processor - Strengthen international cooperation and convergence based on free data flows with trust You can download the paper for our full analysis here: https://lnkd.in/exeYRZvE See the guide below for details of our recommendations 👇 #cloud #data #privacy #security #research

CIPL has submitted a response to the CNIL - Commission Nationale de l'Informatique et des Libertés’s Second Series of How-To Sheets on the Development of Artificial Intelligence Systems.   CIPL has long emphasized that regulators must evolve the interpretation of GDPR principles in the light of technological evolution to ensure they remain fit for purpose. We greatly appreciate the CNIL’s leadership in advancing practicable and rights-preserving approach to technological developments.   The response provides specific feedback on: - The use of the legal basis of legitimate interests in the development of AI systems - The use of legitimate interests to scrape publicly available data   - The transparency requirements for organisations throughout the AI life cycle, and - Complying with individual rights throughout the AI life cycle   You can see our full response below 👇   Download a copy here: https://lnkd.in/ewwnysHG   #consultation #AI #GDPR #tech

NEW FROM CIPL 📢 Decoding Responsibility in the Era of Automated Decisions: Understanding the Implications of the CJEU's SCHUFA Judgment On December 7th, 2023, the Court of Justice of the European Union (CJEU) ruled that SCHUFA, a credit rating agency, played a "determining role" in a lender's decision to deny a loan application. The CJEU found that SCHUFA's role, i.e. providing credit scores, qualified as a "decision" under Article 22 of the GDPR. The court also determined that SCHUFA was better positioned to provide "meaningful information," including the logic behind the automated decision-making process, to fulfill the data subject's access rights under Article 15 of the GDPR.   This paper offers an overview of the judgment, and examines its potential implications and practical consequences for the financial services industry. It concludes that the SCHUFA ruling should be interpreted narrowly, focusing on the specifics of the case to avoid untenable and inconsistent outcomes. Finally, it provides guiding questions for organizations using automated decision-making to help assess how their processes and business models differ. Download the paper here: https://lnkd.in/eRDiuBHt #CJEU #automateddecisions #SCHUFA #research

Legislation requiring the use of age assurance or age verification methods in the United States is continuing to gain traction. So far, 21 states have enacted laws with such provisions, the majority of which seek to block minors from accessing explicit content. To a lesser extent age assurance provisions also appear in laws seeking to prevent minors from creating or obtaining a social media account.   However, there remains little agreement among states regarding the methods to be used to protect the interests of children online.   In this video, CIPL’s Privacy and Data Policy Manager, Mark Smith outlines what you can find out in our latest paper, ‘Age Assurance & Age Verification Laws in the United States’, which identifies technical, practical, and legal challenges affecting stakeholders in this space and society more broadly.   Download a copy of the paper here: https://lnkd.in/etjesFyV #ageassurance #ageverification #data #usa

As data minimization laws continue to proliferate across the United States, it can be challenging for compliance teams to keep track of which provisions are required by each state law. To assist organizations operating within this complex environment, CIPL has put together a guide to which permissible purposes apply to the 20 state privacy laws with provisions relating to data minimization. This guide is based on research from our paper 'Data Minimization in the United States' Emerging Privacy Landscape: Comparative Analysis and Exploration of Potential Effects', which you can download here: https://lnkd.in/emnCHK_E #dataminimization #data #usa #compliance

On September 25, CIPL convened a roundtable at Hunton Andrews Kurth LLP's San Francisco office on The State of Play of Age Assurance in the US: Understanding the Challenges and Navigating a Path Forward. Participants included representatives of the Canadian and U.S. state and federal governments, industry, civil society, and the research community. Participants explored the current state-of-the-art in age assurance technology, how it is being incorporated into U.S. law, the harms and societal challenges it is being used to address, and potential paths forward to address outstanding public policy questions.   We thank participants for a rich and engaging discussion! #AgeAssurance #roundtable #event #data #safety

Last week CIPL participated in a three-day multi-stakeholder workshop on ‘Cross Border Data Transfers: Technical Workshop on the Global CBPR Framework’ in India, organized by nasscom, Data Security Council of India, India’s Ministry of Electronics and Information Technology and Ministry of External Affairs, India.   CIPL President Bojana Bellamy took part in two panels: - “EU, UK GDPR and Global CBPR: Connecting the Dots” alongside Kathleen Aldrich (International Trade Administration, U.S. Department of Commerce), Dr Sébastien Z. (European Centre for Certification and Privacy), Monika Tomczak-Gorlikowska (Prosus Group and Naspers Group) and Rahul Matthan (Trilegal) - “Global Privacy & Data Protection Regulation: An Enabler for Responsible AI” alongside Dileep R (Tata Consultancy Services), Josh Lee Kok Thong (Future of Privacy Forum) and Rahul Matthan (Trilegal) CIPL Vice President and Senior Policy Counselor Markus Heyder took part in: - A panel on “Establishing Accountability Agents and Scaling Certification Systems” alongside Evelyn Goh (IMDA), Maciej Piszczek (TrustArc), Sanae Okuhara (JIPDEC) and Te-Ying Wang (Institute of Information Industry) - A panel on “Mapping the Global CBPR System to National Privacy Laws – a practical exercise of the key step towards joining the Global CBPR Forum” with Vinayak Godse (Data Security Council of India) and Ashish Aggarwal (nasscom) Thank you to the Forum for hosting such an insightful event! We are excited about the progress being made towards ensuring secure data flows with trust.   #CBPR #dataflows #data #event

On September 24, the European Union Office in San Francisco organized, in cooperation with CIPL, an Experts’ Roundtable on “Policy Approaches to Age Assurance and Verification Online.” Matthew R. and Mark Smith represented CIPL at this invitation-only event. The assembled group included representatives of industry, academia, and the public sector. Themes of the discussion included the role of age assurance and verification under the EU Digital Services Act, a comparison of various age assurance and verification methods, and the potential roles of actors across the online marketplace.   CIPL extends its heartfelt thanks to all participants for a terrific discussion and to Gerard de Graaf, Giulia Geneletti, Joanna Smolinska, and Elynore Moran from the European Union Delegation to the United States for hosting and partnering with CIPL to organize this event. CIPL looks forward to continuing our engagement on these important issues.   #DSA #childrensprivacy #childprivacy #ageassurance #ageverification

Earlier this week CIPL President Bojana Bellamy join a panel at RAID (REGULATION - AI - INTERNET - DATA) Brussels on 'Data Governance and Privacy in the Digital Era' alongside Katherine Harman-Stokes (U.S. Department of Justice), John Edwards (Information Commissioner's Office), Cecilia Alvarez (Meta), and Vivek Mohan (Gibson Dunn).   The expert panel explored:   - Goals of digital strategy in the EU, UK and US   - What is next for the European Data Spaces   - The impact of new regulations on Data Protection Authorities   - How to best facilitate access to data while adhering to data protection rules in a way that allows AI ambitions to be achieved in like-minded jurisdictions.   Thank you to panelists for sharing your insights! We hope all who attended the session today enjoyed the discussion.   #RAID2024 #data #AI #regulation

NEW FROM CIPL 📢 Age Assurance & Age Verification Laws in the United States Legislation requiring the use of age assurance or age verification measures to promote safe online experiences for children and young people is gaining traction in the United States. At the time of publishing, 21 states have enacted laws with age assurance provisions, but there remains little agreement among states regarding the methods or tools to employ when verifying the age of online users. We are excited to announce a new paper which identified technical, practical and legal challenges affecting stakeholders in the age verification space and society more broadly. The paper serves as a starting point for understanding the challenges and exploring the opportunities to address the privacy and safety concerns at stake. See the full paper below 👇 Download a copy here: https://lnkd.in/etjesFyV #ageassurance #children #dataprivacy #research