**Through the looking glass: Sometimes unfortunate or sometimes deadly incidents involving self-driving cars happen. However, recent occurrences with autonomous vehicles in San Francisco have been downright bizarre. Not only does the software controlling the cars struggle to negotiate the real world, but companies and authorities are still learning about how humans behave around self-driving vehicles.**
Recent formal complaints to California regulators reveal strange incidents that have occurred since fully-autonomous taxis started operating in San Francisco and Los Angeles. The cases mainly involve robotaxis disrupting first responders or otherwise wasting their time.
(Reuters) - Microsoft Corp, Microsoft's GitHub Inc and OpenAI Inc told a San Francisco federal court that a proposed class-action lawsuit for improperly monetizing open-source code to train their artificial-intelligence systems cannot be sustained.
The companies said in Thursday [court filings](https://tmsnrt.rs/3kDVJFo) that the complaint, filed by a group of anonymous copyright owners, did not outline their allegations specifically enough and that GitHub's Copilot system, which suggests lines of code for programmers, made fair use of the source code.
Happy Data Privacy Day! Yes, it's a completely made-up holiday, but it's as good a time as any to take a hard look at your online life and shore up your efforts to protect your personal digital privacy.
The annual occasion, feted by cybersecurity and digital privacy enthusiasts around the world, began in the US and Canada back in 2008. It's an extension of a European commemoration marking 1981's [Convention 108](https://www.coe.int/en/web/data-protection/convention108-and-protocol#link=%7B%22role%22:%22standard%22,%22href%22:%22https://www.coe.int/en/web/data-protection/convention108-and-protocol%22,%22target%22:%22%22,%22absolute%22:%22%22,%22linkText%22:%22Convention%20108%22%7D), the first legally binding international treaty on protecting privacy and data.
The United States Department of State and the Directorate-General for Communications Networks, Content and Technology (DG CONNECT) of the European Commission signed an “Administrative Arrangement on Artificial Intelligence for the Public Good” at a virtual ceremony held simultaneously on 27 January 2023 at the White House in Washington DC and in DG CONNECT, Brussels.
To celebrate the European Data Protection Day on 28 January 2023, ENISA publishes today its report on how cybersecurity technologies and techniques can support the implementation of the [General Data Protection Regulation (GDPR)](https://eur-lex.europa.eu/EN/legal-content/summary/general-data-protection-regulation-gdpr.html) principles when sharing personal data.
This report attempts to look closer at specific use cases relating to personal data sharing, primarily in the health sector, and discusses how specific technologies and considerations of implementation can support the meeting of specific data protection. After discussing some challenges in (personal) data sharing, this report demonstrates how to engineer specific technologies and techniques in order to enable privacy preserving data sharing. More specifically it discusses specific use cases for sharing data in the health sector, with the aim of demonstrating how data protection principles can be met through the proper use of technological solutions relying on advanced cryptographic techniques. Next it discusses data sharing that takes place as part of another process or service, where the data is processed through some secondary channel or entity before reaching its primary recipient. Lastly, it identifies challenges, considerations and possible architectural solutions on intervenability aspects (such as the right to erasure and the right to rectification when sharing data).
As generative AI enters the mainstream, each new day brings a new lawsuit.
Microsoft, GitHub and OpenAI are currently being [sued](https://www.theverge.com/2022/11/8/23446821/microsoft-openai-github-copilot-class-action-lawsuit-ai-copyright-violation-training-data) in a [class action motion](https://www.theverge.com/2022/11/8/23446821/microsoft-openai-github-copilot-class-action-lawsuit-ai-copyright-violation-training-data) that accuses them of violating copyright law by allowing Copilot, a code-generating AI system trained on billions of lines of public code, to regurgitate licensed code snippets without providing credit.
On the occasion of Data Protection Day, we invite you to take a look back at GDPR enforcement over the last few years and explore how the EDPB helps all EEA DPAs act as one to safeguard your rights, today and tomorrow.
Join us to see how European data protection authorities (DPAs) work together to make sure that your data protection rights are protected and that the companies handling your data are held accountable.
**SearXNG è un motore di meta-ricerca.**
Abbiamo già descritto SearXNG nell’articolo intitolato “[**Sei consapevole dell’impatto sulla privacy delle ricerche online e quindi della giusta scelta del motore di ricerca? (aggiornato)**](https://notes.nicfab.it/en/posts/privatesearchengine/)” relativo ai motori di ricerca o meta-motore di ricerca che rispettano la privacy.
Riportiamo di seguito, da quell’articolo, alcune informazioni su SearXNG.
**SearXNG is a meta-search engine.**
We already described SearXNG in the article entitled “[**Are you aware of the privacy impact of online searches and thus the right choice of search engine? (updated)**](https://notes.nicfab.it/en/posts/privatesearchengine/)” related to the search engines or meta-search engines which respect privacy.
We recall below, from that article, some information about SearXNG.
On 28 January each year, member states of the Council of Europe and EU institutions celebrate Data Protection Day. It marks the anniversary of the Council of Europe’s data protection convention, known as “Convention 108”. It was the first binding international law concerning individuals’ rights to the protection of their personal data.
[Watch](https://edps.europa.eu/press-publications/press-news/videos/data-protection-day-2023_en) the European Data Protection Supervisor's video to mark Data Protection Day 2023.\
[Read](https://www.euractiv.com/section/all/opinion/it-is-time-to-tear-down-this-wall/) the op-ed by Wojciech Wiewiórowski published in Euractiv.
# Creation of an Artificial Intelligence Department (AID)
Five CNIL’s agents will work in the Artificial Intelligence Department, including lawyers and specialized engineers. This department will be attached to the CNIL's Technology and Innovation Directorate, whose director, Bertrand PAILHES, was previously the national coordinator for the Artificial Intelligence strategy in the French Interministerial Directorate of Digital and Information Systems of the State.
Cookie consent banners that use blatant design tricks to try to manipulate web users into agreeing to hand over their data for behavioral advertising, instead of giving people a free and fair choice to refuse this kind of creepy tracking, are facing a coordinated pushback from the European Union’s data protection regulators.
A taskforce of several DPAs, led by France’s CNIL along with Austria’s authority, has spent many months on a piece of joint-work analyzing cookie banners. And in a [report](https://edpb.europa.eu/system/files/2023-01/edpb_20230118_report_cookie_banner_taskforce_en.pdf) published this week they’ve arrived at some consensus on how to approach complaints about certain types of cookie consent dark patterns in their respective jurisdictions — a development that looks set to make it harder for deceptive designs to fly around the EU.
La nuova convenzione internazionale sul crimine informatico a cui l'Onu sta lavorando si è rivelata un terreno più insidioso del previsto. Perché quello che sulla carta è nato come un trattato universale per rafforzare le difese e la prevenzione contro la criminalità cyber, secondo una [risoluzione delle Nazioni Unite del 26 maggio 2021](https://documents-dds-ny.un.org/doc/UNDOC/GEN/N21/133/51/PDF/N2113351.pdf?OpenElement), si sta trasformando in un assalto alla diligenza dei diritti su internet. Lo dimostrano alcune delle proposte presentate a Vienna, dove si chiude il 20 gennaio la quarta sessione del comitato dell'Onu incaricato di scrivere una bozza del trattato, che dovrebbe arrivare sui banchi dell'assemblea generale nel 2024.
[Twitterrific](https://twitterrific.com/beyond), one of the most iconic third-party Twitter clients, said today that it has removed the iOS and Mac apps from the App Store. Iconfactory, the company that made Twitterrific, said in a [blog post](https://blog.iconfactory.com/2023/01/twitterrific-end-of-an-era/) that under Elon Musk’s management, the social media network has become “a Twitter that we no longer recognize as trustworthy nor want to work with any longer.”
The app has had a rich association with Twitter. It was one of the first mobile and desktop clients for the platform, and it helped form the [word “Tweet”](https://furbo.org/2013/06/28/the-origin-of-tweet/). In fact, Twitterrific was built back in 2007 — even before Twitter made its own iOS app.
Twitterrific’s demise comes after Twitter intentionally [started blocking third-party clients last Friday](https://techcrunch.com/2023/01/16/twitters-third-party-client-issue-is-seemingly-a-deliberate-suspension/) without any explanation. Earlier this week, the TwitterDev account posted that the company had been suspending these apps in breach of “its longstanding API rules.” But it didn’t specify what rules were broken.
After [cutting off](https://techcrunch.com/2023/01/16/twitters-third-party-client-issue-is-seemingly-a-deliberate-suspension/) prominent app makers like Tweetbot and Twitterific, Twitter today quietly updated its developer terms to ban third-party clients altogether.
[Spotted](https://www.engadget.com/twitter-new-developer-terms-ban-third-party-clients-211247096.html?src=rss) by Engadget, the “restrictions” section of Twitter’s 5,000-some-word [developer agreement](https://developer.twitter.com/en/developer-terms/agreement) was updated with a clause prohibiting “use or access the Licensed Materials to create or attempt to create a substitute or similar service or product to the Twitter Applications.” Earlier this week, Twitter said that it was “enforcing long-standing API rules” in disallowing clients access to its platform but didn’t cite which specific rules developers were violating. Now we know — retroactively.
Another bill has come in for Meta for failing to comply with the European Union’s General Data Protection Regulation (GDPR) — but this one’s a tiddler! Meta-owned messaging platform, WhatsApp, has been fined €5.5 million (just under $6M) by the tech giant’s lead data protection regulator in the region for failing to have a lawful basis for certain types of personal data processing.
Back in December, Meta’s chief regulator, the Irish Data Protection Commission (DPC), was given orders to issue a final decision on this complaint (which dates back to May 2018) — via a binding decision from the European Data Protection Board (EDPB) — along with two other complaints, against Facebook and Instagram.
PayPal is sending out data breach notifications to thousands of users who had their accounts accessed through credential stuffing attacks that exposed some personal data.
Credential stuffing are attacks where hackers attempt to access an account by trying out username and password pairs sourced from data leaks on various websites.
This type of attack relies on an automated approach with bots running lists of credentials to "stuff" into login portals for various services.
Credential stuffing targets users that employ the same password for multiple online accounts, which is known as "password recycling."
Brussels, 18 January - Commissioner for Justice Didier Reynders participated in the Plenary meeting. He presented the draft adequacy decision for the EU-U.S. Data Privacy Framework to the Board and had an exchange of views with its Members. The Board is currently working on its opinion on the draft decision, which will be finalised in the coming weeks.
The EDPB has adopted a report on the findings of its first coordinated enforcement action, which focused on the use of cloud-based services by the public sector. The EDPB underlines the need for public bodies to act in full compliance with the GDPR and includes recommendations for public sector organisations when using cloud-based products or services. In addition, a list of actions already taken by data protection authorities (DPAs) in the field of cloud computing is made available.