France: CNIL publishes report on its role and privacy challenges during pandemic


On 21 January 2021, the French Data Protection Authority released its report on its activities during the coronavirus pandemic, in particular on the position of the regulator and on the challenges of personal data protection in times of crisis, in order to better educate professionals and individuals.

Press release:


Nederland: Dutch DPA issues Formal Warning to a Supermarket for its use of Facial Recognition Technology


The Dutch Data Protection Authority (DPA) has issued a formal warning to a supermarket for its use of facial recognition technology. Although the facial recognition technology has been disabled since December 2019, the supermarket wished to turn it back on.

Facial recognition technology uses biometric data to identify people. The use of facial recognition for security is prohibited in all but two situations.

The first is if the people have given explicit consent for their data to be processed. Here, although the owner of the supermarket claims customers had been warned that the store used facial recognition technology, the customers did not give explicit consent for this.

The other exception is if facial recognition technology is necessary for authentication or security purposes, but only in so far as substantial public interest is concerned. The supermarket claims that this is the case. The DPA considers that it is not.

Italy: Garante orders TikTok to stop processing user data when age is not ascertained


Further to the case of child drowning following a TikTok appeal, the Garante agreed to interfere and prohibit the processing of user data by TikTok if the age of the user has not been determined, taking into account the special security that should be given to children with regard to the protection of their personal data under the GDPR.

International: ASEAN publishes data management framework and model contractual clauses for cross-border data transfers


On 22 January 2021, the Personal Data Protection Commission of Singapore (‘PDPC’) reported that the Data Management Framework (‘DMF’) and Model Contractual Clauses for Cross Border Data Flows (‘MCCs’), two initiatives developed by the Working Group on Digital Data Governance chaired by Singapore, were approved by the ministers of the Association of Southeast Asian Nations (‘ASEAN’).

The PDPC emphasized, in particular, that the goal of the DMF and MCCs is to promote organizations and their use of data-related business processes, as well as to minimize negotiation and enforcement costs, while at the same time ensuring the security of personal data during cross-border data transfers.

Paper – Data and its (dis)contents: A survey of dataset development and use in machine learning research


Datasets have played a foundational role in the advancement of machine learning research. They form the basis for the models we design and deploy, as well as our primary medium for benchmarking and evaluation. Furthermore, the ways in which we collect, construct and share these datasets inform the kinds of problems the field pursues and the methods explored in algorithm development. However, recent work from a breadth of perspectives has revealed the limitations of predominant practices in dataset collection and use. In this paper, we survey the many concerns raised about the way we collect and use data in machine learning and advocate that a more cautious and thorough understanding of data is necessary to address several of the practical and ethical issues of the field.

European Parliament – Resolution of 20 January 2021 on artificial intelligence: questions of interpretation and application of international law in so far as the EU is affected in the areas of civil and military uses and of state authority outside the scope of criminal justice


Last week, the European Parliament adopted a report on artificial intelligence, presented by Frenchman Gilles Lebreton, which emphasises the control and supervision function of humans, who must at all times be able to correct or disable AI systems in the event of unexpected behaviour.

Europe – EDPS Brochure: Shaping a Safer Digital Future


The EDPS presents its new brochure entitled Shaping a Safer Digital Future to inform the public on its role, tasks, and responsibilities as the European Union’s independent data protection authority.

The brochure also includes a snapshot of the EDPS 2020-2024 Strategy.


Opinion: We need a new era of international data diplomacy


By Rohinton P. Medhora:
“In the wake of this surge in “techno-solutionism”, the world needs a new era of data diplomacy to catch up. Big data holds great promise in improving health outcomes. But it requires norms and standards to govern collection, storage and use, for which there is no global consensus.  The world broadly comprises four data zones — China, the US, the EU and the remainder. The state-centric China zone, where individuals have no control over their personal data, is often portrayed as the poster child of the long-threatened Orwellian society”.

Study: medical devices using AI/ML are poorly regulated


From the Abstract: “There has been a surge of interest in artificial intelligence and machine learning (AI/ML)-based medical devices. However, it is poorly understood how and which AI/ML-based medical devices have been approved in the USA and Europe. We searched governmental and non-governmental databases to identify 222 devices approved in the USA and 240 devices in Europe. The number of approved AI/ML-based devices has increased substantially since 2015, with many being approved for use in radiology. However, few were qualified as high-risk devices. Of the 124 AI/ML-based devices commonly approved in the USA and Europe, 80 were first approved in Europe. One possible reason for approval in Europe before the USA might be the potentially relatively less rigorous evaluation of medical devices in Europe. The substantial number of approved devices highlight the need to ensure rigorous regulation of these devices. Currently, there is no specific regulatory pathway for AI/ML-based medical devices in the USA or Europe. We recommend more transparency on how devices are regulated and approved to enable and improve public trust, efficacy, safety, and quality of AI/ML-based medical devices. A comprehensive, publicly accessible database with device details for Conformité Européene (CE)-marked medical devices in Europe and US Food and Drug Administration approved devices is needed”.