In late January 2024, Hong Kong’s privacy watchdog, the Personal Data Privacy Commission (“PCPD”) raided six premises of Worldcoin, a cryptocurrency initiative co-founded by Sam Altman, that requires an iris scan from clients for identification purposes and also for earning tokens. The PCPD conducted an investigation into Worldcoin’s operations, suspecting that its sensitive personal data (i.e. iris information) collection practices might infringe the Personal Data Privacy Ordinance (Cap. 486).Read More
By Claude-Étienne Armingaud & Sophie Verstraeten
The Information Commissioner’s Office (ICO) recently launched a consultation series on how data protection laws should apply to the development and use of generative AI models (“Gen AI”). In the coming months, the ICO will publish further views on how to interpret specific requirements of UK GDPR and Part 2 of the DPA 2018 in relation to Gen AI. This first part of the consultation focusses on whether it is lawful to train Gen AI on personal data scraped from the web. The consultation seeks feedback from stakeholders with an interest in Gen AI.Read More
Effective immediately, the Federal Communications Commission (FCC) banned AI-generated phone calls with its recent Declaratory Ruling (the Ruling). Known as audio or voice “deepfakes,” AI can be trained to mimic any person’s voice, resulting in novel scams such as grandparents receiving a call from their “grandchild” and believing they have been kidnapped or need money for bail. FCC Commissioner Starks deemed such deepfakes a threat to election integrity, recalling that just recently, “potential primary voters in New Hampshire received a call, purportedly from President Biden, telling them to stay home and ‘save your vote’ by skipping the state’s primary.”Read More
On 9 January, 2024, the Federal Trade Commission (FTC) issued its first settlement prohibiting a data broker from sharing or selling sensitive location data, and required deletion of all location data collected deceptively. The FTC alleged that X-Mode Social (“X-Mode”), and Outlogic, LLC (“Outlogic”), X-Mode’s successor firm, failed to implement reasonable and appropriate safeguards on the use of such information by third parties. X-Mode/Outlogic collected personal information, including location data via its mobile applications, which it would then sell to third parties.Read More
The Federal Trade Commission (FTC) issued a first-of-its-kind proposed order prohibiting Rite Aid Corporation from using facial recognition technology for surveillance purposes for five years.
The FTC alleged that Rite Aid’s facial recognition technology generated thousands of false-positive matches that incorrectly indicated a consumer matched the identity of an individual who was suspected or accused of wrongdoing. The FTC alleged that false-positive matches were more likely to occur in Rite Aid stores located in “plurality-Black” “plurality-Asian” and “plurality-Latino” areas. Additionally, Rite Aid allegedly failed to take reasonable measures to prevent harm to consumers when deploying its facial recognition technology. Reasonable measures include: inquiring about the accuracy of its technology before using it; preventing the use of low-quality images; training or overseeing employees tasked with operating the facial recognition technology; and implementing procedures for tracking the rate of false positive matches.Read More