The U.S. National Institute of Standards and Technology released its first report on age estimation software that could allow for online verification without affecting a person's privacy. The study looked at six age verification software offerings to determine their accuracy, which the NIST expects will improve with technological advances.Full story
The IAPP Research and Insights team and OneTrust analyzed the laws, policies and broader contextual history relevant to artificial intelligence governance in certain jurisdictions. The fourth analysis in the five-part series outlines the EU's keys to governing the strategic, technological and compliance landscape for AI governance.Full story
Italy's data protection authority, the Garante, issued guidance for protecting personal data from being scraped by artificial intelligence systems. The guidance is intended for data controllers publishing personal data. It includes potential mitigation and prevention measures, such as creating "reserved areas" to store personal data with access controls and instituting antiscraping terms of service for website use. Full story
U.S. Sen. Ron Wyden, D-Ore., asked the Federal Trade Commission and the Securities and Exchange Commission to investigate the cyberattack on UnitedHealth Group, The Detroit News reports. Wyden said the FTC and SEC must determine if UnitedHealth had the necessary safeguards in place after the data breach "caused substantial harm to consumers, investors, the health-care industry and U.S.
Spain's data protection authority, the Agencia Española de Protección de Datos, blocked Meta's election information services due to voter privacy concerns. The AEPD said it placed a three-month temporary ban on the services as a "precautionary measure" to prevent Meta from collecting and storing voters' sensitive personal data.Full story
The U.S. Senate Select Committee on Intelligence unanimously approved a bill amending Section 702 of the Foreign Intelligence Surveillance Act, The Record reports. The amendment would tighten the definition of "electronic communication service providers" that are compelled to provide the government information under a FISA warrant, which critics claimed was overly broad in the Section 702 renewal Congress approved in April.Full story
The Information and Privacy Commissioner of Ontario published guidelines on how public entities should consider privacy when contracting with third parties. The IPC touches on best practices during the procurement process and how to ensure proper documentation.Full story
As Transcend Field Chief Officer Ron De Jesus, CIPP/A, CIPP/C, CIPP/E, CIPP/US, CIPM, CIPT, FIP, AIGP, connects with chief privacy officers in companies and industries spanning the field and susses out "what keeps them up at night," he can really get in the weeds. Because he's been there. De Jesus tells IAPP Associate Editor Jennifer Bryant how his experience enhances his connections with leading privacy professionals. "I've walked the walk and I've talked the talk," De Jesus said.
While only a small number of jurisdictions have passed artificial intelligence-governance specific legislation, IAPP Principal Researcher, Privacy Law and Policy, Müge Fazlioglu, CIPP/E, CIPP/US, writes "the regulatory application of existing laws to the governance of AI technologies has happened at a much faster pace." Fazlioglu analyzed how data protection authorities are issuing guidance to help organizations apply privacy and data protection laws to their AI use.
Join the IAPP 30 May for a LinkedIn Live covering the potential implications stemming from the recent enactment of Colorado's landmark artificial intelligence law. The cross-sectoral legislation will require organizations to build out AI governance programs to mitigate potential discrimination in AI systems. The panel discussion aims to analyze obligations within the law and how provisions could set the bar for future U.S.