General Data Protection Regulation

Keeping artificial intelligence accountable to humans

Osonde Osoba Contributor As a teenager in Nigeria, I tried to build an artificial intelligence system. I was inspired by the same dream that motivated the pioneers in the field: That we could create an intelligence of pure logic and objectivity that would free humanity from human error and human foibles. I was working with weak computer systems and intermittent electricity, and needless to say my AI project failed. Eighteen years later — as an engineer researching artificial intelligence, privacy and machine-learning algorithms — I’m seeing that so far, the premise that AI can free us from subjectivity or bias is also disappointing. We are creating intelligence in our own image. And that’s not a compliment. Researchers have known for awhile that purportedly neutral algorithms can mirror or...

What can we learn from the Dixons data breach that blew up after disclosure

European consumer electronics retailer Dixons Carphone’s apologetic admission yesterday that a 2017 data breach was in fact considerably worse than it first reported suggests disclosures of major breaches could get a bit more messy — at least under the early reign of the region’s tough new data protection framework, GDPR — as organizations scramble to comply with requirements to communicate serious breaches “without undue delay”. Although, to be clear, it’s not the regulation that’s the problem. Dixons’ handling of this particular security incident has come in for sharp criticism — and is most certainly not a textbook example of how to proceed. Dixons Carphone disclosed a breach of 5.9M payment cards and 1.2M customer records in mid June, saying it had discovered the unauthorized access to...

Market research firm GlobalWebIndex takes first VC with $40M Series A

Market research firm GlobalWebIndex, which provides consumer insight data for marketing purposes for customers including Google, Spotify, WPP, IPG and Omnicom Group, has closed a $40 million Series A round. The funding is its first VC raise, almost a decade after the business was founded. The investment comes from New York-based growth fund Stripes Group, along with a number of other unnamed data, software and consumer technology companies. GWI says it will be used to accelerate product development and for international expansion, including in the U.S. and Asia.  The company is based in London but has recently opened offices in New York City and Los Angeles, as well as having technology hubs in locations across Europe. With the new funding it says it’s planning to open more international o...

AI spots legal problems with tech T&Cs in GDPR research project

Technology is the proverbial double-edged sword. And an experimental European research project is ensuring this axiom cuts very close to the industry’s bone indeed by applying machine learning technology to critically sift big tech’s privacy policies — to see whether AI can automatically identify violations of data protection law. The still-in-training privacy policy and contract parsing tool — which is called ‘Claudette‘: Aka (automated) clause detector — is being developed by researchers at the European University Institute in Florence. They’ve also now got support from European consumer organization BEUC — for a ‘Claudette meets GDPR‘ project — which specifically applies the tool to evaluate compliance with the EU’s General Data Protection Regulation. Early results from this project hav...

Pressure mounts on EU-US Privacy Shield after Facebook-Cambridge Analytica data scandal

Yet more pressure on the precariously placed EU-US Privacy Shield: The European Union parliament’s civil liberties committee has called for the data transfer arrangement to be suspended by September 1 unless the US comes into full compliance. Though the committee has no power to suspend the arrangement itself. But has amped up the political pressure on the EU’s executive body, the European Commission . In a vote late yesterday the Libe committee agreed the mechanism as it is currently being applied does not provide adequate protection for EU citizens’ personal information — emphasizing the need for better monitoring in light of the recent Facebook Cambridge Analytica scandal, after the company admitted in April that data on as many as 87 million users had been improperly passed to third pa...

Brexit blow for UK’s hopes of helping set AI rules in Europe

The UK’s hopes of retaining an influential role for its data protection agency in shaping European Union regulations post-Brexit — including helping to set any new Europe-wide rules around artificial intelligence — look well and truly dashed. In a speech at the weekend in front of the International Federation for European Law, the EU’s chief Brexit negotiator, Michel Barnier, shot down the notion of anything other than a so-called ‘adequacy decision’ being on the table for the UK after it exits the bloc. If granted, an adequacy decision is an EU mechanism for enabling citizens’ personal data to more easily flow from the bloc to third countries — as the UK will be after Brexit. Such decisions are only granted by the European Commission after a review of a third country’s privacy standards t...

To truly protect citizens, lawmakers need to restructure their regulatory oversight of big tech

Gillian Hadfield Contributor More posts by this contributor To control AI, we need to understand more about humans If members of the European Parliament thought they could bring Mark Zuckerberg to heel with his recent appearance, they underestimated the enormous gulf between 21st century companies and their last-century regulators. Zuckerberg himself reiterated that regulation is necessary, provided it is the “right regulation.” But anyone who thinks that our existing regulatory tools can reign in our digital behemoths is engaging in magical thinking. Getting to “right regulation” will require us to think very differently. The challenge goes far beyond Facebook and other social media: the use and abuse of data is going to be the defining feature of just about every company on the planet as...

Facebook, Google face first GDPR complaints over “forced consent”

After two years coming down the pipe at tech giants, Europe’s new privacy framework, the General Data Protection Regulation (GDPR), is now being applied — and long time Facebook privacy critic, Max Schrems, has wasted no time in filing four complaints relating to (certain) companies’ ‘take it or leave it’ stance when it comes to consent. The complaints have been filed on behalf of (unnamed) individual users — with one filed against Facebook; one against Facebook-owned Instagram; one against Facebook-owned WhatsApp; and one against Google’s Android. Schrems argues that the companies are using a strategy of “forced consent” to continue processing the individuals’ personal data — when in fact the law requires that users be given a free choice unless a consent is strictly necessary for provisi...

Instapaper on pause in Europe to fix GDPR compliance “issue”

Remember Instapaper? The Pinterest-owned, read-it-later bookmarking service is taking a break in Europe — apparently while it works on achieving compliance with the region’s updated privacy framework, GDPR, which will start being applied from tomorrow. Instapaper’s notification does not say how long the self-imposed outage will last. The European Union’s General Data Protection Regulation updates the bloc’s privacy framework, most notably by bringing in supersized fines for data violations, which in the most serious cases can scale up to 4% of a company’s global annual turnover. So it significantly ramps up the risk of, for example, having sloppy security, or consent flows that aren’t clear and specific enough (if indeed consent is the legal basis you’re relying on for processing people’s ...

Zuckerberg didn’t make any friends in Europe today

Speaking in front of EU lawmakers today Facebook’s founder Mark Zuckerberg namechecked the GDPR’s core principles of “control, transparency and accountability” — claiming his company will deliver on all that, come Friday, when a new European Union data protection framework, GDPR, starts being applied, finally with penalties worth the enforcement. However there was little transparency or accountability on show during the session, given the upfront questions format which saw Zuckerberg cherry-picking a few comfy themes to riff on after silently absorbing an hour of MEPs’ highly specific questions with barely a facial twitch in response. The questions MEPs asked of Zuckerberg were wide ranging and often drilled deep into key pressure points around the ethics of Facebook’s business — ranging f...

EU parliament pushes for Zuckerberg hearing to be live streamed

There’s confusion about whether a meeting between Facebook founder Mark Zuckerberg and the European Union’s parliament — which is due to take place next Tuesday — will go ahead as planned or not. The meeting was confirmed by the EU parliament’s president this week, and is the latest stop on Zuckerberg’s contrition tour, following the Cambridge Analytics data misuse story that blew up into a major public scandal in mid March.  However the discussion with MEPs that Facebook agreed to was due to take place behind closed doors. A private format that’s not only ripe with irony but was also unpalatable to a large number of MEPs. It even drew criticism from some in the EU’s unelected executive body, the European Commission, which further angered parliamentarians. Now, as the FT reports, MEPs appe...

Facebook faces fresh criticism over ad targeting of sensitive interests

Is Facebook trampling over laws that regulate the processing of sensitive categories of personal data by failing to ask people for their explicit consent before it makes sensitive inferences about their sex life, religion or political beliefs? Or is the company merely treading uncomfortably and unethically close to the line of the law? An investigation by the Guardian and the Danish Broadcasting Corporation has found that Facebook’s platform allows advertisers to target users based on interests related to political beliefs, sexuality and religion — all categories that are marked out as sensitive information under current European data protection law. And indeed under the incoming GDPR, which will apply across the bloc from May 25. The joint investigation found Facebook’s platform had made ...

  • 1
  • 2