Search results

[…] Request for Information (RFI) Regarding Data Brokers and Other Business Practices Involving the Collection and Sale of Consumer Information. 2023 also saw developments in various U.S. state commercial privacy laws. We found that the number of state laws increased from five to twelve (or, arguably, thirteen), and in response, provided timely analysis in Iowa, […]

[…] should be limited to that which is relevant to provide their stated product or service. Organizations should also ensure that they have appropriate internal policies regarding non- commercial requests for personal data. For example, organizations should have policies around when and how to partner with academics, allowing them controlled and privacy-protective access to personal […]

[…] languishing in Congress, state-level activity on privacy dramatically accelerated in 2023. As the dust from this year settles, we find that the number of states with ‘comprehensive’ commercial privacy laws swelled from five to twelve (or, arguably, thirteen), a new family of health-specific privacy laws emerged in Democratic-led states while Republican-led states increasingly adopted […]

[…] examined, and were able to estimate population parameters for both the total number of English-language privacy documents on the web and for their likely distribution across different commercial sectors. The study was able to further the privacy research community’s understanding of the overall status of English-language privacy policy policies worldwide, and provide valuable information […]

[…] PROPOSED EU AI ACT |  2 DISCLAIMER: Copyright © 2023 Future of Privacy Forum and OneTrust LLC. Please contact Future of Privacy Forum or OneTrust for questions about commercial use of this publication. The contents of this document are subject to revision without notice due to continued progress in methodology, design, and manufacturing. OneTrust LLC […]

[…] When to perform a CA? EX ANTE Before placing the AI system on the EU market or putting it into service (definitions in Art 3(9,11)) EX POST IF Afer placing the AI system on the EU market or putting it into service: Substantial modification to the AI system• NEW AI system • NEW CA required IF reasons of public security or the protection of life and health of  persons, environmental protection, and the protection of key industrial  and infrastructural assets  high-risk AI system placed on the market without a prior CA. (Art 47) Continued overleaf AI system that continues to learn +  pre-determined changes documented  in the initial CA no new CA required. 1200 Abernathy Rd NE, Building 600 | Atlanta, Georgia | United States | 30328 Atlanta | London | Bangalore | Melbourne | Denver| Seattle | San Francisco | New York | São Paulo | Munich | Paris | Hong Kong | Bangkok As society redefines risk and opportunity, OneTrust empowers tomorrow’s leaders to succeed through trust and impact with the Trust Intelligence Platform. The market-defining Trust  Intelligence Platform from OneTrust connects privacy, GRC, ethics, and ESG teams, data, and processes, so all companies can collaborate seamlessly and put trust at the center of their  operations and culture by unlocking their value and potential to thrive by doing what’s good for people and the planet. Copyright © 2023 Future of Privacy Forum and OneTrust LLC.   Please contact Future of Privacy Forum or OneTrust for questions about  commercial use of this publication. Step 3 What body is conducting the CA? INTERNAL CA THIRD-PARTY CA PROVIDER (or any other responsible actor) NOTIFIED BODY (NB) ANNEX VI AIA – Quality Management System (Art 17) – Technical documentation (Art 11) and verification of  compliance with the Requirements of Title III, Chapter 2 – Design & development process is  consistent with the technical documentation – Post-market monitoring (Art 61) is  consistent with the technical documentation ANNEX VII AIA – Assesses the Quality Management System (Art 17) – Assessed the Technical documentation (Art 11) Provider submits two applications to the NB 1. For the QMS 2. For the TD NB: Assesses the application Communicates the results to the Provider: The high-risk AI system is in conformity with  […]

[…] subcategory of the wide spectrum of intermediary services. Importantly, the DSA specifies that the ban on dark patterns does not apply to practices covered by the Unfair Commercial Practices Directive (UCPD) or the GDPR. Article 25(3) of the DSA highlights that the Commission is empowered to issue guidelines on how the ban on manipulative […]

[…] SUMMARY Corporate data-sharing partnerships offer compelling benefits to companies, researchers, and society to drive progress in a broad array of fields. However, organizations have long faced complex commercial, legal, ethical, and reputational risks that accompany the activity and act as disincentives to sharing data for academic research. This report contains eight case studies that […]