Major News from Osano!
Hello all, and happy Thursday!Read Now
November 2, 2023
Hello all, and happy Thursday!
With all the buzz about AI, including the EU’s proposed AI Act and President Biden’s recent executive order, I can’t help but recall a similar environment surrounding data privacy at the launch of the GDPR.
To an extent, governments were a bit behind the eight ball on data privacy—it took scandals, significant societal impact, and public outcry before truly effective data privacy regulation came about in the form of the GDPR. It seems like governments have learned from the experience and are attempting to get ahead of the curve when it comes to AI.
I know everybody is tired of hearing about it, but AI truly does have the potential to radically change our society, just as the proliferation of personal data processing has. And although it’s certainly smart of governments to be proactive in regulating AI before it potentially wreaks havoc, I think there’s also an element of uncertainty here.
With the GDPR and other data privacy laws, we had the benefit of seeing exactly how wanton personal data processing had affected society. AI technology is still in its infancy—how can we know what effects it will have in the future as it matures, and therefore what form regulation should take? Looking at existing and proposed regulations can give us a clue as to what governments hope and fear for this nascent technology.
According to the annual Cisco Consumer Privacy Survey, 2023 saw an increase in the use of data subject access requests, especially for consumers under the age of 45. Additionally, 60% of respondents say that the current use of AI by organizations has eroded trust, and a little over half said they were willing to share anonymized data with AI systems.
President Biden recently released a sweeping executive order that regulates AI technologies. Under the order, developers of AI systems will need to share the results of their safety tests with the federal government before they are released to the public. If developing AI models that pose national security, economic, or health risks, companies will be required to notify the federal government under the Defense Production Act.
French data protection authorities fined a TV service provider for failing to follow proper DSAR processes, among other violations. Requests were misled and late, and some requests had been processed without notifying the data subject. The fine exemplifies how non-automated DSAR workflows can cause noncompliance.
Germany's Office of the Data Protection Authority (ODPA) has published a report with some interesting statistics on data breaches. 38 personal data breaches were reported to the ODPA between the beginning of July to the end of September 2023 with 46 underlying causes. These affected 77,321 people. The unusually high number of people affected is largely down to one particular self-reported breach involving the sending of an email to an incorrect recipient which contained a significant volume of personal data.
Currently, the FTC’s Safeguards Rule requires certain types of non-banking financial institutions to establish comprehensive security programs to keep their customers’ information safe. The amendment will additionally require these institutions to notify the FTC as soon as possible, and no later than 30 days after discovery of certain security breaches.
After initially floating the idea, Meta is launching a paid subscription that will remove ads from Facebook and Instagram in Europe as a move to address concerns by the European Union about Meta’s ad targeting and data collection practices. The service is available throughout the European Union and will be offered for around €9.99 per month on the web or €12.99/month on iOS and Android.
29 nations, including the U.S., the UK, the EU, and China have recently reached a ground-breaking agreement, known as the Bletchley Declaration. The Declaration sets forth a shared understanding of the opportunities and risks posed by AI and the need for governments to work together to meet the most significant challenges posed by the technology.
Tennessee has joined the ranks of 12 other states and established a comprehensive data privacy law. Check out our blog to learn all you need to know about the TIPA.
If you’re interested in working at Osano, check out our Careers page!
Arlo Gilbert is the CEO & co-founder of Osano. An Austin, Texas native, he has been building software companies for more than 25 years in categories including telecom, payments, procurement, and compliance. In 2005 Arlo invented voice commerce, he has testified before congress on technology issues, and is a frequent speaker on data privacy rights.