The many faces of AI

Recently, Italy’s Data Protection Authority imposed a fine of €20 million on Clearview, and banned any further processing of citizens’ facial biometrics.

Clearview has also been the target of regulatory action in the UK, France, Australia and Canada. The UK ICO conducted a thorough investigation into Clearview’s processing of personal data in cooperation with the Office of the Australian Information Commissioner culminating in ordering the company to stop processing data. In France, the DPA has taken similar action.

Although the company has been heavily criticised for not having an adequate legal basis for its processing, now in Ukraine this facial recognition technology has been used to identify Russian soldiers that have died in Ukraine. While the power of AI can be advantageous in reuniting refugee families or identifying the dead, what happens if the database falls into the wrong hands?

I would be interested in hearing how your company is reacting to the war in terms of data transfers to and from Russia, and processing operations in both countries. Please let me know if you can share your experience with PL&B readers.

There is now positive news regarding the EU-US data transfer situation – the parties have announced that they have agreed, in principle, a new framework. The teams of the US Government and the European Commission will now continue their cooperation with a view to translate this outline arrangement into legal documents that will need to be adopted on both sides to put in place this new Trans-Atlantic Data Privacy Framework. For that purpose, these US commitments will be included in an Executive Order that will form the basis of the Commission’s assessment in its future adequacy decision, the EU says. Both sides want to avoid a Schrems III banning judgement from the Court of Justice of the European Union.

This is welcome progress as it is expected that the final agreement will be ready this Spring. In the meantime, another three US states, Colorado,Virginia and Utah have adopted data privacy laws (the California Consumer Privacy Act was adopted in 2018).

Internationally, Professor Graham Greenleaf reports on 12 new data privacy laws in 2021/22, including the more recent ones in Oman, Sri Lanka and the United Arab Emirates.

Laura Linkomies
Editor, Privacy Laws & Business

April 2022