VeraSafe

In October 2024, the Personal Information Protection Commission (PIPC) of the Republic of Korea issued explicit guidance permitting the processing of video data containing personal information for AI learning purposes. The guidelines, titled "Guidelines for Protection and Utilization of Personal Video Information for Mobile Video Information Processing Devices," primarily address the use of mobile video data processing devices from a privacy perspective. Notably, they include a section on utilizing video data for AI learning, stating that such data can be used through pseudonymization without obtaining the data subject’s consent. This interpretation is grounded in the view that AI learning constitutes scientific research. Under the Personal Information Protection Act (PIPA), personal data may be used without consent through pseudonymization if it serves purposes such as scientific research. In the following analysis, I will examine the practical implications of this interpretation for AI development by comparing it with the GDPR, particularly the European Data Protection Board’s (EDPB) Guidelines 1/2024 on the Processing of Personal Data Based on Article 6(1)(f) GDPR, published in October 2024, and the CNIL's recent report titled “Relying on the Legal Basis of Legitimate Interests to Develop an AI System,” issued in June 2024.

VeraSafe is looking forward to attending the IAPP Europe Data Protection Congress on 20-21 November, where we'll be engaging in discussions on the latest developments in data protection and compliance. ???????? ?????? ???? ?????????? ??????? We’d welcome the opportunity to connect—send us a message or comment below to arrange a meeting. See you at #DPC24! https://lnkd.in/eWm5ZhB

VeraSafe is delighted to welcome Leila Dreier to the team as our new Marketing Specialist. Leila brings a wealth of experience in content creation, SEO, and UX/UI design to her role. Her deep understanding of data-driven marketing solutions, conversion optimization, and user-first design approach will be instrumental in enhancing our marketing capabilities. Please join us in welcoming Leila to VeraSafe! #NewHire #RemoteWork #VeraSafe

The FTC has taken significant steps to address deceptive practices in subscription services. On October 16, 2024, the agency issued a broad “Click-to-Cancel" rule introducing new requirements for companies offering subscription services, auto-renewals, free-to-pay conversions, and other services that automatically enroll consumers in recurring payments unless they actively cancel (collectively referred to as “negative options”). Here’s what you need to know: ???????????? ????????????????????????:?Businesses must provide a straightforward method for consumers to cancel their subscription, ensuring that the cancellation process is as easy as the sign-up. The cancellation method must be accessible through the same medium as the sign-up and cannot, for example, require interaction with a representative if such interaction was not required for the sign-up. ?????????? ??????????????: Businesses must obtain “unambiguously affirmative consent” to the negative option before charging consumers and must keep a record of such consent for at least 3 years. Companies can bypass the recordkeeping requirement if they can prove their system makes it impossible to complete a transaction without securing consent. ????????????????????: Businesses must clearly and conspicuously disclose all material terms to consumers before collecting billing information. This includes details about charges, deadlines for cancellation, frequency of charges, and how to access the cancellation mechanism. ?????????????????????????????????? ??????: Businesses are prohibited from misrepresenting any material facts about their offers, including details about the negative option feature, costs, consumer consent, cancellation terms, the purpose or effectiveness of the product or service, health or safety claims, or any other important information. ?????????????????? ??????????: The Rule applies to all negative option programs in any media, including digital channels, telemarketing, in-person sales, and traditional print. ?????????????????? ????????: The ban on misrepresentations will take effect 60 days after the rule is published in the Federal Register, and the provisions regarding disclosure, consent, and cancellation will become effective 180 days after publication. The rule is expected to be published in the Federal Register in the upcoming weeks. The #FTC approved the Click-to-Cancel Rule by a 3-2 vote. Three industry associations have already filed suit claiming the Rule violates the Administrative Procedure Act and exceeds the FTC’s authority. Though the Rule is subject to an existing challenge, for privacy professionals, the message is clear: Businesses should?place greater emphasis on transparency and move away from dark patterns that manipulate user behavior. At VeraSafe, we’re ready to help you navigate these regulatory changes. Reach out to learn how the new rule impacts your business and what steps to take for #compliance. #ClickToCancel #ProductManagement

VeraSafe is delighted to welcome Gabrielle Nicole Portelli to the team as Associate Privacy Advisor. Gabrielle holds a Bachelor of Laws and a Master of Advocacy from the University of Malta as well as a Master of Law and Technology with a focus on data protection and privacy from Tilburg University. Her experience spans public institutions, private law firms, and a recent traineeship at a European agency in France. Gabrielle looks forward to expanding her knowledge of privacy and cybersecurity with VeraSafe. Please join us in welcoming Gabrielle to the team! #NewHire #RemoteWork #VeraSafe

On September 26, 2024, the Personal Information Protection Commission of Korea announced the "Standards for Personal Information Handlers' Measures Regarding Automated Decisions". The commission also published a "Guide to the Rights of Data Subjects Regarding Automated Decisions" alongside the notice. A notable part of this notice is that it clarifies, as a condition for determining what constitutes an automated decision, that companies should consider whether the final decision is made by AI or a human. Another interesting part is that the guide accompanying the notice encourages the use of Explainable AI (XAI) to fulfill personal information handlers’ obligations to explain automated decisions. I've prepared a brief explanation for the notice and guide here.

As of October 1, 2024, ??????????????’?? ???????????????? ???????? ?????????????? ?????? (????????????) is officially in effect. If your business handles the personal data of 50,000+ Montana residents, it’s time to make sure you’re in compliance. Note that the law requires, among other things, respecting opt-out preference signals (such as the Global Privacy Control) as well as conducting data processing assessments starting in January 2025. In addition, perhaps off the radar of many, the last of ??????????????????????’?? ???????? ???????????????????? ???? ?????? ???????? ?????????????? ?????? (enacted via Public Act No. 23-56) have now taken effect—provisions that materially update processing requirements for minors under the age of 18. Under amendments effective October 1, 2024, companies must use reasonable care to avoid any heightened risk of harm to minors. There is a rebuttable presumption they exercised such care if they conduct a data protection assessment. Businesses must also get opt-in consent for processing minors’ data for any purpose that is not reasonably necessary to providing the service, as well as for targeted advertising, sale, and automated profiling that produces legal or similarly significant effects. If your business is struggling to keep up with the growing patchwork of U.S. privacy laws, including Montana’s #MTCDPA and Connecticut’s #CTDPA, VeraSafe can help. Contact us today to schedule a free consultation. https://lnkd.in/dd5E7GB #Privacy #DataProtection #Compliance

Our very own Mariel Bough, J.D., CIPP/E, has been published in DICTA, the Knoxville Bar Association's official publication! Her article, "A New Perspective on the International Practice of Law," is available on page 18 of the October 2024 issue. Read the full article here: https://lnkd.in/gW96WYkT

VeraSafe is delighted to welcome Arlo Sporn to the team as Associate Privacy Advisor. Arlo joins with over two years of legal experience, including time at a leading international law firm. He has a strong background in corporate transactional practice, including company side representation for equity financings, mergers, employment, and governance matters. In his time at Harvard Law School, he worked at the Harvard Cyberlaw Clinic as a student advisor to the City of Boston, focusing on privacy-related contractual negotiations. These experiences enable him to craft efficient solutions for his clients. Please join us in welcoming Arlo to the team! #NewHire #RemoteWork #VeraSafe

Recently, members of the VeraSafe team came together in Zambia, Africa for a micro-meetup filled with adventure, community service, and camaraderie. Our time together was the perfect blend of work and relaxation with a visit to Victoria Falls, a sunset cruise, and two community service projects. For a 100% remote team, these moments are essential.?They allow us to connect, share our diverse perspectives, and strengthen the relationships that make VeraSafe so unique. #TeamMeetup #RemoteWork #Collaboration #VeraSafe