“ .. convergence of AI-driven mental health apps, attorney well-being .. data privacy .. important legal & ethical considerations, especially in relation to .. HIPAA .. various state-specific privacy regulations.” www.americanbar.org/groups/law_p...
🧵 THREAD: A federal whistleblower just dropped one of the most disturbing cybersecurity disclosures I’ve ever read.
He's saying DOGE came in, data went out, and Russians started attempting logins with new valid DOGE passwords
Media's coverage wasn't detailed enough so I dug into his testimony:
In an article for IAPP, MoFo’s Carrie H. Cohen, Boris Segalis, Katherine Wang, and Darcy Black review the New York attorney general's robust #privacy and #cybersecurity enforcement actions in 2024: bit.ly/4h9pllz
We can learn so much about good opsec through the many negative examples brought to us by this carload of clowns: www.businessinsider.com/doge-nasa-go...
“87% of security professionals report that their organisation has encountered an AI-driven cyber-attack in the last year, according to a new study by SoSafe, Europe’s largest security awareness and human risk management solution.” www.digit.fyi/87-of-firms-...
Watch the #sxsw keynote on personal online security and tell me you are not a fan of @meredithmeredith.bsky.social – I won't believe you.
www.youtube.com/live/AyH7zoP...
Wow!
If you're still uncertain why you should start using @signal.org (and @ProtonPrivacy.bsky.social btw.),
You must see this @GuyKawasaki.bsky.social @sxsw.com interview with @meredithmeredith.bsky.social
www.youtube.com/live/AyH7zoP...
At SXSW, Signal President Meredith Whittaker warned about the 'profound' security risks to user privacy posed by agentic AI.
"The Salt Typhoon hack was a catastrophic national security breach!" -Meredith Whittaker
fyi for those that weren't aware of the breach:
www.politico.com/news/2024/12...
Newsletter: The DeepSeek situation is a moment that should fill Silicon Valley with shame, a monument to the lack of vision and herd mentality of the American tech industry. OpenAI and Anthropic have no moat, no business, no innovation, and I believe no future.
www.wheresyoured.at/deep-impact/
Copyright and Artificial Intelligence
Part 2: Copyrightability
January 2025
www.copyright.gov/ai/Copyright...
The Polish DPA announced that it has fined a bank for failing to ensure the independence of the data protection officer (DPO) and failing to register "profiling" as a processing activity under the ROPA. See uodo.gov.pl/decyzje/DKN.....
News from Association of Southeast Asian Nations, or ASEAN,
ASEAN Guide on Data Anonymization. See
lnkd.in/dfrf7cYV
Joint Guide to ASEAN Model Contractual Clauses and LATAM Model Contractual Clauses. See
lnkd.in/dVAxSgcD
Key principles related to the processing of personal
data in FTC's decision in the Matter of General Motors LLC, General Motors and OnStar: (i) Lawfulness, fairness, and transparency; (ii) Purpose limitation; (iii) Data minimization; (iv) Storage limitation; and (v) Accountability.
ICYMI - Webinar: Privacy Litigation [Video (free] – Daniel Solove + Katherine Heaton (Beazley) + Melissa Siebert (Cozen) youtu.be/krjtQEic3ig
Great paper from @davidthewid.bsky.social, @meredithmeredith.bsky.social and @smw.bsky.social outlines the real obstacle to diversity and accountability in the AI sector: concentration of power in the hands of a few corporations. www.nature.com/articles/s41...
Under the current law, significant solely automated decision-making based on personal data is prohibited unless one of the following three conditions applies: The data subject gives explicit consent, or The decision is necessary for a contract between the data subject and a controller, or The decision is required or authorised by a UK law that provides safeguards for rights and freedoms. Under the new Article 22B, this prohibition would only apply where special category data is involved. The exceptions are also slightly different: The data subject gives explicit consent, or The processing is based on Article 9(2)(g) (“substantial public interest”), and either: The decision is necessary for a contract between the data subject and a controller, or The decision is required or authorised by law. Controllers cannot rely on the new legal basis of “recognised legitimate interests” for automated decisions. This would mean automated decision-making that only involves “non-special category data” is generally permitted, subject to certain safeguards.
The UK hopes to open up AI-driven decision-making.
The current prohibition (Art 22 UK GDPR) covers "automated decisions" based on all types of personal data.
The Data (Use and Access) Bill would narrow it to "special category" data only.
Safeguards would still be required for all personal data.
🥳 As of yesterday, noyb is approved as a qualified entity to bring collective redress actions in EU courts!
This allows us to bring a European version of a "Class Action", where thousands or millions of users could be represented by noyb.
More Info 👇
Looks like a perfect list to be part of.. could I be on it as well? Thank you
I created a starter pack for researchers who work at the nexus of HCI & cybersecurity / privacy here.
Please do let me know if you would like to be added to the list!I'm sure I've missed many folks.
go.bsky.app/RGsu5jn
My “Privacy, Data Protection, & Ethical Tech” Starter Pack
#PrivacySky #EthicalAI #DataProtection
go.bsky.app/HSRZtb8
Missed the latest AI Pact webinar on the AI Act? Dive into insightful discussions, expert opinions, and practical takeaways by watching the full session on YouTube.
m.youtube.com/watch?v=eLlS...
But what about transparency under Article 14 of GDPR where the personal data is derived by the controller? See eur-lex.europa.eu/legal-content/…
Derived personal data is personal data that is created from other personal data by an organization in the course of business.
Here’s the Supreme Decree N° 016- 2024-JUS-Regulation of Peru's Personal Data Protection Law. The Decree aims to align the Peruvian data protection rules to the GDPR:
Australia passes world-first social media ban for under-16s with massive fines for tech giants. Critics warn it'll make the problem worse.
It seems that LinkedIn is doing its homework after getting fined by the Irish DPC
Elon Musk's legal filing in the InfoWars bankruptcy case is both batshit crazy and also what you'd expect. It asserts that X owns every account, can do whatever it wants with them, and can inject itself into legal proceedings that have nothing to do with Twitter
www.404media.co/xs-objection...
