|
|
 |
We are going to have a markup when we come back in July.
– Sen. Maria Cantwell on the APRA
|
|
|
Welcome to Snippets 👋 Despite the abrupt cancellation of the scheduled APRA markup in late June, Sen. Maria Cantwell of Washington is bullish that a markup will occur before the Senate Commerce Committee adjourns on August 2.
Plus, AT&T confirms it paid over $370,000 in ransom following a breach that exposed the data of over 100 million customers, lawmakers are divided after a Senate hearing on AI regulation, a complex surveillance apparatus is unfolding in France ahead of the Paris Olympics, and more.
|
|
|
|
|
Cantwell promises an APRA markup
|
 |
|
Bill Clark/CQ Roll Call file photo
|
Senate Commerce Committee Chair Sen. Maria Cantwell aims to advance the American Privacy Rights Act (APRA) with a markup scheduled before the August congressional recess, despite the bill's setbacks in the House.
|
- Industry sources claim the House version, which is sponsored by Rep. Cathy McMorris Rodgers, was delayed due to opposition from Republican leadership.
- In preparation for the upcoming markup, the Senate Committee has already made amendments to the bill in an attempt to address industry and advocacy group concerns.
- Despite Cantwell’s support, the bill still needs to find a path through the sticky issues of preemption, private right of action, and an exemption for small businesses.
|
|
|
|
|
|
|
5 takeaways on shaping the EU AI Act with Dan Nechita
|
|
As the industry’s first Field Chief Privacy Officer, Ron De Jesus is on a mission to connect with privacy leaders and policymakers to untangle the complexities of privacy and AI governance across various sectors.
Sitting down together in Brussels, the epicenter of EU law-making, Ron and Dan Nechita, Head of Cabinet for Dragos Tudorache, explored how the EU AI Act was crafted and where privacy professionals should focus as this law goes into force.
|
|
|
|
|
|
|
|
AT&T paid hacker group over $370,000 in ransom
|
 |
|
Pau Barrena/Getty Images
|
Last Friday, AT&T announced a breach affecting nearly 100 million customer records. It’s now come to light that the telecom provider paid hacker group ShinyHunters over $370,000 in exchange for deleting the stolen data.
|
- The time and details of the exchange was shared with WIRED, who confirmed a payment of 5.72 bitcoin ($373,646) on May 17.
- Though the initial ransom demand was $1 million, ShinyHunters eventually agreed to a third of that amount—providing AT&T with video evidence of the data being deleted.
- The breach has sparked lawmakers’ scrutiny, as well as a class-action lawsuit alleging that AT&T hasn’t been transparent about the “nature and extent of data security lapses impacting its customers.”
|
|
|
|
|
|
|
|
Legislators divided on AI regulation after Senate hearing
|
 |
|
Ivy Liu
|
Last week's Senate hearing on AI regulation ended with lawmakers divided—some feel the risks posed by AI merit broad legislation, while others argue that further regulation would hurt small businesses and hinder innovation.
|
- Sen. Maria Cantwell of Washington favors broad legislation—introducing the bipartisan COPIED Act, which would grant publishers and artists the right to sue for IP theft and instate limitations on AI training.
- Citing a restaurant in her home state, which takes reservations based on customer income, Cantwell cautioned that AI makers could, among other missteps, misuse personal data to charge customers differently for the same product.
- Lawmakers on the other side of the table argue that narrow laws geared towards addressing specific issues would be more effective, with less negative consequences for small businesses.
|
|
|
|
|
|
|
|
- Apple’s Safari privacy ad spotlights browser surveillance.
- How recent Supreme Court rulings affect privacy regulation.
- Mall of America under scrutiny for using facial recognition.
- Google is looking to acquire cloud security provider Wiz.
- IAPP’s privacy reading list for summer 2024.
|
|
|
|
|
|
AI mass surveillance at Paris Olympics sparks concerns
|
 |
|
|
Under newly enacted French laws, the 2024 Paris Olympics will be heavily surveilled using AI and other advanced technologies, sparking concerns over privacy violations despite heightened security justifications.
|
- France’s extended surveillance measures include AI video systems, wiretapping, and legal amendments enabling extensive data collection and analysis.
- Critics argue these measures constitute a surveillance overreach under the guise of Olympic security, potentially normalizing broader state surveillance practices.
- Despite assurances, questions remain about the transparency and potential biases of these new systems, including whether or not they conform with privacy requirements under the GDPR.
|
|
|
|
|
|
|
|
Google’s Gemini AI can read users’ private files
|
 |
|
|
A Gemini user discovered that the Google-owned AI chatbot could gain unauthorized access to documents saved in Google Drive after it summarized a PDF containing information on his tax returns.
|
- After discovering the breach, the user tried to change his privacy settings, but the process was so complex that even the chatbot couldn’t point him in the right direction.
- When he did eventually find the relevant setting, he found the toggle to block access was already turned on. He then concluded that once Gemini is granted access to one file, it can access all files of a similar format.
- Though the accessed data is end-to-end encrypted, meaning it isn’t stored or used to train the chatbot, the incident still raises a privacy red flag.
|
|
|
|
|
|
|
Reduce AI risk with Transcend's new assessment template
|
|
The EU AI Act was recently finalized—meaning companies building and deploying AI products should start working towards compliance now. If your company is developing or deploying a high-risk AI tool, placing guardrails around the process will be key.
To support compliance with the EU AI Act, Transcend has added an additional assessment template that includes coverage for AI system classification, conformity assessments, and more. Explore this new template with our latest guide!
|
|
|
|
|
|
|
|
|
Snippets is delivered to your inbox every Thursday morning by Transcend. We're the platform that helps companies put privacy on autopilot by making it easy to encode privacy across an entire tech stack. Learn more.
|
|
|
|
|
|
|
|
|
