Top News - Guidance on PI transfer to U.S. issued; ChatGPT vulnerability outputs training data
AI Act Q&A document released
An AI Act Q&A document has been released by the European Commission. This document is applicable to public and private entities using AI systems that affect EU citizens. The document outlines the use and development of AI for companies to refer to in order to comply with the AI Act. It covers topics such as the risk categories, definition of high risk systems, obligations of high risk system providers, biometric identification regulations, fundamental rights impact assessments, enforcement of the Act and more. Read more
Google Maps gives users increased control over their data
In the second week of December, Google Maps announced the introduction of new features that give users better control over their personal geolocation data. With the new features, users will be able to delete their activity such as their searches, places they’ve visited and directions. Users can also easily check their location controls by clicking the blue dot on the map, the same dot that indicates the users current location. Read more
Prescription information given to police without warrant
An inquiry by Congress found that the prescription records of American patients were handed to law enforcement agencies by pharmacy chains without a warrant. The pharmacy chains in question were CVS Health, Kroger and Rite Aid. Lawmakers are now pushing for stricter rules so that sensitive medical records are released to law enforcement with a warrant and the customers knowledge. Lawmakers also found that of all the retailers they surveyed, only Amazon Pharmacy informed customers when law enforcement requested their information. Read more
ChatGPT vulnerability exposes training data
Google DeepMind and other university security researchers found that asking ChatGPT to repeat particular words forever lead to a breakdown on the part of the technology. The prompt results in the chatbot repeating the word a few hundred times but then starts producing nonsense output. This output, however, contains identifiable information like email addresses, and other contact information. The amount of personally identifiable training data output depends on the word prompt chosen. Read more
Guidance on PI transfer to the U.S. released by ICO
Article 46 of the U.K GDPR has been used to issue guidance for entities planning to transfer PI to the U.S. This guidance was issued by the U.K. Information Commissioner’s Office and covers areas like conducting transfer risk assessments (TRAs), relying on an Article 46 transfer mechanism, when TRA is required, what it must cover, DSIT analysis, using DSIT analysis to conduct TRA and more. Read more
Comentarios