Securiti Ranked #1 DSPM Vendor by GigaOm

View

Global AI Regulations Roundup: Top Stories of September 2024

Contributors

Anas Baig

Product Marketing Manager at Securiti

Muhammad Ismail

Assoc. Data Privacy Analyst at Securiti

Syed Tatheer Kazmi

Associate Data Privacy Analyst, Securiti

CIPP/Europe

Salma Khan

Data Privacy Analyst

CIPP/Asia

Usman Tariq

Data Privacy Analyst at Securiti

CIPP/US

Rohma Fatima Qayyum

Assoc. Data Privacy Analyst

Securiti has initiated an AI Regulation digest, providing a comprehensive overview of the most recent significant global developments, announcements, and changes in the field of AI regulation. Our website will regularly update this information, presenting a monthly roundup of key activities. Each regulatory update will include links to related resources at the bottom for your reference.

North and South America Jurisdiction

1. California Senate Passes AB 1008, Expanding CCPA to Cover AI Models and Neural Data

Date: 30th August, 2024
Summary: The California Senate has passed AB 1008, amending the California Consumer Privacy Act (CCPA) to include AI models and neural data as personal information. The bill redefines "personal information" to cover abstract digital formats, including AI systems. It also clarifies that biometric data collected without consumer consent is not "publicly available." Consumers can now exercise privacy rights over AI models trained on their personal data, requiring businesses to respond to requests for access, deletion, or correction. This could pose significant compliance challenges, especially for large AI models, due to the need for retraining within 90 days. Read more.

EU Jurisdiction

2. Spanish Data Protection Authority Publishes Blog On Probabilistic Methods & Their Limitations

Date: 3rd September, 2024
Summary: The Spanish Data Protection Authority (AEPD) has published a blog on probabilistic methods and GDPR compliance. In the blog, the AEPD emphasized the importance of accuracy and effectiveness in these methods, mainly concerning personal data.

To ensure this, organizations must only use reliable sources and accurate inferences and the processing methods must undergo the necessity test to guarantee their effectiveness. Simultaneously, the AEPD has highlighted the likelihood of false negatives, false positives, and prediction errors within the probabilistic methods that may affect their accuracy and effectiveness.

The AEPD quotes an example of age verification where age should be confirmed via a trusted source such as an ID card rather than predictions through facial features or voice, which may also violate GDPR provisions due to inaccuracy. Data controllers must rely on accurate and effective verification methods on a case-to-case basis to avoid excessive data collection and operations. More importantly, the AEPD does advise using alternative methods to address these challenges. Read more.

3. Council of Europe Adopts World's First International Legally Binding Agreement on AI

Date: 5th September, 2024
Summary: The Framework Convention on Artificial Intelligence and Human Rights, Democracy, and the Rule of Law has been signed by the European Commission and adopted by the Council of Europe, making it the first legally binding international agreement on AI. The Commission will implement the convention within the EU through the AI Act, ensuring a unified approach to AI regulation and promoting a safe and trustworthy AI environment. Read more.

4. Dutch Data Protection Authority's Investigation Finds Severe Notification Requirements' Violations

Date: 6th September, 2024
Summary: The Dutch Data Protection Authority (AP) investigated 53 major data breaches that affected 10 million people, concluding that none of the organizations complied with the relevant notification requirements relating to notifying affected individuals. Hence, the AP has provided recommendations for effective notification messages, including the use of clear language, a description of the leaked data and breach, an explanation of the consequences and advice, a description of intended measures, and a contact point for questions

The AP has also suggested using easy-to-understand language that avoids legal jargon, is well structured with subheadings and lists, translated into the victim's language, and provides warning messages during ongoing investigations. By doing so, users affected by data breaches can be informed in a timely, clear, and understandable manner. Read more.

Asia Jurisdiction

5. ANPD Publishes Yearly Update On Completed Projects & Possible AI Regulation

Date: 9th September, 2024
Summary: The Brazilian Data Protection Authority (ANPD) published its audit report on its regulatory agenda for the year 2023-24. The report provides information on the ANPD's projects completed within this period in the following areas:

Specifically for AI, the ANPD has started a project to analyze the regulatory alternatives for using personal data by AI systems that comply with the General Data Protection Law (LGPD). The report also concludes that the ANPD initiated all the projects scheduled for the reporting period. Read more.

Securiti's AI Regulation round is an invaluable resource for staying ahead of the latest global developments in the AI industry. Our commitment to timely updates ensures that you have access to crucial information and a better understanding of the evolving AI regulatory landscape.

The team has also created a dedicated page showcasing 'An Overview of Emerging Global AI Regulations’ worldwide. Click here to delve deeper and learn more about the evolving landscape of global AI regulations.

Junte-se à nossa Newsletter

Receba todas as informações mais recentes, atualizações de leis e muito mais na sua caixa de entrada


Compartilhar

Videos

Spotlight Talks

Spotlight 53:37

Protegendo dados sensíveis em qualquer lugar com o DSPM da Securiti!

UDC Democast: Inteligência de Dados sensíveis em Multi Cloud Híbrida e SaaS
Assista Agora View
Spotlight 57:14

UDC Democast: Inteligência de Dados sensíveis em Multi Cloud Híbrida e SaaS

UDC Democast: Inteligência de Dados sensíveis em Multi Cloud Híbrida e SaaS
Assista Agora View
Spotlight 56:47

Democratize seus dados sem comprometer sua segurança e privacidade

Democratize seus dados sem comprometer sua segurança e privacidade
Assista Agora View
Spotlight 28:50

Proteção de Dados Pessoais e Sensíveis

Proteção de Dados Pessoais e Sensíveis
Assista Agora View
Spotlight 1:06:28

Dia Internacional da Privacidade de Dados Portugal

Dia Internacional da Privacidade de Dados Portugal
Assista Agora View
Spotlight 53:33

Dia Mundial da Privacidade – Securiti Brasil

Proteção de Dados Pessoais e Sensíveis
Assista Agora View

Latest

Automating EU AI Act Compliance View More

Automating EU AI Act Compliance: A 5-Step Playbook for GRC Teams

Artificial intelligence is revolutionizing industries, driving innovation in healthcare, finance, and beyond. But with great power comes great responsibility—especially when AI decisions impact health,...

Gencore AI Customers Can Now Securely Use DeepSeek R1 View More

Gencore AI Customers Can Now Securely Use DeepSeek R1

Enterprises are under immense pressure to use Generative AI to deliver innovative solutions, extract insights from massive volumes, and stay ahead of the competition....

Navigating Data Regulations in India’s Telecom Sector View More

Navigating Data Regulations in India’s Telecom Sector: Security, Privacy, Governance & AI

Gain insights into the key data regulations in India’s telecom sector and how they impact your business. Learn how Securiti helps ensure swift compliance...

Best Practices for Microsoft 365 Copilot View More

Data Governance Best Practices for Microsoft 365 Copilot

Learn key governance best practices for Microsoft 365 Copilot to ensure security, compliance, and effective implementation for optimal business performance.

5-Step AI Compliance Automation Playbook View More

EU AI Act: 5-Step AI Compliance Automation Playbook

Download the whitepaper to learn about the EU AI Act & its implication on high-risk AI systems, 5-step framework for AI compliance automation and...

A 6-Step Automation Guide View More

Say Goodbye to ROT Data: A 6-Step Automation Guide

Eliminate redundant obsolete and trivial (ROT) data with a strategic 6-step automation guide. Download the whitepaper today to discover how to streamline data management...

Texas Data Privacy and Security Act (TDPSA) View More

Navigating the Texas Data Privacy and Security Act (TDPSA): Key Details

Download the infographic to learn key details about Texas’ Data Privacy and Security Act (TDPSA) and simplify your compliance journey with Securiti.

Oregon’s Consumer Privacy Act (OCPA) View More

Navigating Oregon’s Consumer Privacy Act (OCPA): Key Details

Download the infographic to learn key details about Oregon’s Consumer Privacy Act (OCPA) and simplify your compliance journey with Securiti.

Gencore AI and Amazon Bedrock View More

Building Enterprise-Grade AI with Gencore AI and Amazon Bedrock

Learn how to build secure enterprise AI copilots with Amazon Bedrock models, protect AI interactions with LLM Firewalls, and apply OWASP Top 10 LLM...

DSPM Vendor Due Diligence View More

DSPM Vendor Due Diligence

DSPM’s Buyer Guide ebook is designed to help CISOs and their teams ask the right questions and consider the right capabilities when looking for...

What's
New