SypherPrivacyTalks - February 2024 - Week 8

by Sypher - February 20, 2024

Welcome to #SypherPrivacyTalks — Your news and article roundup. Bringing you the top privacy & compliance stories of the week.

Ransomware Attack Knocks 100 Romanian Hospitals Offline • 2 min read

πŸ’₯ A significant ransomware cyberattack has taken place against a service provider that serves multiple πŸ₯ hospitals in Romania.

The attack, which took place February 11/12, targeted the βš™οΈ Hipocrate Information System (HIS), a critical tool used by hospitals to manage medical activities and store patient data. The attack resulted in the encryption of the HIS database, rendering it inaccessible and offline.

While 26 hospitals have already been confirmed to have had their data encrypted by the attackers, 75 other healthcare organisations using HIS have also taken their systems πŸ“ offline as a precautionary measure while the incident is investigated.

It is not yet known what, if any, personal or medical information of patients was stolen during the incident.
News updates indicate that the situation has been resolved by most hospitals and that the National Cyber Security Authority has recommended tighter security measures.…  read more

Copyright provisions in the AI Act: generative AI, transparency, and data mining • 3 min read

πŸ“œThe direction of the new AI Act seems clear: to impose a new set of obligations on providers of general-purpose AI models, including in relation to copyright ©οΈ and data use.

Indeed, a provider wishing to enter the EU market will have to adopt new policies to comply with EU copyright law, or disclose a sufficiently detailed summary of the content used to train the model, amongst other provisions.

However, the AI Act does not address the scope of the TDM (text and data mining) exception under Article 4 EUCD, [which includes TDM for a purpose other than scientific research, including for commercial purposes].

Therefore, clarity will be needed on its proper scope (opt-out mechanism and scope of the right)... read more in this Lexology article by Hogan Lovells.

Artificial Intelligence Act: committees confirm landmark agreement • 3 min read

πŸ“œ Members of the European Parliament (MEPs) have endorsed at committee level the provisional agreement on the Artificial Intelligence Act on February 12.

The Internal Market and Civil Liberties Committees voted 71-8 (7 abstentions) to approve the result of negotiations with the member states on the Artificial Intelligence Act.

The next steps include formal adoption at a forthcoming plenary session of the European Parliament and final approval by the Council. 

The Act will be fully applicable 24 months after entry into force, with the exception of bans on prohibited practices, which will apply 6 months after entry into force; codes of conduct (9 months after entry into force); general AI rules, including governance (12 months after entry into force); and obligations for high-risk systems (36 months)... read more

CNIL priorities in 2024 • 3 min read

πŸ•΅οΈ Each year, some of the CNIL's inspections focus on priority topics it elects. In 2024, these topics will be:

  • Data collection for the Olympic and Paralympic Games - in view of the games being hosted by France this summer
  • Data collected online from minors - CNIL will be checking the applications and sites most popular with children and teenagers to see whether age control mechanisms have been implemented, what security measures are in place and whether the principle of data minimisation has been respected.
  • Loyalty programmes and electronic till receipts - special attention will be given to information shared with consumers and ensuring that consent is obtained before any data is re-used for advertising targeting purposes.
  • Data subjects' right of access - carrying out checks on the conditions under which data controllers implement the right of access.

Read more

Cookie banners of many sites continue to be unlawful • 2 min read

πŸͺ The Bavarian State Office for Data Protection Supervision has checked the cookie banners from around 1,000 websites and found numerous violations. 

About one third of the websites examined have been found without legally compliant cookie banners. Operators have been notified and have a chance to fix the errors before they face enforcement actions… read more

Additional information in the authority’s press release (in German).

Stay tuned for more by πŸ“Œ connecting with us on LinkedIn or, better yet, by subscribing to our weekly newsletter. We do our best to select the most interesting and relevant content in our field and deliver it to you in a bite-sized format, so you can stay up to date on topics such as Privacy Management & Compliance.