Regulations, Guidelines & Opinions

Call For An Evaluation Of The GDPR

After five years of application of the General Data Protection Regulation (GDPR), the Council of Ministers of the European Union is calling for an overarching and comprehensive evaluation of the GDPR. Notably, they ask for more clarity about adequacy decisions, the conditions under which personal data can be processed for research and archiving purposes, and to further elaborate the concepts of anonymisation and pseudonymisation.

Click to read more

Plans Of The European Commission For International Data Transfers

Didier Reynders, European Commissioner for Justice, discussed plans to enhance data flows between the EU and other states during the IAPP Europe Data Protection Congress 2023. He mentioned the possibility of an adequacy decision with the Californian State and the potential revision of the adequacy decision regarding the United Kingdom. Additionally, there is a proposal for a new type of adequacy decision to facilitate data transfers to international organizations.

Click to read more

Obligations For Cloud Providers Under The EU Cloud Scheme

A new draft of the European Cloud Services Scheme sheds some light on some questions providers could have about the regulation. The regulation classifies providers into four levels of assurance corresponding to the level of risk associated with the intended use of the product, service, or process: basic, substantial, high, and high+. Each level has its own obligations. As an example, high+ providers will be required to have at least one dedicated location in the EU.

Click to read more

UK GDPR Reforms Move Forward In UK Parliament

On November 29, the U.K. Data Protection and Digital Information Bill advanced towards becoming law. According to the U.K.'s Minister for Data and Digital Infrastructure, the objective of the bill is to modify the 2018 Data Protection Act to better leverage personal data for promoting growth and competition. This involves moving away from the generalized, top-down approach that was a characteristic of the inherited GDPR framework.

Click to read more

Biotech & Healthtech

Adoption of the European Health Data Space By European Committees

The Environment and Civil Liberties committees have adopted their position on creating a European Health Data Space (EHDS). In December, the European Parliament will vote on the proposal. The EHDS aims to achieve two goals: firstly, to enable citizens to access their health data, such as prescriptions, images, and lab tests, across borders, and secondly, to collect health data for public health purposes, including research, innovation, policy-making, education, patient safety, and regulatory activities.

Click to read more

The Use Of Wearables And Smartphones In Healthcare

The use of wearables and smartphones in decentralized healthcare is steadily rising. They are used to collect data almost in real time and provide a host of different types of data. However, this brings forth a multitude of concerns about data privacy and data security. To mitigate the risk of data misuse, strong and consistent standards need to be implemented and upheld. Additionally, alleviating such concerns could involve giving users clear authority over their personal health data.

Click to read more

Databases And The Purpose Of The Processing

Half a million citizens of the United Kingdom donated their sensitive data to the UK Biobank for medical research purposes. However, an investigation done by The Observer revealed that Biobank opened access to its biomedical database to insurance companies. Biological samples and medical history records, which were donated for research purposes, were accessed by insurance companies so that they could develop their own tools. UK Biobank indicated that they informed the volunteers and that they obtained their consent at the moment of collection.

Click to read more

Artificial Intelligence

Progress Made On The AI Act

The AI Act is currently undergoing changes in the final phase of the legislative process, with the aim of reaching an agreement by the 6th of December. One key point of contention revolves around the rules that should apply to foundation models. The issue of a code of conduct is central to the negotiations. Other points still under negotiation include governance, access to the source code, penalties, and AI literacy.

Click to read more

California, Privacy and AI

California's Privacy Protection Agency (CPPA) has released a draft regulation concerning automatic decision-making. This draft sets out guidelines for how AI can utilize data from individuals. The proposed regulations include provisions for opt-out rights, pre-use notice requirements, and access rights. These measures are designed to ensure that individuals are well-informed and can exercise their rights. The framework draws inspiration from the GDPR but aims to be more stringent, particularly in light of the practices employed by major tech companies. Additionally, it aligns with the European AI Act by adopting a risk-based approach.

Click to read more

Cybersecurity & Data Breaches

Data Breach By A Medical Secretary

A former NHS medical secretary accessed a total of 156 patient records without consent or a legitimate business need, viewing them over 1800 times within a three-month period in 2019. This discovery resulted from an investigation led by the Information Commissioner's Office (ICO). The investigation was initiated based on a complaint made by a patient. Subsequently, the former secretary appeared before Worcester Magistrates' Court and was ordered to pay a total fine of £648.

Click to read more

The Weak Link Of Cybersecurity: The Vendors

A data breach that occurred in early May this year was recently disclosed by Perry Johnson & Associates (PJ&A), a vendor that provides transcription services to healthcare organizations. This breach had an impact on healthcare organizations that relied on the vendor, affecting more than 1.2 million individuals. Personal data and sensitive categories of data, including names, addresses, social security numbers, and medical records, may have been accessed and stolen.

Click to read more

Data Privacy Enforcement

The Appointment Of The Member of the Data Protection Court

The EU-U.S. Data Privacy Framework established a two-layer redress mechanism. Firstly, EU individuals can file a complaint with the 'Civil Liberties Protection Officer' of the US intelligence community. Secondly, EU individuals have the right to appeal that decision to the Data Protection Review Court. The members of this Court were appointed on the 14th of November. The Court can now officially commence its functions and review the findings of the Officer regarding complaints from EU individuals concerning potential privacy violations associated with U.S. signals intelligence activities.

Click to read more

Podcasts

Use of Biological Samples Without Consent : The Havasupai Nation's Case

The Havasupai Nation's experience in the early 1990s serves as a key example of why it's crucial to have appropriate legal frameworks for data use and secondary applications. They provided blood samples to Arizona State University researchers to investigate the high prevalence of Type 2 Diabetes in their Grand Canyon community, but never received results. Later, they discovered their data was being repurposed for unrelated projects without their permission.

Click to listen

Privacy And Voice Recognition AI

In an interview, Justin Hendrix talks to AI researcher Wiebke Hutiri, specializing in Responsible AI, particularly in algorithmic fairness and bias. Hutiri's notable work includes her thesis and the creation of 'Fair Eva,' an open-source tool to help evaluate and reduce bias in voice recognition technology. The discussion explores the specific challenges of bias and fairness in speaker recognition technology, offering valuable insights.

Click to listen

IAPP Europe Data Protection Congress 2023: Key Takeaways


AI and Regulation: William Malcolm from Google emphasized the need for a balanced regulatory approach to AI. Essential controls are necessary, but overregulation could impede the development of AI services.

AI Officer Role: The rise of 'AI Officers' in organizations is expected, underscoring the importance for those in privacy roles to have more than basic AI knowledge. In-depth understanding of AI algorithms, data curation, datasets, and databases is crucial for effective oversight.

EU's Regulatory Environment: Companies operating in the EU face tighter regulations for data collection and processing, making the environment more challenging despite efforts to make data more accessible.

Guidance for Engineers: Engineers require clear, principle-based frameworks for guidance, rather than vague legal guidelines, to ensure precise and actionable direction.

Microsoft's Innovations: Microsoft introduced Purview and Copilot, significant advancements for companies in data management, marking a major step forward.

Privacy in ESG: Privacy issues are increasingly being integrated into Environmental, Social, and Governance (ESG) frameworks, with ongoing developments highlighted by a white paper from www.piccaso.org.

Data Transfers: The first evaluation of data transfers is set for July 2024, with over 2,500 companies, 70% being SMEs, already participating. The Data Privacy Framework (DPF) is seen as a potential solution to the challenges posed by Standard Contractual Clauses (SCCs).

Home

Discover our latest newsletter

View All Newsletters
Jun 2024
AI
Regulations & Guidelines
Data Governance
Data Breach & Cybersecurity
Biotech & Healthtech

Newsletter #14

If you were on holiday in May or too busy preparing for the seasonal conference period, you're in for a treat. We've compiled the latest updates on regulations and guidelines, and there are plenty! Our May newsletter is also rich with content in Biotech & Healthtech, featuring the publication of fascinating studies (don't miss the medical forecasting article by Eric Topol) as well as the launch of Google DeepMind's latest AlphaFold model.

May 2024
Regulations & Guidelines
AI
Biotech & Healthtech
Data Governance
Data Privacy Enforcement

Newsletter #13

April 2024 will go down in history as the month when the first federal privacy bill was introduced. Additionally, April witnessed the integration of AI into biotech, revolutionizing traditional biotech at Tech Bios. Also, don't forget to check out our podcast selection that explores AI and its applications in digital pathology, among other topics.

Apr 2024
AI
Biotech & Healthtech
Data Breach & Cybersecurity
Healthcare
Podcasts

Newsletter #12

Happy Easter! March turned out to be a notable month for AI, breaking the mold of the past year. The EU Parliament has officially passed the EU Act, NVIDIA has made significant announcements, and there have been substantial advancements in health data utilization. We're constantly enhancing our offerings, so don't forget to explore our most recent interview, recommended podcasts, and book recommendations!