Privacy Community

Questo articolo è la continuazione, come seconda parte, di quello quello già pubblicato dal titolo “Le Privacy Enhancing Technologies (PETs): categoria sempre attuale parte 1”.

In questo contributo, intendiamo evidenziare alcuni aspetti operativi e pratici relativi alle PET, fornendo una nostra descrizione di quelle che riteniamo essere attualmente le principali soluzioni.

***

[continua a leggere sulla pagina web della fonte]

This article is a continuation, as a second part, of the one already published entitled “Privacy Enhancing Technologies (PETs): an ever-present category part 1.”

This contribution highlights some operational and practical aspects of PETs, describing what we believe are currently the leading solutions.

***

[continue reading on the source web page]

Leaders from the AI research world appeared before the Senate Judiciary Committee to discuss and answer questions about the nascent technology. Their broadly unanimous opinions generally fell into two categories: we need to act soon, but with a light touch — risking AI abuse if we don’t move forward, or a hamstrung industry if we rush it.

The panel of experts at today’s hearing included Anthropic co-founder Dario Amodei, UC Berkeley’s Stuart Russell and longtime AI researcher Yoshua Bengio.

***

[continue reading on the source web page]

Among the great challenges posed to democracy today is the use of technology, data, and automated systems in ways that threaten the rights of the American public. Too often, these tools are used to limit our opportunities and prevent our access to critical resources or services. These problems are well documented. In America and around the world, systems supposed to help with patient care have proven unsafe, ineffective, or biased. Algorithms used in hiring and credit decisions have been found to reflect and reproduce existing unwanted inequities or embed new harmful bias and discrimination. Unchecked social media data collection has been used to threaten people’s opportunities, undermine their privacy, or pervasively track their activity—often without their knowledge or consent.

***

[continue reading on the source web page]

he Council has today approved the regulation to strengthen Europe's semiconductor ecosystem, better known as the 'Chips Act'. This is the last step in the decision-making procedure.

The Chips Act aims to create the conditions for the development of a European industrial base in the field of semiconductors, attract investment, promote research and innovation and prepare Europe for any future chip supply crisis. The programme should mobilise €43 billion in public and private investment (€3.3 billion from the EU budget), with the objective of doubling the EU’s global market share in semiconductors, from 10% now to at least 20% by 2030.

***

[continue reading on the source web page]

PETs, an acronym for the phrase “Privacy Enhancing Technologies,” constitute a phenomenon that is not new and dates back to the mid-1990s.

In fact, in 1995 the title of a groundbreaking report commissioned by the Information and Privacy Commissioner of Ontario, Canada, and the Dutch Data Protection Authority1 contained the phrase “Privacy-enhancing technologies: the path to anonymity.”

***

[continue reading on the source web page]

Le PET, acronimo dell’espressione “Privacy Enhancing Technologies” (Tecnologie di potenziamento della privacy), costituiscono un fenomeno che non è nuovo e risale a metà degli anni ‘90.

Difatti, nel 1995 il titolo di un innovativo rapporto commissionato dal Commissario per l’informazione e la privacy dell’Ontario, in Canada, e dall’Autorità olandese per la protezione dei dati1 conteneva la frase “Privacy-enhancing technologies: the path to anonymity” (Tecnologie per la tutela della privacy: il percorso verso l’anonimato).

***

[continua a leggere sulla pagina web della fonte]

The draft regulation introduces mandatory cybersecurity requirements for the design, development, production and making available on the market of hardware and software products to avoid overlapping requirements stemming from different pieces of legislation in EU member states.

The proposed regulation will apply to all products that are connected either directly or indirectly to another device or network. There are some exceptions for products, for which cybersecurity requirements are already set out in existing EU rules, for example on medical devices, aviation, or cars.

The proposal aims to fill the gaps, clarify the links, and make the existing cybersecurity legislation more coherent by ensuring that products with digital components, for example ‘Internet of Things’ (IoT) products, become secure throughout the whole supply chain and throughout their whole lifecycle.

Finally, the proposed regulation also allows consumers to take cybersecurity into account when selecting and using products that contain digital elements by providing users the opportunity to make informed choices of hardware and software products with the proper cybersecurity features.

***

[continue reading on the source web page]

Cos’è Nym?

Nym è un complesso progetto realizzato dalla società svizzera NYM Technologies SA che si basa su una blockchain al fine di realizzare una rete per la navigazione anonima, utilizzabile anche per garantire la non identificabilità di dati e metadati alle app che consentano di indirizzare il traffico sulla rete Nym Mixnet.

***

[continua a leggere sulla pagina web della fonte]

What is Nym?

Nym is a complex project carried out by the Swiss company NYM Technologies SA that is based on a blockchain to build a network for anonymous browsing, which can also be used to ensure non-identifiability of data and metadata to apps that allow traffic to be routed on the Nym Mixnet.

***

[continue reading on the source web page]

Voluntary commitments – underscoring safety, security, and trust – mark a critical step toward developing responsible AI

Biden-Harris Administration will continue to take decisive action by developing an Executive Order and pursuing bipartisan legislation to keep Americans safe

Since taking office, President Biden, Vice President Harris, and the entire Biden-Harris Administration have moved with urgency to seize the tremendous promise and manage the risks posed by Artificial Intelligence (AI) and to protect Americans’ rights and safety. As part of this commitment, President Biden is convening seven leading AI companies at the White House today – Amazon, Anthropic, Google, Inflection, Meta, Microsoft, and OpenAI – to announce that the Biden-Harris Administration has secured voluntary commitments from these companies to help move toward safe, secure, and transparent development of AI technology.

***

[continue reading on the source web page]

Information note on data transfers under the GDPR to the United States after the adoption of the adequacy decision on 10 July 2023

***

[continue reading on the source web page]

In this issue, catch up on the EDPS' organisational changes, the Supervisor's visit to Japan for his participation in the G7 roundtable of data protection and privacy authorities, our latest Supervisory Opinions and audits, and find out how you can put data protection into practice.

***

[continue reading on the source web page]

UN Secretary-General António Guterres has endorsed creating a UN agency to deal with AI threats ranging from how AI might be used in weapons of mass destruction to AI's role in spreading conspiracy theories.

***

[continue reading on the source web page]

António Guterres said that if AI became primarily a weapon to launch cyberattacks, generate deepfakes, or for spreading disinformation and hate speech, it would have very serious consequences for global peace and security.

“Look no further than social media. Tools and platforms that were designed to enhance human connection are now used to undermine elections, spread conspiracy theories, and incite hatred and violence,” he said.

“Malfunctioning AI systems are another huge area of concern. And the interaction between AI and nuclear weapons, biotechnology, neurotechnology, and robotics, is deeply alarming.”

***

[continue reading on the source web page]

Huawei e Parole O_Stili hanno annunciato i dati del rapporto “SmartBus – La percezione dei rischi e delle opportunità della rete in Italia”, condivisi anche durante un evento che si è svolto presso la Sala “Caduti di Nassirya” di Palazzo Madama a Roma, e che ha visto la presenza, tra gli altri, dell’On. Paola Frassinetti, Sottosegretaria di Stato al Ministero dell’Istruzione e del Merito, e di Daniela Sbrollini, Senatrice della Repubblica Italiana. Il rapporto è stato realizzato sulla base dell’esperienza del progetto congiunto “SmartBus: Cybersicuri a Bordo” che, tra febbraio e maggio di quest’anno, ha portato in giro per l’Italia un’aula interattiva mobile nella quale circa 4.500 studenti e studentesse di 206 scuole secondarie di primo grado, e circa 600 cittadini delle regioni Piemonte, Lombardia, Toscana, Lazio e Campania, hanno potuto accrescere la propria consapevolezza sulle minacce e le opportunità legate all’utilizzo di Internet e delle applicazioni, confrontandosi con le tutor a bordo sulle principali tematiche inerenti a privacy e cybsersecurity.

***

[continua a leggere sulla pagina web della fonte]

Brussels, 19 July - During its latest EDPB plenary, the EDPB adopted an information note for individuals and entities transferring data to the U.S.. This note aims to provide concise and objective information regarding the impact of the adequacy decision on transfers to the U.S., the redress mechanisms available under the Data Privacy Framework (DPF), and the new redress mechanism in the area of national security.

***

[continue reading on the source web page]

Social media giants Facebook and Instagram will soon be temporarily banned in Norway from tracking users online to target them with advertising.

The Norwegian Data Protection Authority ordered U.S. technology firm Meta, the parent company of Facebook and Instagram, to stop showing users in Norway personalized ads based on their online activity and estimated locations. The ban kicks in from August, according to an order obtained exclusively by POLITICO and sent to Meta on July 14.

Meta's advertising practice on Facebook and Instagram currently involves the "processing of very private and sensitive personal data through highly opaque and intrusive monitoring and profiling operations," wrote Norway's Datatilsynet agency.

The ban on so-called behavioral advertising will last three months, starting from August 4. Facebook and Instagram will be able to show people customized ads but only based on information given by users in the "about" section of their profiles.

...

[continue reading on the source web page]

If you feed America's most important legal document—the US Constitution—into a tool designed to detect text written by AI models like ChatGPT, it will tell you that the document was almost certainly written by AI. But unless James Madison was a time traveler, that can't be the case. Why do AI writing detection tools give false positives? We spoke to several experts—and the creator of AI writing detector GPTZero—to find out.

Among news stories of overzealous professors flunking an entire class due to the suspicion of AI writing tool use and kids falsely accused of using ChatGPT, generative AI has education in a tizzy. Some think it represents an existential crisis. Teachers relying on educational methods developed over the past century have been scrambling for ways to keep the status quo—the tradition of relying on the essay as a tool to gauge student mastery of a topic.

As tempting as it is to rely on AI tools to detect AI-generated writing, evidence so far has shown that they are not reliable. Due to false positives, AI writing detectors such as GPTZero, ZeroGPT, and OpenAI's Text Classifier cannot be trusted to detect text composed by large language models (LLMs) like ChatGPT.

***

[continue reading on the source web page]

In its Decision published on 13 July 2023, the EDPS finds that the use of Cisco Webex videoconferencing and related services by the Court of Justice of the European Union (the Court) meets the data protection standards under Regulation 2018/1725 applicable to EU institutions, bodies, offices and agencies.

***

[continue reading on the source web page]

Today, the Commission has adopted a new strategy on Web 4.0 and virtual worlds to steer the next technological transition and ensure an open, secure, trustworthy, fair and inclusive digital environment for EU citizens, businesses and public administrations.

The internet is evolving at an extremely fast pace. Beyond the currently developing third generation of the internet, Web 3.0, whose main features are openness, decentralisation, and user full empowerment, the next generation, Web 4.0, will allow an integration between digital and real objects and environments, and enhanced interactions between humans and machines.

...

[continue reading on the source web page]

It’s good news that the European Commission is now considering the value and needs of Open Source in its policy deliberations. What’s not as good is that it does so through the wrong lens. The Commission needs to extend its consultations, Expert Groups and other work to include and consider the fourth sector.

...

[continue reading on the source web page]

On 10 July, the European Commission adopted its adequacy decision for the EU-U.S. Data Privacy Framework. The adequacy decision concludes that the United States ensures an adequate level of protection – compared to that of the EU - for personal data transferred from the EU to US companies participating in the EU-U.S. Data Privacy Framework.

The adequacy decision follows the US' signature of an Executive Order on ‘Enhancing Safeguards for United States Signals Intelligence Activities', which introduced new binding safeguards to address the points raised by Court of Justice of the European Union in its Schrems II decision of July 2020. Notably, the new obligations were geared to ensure that data can be accessed by US intelligence agencies only to the extent of what is necessary and proportionate, and to establish an independent and impartial redress mechanism to handle and resolve complaints from Europeans concerning the collection of their data for national security purposes.

...

[continue reading on the source web page]

New Trans-Atlantic Data Privacy Framework largely a copy of "Privacy Shield". noyb will challenge the decision.

Third attempt of the European Commission to get a stable agreement on EU-US data transfers will be likely back at the Court of Justice (CJEU) in a matter of months. The allegedly "new" Trans-Atlantic Data Privacy Framework is largely a copy of the failed "Privacy Shield". Despite the European Commission's public relations efforts, there is little change in US law or the approach taken by the EU. The fundamental problem with FISA 702 was not addressed by the US, as the US still takes the view that only US persons are worthy of constitutional rights.

...

[continue reading on the source web page]

EU countries have taken sides on the measures in support of innovation in the upcoming AI rulebook.

The AI Act is a landmark proposal to regulate Artificial Intelligence based on its potential to cause harm. The draft law is at the last phase of the legislative process, the so-called trilogues between the EU Council, Parliament and Commission.

The next trilogue is scheduled on 18 July, with the EU policymakers set to agree on some of the most controversial parts of the text, notably on the part related to innovation measures, where the positions of the co-legislators are complementary rather than conflictual.

The Spanish Presidency of the EU Council of Ministers, which will represent member states in the negotiations, circulated an options paper on this part of the text, seen by EURACTIV, that was discussed last Wednesday (5 July) at the Telecom Working Party, a technical body of the Council.

...

[continue reading on the official source]

Today, the European Commission adopted its adequacy decision for the EU-U.S. Data Privacy Framework. The decision concludes that the United States ensures an adequate level of protection – comparable to that of the European Union – for personal data transferred from the EU to US companies under the new framework. On the basis of the new adequacy decision, personal data can flow safely from the EU to US companies participating in the Framework, without having to put in place additional data protection safeguards.

The EU-U.S. Data Privacy Framework introduces new binding safeguards to address all the concerns raised by the European Court of Justice, including limiting access to EU data by US intelligence services to what is necessary and proportionate, and establishing a Data Protection Review Court (DPRC), to which EU individuals will have access. The new framework introduces significant improvements compared to the mechanism that existed under the Privacy Shield. For example, if the DPRC finds that data was collected in violation of the new safeguards, it will be able to order the deletion of the data. The new safeguards in the area of government access to data will complement the obligations that US companies importing data from EU will have to subscribe to.

...

[you can complete reading on the official website]

Today, Meta is launching its new microblogging platform called Threads. What is noteworthy about this launch is that Threads intends to become part of the decentralized social web by using the same standard protocol as Mastodon, ActivityPub. There’s been a lot of speculation around what Threads will be and what it means for Mastodon. We’ve put together some of the most common questions and our responses based on what was launched today.

...

(read more on the official web page)

Intervista a uno dei padri dell'AI. "Essere intelligenti non vuol dire avere voglia di dominare. Il mito della superintelligenza cattiva deriva dal fatto che una macchina intelligente sia proprio come noi. Ma non è così"

***

"L'Intelligenza artificiale ci porterà verso un nuovo umanesimo. Accrescerà l'intelligenza di tutti, non solo quella delle macchine. Perché alcuni esperti sono allarmati? Hanno una visione semplicistica delle conseguenze". Yann LeCun è considerato uno dei padri dell'Intelligenza artificiale. Autore di saggi e articoli considerati oggi la Bibbia di chi si occupa di apprendimento automatico delle macchine, è professore della New York University, capo della divisione Intelligenza artificiale. I suoi studi gli sono valsi il massimo riconoscimento del settore: il Premio Turing nel 2018. La sua visione sull'Ai e sull'impatto che avrà sulle nostre società sono ampiamente condivise in ambito accademico. Lunedì ha ricevuto la laurea ad honorem dell'Università di Siena per il contributo fondamentale alla ricerca nel campo dell'intelligenza artificiale. È interventuo all’evento SAIConference di Siena, un incontro dedicato all’Intelligenza Artificiale realizzato da SAIHub (Siena Artificial Intelligence Hub). E sulle norme decise dall'Unione europea per regolamentare l'Ai non ha dubbbi: "Sbagliato decidere leggi sull'Ai. Diverso è se si parla di come viene applicata". Sull'Intelligenza artificiale si è aperto un ampio dibattito tra accademici, imprenditori del settore e più in generale tra l'opinione pubblica. Rischi, opportunità, paure e speranze.

...

1. Proposal for a regulation laying down additional procedural rules relating to the enforcement of GDPR
2. Annex - Proposal for a regulation laying down additional procedural rules relating to the enforcement of GDPR

The European Commission presented on Tuesday (4 July) a legislative proposal to harmonise certain aspects of national procedural rules to speed up cross-border cases under the General Data Protection Regulation (GDPR).

The reform was requested by the chair of the European Data Protection Board (EDPB), the body that gathers all EU data protection authorities, which pointed out several discrepancies in the national legal framework that prevented smooth cooperation among data regulators.

The draft law touches upon complaints over alleged data protection breaches, the procedural rights of parties under investigation, intra-authority cooperation and dispute resolution.

...

Yesterday, Monday 3 July, was the deadline for large, systemic digital platforms to notify the Commission that they meet the thresholds to qualify as gatekeepers under the Digital Markets Act (DMA).

The companies, operating on our EU digital market, who declared meeting the thresholds are:

• Alphabet
• Amazon
• Apple
• ByteDance
• Meta
• Microsoft
• Samsung

...

The topics of AI definition, high-risk classification, list of high-risk use cases and the fundamental rights impact assessment will be on the table of the Council this week as the Spanish presidency prepares to dive headfirst into negotiations.

Spain has taken over the rotating presidency of the EU Council of Ministers on 1 July. On top of its digital priorities, Madrid seeks to reach a political agreement on the AI Act, a landmark legislation to regulate Artificial Intelligence based on its potential to cause harm.

The Spanish presidency circulated a document, dated 29 June and seen by EURACTIV, to inform an exchange of views on four critical points of the AI rulebook on Wednesday (5 July) at the Telecom Working Party, a technical body of the Council.

The discussion will inform the position of the presidency in the next negotiation session with the EU Council, Parliament and Commission, so-called trilogues, on 18 July.

...

As the European Parliament debates how European health data space should be shaped, the co-rapporteur of the file has warned that the agreements regarding the secondary use of data were the hardest to reach.

Over a year has passed since the Commission proposed European health data space (EHDS), a new legislative proposal with ambitions to make a true revolution in health data and unleash its full potential for all stakeholders – from patients and healthcare professionals to policymakers and researchers.

Therefore the Parliament is running through more than a 100 page-document, aiming to empower EU citizens to better control their health data, unleash the market potential and set up the framework for data reuse while ensuring the protection of this highly sensitive data.

...

On 14 June 2023, President Bola Tinubu signed the Nigeria Data Protection Act, 2023 into law, with the aim of addressing the critical need for data protection in the country.

In recent years, Nigeria has been criticised for failing to pass a data protection law while many other African countries have successfully done so. Instead, the country previously relied on the Nigeria Data Protection Regulation, 2019 (NDPR), released by the National Information Technology Development Agency (NITDA), which has now been replaced by the Data Protection Act. Several sections of the Act focus on the safeguards required during the processing of personal information. Section 24 of the Act emphasises the principles governing the processing of personal data and mandates data controllers and processors to collect data lawfully and process it securely. Section 25 provides the lawful basis for personal data processing, requiring the consent of the data subject for specific purposes. The legislation further outlines the rights of data subjects in sections 34 – 37, ensuring that individuals have control over their personal information. The Act prohibits the cross-border transfer of personal data, except when legally permitted, and enhances accountability by mandating all data controllers and processors who are considered of “significant importance” to register with the regulatory authority within six months of the law’s commencement.

...

BRUSSELS ― When the European Commission unveiled draft legislation paving the way for a digital version of the euro, its jitters over how to allay privacy concerns were only too apparent.

“This is not a Big Brother project,” Finance Commissioner Mairead McGuinness told reporters on Wednesday after presenting what, if it becomes a reality, will be a virtual extension of euro banknotes and coins and which will settle payments across the eurozone in seconds.

Supporters say the digital euro goes beyond providing a public good and will ensure the currency and European Central Bank remain relevant in a digital economy, where cryptocurrencies circulate and big tech companies dream of printing their own money.

...

Industrial manufacturers in Europe sense the opportunity of big data — but Brussels is about to change the rules on how to tap into it.

European Union legislators struck a deal Tuesday evening on a landmark bill that aims to regulate who can access and share data generated by connected machines and devices, both on the work floor and at home.

The new law is a response to the untapped potential of industrial data in Europe, as 80 percent of machine or device-generated data is never used. The slow pace of its data economy is a threat to Europe’s industrial base — where the Continent still holds considerable sway — and data will be key for the deployment of artificial intelligence technologies in coming years.

...

EU policymakers reached a political agreement on the Data Act in the late hours of Tuesday (27 June).

The Data Act is a landmark legislation meant to remove barriers to the circulation of non-personal data by regulating the rights and obligations of all economic actors involved in producing and consuming Internet of Things products – connected devices capable of collecting and sharing data.

With Tuesday’s agreement, the EU Council, Parliament and Commission bridged their differences on the most important aspects of the data law that is now set for formal adoptions as the text is fine-tuned at the technical level in the coming days.

“The Data Act will ensure that industrial data is shared, stored and processed in full respect of European rules. It will create a thriving data economy that is innovative and open, but on our European conditions,” EU Commissioner Thierry Breton said.

...

Brussels, 21 June - During its latest plenary, the EDPB has adopted a template complaint form to facilitate the submission of complaints by individuals and the subsequent handling of complaints by Data Protection Authorities (DPAs) in cross-border cases.

EDPB Chair, Anu Talus said: “The template is one of the commitments the EDPB Members made during their high-level meeting of April 2022 in Vienna to boost enforcement cooperation among DPAs. It will facilitate the cross-border exchange of information regarding complaints between DPAs and will help DPAs save time and resolve cross-border cases more efficiently."

The template takes into account existing differences between national laws and practices. DPAs will use it on a voluntary basis and can adapt it to their respective national requirements.

...

The European Parliament adopted its position on the AI rulebook with an overwhelming majority on Wednesday (14 June), paving the way for the interinstitutional negotiations set to finalise the world’s first comprehensive law on Artificial Intelligence.

The AI Act is a flagship initiative to regulate this disruptive technology based on its capacity to cause harm. It follows a risk-based approach, banning AI applications that pose an unacceptable risk and imposing a strict regime for high-risk use cases.

...

On Wednesday, the European Parliament adopted its negotiating position on the Artificial Intelligence (AI) Act with 499 votes in favour, 28 against and 93 abstentions ahead of talks with EU member states on the final shape of the law. The rules would ensure that AI developed and used in Europe is fully in line with EU rights and values including human oversight, safety, privacy, transparency, non-discrimination and social and environmental wellbeing.

...