Securiti has initiated an AI Regulation Digest, providing a comprehensive overview of the most recent significant global developments, announcements, and changes in the field of AI regulation. This information will be regularly updated on our website, presenting a monthly roundup of key activities. Each regulatory update will include links to related resources at the bottom for your reference.
North and South America Jurisdiction
1. Consumer Financial Protection Bureau Approves Rule Banning Using of AI Appraisal Tools
Date: 24th June, 2024
Summary: The Consumer Financial Protection Bureau (CFPB) announced the approval of a rule on Quality Control Standards for Automated Valuation Models. The rule will be applicable to any algorithmic appraisal tools used when buying or selling a house, such as automated valuation models (AVM) that allow mortgage originators and secondary market issuers to determine the collateral value of a mortgage. All regulated mortgage originators and secondary market issuers will be required to adopt policies, procedures, and control systems to ensure the AVMs adhere to specified quality control standards when providing credit decisions or covered securitization determinations. Read more.
2. California Civil Rights Council Seeks Public Comments On Regulation To Prevent Employment Discrimination From AI
Date: 26th June, 2024
Summary: The California Civil Rights Council proposed and then requested public comments on its regulation meant to prevent any employment discrimination as a result of AI algorithms and other automated decision-making systems. Among other things, the proposed regulation aims to clarify that the use of such automated decision-making tools is a violation if it harms employees, affirm that such tools should not replace the requirements set for individualized assessment when assessing employees’ prior criminal record, and clarify that third parties are prohibited from aiding and abetting any discrimination via the design, sale, or use of such an automated decision-making system. Read more.
EU Jurisdiction
1. Austrian Data Protection Authority Provides Guidance On GDPR-AI Act Overlaps
Date: 1st June, 2024
Summary: The Austrian Data Protection Authority (DSB) issued guidance on the interplay between the GDPR and the newly adopted EU AI Act. The DSB emphasizes that AI will affect several aspects of fundamental technologies that overlap with those identified in the GDPR. The roles and responsibilities of the data protection authorities, controllers, and processors will remain unchanged. The DSB provided further clarity on automated decisions that have legal effects on individuals or significantly affect them in a similar manner, such as the automatic approval of loans or online hiring processes without human intervention. Lastly, the DSB stressed that the responsibility of proving the lawfulness of personal data processed by AI lies with the controller. Read more.
2. EDPS Issues Guidelines On Using Generative AI In Compliance with EU Data Protection Laws
Date: 4th June, 2024
Summary: The European Data Protection Supervisor (EDPS) issued its guidelines on GenAI titled, “Generative AI and the EUDPR: First EDPS Orientations for ensuring data protection compliance when using Generative AI systems”. The guidelines aim to help EU institutions comply with the relevant data protection laws while continuing to leverage GenAI tools. Per the guidelines, EU organizations may use GenAI services for public services as long as relevant GDPR provisions are met. Additional monitoring and controls are recommended throughout the AI lifecycle, while web scraping of personal data is discouraged. The Data Protection Officers (DPOs) are tasked with ensuring GenAI systems are adopted in a regulatory-compliant manner as well as conducting Data Protection Impact Assessments (DPIA) when high-risk processing is involved. Lastly, the guidelines clarify that usage of GenAI tools does not equate to automated decision-making. Still, systems that provide decision-making information from automated profiling or individual assessments may be subject to relevant GDPR provisions. Read more.
3. Spain Strengthens Child Protection In Digital Environments With New Legislation
Date: 5th June, 2024
Summary: The Spanish Ministry of the Presidency, Justice, and Relations with the Cortes has announced a new draft law meant to protect minors in digital environments. The law aims to protect minors’ rights within the digital sphere, particularly the rights to privacy, honor, image, personal data protection, and access to age-appropriate content. Other key provisions will include a national strategy to protect children online, awareness campaigns, early detection and prevention of digital-related pathologies, and specialized care. Manufacturers will be mandated to develop devices with in-built parental controls and risk labeling. At the same time, video-sharing platforms and influencers will have to provide complaint channels to report harmful content. Additionally, large operators and influencers will have obligations related to protecting minors’ information online with hefty sanctions for non-consensual AI-image generation. Lastly, the law will raise the age of consent to 16. Read more.
4. “Wikipedia Is Subject To GDPR”: The Guarantor Rules
Date: 7th June, 2024
Summary: The Guarantor for the Protection of Personal Data has established that Wikipedia’s processing of personal data is subject to the GDPR as well as the relevant rules on journalistic activity and expression of thought. This decision comes after the Wikipedia Foundation refused to delete an article related to a judicial matter. Despite its arguments that it is not subject to the GDPR, the Guarantor ruled that it is, owing to its intentional targeting of the European market. The Guarantor has now ordered the article to be de-indexed to protect the individual’s privacy. Read more.
5. Meta confirms It Will Stop Using User Data From EU and UK To Train Its AI Models
Date: 17th June, 2024
Summary: Meta officially confirmed that UK and EU users’ data will not be used to train its AI models. The announcement comes after a lengthy discussion between the Data Protection Commission (DPC) and Meta after Meta notified its users that it would be able to use their publicly available content on Instagram and Facebook to train its AI models. Meta had used the “legitimate interest” justification under GDPR for this purpose. It had to amend and eventually suspend these plans after several complaints were made against Meta by NOYB (None Of Your Business). Read more.
6. Meta Will Not Use Swiss User Data For Training AI Models
Date: 24th June, 2024
Summary: Meta reiterated its assurances to the Federal Data Protection and Information Commissioner (FDPIC) that Swiss Facebook and Instagram users' data will not be used to train its AI. The FDPIC had previously requested this assurance in writing after Meta had already announced the suspension of the project for EU and EEA users. This comes after Meta had earlier announced it would be using adult data to train its AI with effect from 26 June 2024. Read more.
Asia Jurisdiction
7. New Australia Bill Criminalizes Transmission of Non-Consensual AI-General Sexual Materials
Date: 5th June, 2024
Summary: The Attorney General recently announced the Criminal Code Amendment (Deepfake Sexual Material) Bill 2024 to Parliament. The Bill presents significant amendments to the existing laws while creating new offenses aimed at curtailing the harm caused by new AI-generated sexual material as well as deepfakes. Among the new offenses include six years imprisonment for transmitting non-consensual sexual material as well as seven years for aggravated offenses by those who create or alter such material or are repeated offenders per the Online Safety Act 2021. Read more.
8. Hong Kong Privacy Commissioner’s Officer Releases New Framework on AI Usage
Date: 11th June, 2024
Summary: The Privacy Commissioner’s Office released the Artificial Intelligence: Model Personal Data Protection Framework on June 11, 2024. The framework has been designed to address various complexities that may arise related to using AI in compliance with global privacy laws. The critical recommendations of the framework center around establishing a coherent AI strategy and governance, regular risk assessments, appropriate customization of AI models, and consistent communication and engagement with key stakeholders. Read more.
Securiti's AI Regulation round serves as an invaluable resource for staying ahead of the latest global developments in the AI industry. Our commitment to providing timely updates ensures that you have access to crucial information and a better understanding of the evolving regulatory landscape in the field of AI.
The team has also created a dedicated page showcasing 'An Overview of Emerging Global AI Regulations’ around the world. Click here to delve deeper and learn more about the evolving landscape of global AI regulations.
