Search results

[…] IEEE Global Initiative on Ethics for Autonomous and Intelligent Systems. Prior to working at FPF, Sara was faculty in the Center for Public Administration and Policy at Virginia Tech and in the Department of Politics and Public Administration at the University of Hong Kong. She is a graduate of Texas A&M University and University […]

[…] and unnecessary compliance costs due to contradictory requirements in Asia Pacific. Modern data protection laws should shift the onus of data protection from users to organizations, by promoting an accountability-based approach to data protection over a “consent-centric” one. Different avenues may be used to rebalance consent and privacy accountability in APAC, including through concepts […]

[…] and advertising, under the “contract” or “legitimate interests” legal bases. In parallel, the court asks the CJEU to rule on whether GDPR-compliant consent may be effectively and freely expressed by users “to a dominant undertaking”. These last questions resemble others that were posed more recently by the Austrian Oberster Gerichtshof. On July 20, 2021, […]

[…] Chinese law. This chapter is emblematic of the diversity of the objectives pursued by the text as described earlier. In these provisions, the legislator seeks both to promote responsible data transfers that respect the rights and interests of Chinese citizens, on the model of other provisions relating to transfers in “traditional” data protection laws, […]

[…] economic, and professional opportunities. If regulation is to be effective, it should focus on both technical details and the underlying values and rights that must be protected from adverse uses of AI, to ensure that AI is ultimately used to promote human dignity and welfare. A .pdf version of the printed paper is available here.

[…] to unauthorized individuals. Security best practices require that authentication be accomplished via a multi-factor system, requiring two of the three options: something you know (password or pin code, security question), something you have (a smart card, specific mobile device, or USB token), or something you are (a biometric).  Once an ID holder is authenticated, […]

[…] trend to modernize their regulatory approach, several of them proposing sandboxes (e.g., the CNIL and the Norwegian DPA), and pushing for more self-regulation, like the adoption of Codes of Conduct. DPAs also plan on dedicating efforts to make GDPR compliance work in practice on a large scale by targeting the empowerment of DPOs and […]

[…] treatment. The Prefatory Note of a late-stage draft of the UPDPA notes that it seeks to avoid “the compliance and regulatory costs associated with the California and Virginia regimes.”  Central to the framework, however, is a useful distinction between “compatible,” “incompatible,” and “prohibited” data practices, which moves beyond a purely consent model based on […]

Last week, President Biden signed an Executive Order on “ Promoting Competition in the American Economy” (“the Order” or “the EO”), published together with an explanatory Fact Sheet. The Order outlines a sweeping agenda for a “whole of government” approach to enforcement of antitrust laws in nearly every sector of the economy. Although there […]

[…] a series of examples of intangible concrete harms, many of them traditional privacy harms, including: reputational harms, disclosure of private information, intrusion upon seclusion, and infringement of free exercise. The Court then concludes that the subset of the class who had the false information about them disclosed had suffered a reputational injury, a type […]