Data Protection Leader Magazine | July 2023
Data Protection Leader is the bi-monthly magazine from OneTrust DataGuidance featuring interviews with some of privacy’s top voices as well as expert insight and analysis on trending topics in data protection, cybersecurity, and beyond.
In this issue, Sean Musch and Michael Borrelli from AI & Partners, and Charles Kerrigan from CMS London discuss the Draft EU AI Act and how organizations can prioritize privacy in line with the act. We also feature an article looking at new whistleblowing legislation in Germany with Tobias Neufeld and Sebastian Gutzeit from ARQIS, while Bart Huffman and Haylie Treas, from Holland & Knight LLP profile the state of Texas. Akinkunmi Akinwunmi from Paragon Advisors explores AI recommender systems through the lens of the NDPA in Nigeria. This issue also features interviews with Fabrizio Venturelli, Global DPO at Workday, and Goli Mahdavi, Attorney at Bryan Cave Leighton Paisner LLP.
Four truths about the Data Privacy Framework
In this issue’s editorial, Eduardo Ustaran, Partner at Hogan Lovells discusses recent developments involving the EU-US Data Privacy Framework.
“The only remaining question about the DPF that nobody can answer with absolute certainty is whether it will survive any eventual scrutiny by the Court of Justice of the European Union (CJEU). What is a lot more certain is that the appetite for that scrutiny remains, and while European regulators cannot directly challenge the validity of the Commission's adequacy decision, it only took 24 hours for Max Schrems himself to confirm that a legal challenge would be brought.”
Prioritizing privacy under the EU AI Act
Sean Musch and Michael Borrelli from AI & Partners, and Charles Kerrigan from CMS London, explore the contents of the EU AI Act, the next steps for its implementation, and recommended best practices for companies to consider in order to remain compliant.
“As the EU intends to lead the way with safe, secure, and trustworthy AI, it has put forward an entirely new body of law that aims to place ethical issues such as human oversight of automated machines at its core. To draw a parallel, the EU AI Act promises to have the same impact on interacting with AI as the General Data Protection Regulation (GDPR) had on personal data. While the EU did not lead the world in AI, it is a pioneer in regulating and ensuring human-centered AI development, which is something that can give the EU an edge on AI innovation."
Getting to know the new whistleblowing legislation
Tobias Neufeld and Sebastian Gutzeit from ARQIS, discuss the recently introduced Whistleblower Protection Act, which came into effect on July 2, 2023, and the implementation of the EU Whistleblower Protection Directive in Germany.
“Employers are now under the challenge to not only comply with this new German whistleblowing legislation but also to navigate the pitfalls, especially with regard to data protection, all while optimizing the opportunities and utilizing synergies under this new body of law.”
Exploring AI recommender systems through the NDPA
Additionally, Akinkunmi Akinwunmi, Partner at Paragon Advisors, gives an overview of the AI recommender system and the associated privacy concerns through the lens of the Nigerian Data Protection Act.
“Considering the widespread adoption of AI recommender systems across online stores, streaming services, and social media platforms, the expectation was that the NDPA would have a specific part or section that addresses the privacy concerns above, but the NDPA does not explicitly cover AI recommender systems.”