On 1 and 2 November 2023, world leaders, politicians, computer scientists and tech executives attended the global AI Safety Summit at Bletchley Park in the UK. Key political attendees included US Vice President Kamala Harris, European Commission President Ursula von der Leyen, UN Secretary-General António Guterres, and UK Prime Minister Rishi Sunak. Industry leaders also attended, including Elon Musk, Google DeepMind CEO Demis Hassabis, OpenAI CEO Sam Altman, Amazon Web Services CEO Adam Selipsky, and Microsoft president Brad Smith.
Day 1: The Bletchley Declaration
On the first day of the summit, 28 countries and the EU signed the Bletchley Declaration (“Declaration”). The Declaration establishes an internationally shared understanding of the risks and opportunities of AI and the need for sustainable technological development to protect human rights and to foster public trust and confidence in AI systems. In addition to the EU, signatories include the UK, the US and, significantly, China. Nevertheless, there are notable absences, most obviously, Russia.
Continue reading “Bletchley Park AI Safety Summit 2023”
On 19 September 2023, the UK Parliament passed the Online Safety Bill (“OSB”). The OSB aims to protect individuals from illegal online content and focuses on the protection of children by requiring the removal of content that is legal but harmful to children. For example, social media platforms will be required to act rapidly to prevent children from viewing illegal material, or content that is harmful to them, such as pornography, online bullying, and the promotion of suicide, self-harm or eating disorders. The definition of illegal content covers content that is already unlawful under existing legislation, such as terrorism, hate speech and child sexual exploitation, and introduces new offences relating to more recent online phenomena such as revenge pornography, and ‘upskirting’ and ‘downblousing’ images. This is one of the most significant pieces of UK legislation post-Brexit and shows a distinctly UK approach to online harms, which businesses operating globally will need to comply with. This will need to be reviewed in parallel with the EU Digital Services Act, which has similar goals in making Europe a safe online environment.
A date for Royal Assent (when the OSB will become law) is expected shortly. The OSB’s wide scope makes it likely to result in implementation problems and potential challenges resulting from the impact the OSB is likely to have on freedom of expression and personal privacy. The underlying principles of the OSB are very different to those familiar with US laws and the constitutional protections for free speech. The risks of non-compliance will be significant, with extremely high potential fines of up to 10% of a company’s global revenue.
Continue reading “The UK’s Online Safety Bill – Implications for US and International Businesses”
On 10 July 2023, the European Commission adopted its long-awaited adequacy decision for the EU-U.S. Data Privacy Framework (the DPF). With immediate effect, the adequacy decision provides a new lawful basis for transfers from the EU to the U.S. This means that companies that participate in the DPF are able to transfer data from the EU to the U.S. without relying on another data transfer mechanism, such as Standard Contractual Clauses (SCCs) or binding corporate rules (BCRs).
Background to the Adequacy Decision
Pursuant to Article 45(3) of the GDPR, the European Commission has the power, by means of an adequacy decision, to decide that a non-EU country has sufficient standards of data protection to be treated as equivalent to those afforded in the EU.
Continue reading “The European Commission Adopts Adequacy Decision on EU-U.S. Data Privacy Framework”
Yesterday, the Irish Data Protection Commission (DPC) issued Meta Platforms Ireland Limited with a EUR 1.2 billion (approximately 1.3 billion U.S. dollar) fine for breaches of the GDPR with respect to EU-U.S. personal data transfers associated with its Facebook service. Meta Ireland has also been ordered to suspend all Facebook-related personal data transfers from the EU to the U.S., and to bring the processing of any previously transferred data into compliance.
Continue reading “Meta Fined EUR 1.2 Billion for Violating GDPR”
On 4 May 2023, the European Court of Justice (CJEU) delivered its highly anticipated judgement in Österreichische Post (Case C-300/21) on a crucial issue: the extent to which data subjects affected by a breach of the GDPR have a right to compensation for non-material damage under Article 82 GDPR.
The underlying case arose from a data subject in Austria seeking 1,000 EUR ($1,009) in compensation for alleged non-material damages arising from Österreichische Post’s processing of his personal data for the purposes of political advertising. The individual had not consented to the processing and claimed that he felt offended by the fact that an affinity to a certain political party was attributed to him, alongside feelings of great upset, loss of confidence and exposure caused by the retention of his data on these supposed political opinions.
Continue reading “Österreichische Post: The CJEU Specifies the Requirements for Compensation for Breaches of the GDPR”
On 11 May 2023, the European Parliament Internal Market and Consumer Protection (IMCO) and Civil Liberties, Justice and Home Affairs (LIBE) committees voted by a large majority to adopt a compromise position on the draft text of the proposed AI Act. The AI Act is a landmark legislative proposal set to be one of the first and most significant set of rules on artificial intelligence. This compromise text approved by the Committees makes some key changes to the European Commission’s initial draft of the AI Act, outlined below.
Continue reading “The AI Act Progresses Ahead With Approval of Key European Parliament Committees”