- WIPO’s Science and Technology Cluster Ranking 2024 As a part of the Global Innovation Index, WIPO recently released the Science and Technology (S&T) Cluster Ranking revealing 100 world-leading science and technology hubs. The five (5) biggest S&T clusters are all situated in East Asia, led by Tokyo-Yokohama (Japan), Shenzhen-Hong Kong-Guangzhou (China and Hong Kong, China), Beijing (China), Seoul (Republic of Korea) and Shanghai-Suzhou (China) clusters.
- UN finalised convention against cybercrimeOn 9 August 2024, the United Nations General Assembly agreed on the “Draft United Nations convention against cybercrime; strengthening international cooperation for combating certain crimes committed by means of information and communications technology systems and for the sharing of evidence in electronic form of serious crimes”. It is expected to be officially adopted and to become the first binding legal instrument on cybercrime.
- California, the U.S.: Safe and Secure Innovation for Frontier Artificial Intelligence Models ActOn 7 August 2024, the Policy Committee of Privacy and Consumer Protection Judiciary convened the first hearing of the Assembly Committee on Appropriations on the California bill SB 1047. The bill faces many opposing challenges from the AI developer companies.
- ICO on online content moderation On 16 Feb 2024, the UK Information Commissioner’s Office (ICO) introduces its first guidance on content moderation, providing details on applying data protection to this process and its effects on users’ information rights.
- EDPB: Clarification of “main establishment” definition On 14 Feb 2024, the Eu Data Protection Board published an “Opinion on the notion of main establishment on the criteria for the application of the One-Stop-Shop mechanism” under the framework of art. 64(2) GDPR, providing the EDPB’s position on the notion of “main establishment” and the circumstance where the One-Stop-Shop mechanism should apply.
- Google Chrome’s default restrictions of third-party cookies Google announced its pilot phase, restricting third-party cookies by default for 1% of users (Mode B) on Chrome within the framework of its Privacy Sandbox commitments.
- Some good reports about AI to kick off your 2024 Here are some reports about AI and its practical uses, which I found interesting to read in the first week of 2024.
- Blog and Research – Sovereignty, Jurisdiction in CyberspaceMy latest article “International Law Protection in Cyberspace Against Ransomware and Experience of Vietnam” outlines the application of sovereignty in cyberspace, in the context of ransomware attacks in private sectors, and cybersecurity in Vietnam.
- Should I pay for free-ads social networks? Yesterday, 30 October 2023, Meta published its monthly subscription for no-ads use of Facebook and Instagram for the users based in the EU, EEA and Switzerland.
- NIST: Standardised encryption algorithms to resist attack by quantum computers On 24 August 2023, U.S. National Institute of Standards and Technology (NIST), Commerce published draft standards for the algorithms it selected in 2022 to withstand attack by quantum computers.
- Series © and AI: ChatGPT and GPT detectorsNon-native English writers using GPT to enhance their language skills may worsen the bias against them of the GPT detectors.
- NOYB’s Annual Report 2022NOYB released its annual report of 2022, celebrating the most important winning decisions.
- Datatilsynet: temporary ban on behavioural ads of Meta’s platforms Norwegian Data Protection Authority announced its ban of 3 months on Facebook, Instagram behavioural advertising.
- France Antitrust watchdog: Google failed to provide adequate information to its consumers Yesterday, on 4 July 2023, the General Directorate for Competition, Consumer Affairs and Fraud Control announced a sanction against Google for failing its information obligation toward its users.
- EU: ENISA report on Digital Identity Standards Yesterday, on 3 July 2023, the EU Agency for Cybersecurity released its report on the most important standards and standardisation organisations of Digital Identity.
- UK CMA’s guidance on testing Google’s Privacy Sandbox Last week, on 29 June 2023, the UK Competition & Market Authority published its guidance to third parties on how they can test Google’s Privacy Sandbox tools.
- Netherlands: US export control, legal exception of prohibited discriminationOn 20 June 2023, College voor de Rechten van de Mens published the News Release about the discrimination in ASML’s hiring policy based on nationality.
- CJEU Advocate General opinions: personal data in criminal cases The CJEU published the opinions of the Advocates Generals on (i) liability for the damage occurred relating to unlawful data processing, (ii) judicial remedy available to data subject against an independent supervisory authority.
- EU: Google’s abusive practices in online adtech The EU Commission considers that Google breached EU antitrust rules, distorting competition in the advertising technology (adtech), by favouring its own online display ad tech services to the detriment of competing providers of adtech services, advertisers and online publishers.
- ENISA: Supply Chain Cybersecurity good practices ENISA released on 13 June 2023 a report on current supply chain cybersecurity practices of essential and important entities in the EU, following its study results in 2022, focusing on investments of cybersecurity budgets amongst the EU organisations.
Quick briefs
- Meta challenged the EDPB’s opinion On 12 August 2024, the action brought by Meta Ireland against the European Data Protection Board of 27 June 2024 was published. The company asks to annual ‘Opinion 08/2024 on Valid Consent in the Context of Consent or Pay Models Implemented by Large Online Platforms adopted under Article 64(2) GDPR’ and to be compensated for the damages caused by this Opinion as well as the costs of the proceedings. Its allegation includes (i) the illegality and inapplicability of Article 64(2) GDPR according to Article 277 Treaty on the Functioning of the EU, (ii) the violation of the Opinion against Article 19(1) Treaty of EU by misinterpreting the judgement in Case C-252/21 and Articles 16, 20, 41(1), 41(2)(a), and 52(1) of the Charter of Fundamental Rights of the EU by failing to strike a fair balance between conflicting fundamental rights, to comply with principle of equal treatment, to act as an impartial body and to respect the right to be heard of Meta, and by introducing a novel and incoherent obligation not provided by the GDPR, respectively.
- EDPS’ assessment of the draft of Framework Convention on AI Yesterday 11 March 2024, the EU Data Protection Supervisor (EDPS) released its statement about the draft of the Framework Convention on AI, Human Rights, Democracy and the Rule of Law. EDPS considers that the framework should be consistent with EU values, protect individuals’ fundamental rights, freedoms, and provide clear, strong safeguards for the subjects affected by the AI-based applications. The framework also should be flexible to accommodate the specificities of national legal systems but it must maintain the key objectives as ‘the future binding legal instrument’, including ‘ensuring a common legal framework, a level playing field for AI actors in EU and beyond’. The EDPS expressed its concerns about the limitation of the framework’s scope to the ‘activities undertaken by public authorities, entities would contradict the overall policy objective of the Framework Convention’ and the ‘absence of red lines’ in the draft prohibiting AI application posing unacceptable levels of risk.
- EDPS: EC violates data protection regulations by using Microsoft 365Yesterday, the Eu Data Protection Supervisor released its conclusion of an investigation into the Eu Commission’s use of Microsoft 365. Accordingly, the latter has infringed the Regulation of 2018/1725 regarding the ‘transfers of personal data outside the EU/ European Economic Area (EEA)’. As the controller, ‘the Commission did not sufficiently specify what types of personal data are to be collected and for which explicit and specified purposes when using the software’ and did not comply with the obligations related to data processing, including transfers of personal data through the use of Microsoft 365 tools.
- Meta brought action against EDPB (Case T-8/24)On 8 Jan 2024, Meta Ireland (Facebook) submitted the case against the European Data Protection Board (EDPB), regarding the latter’s Urgent Binding Decision 01/2023 at the request of the Norwegian supervisory authority (Datatilsynet) of 27 October 2023 in respect of processing personal data for behavioural advertising purposes by Meta. The platform brought the allegations of excess of the EDPB’s competence under art. 66 the GDPR and its obligation to respect the right to “good administration” according to art. 41 the EU Charter. Furthermore, the company also claimed that art. 66(2) GDPR unlawful and invalid in accordance with art. 41, 47 the EU Charter, art. 6 the EU Convention of Human Rights. This will be the rare case that the duty of the EU authorities of “good administration” is challenged. What a bold move by Meta!
- Facebook disfavours the news in the U.S. and AustraliaYesterday, 29 February 2024, Meta announced its deprecation of Facebook News in the U.S. and Australia in early April this year. This move is following the same deprecation in the UK, France and Germany last December. The users can still read the news on Facebook’s feed in these countries. The platform will not cease the access of the news publishers to their accounts, pages and their posts of news article links, content. They will continue to execute the existing agreements with the publishers until their expiration. The company reveals the drop of users’ views of the news and political content, about over 80% last year and around only less than 3% of the audiences read the news in their Facebook feed.
- Database of personal information sold in enforcement proceedings On 22 February 2024, the Court of Justice of the European Union released the Advocate General’s opinion on the sale of databases containing personal data within an enforcement proceedings which is considered to be lawful. According to his opinion, the GDPR governs the operations of the objectives that the court enforcement officer estimates the value of given databases and sells them by public auction. The officer in charge shall be the data controller. Furthermore, the proceedings must produce the “necessary and proportionate measure in a democratic society to achieve one of the objectives of general interest pursued by [the GDPR]”.
- EC takes actions against Tiktok The European Commission initiates proceedings to investigate the alleged breaches of the platform’s obligations under the Digital Services Act (DSA). The EU took this decision after its early investigation, TikTok’s risk assessment report and responses to the Commission’s information requests from last year. The allegations include the negative effects of the platform design, algorithmic systems, causing “behavioural addictions, harming children’s physical, mental well-being, and failing to verify their age, conduct default privacy design to protect them from inappropriate content and ensure their privacy, safety, security. The company allegedly fails to provide a “searchable, reliable repository for advertisements” to users, “access to its publicly accessible data” to researchers under the DSA.
AstraIA Gear Project
- A new and interesting approach of auditing LLMs J. Mökander, J. Schuett, H. R. Kirk and L. Floridi – “Auditing Large Language Models (LLMs): a three-layered approach” on arxiv.org.
- AG Project: Authorities’ suggestions for AI systemsThe U.S. Department of Commerce: National Institute of Standards and Technology published the AI Risk Management Framework ver. 1.0.
- AG Project: Authorities’ suggestions for AI systemsJapanese Ministry of Economy, Trade and Industry: Governance Guidelines for Implementation of AI Principles applied to AI Systems.
- ChatGPT: what legal and ethical issues do you need to know?ChatGPT poses a lot of challenging legal and ethical questions.
- AG Project: Authorities’ suggestions for AI systemsU.S. Office of the Director of National Intelligence: Artificial Intelligence (AI) Ethics Framework for the Intelligence Community
Connect with us somewhere else