1. India to draft regulation for artificial intelligence,
India’s Minister of State for Skill Development and Entrepreneurship and Electronics and Information Technology Rajeev Chandrasekhar said the country is working on a draft regulation for artificial intelligence, The Times of India reports. Chandrasekhar said the draft law is anticipated to be released in early summer and will be designed to promote economic growth, mitigating risks and harms, and improve India’s global competitiveness.
2. Singapore’s Personal Data Protection Commission took two recent enforcement actions
The Commission has issued two Decisions and one Undertaking.
The first Decision resulted in a warning to a financial advisor for using dictionary attack methods to generate telephone numbers, failing to obtain clear and unambiguous consent, and failing to check the DNC Register before making marketing calls to DNC-registered individuals.
The second Decision imposed a financial penalty of $58,000 was imposed on Carousell for failing to put in place reasonable security arrangements to protect the personal data of its platform users in its possession or under its control.
3. South Korea’s Personal Information Protection Committee begins review of personal information processing policies
South Korea’s Personal Information Protection Committee began evaluating personal information processing policies under the country’s revised privacy protection law. The PIPC’s review will include how much and what kinds of personal information are processed, whether a company has the right to process that data and what penalties, if needed, will be assigned.
https://www.pipc.go.kr/np/cop/bbs/selectBoardArticle.do?bbsId=BS074&mCode=C020010000&nttId=9927#LINK
4. Hong Kong Office of the Privacy Commissioner conducts AI compliance checks
PCPD carried out compliance checks on 28 local organisations from August 2023 to February 2024 to understand their practices in relation to the collection, use and processing of personal data in the development or use of AI, as well as the AI governance structure of the relevant organisations.
- 21 organisations used AI in their day-to-day operations, which included using AI in data analysis, assessing interview performance of job candidates, and utilising chatbots to respond to customer enquiries, etc.;
- Among the 21 organisations, 19 of them established internal AI governance frameworks, such as setting up an AI governance committee and/or appointed designated officer to oversee the development or use of AI products or services;
- Only 10 out of the 21 organisations collected personal data through AI products and services.
https://www.pcpd.org.hk/english/news_events/media_statements/press_20240221.html
5. New Zealand’s Office of the Privacy Commissioner unveils privacy impact assessment toolkit
New Zealand’s Office of the Privacy Commissioner released a privacy impact assessment toolkit. The resource provides the six basic steps of conducting a PIA: Gathering all information, verifying the information against privacy principles, identify privacy risks, producing the PIA, take action, and reviewing and adjusting the PIA as necessary depending on the scope.
https://privacy.org.nz/publications/guidance-resources/privacy-impact-assessment-toolkit
6. OECD launches a group on AI, data and privacy collaboration
The Organisation for Economic Co-operation and Development launched a group focused on finding common ground between artificial intelligence, data and privacy policies. The group hopes to use its platform to bring together data governance and AI communities.
https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0449