Chinese gale from Ireland, Dorito hurricane from the States, and Earl Grey tea storm from the UK may combine for an “explosive cyclogenesis” over international data transfers (again).

Electricity, internet, running water, and the EU-USA data bifrost—things life doesn’t necessarily owe you, even if you take them for granted.

While we wait for the hammer to fall, let’s go over our weekly updates.

You are reading ZERO PARTY DATA. The newsletter on current affairs, technopolies, and law by Jorge García Herrero and Darío López Rincón.

In the few spare moments this newsletter leaves us, we enjoy solving complex issues related to personal data protection. If you’ve got one of those, give us a little wave. Or contact us by email at jgh(at)jorgegarciaherrero.com.

🗞️News from Dataworld 🌍

.- The €530 million fine imposed by Ireland on TikTok for data transfers to China should go in the “Very-coffee-drenched documents” section. The problem is that they haven’t deemed it appropriate to publish the actual decision yet.

We’ll have to settle for the DPC’s press release and infographic. In the near future, we’ll see how deeply they delved into the issue of TIAs and unsafe countries (specifically identified as highly unsafe in that report commissioned by the EDPB).

.- The (second-to-)last complaint filed by NOYB hits squarely on one of those elephants in the room that, despite being hidden in plain sight, everyone ignores: the serious and numerous violations stemming from placing our children's data on Big Tech educational platforms—particularly Google and Microsoft. Public administrations are cheerfully signing contracts—which are far from free—and even if they were, they come at a very high cost in terms of the privacy of a vulnerable group: underage students. Vadym Honcharenko summarizes here a few issues that cry to the heavens: as usual, these platforms swallow all the data as processors, but then act as “spontaneous” controllers (i.e., they use this data for multiple purposes that serve their own interests, not those of the actual controllers—namely, the school or the respective Department of Education). And yet, they wash their hands and pass the buck to these “controllers” when someone complains.

.- A textbook case of using detailed prompts in generative AI for advertising campaigns, via Mando Liussi.

.- A bold proposal by Przemyslaw Palka: let privacy policies be as long as they need to be; we’ll just have to find ourselves a Rumpelstiltskin to read them and check if they’re compliant.

.- PayPal Launches Offsite Ads, Unlocking the Power of Transaction Data Off-Platform. Let me translate that into plain language: PayPal is going to start selling our data.

.- The Italian Garante opens a public consultation on the “Pay or Okay” model. Before delivering a slap masked as tough love, the authority acknowledges it wants to see whether the industry can propose viable technical and operational alternatives. The first impulse would be to say a fine is in order for stretching consent too far, but we’ll see if anything useful comes from this. In today’s world, anything could happen.

💀Death by Meme🤣

📄Very-coffee-drenched data documents☕️

.- We spotted something interesting from Alberto Casaseca on AI risks, via MIT. There's a mega Excel file detailing a structured AI risk domain, ready to download and explore bit by bit. But there’s also an additional resource: the database of “AI incidents.”

It’s always useful to have access to an updatable repository of the messes GAFAM get into in this field.

.- The EDPB issues an opinion on another meteor headed for the “country” of international data transfers. Everyone’s focused on the US DPF, but we’re overlooking the similar path the UK might follow with its Data (Use and Access) Act (“DUA”). In this case, the EDPB simply states that it agrees with the six-month extension of the adequacy decisions with the UK (they were set to expire in June this year), but it’s also a reminder not to lose sight of the issue. Oh, and a gentle nudge to the Commission to make sure there’s nothing too dodgy in the UK’s legal framework for now.

🤖Robots.txt or the AI stuff

.- Another scary infographic on global AI regulations and standards, in the same vein as the one we shared earlier about all the newly minted EU regulations.

.- No surprise here: AI models routinely lie when honesty conflicts with their goals.

.- FPF and OneTrust have published the Updated Guide on Conformity Assessments under the EU AI Act. That’s that.

.- Next week, I’ll be giving a webinar on autonomous AI agents, and I’ve been reading some cool stuff like this piece by Philip M.

.- Alba Ribera from UC3—whom you might remember for churning out DMA papers like there’s no tomorrow—has launched her own YouTube channel. In this video, she explores the intersection of the GDPR, AI Act, and DMA, summarizing one of her papers.

🙄 Da-Tadum-bass

.- Mom, I swear IT WASN’T ME. BELIEVE ME.

If you think someone might like—or even find this newsletter useful—feel free to forward it.

Compartir

If you miss any document, comment, or bit of nonsense that clearly should have been included in this week’s Zero Party Data, write to us or leave a comment and we’ll consider it for the next edition.

Deja un comentario