Hello Friends,
Opposition MPs Suggest 40 Amendments To Draft DPDP Bill. The concerns include centralisation of power, lack of independence of the Data Protection Board, and exemptions to government agencies.
Enjoy reading!
Privacy Enforcement
CNIL fines Rental Scooter Company over Geolocation Data Collection
France's data protection authority, the Commission nationale de l'informatique et des libertés, fined rental scooter company Cityscoot 125,000 euros for collecting and maintaining a record of vehicles' geolocation data. The CNIL said Cityscoot failed to comply with data minimization and contractual framework obligations under the EU General Data Protection Regulation and also violated the French Data Protection Act by failing to inform users and obtain consent to access the data.
Law Firm retained by Hospitals fined after 2021 Ransomware Attack
New York Attorney General Laetitia James imposed a $200,000 fine on a law firm retained by several hospitals that sustained a ransomware attack in 2021. The attorney general's office said New York City-based Heidell, Pittoni, Murphy & Bach maintained "poor data security" that exposed information, including health data, of roughly 114,000 individuals. According to the attorney general investigation, the hacker exploited the firm’s Microsoft Exchange email server by taking advantage of a vulnerability that Microsoft had identified more than six months earlier.
Data Breach
OpenAI Bug exposed ChatGPT User Data
OpenAI disclosed in a blog post that a bug may have exposed users' data. The artificial intelligence vendor said the bug may have caused the unintentional visibility of payment-related information of 1.2% of ChatGPT Plus subscribers active during a specific nine-hour window. Some users may also have been able to access other active user's full names, email and payment addresses, and credit card details
Privacy in Spotlight
AI ChatBots ‘Built by All of Us’
While artificial intelligence chatbots are built using data available online, there is "an uncomfortable disparity between who does the work that enables these AI models to function and who gets to control and profit from them." Chatbots are created "by ingesting books and content that have been published on the internet by a huge number of people. So in a sense, these tools were built by all of us.
US Lawmakers question TikTok CEO on User Data Security, Teen Mental Health
TikTok CEO Shou Zi Chew testified before the U.S. House Committee on Energy and Commerce 23 March. Lawmakers pressed Chew on the social media platform's relationship with Chinese parent company ByteDance, the security of U.S. users' data, and mental health impacts on teenagers. During the hearing, lawmakers were skeptical TikTok's Project Texas, an effort to transfer all U.S. data to domestic servers owned by Oracle, could be completed within the year-long timeline Chew laid out.
Regulations
New Parliamentary Amendments offered for India’s Draft Data Protection Bill
Members of India's Parliament on the Parliamentary Standing Committee on Information Technology proposed 40 amendments to the draft Digital Data Protection Bill. The proposed changes relate to concerns over the perceived centralization of power, insufficient independence for the proposed Data Protection Board, and government exemptions. Lawmakers plan to formally raise the amendments during the next committee meeting while noting new negotiations leave no clear timeline for the bill to be introduced to Parliament.
UK releases White Paper on AI Regulatory Framework
The U.K. Department for Science, Innovation, and Technology published a white paper with its approach to regulating artificial intelligence technologies. The regulatory framework seeks to build public trust in cutting-edge technologies and make it easier for businesses to innovate, grow and create jobs. The approach consists of five AI principles: safety, transparency, fairness, accountability and governance, and redress. U.K. regulators will roll out guidance within the next 12 months to help organizations implement new rules.
Japan seeks Public Input on changes to Telecommunications Business Act
Japan’s Ministry of Internal Affairs and Communications seeks public opinions on the revised draft of the Telecommunications Business Act. The draft changes to the law add guidelines to ensure the protection of personal information by telecommunications companies. Citizens and stakeholders have until 24 April to submit comments to the ministry.