SypherPrivacyTalks - December 2024 - Week 50
by Sypher | Published in News - December 09, 2024
Welcome to #SypherPrivacyTalks — Your news and article roundup. Bringing you the top privacy & compliance stories of the week.
NYOB is now qualified to bring collective redress actions
⚖️ NOYB, a privacy organisation, has now been officially recognised as a 'Qualified Entity' to bring group lawsuits across the EU. This means it can take legal action to stop illegal practices (such as GDPR violations), or represent large groups of people seeking compensation for data misuse. "Redress" actions allow for a European version of a "class action." Unlike US class actions, these cases in the EU are strictly non-profit-making, and the NOYB expects to launch such cases in 2025, with a focus on protecting users' privacy rights… read more
Data protection implications of using AI tools in recruitment
📜 The UK's Information Commissioner's Office (ICO) has published guidance for organisations using AI tools in recruitment. The guidance is based on an audit of AI-powered tools for sourcing, screening, and selection, which resulted in nearly 300 recommendations distilled into six key principles that align with the UK's GDPR:
- Conduct a DPIA: Organisations must assess data protection risks before deploying AI tools.
- Establish a lawful basis: AI processing must comply with GDPR's legal grounds for personal data, including special categories.
- Clarify Roles: Define whether AI providers are acting as processors, and set explicit contractual terms for compliance.
- Mitigate Bias: Ensure that AI tools are monitored for fairness and bias, with clear assurances from providers.
- Ensure Transparency: Let candidates know how AI is processing their data, why it's being used, and how they can challenge decisions.
- Minimise data processing: Collect only necessary data, and avoid storing it indefinitely.
The ICO emphasises that while the guidance simplifies the principles, compliance is critical. Additional resources, as well as a webinar on January 22, 2025, are intended to assist hiring managers and AI developers… read more
EDPB: Key insights on using processors and sub-processors under GDPR
bdkadvokati.com • 6 min read
🏦 The European Data Protection Board (EDPB) has provided guidance on data controllers' obligations under Article 28 of the GDPR when working with processors and sub-processors (In Opinion 22/2024, issued on 9 October 2024).Key points include ensuring that all processors and sub-processors are identified, maintaining accountability across the data processing chain, conducting individual reviews of sub-processor contracts, overseeing cross-border data transfers to ensure compliance, and maintaining robust contractual standards with processors… read more
The Impact of the EU AI Act on the development and use of medical devices
huntonak.com/insights • 6 min read
🏥 The EU AI law, which came into force on 1 August 2024, introduced a phased, risk-based framework for AI systems, with significant implications for AI-enabled medical devices, which are classified as high-risk.
Companies that manufacture, place on the EU market or use AI-enabled medical devices in the EU will need to comply with the AI Act's requirements for high-risk AI systems.
Providers must meet stringent requirements, including maintaining technical documentation, ensuring transparency, implementing quality management systems, reporting incidents and conducting conformity assessments. Users, such as healthcare institutions, must monitor the use of AI, inform patients about AI functionality, and ensure compliance with data protection regulations… read more
AI and copyright - moving closer to a solution?
📝 Lawmakers are grappling with how to regulate the use of copyright material in the training of AI models. This article examines the situation in the UK and Europe.
With UK initiatives on hold, the EU is advancing copyright rules for AI training under the EU AI Act, set to apply in August 2025. Providers of general-purpose AI models must comply with EU copyright laws and disclose training content details, aiming for greater transparency and trust. While progress is evident, uncertainty persists for rights holders and AI developers, making the coming year critical for shaping standards… read more
--
Get connected with us on LinkedIn or by subscribing to our weekly newsletter. We do our best to select the most interesting and relevant content in our field and deliver it to you in a bite-sized format, so you can stay up to date on topics such as Privacy Management & Compliance.
