The headliner for 2024 data governance may be the EU's AI Act, so let's explore it after the draft text was leaked earlier this week
View in browser

Data Privacy Happenings 📰

Hello from MineOS's monthly newsletter, The Privacy Mindset! 👋

 

Just a few days before Data Privacy Day on January 28, we want to wish you all a Happy Data Privacy Week!

 

The day does not get the attention it deserves with how important data privacy actually is to our day-to-day lives and interactions on the internet, but 2024 serves as a reminder that the privacy community still has a ways to go in raising awareness and knowledge of the issues that we all face daily on the internet.

 

Given the state of both tech and data privacy regulations, staying up-to-date with everything happening is the first step in proper data governance management, which brings us to what will surely be one of 2024's biggest stories, the EU AI Act.

 

The landmark legislation is moving along, so reporter Luca Bertuzzi released the full text--all 892 pages of it--earlier this week to the public. 

 

If you'd like to read it, UK Law Firm Digiphile released a consolidated (and much easier to read) version here.

 

Suffice to say, first reactions to the full text are not glowing. Many have noted strange wording, bloated definitions, and generally overly complex language that will make the bill extremely difficult to enforce. 

 

Some have compared it to the unorganized nature of the original draft of the GDPR, which has had enforcement problems persist until today. It seems the EU is dead set on running before walking, and although that is admirable given how far technology is already ahead of regulation, banking it all on an ineffective law will not slow down the rate of technological progression or necessarily guarantee safe AI.

 

Although the draft has been labeled as the "final draft" that EU members will vote on, there is still time for member states to offer technical feedback and make changes. That reality is still not good enough for some, as France is attempting to build a blocking minority against the bill.

 

The chances they succeed are low, but overall public enthusiasm for this specific law is certainly lower than it was this time last week, even with good ideas such as national privacy sandboxes and mandatory AI watermarking for generative AI inside the draft.

 

If technical review does not sure up the issues of practicality in the AI Act, it may be doomed to fail.

Put Your 💰 Where Your 🤑 is

Here's your chance to test your privacy knowledge and win a $25 Amazon gift card!

 

Just respond to this email with your answer and we'll draw one winner from those who answered it correctly within the first 24 hours!

 

Which U.S. state data privacy regulation does not require Opt-In before processing sensitive data?

A) Texas                B) Montana                    C) Utah                     D) Oregon

 

Product Spotlight 🔦

2024 is going to be a big year for the MineOS platform and risk assessments at-large within the privacy community, so perhaps the key upgrade made to the platform last month was to develop our own AI to better understand risks inherent to data systems.

 

Previously, potential risks were only displayed in their own section of the platform, but now in-line risks and suggestions are included directly in your Data Inventory alongside the respective data source.

 

This change will make risk management more intuitive and accessible, showing users which risks are highest and why to enable quicker decision-making and more effective risk mitigation strategies.

 

Data Source Risks & Suggestions

Regulation Focus 🔬

New Jersey Data Privacy Law SB332 Section 9.9

"A controller shall  ... not conduct processing that presents a heightened risk of harm to a consumer without conducting and documenting a data protection assessment of each of its processing activities that involve personal data acquired on or after the effective date of [this legislation]."

 

New Jersey became the 14th state to pass comprehensive data privacy regulation on January 16 when Governor Murphy signed SB332 into law (acronym still TBD, as SB332 surely lacks a ring to it). 

 

The law features numerous shake-ups that split from widely established American data privacy norms, and thus will be one of the more consequential ones to watch unfold before it takes effect in January 2025. 

 

While it is big that NJ becomes just the third state to include Attorney General rulemaking, the two most important parts of the bill are its expansion of the scope of universal opt-out mechanisms to also recognize profiling (never before seen in the U.S.) and the section above, stating the requirement to conduct DPIAs before processing data.

 

While the change to universal opt-outs might end up the more impactful aspect, that is a whole can of worms, so check out deeper coverage of what it could mean here.

 

As far as Data Protection Impact Assessments, specifying that they must be completed before processing is a bold move that will push companies to conduct DPIAs at a more frequent rate than ever before. 

 

Considering states like Iowa and Utah don't even require impact assessments, New Jersey pushing the issue is likely to end up as a notable win for the culture of privacy in corporate America. 

Founder's Corner 🎙️

CPO & co-founder Kobi Nissan

 

Q: With the continuous evolution of AI technologies, how can enterprises maintain compliance management to stay ahead of regulatory changes?

 

A: I think it all starts with knowledge and preparation. You can't manage compliance or adequately fulfill requirements like impact assessments if you don't have full visibility over your entire data stack, if you don't have a single source of data truth, and most companies don't have that.

 

We have some amazing companies as clients, but even for them, when they go about data discovery and classification with MineOS, they find dozens and dozens of data sources they didn't know about. 

 

If you have those holes in your oversight before AI governance even begins to play a larger role in the organization, you're going to struggle immensely once employees are actively using those AI systems. 

 

That's why putting together a proper data map and having a smart, continuous data mapping tool is going to prove vital for companies in the next year or two. 

Webinars & Events 📅

MineOS has a busy 2024 conference slate ahead, with stops across Europe and the U.S.! 

 

Our first stops?

  • IAPP Data Protection Intensive in London on February 28-29
  • PrivSec+GRC Connect in London on March 12-13

Let us know if you'll be there to catch up or book a slot in advance to guarantee some face time!

 

Talk about

data privacy

with us:

press@mineos.ai 

flybook

How did you like this month's issue?

Let us know
footer

SayMine Technologies Ltd., 94 Igal Alon st., Alon 1, Tel Aviv, Israel, 6789155

Unsubscribe Manage preferences