CDP Institute

Italy’s Garante, one of the EU’s most proactive regulators, has fined the country’s second largest bank, UniCredit, and has launched an investigation of a new OpenAI product. The €2.8 million (~US$3.1 million) UniCredit fine, which the bank plans to appeal, is in response to a 2018 data breach that may have impacted thousands of customers. The OpenAI Sora investigation is to clarify how the new algorithm, which creates short videos from text instructions, is trained, to understand what data it will collect, and to determine compliance with EU regulations.

The European Data Protection Supervisor (EDPS), which oversees EU institutional privacy compliance, found the EU Commission in violation of GDPR through its use of Microsoft 365. This includes neglecting to implement adequate safeguards for data transfer and failing to specify types and purposes for personal data collection. Corrective measures will include suspension of data flows to Microsoft and its affiliates in non-EU/EEA countries that lack adequacy decisions, and aligning data processing with regulations.

Singapore has issued guidelines for deterministic AI system use tying in with its Personal Data Protection Act (PDPA). The guidance, which is not legally binding, clarifies how the PDPA will apply when organizations use personal data to train AI.

A four-year study of cybersecurity, privacy, trust and bias issues in femtech, the data related to women’s health, wellness and sexuality, found sensitive information is often not adequately safeguarded and is sometimes intentionally leaked. Multi-disciplinary research teams based at Royal Holloway, Newcastle University, the University of London and ETH Zurich focused on laws in the UK, EU, and Switzerland. They found women’s health protection underserved in large part because many of the devices and apps used in femtech are not considered “medical,” so fall outside protective guidelines.

A survey of 1,000 parents in the US conducted by Cox Mobile, a division of Cox Communications found that 56% of parents reported their children kept location data sharing accessible on their mobile apps, and 31% of parents said their kids had been contacted on their device by a stranger. More than a third of parents said the stranger referenced their child’s location.

Concerns center around the company’s processing of biometric data.