The AI, Privacy and Security Agency

The AI Privacy and Information Security Agency Bulletin: November 2023

AuthorNiamh Libonatti-Roche
Date07/12/23

Bulletin

Hi,  

It’s been a big month for AI, Privacy and Information Security – with so many important moments it felt like the perfect opportunity to start writing a bulletin, for specialists and non-specialists alike, to summarise the news of the month.

Each month’s issue will include headline news summaries under the headings of AI, Privacy and Information security. We will also include short summaries of our own articles, opinions from our specialists and a fun game on one of our company themes: AI, privacy, or information security.

Enjoy this month’s bulletin,

The AI Privacy and Security Agency

AI

Bletchley AI Summit

The month started off with a bang when the UK hosted the world’s first AI Safety Summit.

At the event, nation states agreed to the “Bletchley Declaration on AI safety” that sets out the “potential for serious, even catastrophic, harm, either deliberate or unintentional, stemming from the most significant capabilities of these AI models.”, as well as the huge opportunity that AI represents for humanity.

They agreed that there is a need for international collaborative action to realise these benefits and fully mitigate these risks.

The Summit led China, US, Europe, and UK to agree to collaborate on AI safety and regulation. South Korea and France agreed to host two further summits over the coming year.

See our full article on this topic here:

Bletchley Artificial Intelligence Summit

Executive Order on AI sets up basis for new Privacy Era in the US

The Executive Order on AI focused largely on the creation of a safe network of development and deployment of AI tools in the US and set the groundwork for future legal developments on AI. However, in the EO the US Government also committed itself to developing a bipartisan, national data privacy legislation that protects all Americans privacy equally.

2023 has seen many state led initiatives to introduce privacy laws, however, these vary in the protection offered which has led to a patchwork in terms of Privacy protection in the US. However, if a bipartisan act consistency from state to state and US citizens rights would be more completely ensured.  

With rapid Privacy Law development in the US and this new national Privacy Law on the horizon, those working or conducting business in or with the US should stay up to date with developments.

See our summary of the US Executive Order on AI here:

US Executive Order on Artificial Intelligence

EU AI Act: Will it happen?

During discussion on the AI Act at EU Parliamentary level representatives from Germany, Spain, and Italy abruptly left discussions. It was later revealed that this was because of a divergence of opinion between attendees on the appropriate mechanism for regulating foundation models.

Since this, the EU AI Act seems to be back on track for December 6th discussions of the Act’s future as Germany, Spain and Italy have published a paper detailing what they believe the approach should be. The paper states that:

  • Mandatory self-regulation through Codes of Conduct
  • No sanctions/penalties for non-compliance
  • But commitment by providers of all sizes to these initiatives

Is the preferred approach to foundation model regulation expressed by these parties.

OPENAI: A tumultuous month

Earlier in November, OpenAI announced its creation of a new marketplace that enables users to select personalised AI “apps” or “GPTs” to perform tasks for the user. . This announcement signalled a desire by the company to expand its commercial offering and that they have edged closer to offering “digital assistants” who perform all computer based everyday tasks for the user.

The month has however, ended with the sudden sacking of Sam Altman – OpenAi’s CEO with the board citing it had “lost confidence” in his abilities to lead. Days later, Sam Altman was reinstated as CEO and the board partly changed.

UK state testing and £300 million invested into AI Supercomputers

The UK has committed to a state run and organised testing programme to ensure the safety of AI tools developed and sold in the UK. To enable this and provide additional resources to researchers and developers, the UK government has also trebled its proposed investment into supercomputers- from £100 million to £300 million. This move has been made in hopes that the regulatory environment can be supported fully, and its longevity assured as AI models become more powerful and sophisticated.

Privacy News

Featured page image

Data Protection and Digital Information Bill: Report Stage

On November 29th, 2023, Government sat to discuss the 240 proposed amendments to the Data Protection and Digital Information Bill. The sheer number of amendments have led the bill to be described as having “more baubles on it than the proverbial Christmas tree”. While many of the amendments were merely minor language changes or nuances to technical detail. Others had the potential to majorly impact:

  • Data subject rights,
  • The ICO
  • International Data Sharing
  • Data Preservation Obligations
  • The Use of Biometric Data
  • UK-EU Adequacy

To see our full article analysing the recent changes made do the DPDI after the report stage click below:

Report Stage Summary DPDI Bill

To see our full article analysing the contents of the DPDI click below:

Data Protection and Digital Information Bill

Italy investigates data gathering for training AI

The Italian Data Protection authority has opened an investigation into whether websites deploy “adequate measures” against scrapping of personal data to train AI, and thus sites compliance with the GDPR. Following this investigation action against parties found to not be compliant is highly likely.

Prince Harry and Elton John can take case against Daily Mail publisher to trial.

Prince Harry, Elton John and 5 other celebrity claimants have succeeded in bringing a case against ANL for invasions of their privacy and serious breaches of their rights spanning a 30-year period.  ANL, who publishes the Daily mail and mail on Sunday, has always denied involvement in unlawful practices. The trial is likely to take place in 2025, and could see important developments in UK privacy law similar to those that followed the phone tapping case against Rupert Murdoch and News of the World in 2006.

Facebook owner Meta faces EU ban on targeted advertising

The EUDPB announces that it has adopted an “urgent binding decision to impose a ban on the processing of personal data for behavioural advertising on the legal bases of contract and legitimate interest across the entire European Economic Area”.

Meta have responded by stating that it would give the option of consent to EU/EEA users and that further it will introduce a subscription model to comply with regulatory requirements. Whether a subscription model constitutes compliance with the EUDPB’s and is unacceptable as it demands that users “pay for the right to privacy”.

Meta’s failure to comply, could lead to a fine of 4% of their annual turnover.

EU issue deadline on Child Protection to YouTube, TikTok and others:

The EU gave YouTube TikTok and others until November 30th to respond and explain measures put in place to protect children on the platforms to achieve compliance with the EU’s new “Big Tech: Digital Services Act”.  Meta and Snapchat were given til December 1st to do the same.

Based on the assessment of the replies, the Commission will assess next steps.

Meta bans use of generative AI tools and requires disclosure for Political Ads

This month Meta announced that by political advertisers and those in other regulated professions are banned from using generative AI tools developed by them. Furthermore, it announced that where AI (or another digital altering method) is used in political, social or election related advertisements on Facebook and Instagram the publisher will have to disclose that it has been used to viewers and further confirm whether the events depicted are real or fictional.  

Information security

North American grid regulator tests physical, cyber security preparedness

The biggest ever test of the North American grid has been undertaken to ward of physical and cyber attacks that could have disastrous consequences in the US. The tests come following a report by NERC earlier this year that warned of increasing threat and perilous consequences.

EU Cyber Resilience Act – Siemens and others claim it may disrupt supply chains.

The proposed European Commission Cyber Resilience Act would require manufacturers to assess the cybersecurity risks of their products and take measures to fix problems for a period of five years or through the expected lifetime of the products.

However, industry group DigitalEurope have made a statement claiming that the proposed rules were too onerous and could lead to widescale supply chain disrupted.

AI Generated Image or Not?

The purpose of this game is to try to work out which pictures were generated by AI and which ones were the work of a human.

Comment below or get in touch and in next months issue we’ll reveal the stats!

Picture A
Picture B
Picture C
Picture D
Picture F

Posted

in

, , ,

by

admin

Tags:

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *