Privacy attacks on AI models

Reuben Binns, our Research Fellow in Artificial Intelligence (AI), and Andrew Paterson, Principal Technology Adviser, discuss new security risks associated with AI, whereby the personal data of the people who the system was trained on might be revealed by the system itself. This post is part of our ongoing Call for Input on developing the ICO framework for auditing AI. We encourage you to share your views by leaving a comment below or by emailing us at AIAuditingFramework@ico.org.uk. In addition to exacerbating known data security risks, as we have discussed…

SMOs must “prepare for all scenarios” to maintain data flows when UK leaves the EU

The ICO has urged businesses to “prepare for all scenarios” as it publishes dedicated guidance to help small and medium sized organisations prepare for the possibility that the UK leaves the European Union with no deal. The guidance provides the same advice previously published on how to maintain data flows, but has been produced to be more relevant and accessible to smaller organisations. The sharing of customers’, citizens’ and employees’ personal data between EU member states and the UK is vital for business supply chains to function and public authorities…

How Celsius Turned Its Crypto ICO Into a Billion-Dollar Lending Business

The Takeaway: Crypto lending startup Celsius raised $50 million in a token sale in 2018. Lending volume has surged since then, with 10,415 Celsius users taking out fiat loans after locking in crypto collateral. BitGo confirmed to CoinDesk that it held $1 billion worth of crypto deposits from Celsius over the past year. CEL tokens are trading for roughly the same price today as they were last autumn, shortly after the token sale. So far, Celsius says it has not been contacted by any regulatory body with concerns about CEL…

Information Commissioner’s Office issues warning about historical personal details accessed through work

An ICO investigation into the actions of two former Metropolitan Police Service (MPS) officers has concluded. The investigation followed a referral from the MPS and looked at whether the two former officers had acted unlawfully by retaining or disclosing personal data. It came after they had spoken to the media about a case they had worked on as serving officers involving an MP. Following a full investigation, the ICO has considered the evidence in this case carefully. After considering advice from external legal counsel, the ICO has decided not to…

Data minimisation and privacy-preserving techniques in AI systems

Reuben Binns, our Research Fellow in Artificial Intelligence (AI), and Valeria Gallo, Technology Policy Adviser, discuss some of the techniques organisations can use to comply with data minimisation requirements when adopting AI systems.   This post is part of our ongoing Call for Input on developing the ICO framework for auditing AI. We encourage you to share your views by leaving a comment below or by emailing us at AIAuditingFramework@ico.org.uk.  AI systems generally require large amounts of data. However, organisations must comply with the minimisation principle under data protection law if using personal…

Statement: Live facial recognition technology in King’s Cross

Statement from Elizabeth Denham, Information Commissioner, on the use of live facial recognition technology in King’s Cross, London. “Scanning people’s faces as they lawfully go about their daily lives, in order to identify them, is a potential threat to privacy that should concern us all. That is especially the case if it is done without people’s knowledge or understanding. “I remain deeply concerned about the growing use of facial recognition technology in public spaces, not only by law enforcement agencies but also increasingly by the private sector. My office and…

Blog: Three top issues for town and parish councils

By Stacey Egerton, Senior Policy Officer 14 August 2019 The advent of the GDPR in May 2018 brought new data protection obligations for many organisations. Some of this presented a challenge, particularly for smaller organisations like parish and town councils, who we saw were keen to demonstrate their compliance but needed support to achieve this.                      Now, well into the second year of the GDPR, it’s clear that organisations have woken up to the importance of getting privacy right and the new rights that the GDPR delivers, with increased protection for…

This Crypto Is Worth Less Than 1 Cent. VCs Are Betting Millions on Its Future

Not all token sales led to quick failures or cash grabs. Some were part of a broader, albeit ambitious, business strategy. The blockchain startup Patientory, which makes a consumer health app and offers enterprise data management services to hospitals and clinics, just closed a $5.2 million Series A led by R/GA Ventures. This comes as the startup’s first funding round since it split off from the Patientory Association, a nonprofit created after the May 2017 initial coin offering (ICO) of ethereum-based PTOY tokens raised $7.2 million. “With the token, it…

ICO launches consultation on the draft framework code of practice for the use of personal data in political campaigning

The Information Commissioner’s Office (ICO) is consulting on a new framework code of practice for the use of personal data in political campaigning. The framework code will serve both as helpful guidance in its own right as well as having the potential to become a statutory code of practice if the relevant legislation is introduced. The framework code does not introduce new requirements for campaigners but seeks to explain and clarify data protection and electronic marketing laws as they already stand. It also seeks to provide practical guidance and useful…

Blog: Protecting children online: update on progress of ICO code

A blog by Elizabeth Denham, Information Commissioner 07 August 2019 In April, I blogged about the ICO’s work to help protect children online. I’m pleased to report that my team and I are making good progress on producing a code that will translate General Data Protection Regulation (GDPR) requirements into design standards for online services. This is a crucial piece of work. Online services play an ever-growing part in our children’s lives, but the internet was not designed for children. Our code aims not to protect children from the digital world,…