A new law is threatening the privacy of the European Union’s 447 million inhabitants. The CSA Regulation, proposed by European Commissioner Ylva Johansson, could undermine the trust we have in secure and confidential processes like sending work emails, communicating with our doctors, and even governments protecting intelligence. The regulation wants to routinely scan our private communications online using AI tools to look for the spread of child sexual abuse material. It does not matter if you are suspected of a crime or not, this scanning could include everyone — hundreds of millions of law-abiding European residents. ...

It’s five months since Elon Musk overpaid for a relatively small microblogging platform called, Twitter. The platform had punched about its weight in pure user numbers thanks to an unrivalled ability to both distribute real-time information and make expertise available. Combine these elements with your own critical faculty — to weed out the usual spam and bs — and it could feel like the only place online that really mattered. ...

By the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby ordered as follows: Section 1. Policy. Technology is central to the future of our national security, economy, and democracy. The United States has fundamental national security and foreign policy interests in (1) ensuring that technology is developed, deployed, and governed in accordance with universal human rights; the rule of law; and appropriate legal authorization, safeguards, and oversight, such that it supports, and does not undermine, democracy, civil rights and civil liberties, and public safety; and (2) mitigating, to the greatest extent possible, the risk emerging technologies may pose to United States Government institutions, personnel, information, and information systems. ...

Launched in March 2023, the EDPS is taking part in the European Data Protection Board’s (EDPB) Coordinated Enforcement Action on the role and tasks of data protection officers, alongside 26 data protection authorities of the EU and the European Economic Area (EU/EEA). Wojciech Wiewiórowski, EDPS, said: “The role of a data protection officer is crucial in ensuring that data protection law is applied within entities in the EU, and within EU institutions, bodies, offices and agencies (EUIs). By bridging the gap between EU data protection law and its practical application, data protection officers help to promote the effective protection of individuals’ privacy and personal data. Cooperating with the EDPB aims to facilitate the consistent and coherent application of data protection law, its principles, and good practices across the EU/EEA.” ...

The United States is no stranger to technological arms races, having spent much of the Cold War in a two-pronged one-upmanship effort against the Soviet Union to build bigger rockets and land those on the moon. Its rivalry now is with China, and the latest battleground is artificial intelligence. The United States is no stranger to technological arms races, having spent much of the Cold War in a two-pronged one-upmanship effort against the Soviet Union to build bigger rockets and land those on the moon. Its rivalry now is with China, and the latest battleground is artificial intelligence. ...

For nearly five hours, Congress members of the House Committee on Energy & Commerce grilled TikTok CEO Shou Zi Chew over concerns about the platform's risks to minor safety, data privacy, and national security for American users. “The American people need the truth about the threat TikTok poses to our national and personal security,” committee chair Cathy McMorris Rodgers (R-Wa.) said in her opening statement, concluding that “TikTok is a weapon.” Rodgers suggested that even for Americans who have never used the app, “TikTok surveils us all, and the Chinese Communist Party (CCP) is able to use this as a tool to manipulate America as a whole.” ...

Brazil’s Data Protection Agency clarifies what sanctions look like for violations of the country’s General Data Protection Law.[1] On Feb. 27, 2023, Brazil’s Data Protection Agency (ANPD) issued the [Regulation of Dosimetry and Application of Administrative Sanction](https://www.gov.br/anpd/pt-br/assuntos/noticias/anpd-publica-regulamento-de-dosimetria/Resolucaon4CDANPD24.02.2023.pdf) (Regulation), which details fines and other sanctions for violations of Brazil’s General Data Protection Law (LGPD) by applicable businesses.[2] The ANPD released the Regulation to encourage businesses to comply with LGPD before the agency begins applying penalties for noncompliance. This blog post describes the nine possible sanctions available to the ANPD, circumstances that could generate such sanctions, and considerations for businesses to reduce their risk of being penalized. ...

Today the European Commission adopted a decision to establish a High-Level Group on the Digital Markets Act (DMA). photo of a person holding a mobile phone with superposed icons of available services Copyright iStock photo Getty images plus In line with the requirements in the DMA, this group will be composed of 30 representatives nominated from the Body of the European Regulators for Electronic Communications (BEREC), the European Data Protection Supervisor (EDPS) and European Data Protection Board, the European Competition Network (ECN), the Consumer Protection Cooperation Network (CPC Network), and the European Regulatory Group of Audiovisual Media Regulators (ERGA). ...

**Diesel exhaust treatment software that shuts down below certain temperatures is illegal and such car owners are entitled to seek compensation, the EU’s top court said Tuesday (21 March), opening the door to a fresh wave of “dieselgate” suits.** The European Court of Justice (ECJ) said “the purchaser of a vehicle equipped with an unlawful defeat device has a right to compensation from the car manufacturer where that device has caused damage to that purchaser”. The judgement paves the way for a wave of fresh compensation claims against carmakers that equipped diesel cars with so-called “thermal window” software.

EDPS Opinion on the Proposal for a Regulation on European statistics on population and housing

The EU lawmakers spearheading the work on the AI Act pitched significant obligations for providers of large language models like ChatGPT and Stable Diffusion while seeking to clarify the responsibilities alongside the AI value chain. The AI Act is a flagship EU legislation to regulate Artificial Intelligence based on its capacity to cause harm. A big question mark in the negotiations of the legislative proposal is how to deal with General Purpose AI (GPAI), large language models that can be adapted for various tasks. The offices of the European Parliament’s co-rapporteurs, Dragoș Tudorache and Brando Benifei, shared on Tuesday (14 March) a first draft on this sensitive topic, proposing some obligations for the providers of this type of AI models and responsibilities for the different economic actors involved. General Purpose AI is an “AI system that is trained on broad data at scale, is designed for generality of output, and can be adapted to a wide range of tasks”. ...

EU lawmakers adopted their version of the Data Act with an overwhelming majority during a plenary vote at the European Parliament in Strasbourg on Tuesday (14 March). The Data Act is a landmark legislative proposal intended to remove barriers to the circulation of industrial data by regulating the rights and obligations of all the economic actors involved in sharing data from Internet of Things (IoT) products – connected devices capable of collecting and exchanging data. ...

The overall objective of the present document is to provide an overview of standards (existing, being drafted, under consideration and planned) related to the cybersecurity of artificial intelligence (AI), assess their coverage and identify gaps in standardisation. It does so by considering the specificities of AI, and in particular machine learning, and by adopting a broad view of cybersecurity, encompassing both the ‘traditional’ confidentiality–integrity–availability paradigm and the broader concept of AI trustworthiness. Finally, the report examines how standardisation can support the implementation of the cybersecurity aspects embedded in the proposed EU regulation laying down harmonised rules on artificial intelligence (COM(2021) 206 final) (draft AI Act).

This is our 100th Newsletter! Enjoy a trip down memory lane on EDPS history. Read about the EDPS piloting the use of Open Source software, our latest Opinions on Parenthood and equality bodies for equal treatment. In this edition, you can also find out about how we conduct investigation into EU institutions' activities with an impact on data protection. And, there is always more! ...

Find out how the DSA can make the online world safer and protect your fundamental rights. DSA text on a blue and purple background @EuropeanCommission Are you curious to know about how the EU protects you online? New rules introduced in the DSA will work to create a fairer and safer online world. There are many ways to spend time and find information online, whether you are connecting with friends, browsing social media or like three-quarters of the EU population, doing some online shopping. But, how confident are you of the sources you are buying from? Do you know why you are being recommended certain products? And what happens when our connections online turn sour, or if your content gets blocked on social media with no explanation? These are all questions that the European Union is addressing to make sure the digital world is safe and fair for all of us. ...

What is the European Digital Identity? The European Digital Identity (eID) enables the mutual recognition of national electronic identification schemes across borders. It allows EU citizens to identify and authenticate themselves online without having to resort to commercial providers. It also allows people to access online services from other EU countries using their national electronic identity card. ...

Che cos'è l'identità digitale europea? L'identità digitale europea (e-ID) permette la reciproca identificazione transfrontaliera dei sistemi di identificazione elettronica nazionali. Questo consente ai cittadini europei di identificarsi online senza doversi rivolgere a fornitori commerciali. L'identità digitale consente inoltre ai cittadini europei di accedere ai servizi online di altri Stati membri dell'UE tramite il semplice utilizzo della propria carta d'identità elettronica nazionale. ...

**The new compromise on the draft data law, seen by EURACTIV, further refines the protection of trade secrets and clarifies the relationship with data protection rules and the application of the cloud-switching provisions.** The Swedish presidency shared the sixth compromise text on the Data Act on Wednesday (8 March), with the view of discussing it on 14 March at the Telecom Working Party, a technical body of the EU Council. The Data Act is a flagship legislative proposal intended to regulate how data is shared, accessed and ported. If no significant opposition is raised next week, the presidency’s text will land on the Committee of Permanent Representatives (COREPER) table on 22 March. ...

In a closed-door meeting with EU lawmakers, the European Data Protection Supervisor criticised the proposal to fight Child Sexual Abuse Material as trying to mask breaches of fundamental rights. The European Data Protection Supervisor (EDPS), the authority responsible for advising EU institutions on privacy matters, took an outspoken, critical stance on the draft law in a joint opinion with the European Data Protection Board. When the European Commission published the proposal to fight the dissemination of Child Sexual Abuse Material (CSAM) in May, it was criticised as the legislation includes the possibility for judges to issue detection orders for interpersonal communication services. ...

NoName057 (16), il gruppo di hacker filorussi che lo scorso febbraio ha lanciato una serie di attacchi informatici ai siti web del Ministero dell’Interno, a quello del Ministero degli Esteri, a quello dei Carabinieri e a quelli di alcune società private, ha rivendicato anche l'attacco DDos, attualmente ancora in atto, ai danni dei siti web del Consiglio superiore della magistratura e del Ministero del lavoro e delle politiche sociali. A questi, proprio in questi minuti, si sarebbe aggiunto nuovamente quello dei Carabinieri. ...

Following a dialogue with EU consumer protection authorities and the European Commission (CPC network), WhatsApp committed to being more transparent on changes to its terms of service. Moreover, the company will make it easier for users to reject updates when they disagree with them, and will clearly explain when such rejection leads the user to no longer be able to use WhatsApp's services. Also, WhatsApp confirmed that users' personal data are not shared with third-parties or other Meta companies - including Facebook - for advertising purposes. The dialogue was coordinated by the Swedish Consumer Agency and the Irish Competition and Consumer Protection Commission and facilitated by the Commission. ...

Welcome to the XMPP Newsletter, great to have you here again! This issue covers the month of February 2023. Many thanks to all our readers and all contributors! ...

Benvenuti alla Newsletter XMPP, è un piacere avervi di nuovo qui! Questo numero copre il mese di dicembre 2022 e gennaio 2023. Questo è il primo numero dopo una meritata pausa invernale! Grazie a tutti i nostri lettori e a tutti i collaboratori! Come questa newsletter, molti progetti e i loro sforzi nella comunità XMPP sono il risultato del lavoro volontario delle persone. Se sei contento dei servizi e del software che stai usando, specialmente nella situazione attuale, per favore considera di dire grazie o di aiutare questi progetti! Sei interessato a sostenere il team della newsletter? Leggi di più in fondo. ...

Under the Digital Services Act (DSA), the Commission is empowered to impose a fee on providers under its supervision, which is expected to be levied for the first time in autumn 2023.  Today, the Commission has set the detailed rules and procedures for such supervisory fees to be levied. graphic representing a computer network iStock photo Getty images plus The delegated regulation aims to provide legal certainty to the service providers designated as Very Large Online Platforms (VLOPs) or Very Large Online Search Engines (VLOSEs) under the DSA. It specifies the methodology and procedures to calculate and levy the supervisory fee, provides further details on the calculation of the overall estimated costs to be covered with the levied fees and on the determination of the individual fees. ...

NATIONAL CYBERSECURITY STRATEGY MARCH 2023

The legislative initiative made its first appearance on Tuesday (28 February) in the updated version of the European Commission’s work programme but has been in the making for one year. Here is what to expect. In March 2022, with Europe still reeling from the news of Russia’s aggression in Ukraine, EU ministers gathered in Nevers, France, and discussed the idea of boosting European countries’ capacity to face large-scale cyber-attacks for the first time. ...

Proprietary SaaS plaforms like Sharepoint and MS 365 have become major cash cows, and on-premises solutions get discontinued across the tech sector to force customers into vendor-locked clouds. Organizations dealing with critical or sensitive data respond by looking to maintain their strategic autonomy by deploying on premises solutions. In collaboration with a number of European government organizations, the market leader in the open source, on-premises collaboration space today announces the expansion of it’s offering to provide a full SharePoint replacement, complete with migration services. Showing the strong trend towards digital sovereignty, the announcement comes shortly after the highest EU Data Protection authority, the EDPS, announced they deploy and recommend Nextcloud. ...

Artificial Intelligence (AI) promises to support humans daily, assist with routine tasks, and advance human knowledge. It has great potential to improve patient outcomes and healthcare systems. Alexander Olbrechts is Director Digital Health at MedTech Europe. AI solutions are found in wearables or imaging devices that help predict heart failures, continuously monitor glucose levels, skin cancer self-scanning solutions, or personalised apps that provide ad-hoc counselling to help change health-related behaviour. It is also used in robot-assisted surgeries and to optimise clinical trials by using real-world data in patient recruitment. A recent study commissioned by MedTech Europe showed that AI in healthcare could save around 400 000 lives annually and up to 200 billion Euros in Europe. ...

Parere 5/2023 sul progetto di decisione di esecuzione della Commissione europea sull'adeguata protezione dei dati personali nell'ambito del quadro normativo UE-USA sulla privacy dei dati dal Comitato Europeo per la protezione dei dati (CEPD) Abbiamo aggiornato con questo contenuto il nostro "Privacy Resource". (Documenti => Comitato Europeo per la protezione dei dati (CEPD) => Pareri) #EDPB #privacy #dataprotection #privacyresources

Opinion 5/2023 on the European Commission Draft Implementing Decision on the adequate protection of personal data under the EU-US Data Privacy Framework from the European Data Protection Board We updated with that content our "Privacy Resources" (Documents => European Data Protection Board - EDPB => Opinions) #EDPB #privacy #dataprotection #privacyresources

Il 27/2/2023 si è tenuto il [DMA stakeholder workshop on "Interoperability between messaging services"](https://competition-policy.ec.europa.eu/dma/dma-workshops/interoperability-workshop_en) e abbiamo partecipato online. Il focus dell'evento era specificamente l'art. 7 del DMA. È necessaria una breve premessa sul DMA. Il [Digital Markets Act (DMA)](https://eur-lex.europa.eu/legal-content/IT/TXT/?uri=CELEX%3A32022R1925&qid=1677576457306) è il "**REGOLAMENTO (UE) 2022/1925 DEL PARLAMENTO EUROPEO E DEL CONSIGLIO del 14 settembre 2022 relativo a mercati equi e contendibili nel settore digitale e che modifica le direttive (UE) 2019/1937 e (UE) 2020/1828 (regolamento sui mercati digitali)**". Il DMA, pubblicato il 12/10/2022 nella Gazzetta ufficiale dell’Unione europea, ai sensi dell'articolo 54, è entrato in vigore il 1/11/2022 e si applica **a decorrere dal 2 maggio 2023**. ...

On 2/2/2023, the [DMA stakeholder workshop on "Interoperability between messaging services"](https://competition-policy.ec.europa.eu/dma/dma-workshops/interoperability-workshop_en) was held, and we participated online. The focus of the event was explicitly Article 7 of the DMA. A brief background on the DMA is necessary. The [Digital Markets Act (DMA)](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32022R1925&qid=1677576457306) is the "**REGULATION (EU) 2022/1925 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of September 14, 2022 on fair and contestable markets in the digital sector and amending Directives (EU) 2019/1937 and (EU) 2020/1828 (Digital Markets Regulation)**." The DMA, published on 12/10/2022 in the Official Journal of the European Union, according to Article 54, entered into force on 1/11/2022 and applies **as of May 2, 2023**. ...

The Swedish presidency of the EU Council has circulated a new compromise text, obtained by EURACTIV, touching upon the relation with other EU laws, the notifying authorities, enforcement and penalties. The Cyber Resilience Act is a legislative proposal to introduce baseline cybersecurity requirements for connected devices going through the ordinary legislative process. The partial compromise results from the discussion held on 15 February in a meeting of the Horizontal Working Party on Cyber Issues, a technical body of the EU Council of ministers. The new document will be discussed at a technical meeting on Wednesday (1 March). The changes to the text are not particularly significant, signalling that the discussions in the Council might not be mature enough to tackle more sensitive issues like the delegated powers of the European Commission and the timeline for the regulation’s entry into force. ...

During its February plenary, the [EDPB adopted a procedure for the adoption of EDPB Opinions on national criteria for certification and European Data Protection Seals](https://edpb.europa.eu/our-work-tools/our-documents/procedure/edpb-document-procedure-adoption-edpb-opinions-regarding_en). This document is addressed to all applicants of certification criteria and aims to streamline and facilitate the adoption of EDPB Opinions on certification criteria by clarifying the approval process of national and EU-wide certification criteria, as well as criteria for certification meant as tools for international transfers. More precisely, this document introduces all the steps that the Data Protection Authorities (DPAs) need to take from the moment they receive the criteria from the scheme owners to the moment they communicate to the EDPB Chair whether they intend to follow the EDPB Opinion. ...

Da dove passa la sanità nostrana? Alla faccia di tutti i portali regionali, fascicoli sanitari, autenticazioni a due fattori con [Spid (a rischio)](https://www.macitynet.it/spid-scade-aprile/) e Cie, per non parlare del Gdpr e delle altre normative speciali, l’app critica per far parlare medici e pazienti sono le chat di app sulle quali non c’è nessun controllo statale o possibilità di verifica. È tutto in mano a Meta, che è la proprietaria di Whatsapp, e in piccola parte a Telegram e Messenger.

The encrypted-messaging app Signal has said it would stop providing services in the UK if a new law undermined encryption. If forced to weaken the privacy of its messaging system under the Online Safety Bill, the organisation "would absolutely, 100% walk" Signal president Meredith Whittaker told the BBC. The government said its proposal was not "a ban on end-to-end encryption".

If you want to stay up to date on data protection, privacy, and cybersecurity news, you can follow our Privacy community in the [#Fediverse](https://mastodon.nicfab.it/tags/Fediverse) [@privacy](https://community.nicfab.it/c/privacy) and our Telegram channel [https://t.me/nicfabnews](https://t.me/nicfabnews) [\#dataprotection](https://mastodon.nicfab.it/tags/dataprotection) [#privacy](https://mastodon.nicfab.it/tags/privacy) [#GDPR](https://mastodon.nicfab.it/tags/GDPR) [#cybersecurity](https://mastodon.nicfab.it/tags/cybersecurity)

A hacker group that goes by CH01 defaced a series of Russian websites on the anniversary of the invasion of Ukraine. The hackers replaced the sites’ content with a video showing the Kremlin on fire, along with [a song](https://www.youtube.com/watch?v=sVTwlbM1gpM) by a Russian rock band named [Kino](http://russmus.net/band/78/). The video also includes a QR code that links to a Telegram channel, where the hackers posted a message claiming responsibility for the attacks and making it clear that these defacements were politically motivated.

Feb 24, 2023The Hacker NewsArtificial Intelligence / Cybersecurity Cybersecurity The use of AI in cybersecurity is growing rapidly and is having a significant impact on threat detection, incident response, fraud detection, and vulnerability management. According to a report by Juniper Research, the use of AI for fraud detection and prevention is expected to save businesses $11 billion annually by 2023. But how to integrate AI into business cybersecurity infrastructure without being exposed to hackers? In terms of detecting and responding to security threats in a more efficient and effective manner, AI has been helping businesses in lots of ways.

The Amsterdam cybercrime police team has arrested three men for ransomware activity that generated €2.5 million from extorting small and large organizations in multiple countries. The suspects, all young men aged between 18 and 21, are charged with stealing sensitive data from victim networks and demanding a ransom. It is believed that they attacked thousands of companies. Victims include online shops, software firms, social media companies, and institutions connected to critical infrastructure and services.