stefan – Page 59 – Privacy Design®

December 7, 2019

Spain (AEPD): Cookie guidelines by the DPA in English.

The Spanish guidance is much more relaxed than the ones from UK, France, and Germany – adding to the somewhat different expectations across the EU member states.

https://www.aepd.es/media/guias/guia-cookies-en.pdf

December 7, 2019

CNIL publishes its own register of processing activities (as example)

The actual registry (in French), 121 pages:
https://www.cnil.fr/sites/default/files/atoms/files/registre-rgpd-cnil_decembre-2019.pdf

Press article in French:
https://www.cnil.fr/fr/la-cnil-publie-son-registre-rgpd

December 7, 2019

German Data Protection Authorities propose to create GDPR-obligations for producers of software and hardware (incl. liability)

https://www.baden-wuerttemberg.datenschutz.de/german-data-protection-authorities-propose-to-create-gdpr-obligations-for-producers-of-software-and-hardware-incl-liability/

December 7, 2019

Getting Cookie Consent Right

Article by Eduardo Ustaran

https://www.hldataprotection.com/2019/12/articles/international-eu-privacy/getting-cookie-consent-right/

December 7, 2019

Germany: Thüringen: DPA Questionnaire on web sites

incl. google analytics, cookies, ..
https://www.delegedata.de/2019/12/thueringer-fragenbogen-zur-pruefung-von-webseiten-verschiedene-handlungsoptionen-fuer-unternehmen/

December 7, 2019

CNIL: Summary on privacy in telemedicine and healthcare

https://www.cnil.fr/fr/telemedecine-comment-proteger-les-donnees-des-patients

December 7, 2019

Germany: LfDIBW publishes English template for joint controller data processing agreements

https://www.baden-wuerttemberg.datenschutz.de/mehr-licht-fuer-alle-vertragsmuster-fuer-die-gemeinsame-verantwortlichkeit-in-englisch/

December 7, 2019

UK: ICO releases its first draft regulatory guidance into the use of AI

https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2019/12/ico-and-the-alan-turing-institute-open-consultation-on-first-piece-of-ai-guidance/

December 7, 2019

German DPA (Rheinland-Pfalz) issues 105.000 EUR fine on hospital

.. due to privacy issues related to patient management.
The fine is based on several breaches of the General Data Protection Regulation in the framework of a patient mix-up when admitting the patient. This resulted in incorrect invoicing and revealed structural technical and organisational deficits in the hospital’s patient and privacy management.

December 7, 2019July 1, 2020

A Day in the Life of an AI project (privacy design and AI phases)

Great presentation that breaks down what needs to be considered from a privacy point of view in the different phases of an AI project.

My hope is to turn these into a “checklist” for new AI experiments that are run on pre-assessed AI platforms. (I’m very interested in comments).

Full slides from DPC19 :

https://iapp.my.salesforce.com/sfc/p/#1a000000HSGV/a/1P000000XeTO/7xOqxD1UampJRpDFr37qKWaLBKb9Ge2ZHgUUFBoiP6g

Phases of an AI project

Scoping
- Problem identification
- Impact of the AI?
- Purpose limitation
- Planning of solution & resources
Identify Data Sources
- Getting access, data transfer
- Compliance requirements for the data
- Data minimization & pseudonymization
Data Pre-Processing
- Exploratory Data Analysis
- Feature selection (data minimization)
- Feature engineering
- Anonymization/pseudonymization
Modeling
- Training, validation, testing
- Does the model generalize well? (Test for bias/variance)
- Support explanation
Deployment
- Re-identification risk: Will the analysis or model be published?
- Explanation to domain experts and/or data subjects
- Incremental learning
- Human-in-the-loop
Request of data subjects
- Rights to get an explanation
- Right to be forgotten