Intelligent CISO Issue 59 | Page 49

There is a growing focus on Artificial Intelligence and the role of personal data used to train AI .

T

There is a growing focus on Artificial Intelligence and the role of personal data used to train AI .

The European Union Agency for Cybersecurity ( ENISA ), recently published its report on how cybersecurity technologies and techniques can support the implementation of the General Data Protection Regulation ( GDPR ) principles when sharing personal data .
“ In an ever-growing connected world , protecting shared data is essential if we want to generate trust in the digital services ,” said Juhan Lepassaar , Executive Director of the EU Agency for Cybersecurity . “ We therefore need to rely on the technologies at hand to address the emerging risks and thus find the solutions to best protect the rights and freedoms of individuals across the EU .”
Data today is at the heart of everything and central to our economy – it has therefore been coined as the new currency . No transactions or activity can be performed online nowadays without the exchange and sharing of data . Organisations share information with partners , analytic platforms , public or other private organisations and the ecosystem of shareholders is increasing exponentially . Although we do see data being taken from devices or from organisations to be shared with external parties in order to facilitate business transactions , securing and protecting data should remain a top priority and adequate solutions implemented to this end .
Since the GDPR legislation was brought into force in May 2018 , government bodies have been coming down hard on organisations failing to comply . Last year , European data regulators issued € 2.92 billion ( US $ 3.10 billion /£ 2.54 billion ) in GDPR fines since January 28 , 2022 – a 168 % increase on the previous year – according to global law firm , DLA Piper .
The organisation has published the 2023 edition of its annual GDPR and Data Breach survey revealing total fines issued for a wide range of GDPR infringements and the league table of fines issued by country since January 28 , 2022 . The survey covers all 27 Member States of the European Union , plus the UK , Norway , Iceland and Liechtenstein .
FEATURE
Among the largest fines levied were those against Meta Platforms Ireland Ltd . ( Meta ) demonstrating that social media and its reliance on extensive processing of personal data , have been a particular focus of regulatory action . Several of the largest fines imposed against Meta this year by the Irish DPC relate to Facebook and Instagram ’ s behavioural profiling of users and whether the lawful basis of ‘ contract necessity ’ can be used to legitimise the mass harvesting of personal data . While the Irish DPC originally concluded that this was possible , the influential European Data Protection Board disagreed . The resulting fines raise serious questions about the grand bargain struck between consumers and service providers and how ‘ free ’ online services will be funded going forward . Given what ’ s at stake , DLA Piper expects these decisions to be appealed and years of subsequent litigation .
The survey also reveals a year which saw the volume of data breaches notified to supervisory authorities decrease slightly against the previous year ’ s total . The average daily total dropped from 328 notifications per day to 300 per day this year . This may in part be a sign that organisations are becoming more wary of notifying data breaches to regulators for fear of investigations , fines and compensation claims .
While personal data issues around advertising and social media have dominated headlines this year , there is a growing focus on Artificial Intelligence and the role of personal data used to train AI . Most prominently this year , multiple investigations into facial recognition company , Clearview AI , took place following complaints by digital rights organisations , including Max Schrems ’ organisation , My Privacy is None of your Business ( NOYB ), with several fines issued . As AI and Machine Learning ( ML ) platforms continue to become more ubiquitous , the survey predicts more regulatory investigations and enforcement for the year ahead with a focus on both providers and users of AI .
The survey also reports some notable decisions made by data protection www . intelligentciso . com
49