?? 2024-W7: FCC latest move, ICO's new certification scheme, Italy's stricter email retention rules, and more
Eli Atanasov, CIPP/E, PhD
?? I help businesses and their DPOs put privacy compliance on autopilot, saving them time and money in the process.
Hi privacy navigators,
Here is the latest from the ?? Privacy Navigator - your one-stop destination for everything privacy. Another week full of news and resources passed by. Here are the highlights:
FCC's Latest Move: Declaring AI-Backed Robocalls Illegal
The FCC has made a significant move in the fight against robocalls by officially declaring AI-generated voices as "artificial," and thus, illegal in automated calling scams.
This decision aims to curb the rising menace of automated spam calls that employ artificial intelligence to mimic human voices, making them harder to detect and resist.
It is the result of a debate over whether AI-cloned voices fall under the existing prohibitions outlined in the Telephone Consumer Protection Act.
The recent case involving a fake President Biden robocall in New Hampshire (when a fake president called New Hampshire citizens and told them not to waste their vote in the primary) further emphasized the need for clarity on the matter.
The decision highlights the flexibility of legal concepts and the authority of regulatory agencies to adapt to evolving technologies. However, this regulatory power could be jeopardized by an upcoming Supreme Court decision.
Consumers are now urged to report AI-powered robocalls to their local attorney general's office for further action.
This week's edition is sponsored by?Conformally.
Today's the day! ?? Don't miss our live event at 11 AM CET!
Discover how to effortlessly manage DPIAs, DSARs, and vendor relationships at our upcoming event. Dive into the complexities of privacy compliance with expert insights, practical tips, and innovative solutions.
This is a transformative experience for privacy professionals eager to refine their skills and adopt cutting-edge strategies. Connect, share, and walk away with actionable knowledge to revolutionize your approach to privacy compliance.
UK ICO's new legal services certification scheme
The Information Commissioner’s Office (ICO) has approved a new certification scheme targeted at legal service providers handling personal data.
These schemes, introduced under the UK GDPR, aid organizations in showcasing their compliance with data protection standards, fostering trust among their users.
Emily Keaney, ICO Deputy Commissioner, emphasized the significance for law firms and barristers' chambers, who handle large amounts of sensitive data. By joining this certification scheme, they can ensure adherence to data protection standards, saving time and resources in assessing third-party data processors.
This certification scheme, named the Legal Services Operational Privacy Certification Scheme, is the fifth to be endorsed by the ICO under UK GDPR criteria.
It joins four others already approved and published, covering areas such as secure IT asset re-use and disposal, age assurance, children's online privacy, and training and qualification service providers.
AI Act approved by IMCO and LIBE
On February 13th, the European Parliament's committees on Internal Market and Consumer Protection (IMCO) and on Civil Liberties, Justice, and Home Affairs (LIBE) overwhelmingly supported the AIAct.
The next stages include plenary adoption scheduled for April 10th-11th, followed by ministerial approval.
领英推荐
Denmark’s privacy regulator could ban Chromebooks from schools
The Danish privacy regulator, Datatilsysnet, has issued a ruling demanding stronger privacy assurances from cities in Denmark regarding their use of Google services, particularly those that may expose children's data.
Datatilsysnet asserts that cities did not adequately assess the risks of using Google Workplace for Education before approving its implementation in local schools. In 2022, the agency required 53 municipalities to reassess their evaluations as a condition for lifting a previous data-sharing ban for the city of Helsing?r.
Now the agency found that Google's utilization of student data from Chromebooks and Google Workplace for Education for its own purposes violates European privacy laws.
The regulator has determined that municipalities cannot share data with Google unless there are changes in legislation or Google provides a method to filter out students' information.
“We are reviewing the decision closely and will continue to collaborate with the municipalities, KL, and KOMBIT to come to a solution, so that teachers and students can continue using these digital tools that are important for learning.” said Google spokesperson Mathias Raeck.
Municipalities have been instructed to outline by March 1st how they intend to comply with the order to cease data transfers to Google.
Italy's Garante Implements Stricter Email Metadata Retention Rules
The Garante, Italy's Data Protection Authority, has stirred controversy by implementing a significant change in email metadata retention policies for employee emails.
Employers are now required to retain email metadata, such as date, time, sender, recipient, subject, and size, for just 7 days, a stark contrast to previous indefinite retention practices. ?
Exceptions to the 7-day limit are permitted for extended retention for security purposes, but only with trade union agreement.
This decision presents a challenge for cloud service providers and businesses, as they must navigate between stringent privacy regulations and the need to protect business interests.
It also raises concerns about the feasibility of erasing metadata after such a short period, particularly in legal disputes where email evidence may be crucial years later.
Choice Investigates: The Hidden Costs of Toyota's Smart Technology
Choice's investigation into Toyota's "Connected Services" reveals that the feature collects personal data, including location and driving patterns, and may share it with third parties without clear consent definitions.
The feature, integral to the cars, can't be removed without affecting the warranty and certain functionalities.
In a statement, the company said customers could opt out of Connected Services, but that doing so would disable other features including Bluetooth and speaker functionality.
Toyota said removing the SIM card which enables the service would not void a vehicle's warranty, but any work carried out by a non-Toyota technician would not be covered by that warranty.
The policy's vague consent clause and the difficulty in opting out raise privacy concerns.
?? Privacy Navigator
We have added new resources to the?Privacy Navigator. You can enjoy:
That's all for now, see you next week!
Eli
email:?[email protected]
Insightful roundup, Eli – the evolving landscape of privacy regulations is certainly keeping us on our toes!