Good summary article by Katharina Koerner
- Standardization landscape for privacy: Part 1 — The NIST Privacy Framework
- Standardization landscape for privacy: Part 2 — ISO/IEC
The Spanish Data Protection Agency (AEPD) has published a checklist to help data controllers quickly identify and determine whether the process and documentation they are following to carry out a Data Impact Assessment contains the required elements.
.. or is T-ADPF?
.. and why “Data Privacy” – and not “Privacy” nor “Data Protection”?
The EDPS already commented on Twitter that
“#EDPS welcomes, in principle, the announcement from @vonderleyen and @POTUS¨ on the new transatlantic data transfer agreement ” (see https://twitter.com/EU_EDPS/status/1507382700575010816)
Current (scant) information on the TADPF (ot TDPF) can be found at:
- EU Commission on TADPF (or TDPF) – https://ec.europa.eu/commission/presscorner/detail/en/FS_22_2100
- Whitehouse Fact Sheet on TADPF (or TDPF) – https://www.whitehouse.gov/briefing-room/statements-releases/2022/03/25/fact-sheet-united-states-and-european-commission-announce-trans-atlantic-data-privacy-framework/
- NOYB on TADPF (or TDPF) at https://noyb.eu/en/privacy-shield-20-first-reaction-max-schrems
.. and we should probably avoid “Privacy Shield 2.0” (to avoid bad luck)
.. and Schrems III (or 3) likely still to come.
ISO/IEC JTC 1/SC 27/WG 5 “Identity management and privacy technologies”
WG5 SD1 Roadmap
“Pseudonymisation is increasingly becoming a key security technique for providing a means that can facilitate personal data processing, while offering strong safeguards for the protection of personal data and thereby safeguarding the rights and freedoms of individuals. Complementing previous work by ENISA, this report demonstrates how pseudonymisation can be deployed in practice to further promote the protection of health data during processing.”
Overview of different national privacy laws
“In a complaint, filed by the Department of Justice on behalf of the Federal Trade Commission, the agency alleged that WW International, Inc., formerly known as Weight Watchers, and a subsidiary called Kurbo, Inc., marketed a weight loss app for use by children as young as eight and then collected their personal information without parental permission. The settlement order requires WW International and Kurbo to delete personal information illegally collected from children under 13, destroy any algorithms derived from the data, and pay a $1.5 million penalty.”
“Specifically, this special publication:
- describes the stakes and challenge of bias in artificial intelligence and provides examples of how and why it can chip away at public trust;
- identifies three categories of bias in AI — systemic, statistical, and human — and describes how and where they contribute to harms;
- describes three broad challenges for mitigating bias — datasets, testing and evaluation, and human factors — and introduces preliminary guidance for addressing them.”