Regulations & Guidelines

EDPB Publishes Case Digest on Security of Processing and Data Breach Notification

The EDPB commissioned a report that  analyzes 90 final decisions made under the GDPR's One Stop Shop mechanism, specifically focusing on Articles 32, 33, and 34 related to personal data security and breaches. The decisions, adopted between January 2019 and June 2023 and extracted from the EDPB's online register, offer insights into how Supervisory Authorities interpret and apply these articles in various cases.

Link to the article

EDPB Highlights Ways to Enhance DPO Role and Recognition

At its latest plenary, the EDPB adopted a report on the role of Data Protection Officers (DPOs), highlighting the challenges they face and offering recommendations for improvement. The report, based on an EU-wide investigation involving 25 DPAs, analyzed over 17,000 responses, revealing both positive aspects and areas where DPOs struggle, such as lack of resources and independence.

Link to the article

CNIL Releases Cloud Computing Practical Sheets

France's data protection authority, the Commission nationale de l'informatique et des libertés, published two practical sheets on data encryption and security in cloud computing. The practical sheets provide an analysis on data encryption methods including end-to-end encryption, and the importance of securing data in the cloud.

Link to the article

EDPB Launches Website Auditing Tool

The EDPB has introduced a new, user-friendly website auditing tool, available as Free and Open Source Software, to help assess website compliance with the law. Designed for use by both data protection authorities and private entities, this tool simplifies auditing processes, supports other tools, and can generate reports, enhancing enforcement and compliance efforts.

Link to the article

Biden Signs Short-Term FISA Extension

Legislators have come to a consensus on a short-term extension of the Foreign Intelligence Surveillance Act, according to information from three independent sources. This step is intended to ensure the intelligence community retains an essential tool, which was set to expire at the end of the 2023.

Link to the article

Privacy Enhancing Technology

Federated Distillation Vs Federated Learning

Federated distillation (FD) is presented as an alternative to federated learning (FL) for collaborative learning, offering solutions to FL's vulnerability to privacy attacks, high communication costs, and difficulties with heterogeneous models. However, FD faces challenges with varying local data distributions and lack of a reliable teacher model, leading to ineffective knowledge sharing; to address this, a recent paper introduces a selective knowledge sharing mechanism, Selective-FD, which improves FD's generalization capabilities and outperforms baseline methods, paving the way for a more privacy-preserving, communication-efficient, and adaptable federated training framework.

Link to the article

Data Privacy Enforcement

ICO Reprimands Hospital After Data Breach

The U.K. Information Commissioner's Office reprimanded South Tees Hospitals NHS Foundation Trust after a data breach exposed a patient's appointment information. The ICO said South Tees Hospitals NHS Foundation Trust should "implement new standard operating procedures and provide further staff training to ensure data is protected and reduce possibility of future disclosures in error.

Link to the article

Artificial Intelligence

EU AI Act: Draft Consolidated Published

On January 22nd 2024, two unofficial consolidated drafts of the proposed EU Artificial Intelligence Act appeared online, signaling that work on this significant legislation is advancing seriously. With the availability of these unofficial texts, it's now feasible to extract important insights for those tracking the progress of the AI Act.

Link to the article

BioTech & Healthtech

Owkin Initiates Biotechnology-Focused Large-Language Model Venture

Executives from the French AI drug discovery company Owkin are launching Bioptimus, a startup aimed at developing a large-language model (LLM) specifically for biotechnology.The company plans to use LLMs to simplify complex biomedical data, enhancing AI models in pharmaceuticals and potentially other industries, leveraging Owkin's extensive patient data and partnerships with major pharmaceutical companies.

Link to the article

Data Breach & Cybersecurity

23andMe Shifting Blame On Victims

23andMe, facing over 30 lawsuits due to a significant data breach affecting 6.9 million users, is shifting blame onto the victims, suggesting their negligence in password security led to the breach. The company's stance, as outlined in a letter to victims, has been criticized by lawyers representing them, arguing that 23andMe should have implemented stronger safeguards against such breaches, especially given the sensitive nature of the data involved.

Link to the article

2024's Top Cloud Security Threat: Exposed Credentials

Hackers are increasingly targeting business applications and cloud infrastructure, with a security operations center (SOC) reporting a 144% increase in 'identity threats' and a 72% rise in cloud infrastructure incidents in the past year. The majority of these attacks involve stolen or leaked credentials, with Expel noting a trend in attackers using more proxies and VPNs, emphasizing the importance of strong identity management practices like multi-factor authentication (MFA) and regular monitoring of internet-facing assets.

Link to the article

Data Governance

France Health Data Hosting Obligations Evolves

New French health data hosting obligations now mandates that French health data must be physically hosted within the territory of a country in the European Economic Area (EEA), which includes the European Union plus Norway, Iceland, and Liechtenstein, a requirement not previously necessary in the Health Data Hosting (HDS) certification framework. Exigences 29 and 30 state that if health data is accessed remotely from a non-EU country by the host or its subcontractors, or if they are subject to non-European legislation that does not provide adequate protection per Article 45 of the GDPR, the host must inform its clients of this in the contract, outlining the associated risks and measures taken to mitigate them. Disclaimer : article is in French.

Link to the article

Belgium's Newly Established Data Agency

On January 17, the Federal Health Data Agency (ADS) held its official inaugural session with Minister Frank Vandenbroucke. The agency, established by law nearly a year ago, aims to facilitate access to and secondary use of health data. This systematic, though strictly regulated use of health data is intended to improve and provide objective analysis of the healthcare system, contribute to innovation, research, product development, and policy formulation.

Link to the article

GDPR-Minded Microsoft Offers Cloud Customers EU-based Personal Data Storage

Microsoft's announcement positions it as one of the first major cloud provider to offer a solution that addresses concerns about complying with the EU’s General Data Protection Regulation (GDPR), enhancing data residency for European customers. This action, encompassing services such as Azure and Microsoft 365, exceeds current compliance standards.

Link to the article

Podcasts

The Growing Ransomware Threat

In the latest episode of the This Week in Startups podcast, host Jason Calacanis discusses the increasing threat of ransomware with guest Jon Miller, CEO and founder of Halcyon. The conversation provides in-depth understanding of ransomware mechanics, tactics used by attackers to evade capture, and the escalating involvement of AI in these cyberattacks.

Link to the podcast

E-consent: What, How & Why ?

Discover how digitalization streamlines the patient journey through the concept of e-consent in healthcare, as explained by expert Louise Eggrickx, Health Product Manager at Docaposte. This episode covers the basics, types, functioning, and benefits of e-consent. Disclaimer - the podcast is in French !

Link to the podcast

Seamus Larroque

CDPO / CPIM / ISO 27005 Certified

Home

Discover our latest newsletter

View All Newsletters
Dec 2024
Regulations & Guidelines
Biotech & Healthtech
AI
Data Governance
Data Privacy Enforcement

Newsletter #20

🌎 This month, key updates include Brazil’s introduction of a new SCC-based framework for international data transfers. 📋 The EDPB shared its evaluation of the EU-US Data Privacy Framework. 🤖 Advancements in AI-driven health solutions, such as Sanofi’s Muse for clinical trial recruitment, were also highlighted. 🧬 Discussions focused on genomics privacy, neural data protection, and the transformative role of AI in healthcare and compliance landscapes.

Nov 2024
Regulations & Guidelines
Podcasts
AI
Data Breach & Cybersecurity
Data Privacy Enforcement

Newsletter #19

In October, key developments in data privacy, AI, and cybersecurity emerged, including new GDPR accountability guidance for controllers, the introduction of the UK’s Data Bill 2024, and the FDA's call for coordinated AI regulation in healthcare. High-profile data breaches also highlighted vulnerabilities in health data, underscoring the need for stronger, globally aligned privacy standards.

Oct 2024
Data Privacy Enforcement
Healthcare
Regulations & Guidelines
AI
Biotech & Healthtech

Newsletter #18

Get up to speed with the latest in data protection regulations and healthtech innovations, including updates from Brazil, the UK, and California, along with advancements in AI-driven healthcare solutions. Plus, explore major privacy enforcement actions and key developments shaping the future of digital health.