The trouble with algorithms…

There’s never been a more exciting time to be in autonomous driving says Drago Anguelov  of Waymo in an interview with Morning Brew. “but over the next five years, the biggest challenge will be to continue evolving these systems to handle an ever-broader range of scenarios [including] the ability to robustly handle a set of challenging weather conditions, as well as different driving patterns across multiple cities and countries.”

“To achieve that, machine learning systems need to…make effective use of the significant driving experience we’ve gathered and simulated over the last decade,” he said.

“People started using algorithms to avoid difficult conversation,” says Cathy O’Neil of O’Neil Risk Consulting “But it’s going to be harder … as people start learning how to ask the questions that need to be asked.”

“It’s far too easy to blame ‘the algorithm’ when something goes wrong, but ultimately, humans must bear the responsibility for these decisions, and they must understand where the potential pitfalls lie,” says David Cox of IBM Watson lab

Read the full article in Morning Brew.

When the cookie’s away, the Connected TV (CTV) will play.

“With cookies going away, mobile identifiers being removed and the high pressure facing social platforms, I believe the CTV Device ID is going to become the center of the audience puzzle, providing the ability to link people and their devices in a secure way at the household level,”  says Publica Co-Founder and CPO Benjamin Antier in  AdExchanger.

“CTV provides the most secure tools for audience-based targeting because it is a “server-side” ecosystem. Once consent has been granted by the user, the app chooses which data points to send to the server. From there, no other application has access to the client to perform any data collection. The publisher is fully in control.”

“The true reason why $70 billion dollars are about to shift to the digital realm is because of the ability to inform buys with data that is no longer based on panels, but on secure, anonymized, privacy-compliant deterministic data.”

Read the full article in AdExchanger..

The European Union Agency for Cybersecurity (ENISA) and the Joint Research Centre of the European Commission (JRC) have issued a joint guidance on “Cybersecurity Challenges in the Update of Artificial Intelligence in Autonomous Driving.”

Key Points
  • Because autonomous vehicles use AI for many aspects traditionally handled by human drivers, the classic approach of “securing digital systems” is not sufficient. You must consider AI-specific issues in the context of the full supply chain involved in their development and integration with other automotive systems.
  • AI and Machine Learning are the keystone of highly-accessorized smart cars and will be the key for the next generation cars.
  • The most significant and well-known vulnerabilities and possible attack scenarios on AI models employed in AV’s involve computer vision techniques.
  • A crucial challenge is the right handling of edge cases, where an unknown situation outside of the training data distribution is encountered: e.g. ignoring a stop sign partially covered by snow.

The report analyzes common AI vulnerabilities in autonomous vehicles and recommendations to address them.

Read the full report.

“The Spanish Agencia Española de Protección de Datos – AEPD has launched the DIGITAL PACT FOR THE PROTECTION OF PEOPLE , an initiative that aims to promote a firm commitment to privacy in the sustainability policies and business models of organizations”

“Among the principles that are collected is to promote transparency so that citizens know what data is being collected and what it is used for, promote gender equality and the protection of children and people in vulnerable situations, or guarantee that the technologies avoid perpetuating biases or increasing existing inequalities, avoiding algorithmic discrimination based on race, origin, belief, religion or sex, among others”

“This initiative is aimed at strengthening the right to data protection while promoting innovation and sustainability.”

Details from AEPD.

Data ethics and targeted ads?

“According to the World Federation of Advertisers, 74% of CMOs say data ethics will be more important to their role in the next five years and issues around data collection and privacy have become top priorities during the COVID-19 pandemic.”

Additionally, a WFA survey last year of senior executives at some of the world’s biggest brand owners revealed that 82% would consider leaving their current employer if they felt the approach to data was not ethical, while 26% of the 147 respondents – representing companies spending a global total of $55 billion on marketing communications – have already felt uncomfortable about the use of data at some time during their careers.”

Details in this Ad Exchanger article.

“Germany will become a world leader in autonomous driving. We are setting the pace for this: With our new law, we are becoming an international pioneer and putting an end to cumbersome individual permits,” says German Federal Transport Minister Andreas Scheuer.

The proposed regulation, still requiring approval by the Bundestag and the Bundesrat, contemplates regulation of autonomous driving, including technical requirements, licensing, testing and data processing.

Meanwhile in the U.S., the California Consumer Privacy Act (CCPA) applies to data collected from vehicles as do the auto industry privacy principles and the upcoming legislation in Massachusetts  (the delayed amendment to the Right to Repair law), Washington State (Washington Privacy Act bill) and Virginia.

Details on the Germany’s proposed law from Auto Motor Sport.

North Dakota, Utah, Washington State. .. all three have recently introduced new pieces of data privacy legislation.

UTAH

Utah State Rep. Walt Brooks, has introduced House Bill 80, which creates an “affirmative defense” for companies in lawsuits over data breaches, provided they can prove that they maintain up-to-date data security.

“It doesn’t give them immunity and it doesn’t release them from liability especially if they’re negligent,” said Brooks.

Another bill introduced in the legislature regulates the state’s use of facial recognition technology.

House Majority Leader Francis Gibson, has introduced House Bill 243, which creates a statewide “privacy officer” to look at how state and local governments use some tech and whether or not people’s personal information is protected.

Details from Fox 13 in Salt Lake City

Continue Reading New Data Privacy Legislation Introduced in West, Mountain States

I discover with my little eye… a GDPR breach?

“Recent court rulings suggest that companies still face a Catch-22 when getting involved in U.S. discovery. There have been several cases … in which a party has objected to discovery based on GDPR concerns,” write Dr. Matthias Artzt and Gary D. Weingarden for IAPP – International Association of Privacy Professionals.

“The SchremsII decision makes U.S. discovery from EU sources even more fraught … parties are likely to find themselves with an unpleasant dilemma: Violate a U.S. court order or violate the GDPR or a different data protection law.”

Even when relying on an Art 49 derogation, “the bottom line is that the party disclosing personal data to the U.S. court needs to thoroughly assess its relevance to the particular matter before transferring the data,” they say.

To-do list:
  • assess necessity & document it
  • have a plan (policies and procedures)
  • review the Sedona conference guidelines
  • involve data protection counsel
  • involve your supervisory authority
  • see if Hague Convention mechanisms could work
  • get the requesting party to sign Standard Contractual Clauses
  • get indemnity

Details from the IAPP.

Assembly Bill 335 has been introduced in the California legislature to amend the California Consumer Privacy Act (CCPA) to include an exception for watercraft-related information.

The bill would expand the “vehicle information” exception, and states that if a vessel dealer shares vessel information or ownership information with a vessel manufacturer for the purpose of effectuating, or in anticipation of effectuating, a vessel repair covered by a vessel warranty or a recall, this would not be a sale under CCPA, provided that the new vessel dealer or vessel manufacturer with which that vessel information or ownership information is shared does not sell, share or use that information for another purpose.

The bill defines “vessel” as any watercraft, other than a seaplane on the water, used or capable of being used as a means of transportation on the water.

Read the full text of the bill.

Lawmakers in Oklahoma have introduced a new privacy bill.

The state’s new privacy bill imposes a duty of posting a detailed data privacy disclosure for the collection of personal information on a website. If passed, it will be effective November 2021.

Disclosure includes:

  • categories of personal information collected
  • specific pieces of personal information
  • purposes of the collection
  • business or commercial purpose of sale
  • categories of third parties with whom share the information (and if sold – then by category)
  • process for review or amending the information collected

Read the full text of the bill.