Cos’è Nym?

Nym è un complesso progetto realizzato dalla società svizzera NYM Technologies SA che si basa su una blockchain al fine di realizzare una rete per la navigazione anonima, utilizzabile anche per garantire la non identificabilità di dati e metadati alle app che consentano di indirizzare il traffico sulla rete Nym Mixnet.

***

[continua a leggere sulla pagina web della fonte]

Brussels, 21 June - During its latest plenary, the EDPB has adopted a template complaint form to facilitate the submission of complaints by individuals and the subsequent handling of complaints by Data Protection Authorities (DPAs) in cross-border cases.

EDPB Chair, Anu Talus said: “The template is one of the commitments the EDPB Members made during their high-level meeting of April 2022 in Vienna to boost enforcement cooperation among DPAs. It will facilitate the cross-border exchange of information regarding complaints between DPAs and will help DPAs save time and resolve cross-border cases more efficiently."

The template takes into account existing differences between national laws and practices. DPAs will use it on a voluntary basis and can adapt it to their respective national requirements.

...

Today, the European Commission launched a public consultation on the Digital Services Act (DSA) Transparency Database.

Article 24(5) of the DSA establishes that the Commission must set up and maintain a database of statements from online platforms concerning reasons for removal of information and other content moderation decisions.

Once the database is created, platforms will be asked to submit their statements without undue delay after taking a decision, allowing for almost real-time updates. This content will be public and provide insights into the fight against illegal content online.

The public consultation aims to gather information on how to implement this obligation. This includes what information should be collected, and methods for submitting statements and accessing the database. The consultation is composed of a set of questions and software code, which implements a draft version of this database.

The Commission invites providers of online platforms, civil society organisations, researchers and others to submit feedback until 17 July.

The European Parliament adopted its position on the AI rulebook with an overwhelming majority on Wednesday (14 June), paving the way for the interinstitutional negotiations set to finalise the world’s first comprehensive law on Artificial Intelligence.

The AI Act is a flagship initiative to regulate this disruptive technology based on its capacity to cause harm. It follows a risk-based approach, banning AI applications that pose an unacceptable risk and imposing a strict regime for high-risk use cases.

...

On Wednesday, the European Parliament adopted its negotiating position on the Artificial Intelligence (AI) Act with 499 votes in favour, 28 against and 93 abstentions ahead of talks with EU member states on the final shape of the law. The rules would ensure that AI developed and used in Europe is fully in line with EU rights and values including human oversight, safety, privacy, transparency, non-discrimination and social and environmental wellbeing.

...

The agreement among the leading groups in the European Parliament on the AI regulation is dead, opening the door for amendments from both sides of the aisle.

The AI Act is a landmark legislation to regulate Artificial Intelligence based on its potential to cause harm. The European Parliament is set to vote on the legislative proposal on 14 June, as the deadline for tabling amendments passed on Wednesday (7 June).

At the end of April, the four main political parties agreed that they would not table alternative amendments, with the partial exception of the European People’s Party (EPP), which was granted some flexibility on the issue of remote biometric identification.

...

Abbiamo aggiornato le nostre Privacy Resources https://www.privacyresources.eu/ @privacyresources con l'ultimo documento pubblicato dall'#EDPB, in particolare le "Linee guida 04/2022 sul calcolo delle sanzioni amministrative pecuniarie ai sensi del GDPR". \#privacy #protezione dei dati #GDPR @privacy

We updated our Privacy Resources https://www.privacyresources.eu/ @privacyresources with the latest document published by the #EDPB, particularly the "Guidelines 04/2022 on the calculation of administrative fines under the GDPR". @privacy #privacy #dataprotection #GDPR

With the present consultation, the Commission wishes to gather feedback from stakeholders on the draft template for the compliance reports to ensure that they include all the relevant information needed by the Commission to assess the effective compliance of designated gatekeepers with the DMA. All interested parties have now one month to submit their views on the draft, until 5 July 2023.

The Commission will designate the gatekeepers under the DMA by 6 September 2023. Designated companies will then have six months to comply with the a list of obligations and prohibitions in the DMA and subsequently issue a report demonstrating their effective compliance. They will also have to update these compliance reports annually.

Amazon has agreed to pay more than $US30 million ($47 million) in fines to US regulators following allegations of historical privacy abuses, including retaining data collected from children after being explicitly asked to delete it.

In one case, the US Federal Trade Commission had alleged that, before mid-2019, the company failed to remove voice recordings, transcriptions and precise location data collected from children via the Alexa voice assistant even after parents requested their removal.

In another case, it said the company’s Ring video doorbells and security cameras had unreasonable privacy practices in January 2020. According to the FTC, Ring employees and contractors were given unrestricted access to view videos taken at users’ homes.

In both cases, the regulators specifically frame the breaches as designed to train Amazon AI and algorithms at the expense of users’ privacy, placing the fines within a trend of lawmakers around the world cracking down on unnecessary data collection and retention.

...

Today, the European Union and the United States have held the fourth ministerial meeting of the EU-US Trade and Technology Council (TTC) in Luleå, Sweden.

...

Meta on Monday was fined a record 1.2 billion euros ($1.3 billion) and ordered to stop transferring data collected from Facebook users in Europe to the United States, in a major ruling against the social media company for violating European Union data protection rules.

The penalty, announced by Ireland’s Data Protection Commission, is potentially one of the most consequential in the five years since the European Union enacted the landmark data privacy law known as the General Data Protection Regulation. Regulators said the company failed to comply with a 2020 decision by the European Union’s highest court that Facebook data shipped across the Atlantic was not sufficiently protected from American spy agencies.

...

22nd May 2023

The Data Protection Commission (“the DPC”) has today announced the conclusion of its inquiry into Meta Platforms Ireland Limited (“Meta Ireland”), examining the basis upon which Meta Ireland transfers personal data from the EU/EEA to the US in connection with the delivery of its Facebook service.

…

Following public consultation, the EDPB has adopted a final version of its Guidelines on facial recognition technology in the area of law enforcement. The guidelines provide guidance to EU and national lawmakers, as well as to law enforcement authorities, on implementing and using facial recognition technology systems.

...

You can find that document on our website https://www.privacyresources.eu

‼️Oggi si è tenuto il primo evento online in italiano 🇮🇹 "XMPP Italian happy hour" dedicato a XMPP.

Gli eventi su XMPP si terranno online con live streaming il terzo martedì di ogni mese.

Prossimo appuntamento il 20 giugno 2023.

📹 Il video di oggi è disponibile qui: https://tube.nicfab.eu/w/xkMzvkSnxvkm2YdpqiGW12

Stay tuned!

#XMPP #federation #chat #interoperability

In the face of recent news on artificial intelligence, and in particular so-called generative AIs such as ChatGPT, the CNIL publishes an action plan for the deployment of AI systems that respect the privacy of individuals.

...

The High-Level Group on the Digital Markets Act (DMA) will meet for the first time today.

The inaugural meeting will bring together representatives of different European bodies and networks to discuss issues of common interest as regards the implementation of the DMA.

During this first meeting, the High-Level Group is expected to discuss several topics relevant to the application and enforcement of the DMA, including the state of its implementation, developments in the areas of expertise of the members of the Group that are of relevance for enforcement of the DMA, and findings of the series of DMA workshops organized by the Commission in the last six months on topics such as self-preferencing, interoperability, app stores, and data-related obligations.

The High-Level Group brings together 30 representatives nominated from the Body of the European Regulators for Electronic Communications (BEREC), the European Data Protection Supervisor (EDPS) and European Data Protection Board (EDPB), the European Competition Network (ECN), the Consumer Protection Cooperation Network (CPC Network), and the European Regulatory Group of Audiovisual Media Regulators (ERGA). The Group, set up in March 2023, has a mandate of two years, and will meet at least once per year.

The High-Level Group may provide the Commission with advice and expertise to ensure that the DMA and other sectoral regulations applicable to gatekeepers are implemented in a coherent and complementary manner. It may also provide expertise in market investigations into emerging services and practices, to help ensure that the DMA is future-proof.

BRUSSELS — Europe got closer to a full-on ban on facial recognition in public spaces and reining in ChatGPT after lawmakers adopted a strengthened version of the EU's artificial intelligence rulebook on Thursday.

Members of the European Parliament in the internal market and civil liberties committees passed their compromise text for the Artificial Intelligence Act, first floated by the European Commission in April 2021. The text was backed by an 84-7 vote, with 12 abstentions.

MEPs agreed on a blanket ban on remote biometric identification — AI-aided techniques, such as facial recognition, to recognize individuals from pictures or footage — in public venues, both in real-time and after the fact, in a departure from both the Commission's original proposal and the position backed in Council by EU member countries. The issue was hotly debated among leading lawmakers thrashing out the text, with the center-right Christian Democrats fiercely opposing the ban.

...

We will all soon get into the habit of using AI tools for help with everyday problems and tasks. We should get in the habit of questioning the motives, incentives, and capabilities behind them, too.

Imagine you’re using an AI chatbot to plan a vacation. Did it suggest a particular resort because it knows your preferences, or because the company is getting a kickback from the hotel chain? Later, when you’re using another AI chatbot to learn about a complex economic issue, is the chatbot reflecting your politics or the politics of the company that trained it?

...

New technologies come with new risks, and the impact of cyber-attacks through digital products has increased dramatically in recent years. Increasingly, consumers have fallen victim to security flaws linked to digital products such as baby monitors, robo-vacuum cleaners, Wi-Fi routers and alarm systems. For businesses, the importance of ensuring that digital products in the supply chain are secure has become pivotal, considering three in five vendors have already lost money owing to product security gaps. The European Commission's proposal for a regulation, the 'cyber-resilience act', therefore aims to impose cybersecurity obligations on all products with digital elements whose intended and foreseeable use includes direct or indirect data connection to a device or network. The proposal introduces cybersecurity by design and by default principles and imposes a duty of care for the lifecycle of products. The Council and Parliament are currently working on defining their respective positions. Second edition. The 'EU Legislation in Progress' briefings are updated at key stages in the legislative procedure.

• Once approved, they will be the world’s first rules on Artificial Intelligence
• MEPs include bans on biometric surveillance, emotion recognition, predictive policing AI systems
• Tailor-made regimes for general-purpose AI and foundation models like GPT
• The right to make complaints about AI systems

To ensure a human-centric and ethical development of Artificial Intelligence (AI) in Europe, MEPs endorsed new transparency and risk-management rules for AI systems.

On Thursday, the Internal Market Committee and the Civil Liberties Committee adopted a draft negotiating mandate on the first ever rules for Artificial Intelligence with 84 votes in favour, 7 against and 12 abstentions. In their amendments to the Commission’s proposal, MEPs aim to ensure that AI systems are overseen by people, are safe, transparent, traceable, non-discriminatory, and environmentally friendly. They also want to have a uniform definition for AI designed to be technology-neutral, so that it can apply to the AI systems of today and tomorrow.

...

The European Parliament’s leading parliamentary committees have green-lighted the AI Act in a vote on Thursday (11 May), paving the way for plenary adoption in mid-June.

The AI Act is a flagship legislation to regulate Artificial Intelligence based on its potential to cause harm. On Thursday, the Parliament’s Civil Liberties and Internal Market committees jointly adopted the text by large majority.

...

Today, the Commission has launched the Semiconductor Alert System, a new pilot system to monitor the semiconductor supply chain.

The pilot allows stakeholders to raise awareness on any critical disruption along the semiconductors' value chain and helps the Commission to gather information needed to establish a precise assessment of risks and to quickly react to any potential crisis situation via the European Semiconductor Expert Group.

...

EU lawmakers have been finalising the text of the AI regulation ahead of the vote in the leading parliamentary committees on Thursday (11 May).

The AI Act is a landmark legislative proposal to regulate Artificial Intelligence based on its potential to cause harm. The members of the European Parliaments (MEPs) spearheading the file shared a fine-tuned version of the compromise amendments on Friday (5 May).

The compromises, seen by EURACTIV, reflect a broader political agreement reached at the end of April but also include last-minute changes and important details on how the deal has been operationalised.

...

Key Highlights

Nym protects privacy at the network layer by encrypting and relaying your internet traffic through a multi-layered network called a mixnet. In each layer of the mixnet, mix nodes mix your internet traffic with that of other users, making communications private and hiding your metadata (IP address, who you talk to, when and where, and more).

The Nym mixnet is incentivized and decentralized. Users pay a fee in NYM to send their data through the mixnet. By pledging an initial bond of NYM, anyone can run a mix node. Node runners are then rewarded in NYM tokens based on good quality of service, doing the work of mixing packets and providing privacy for the end users. This is called ‘proof of mixing,’ similar to how Bitcoin rewards miners for mining new blocks. The reward mechanism enables the mixnet to scale and decentralize.

Nym can work with any application. From Bitcoin to ZCash, no current “layer 1” blockchain provides “layer 0 privacy” for the peer-to-peer broadcasts used in every transaction. Nym can provide network-level privacy for any blockchain and other generic applications. From Bitcoin to instant messaging, developers can build their applications on top of Nym for network layer and metadata protection of their users.

...

Is the grass greener on the other side? We’re not sure, but the sky is most certainly bluer. It’s been over a year since Elon Musk announced his bid to buy Twitter, and those who opposed the sale have tried setting up shop on platforms like Mastodon, Substack Notes, T2… but none of these Twitter alternatives have really captured lightning in a bottle like Bluesky.

Bluesky remains invite-only in its beta, but as more people get on the site, the hype around it is growing — though as we know from apps like Clubhouse, the hype might not last forever. In the meantime, Bluesky now has around 50,000 users, but according to estimates from data.ai, the app has been downloaded more than 375,000 times. So many people are trying to get an invite that they’ve started popping up for sale on eBay (we would advise against making that purchase).

...

Today, the Commission has launched a consultation on draft rules on how independent audits should be conducted under the Digital Services Act (DSA) for Very Large Online Platforms (VLOPs) and Very Large Online Search Engines (VLOSEs). graphic showing a photo of a person using a laptop with digital symbols projected on top of it iStock photo Getty images plus The consultation will run until 2 June. After gathering public feedback, the Commission intends to adopt the rules before the end of the year.

Independent audits are essential to help the Commission to assess compliance with all obligations under the DSA. Rigorous independent audits are an important accountability tool for the DSA and reflect best practices in many other regulated sectors, such as in financial services.

...

Lawmakers in the European Parliament are poised to expand the scope of artificial intelligence systems covered under an upcoming regulation. A transatlantic clash can still be avoided, writes Hadrien Pouget.

Hadrien Pouget is a visiting research analyst in the Technology and International Affairs Program at the Carnegie Endowment for International Peace.

European parliamentarians are considering additions to the initial Artificial Intelligence (AI) Act’s draft lists of either prohibited or high-risk applications.

The AI Act’s main thrust is to require programmers working on high-risk applications to document, test and take other safety measures.

...

The EDPS has issued five Opinions on the European Commission’s Recommendations to open negotiations for International Agreements on the exchange of personal data between Europol, the EU Agency for Law Enforcement, and the competent authorities of five Latin American countries: Ecuador, Brazil, Peru, Bolivia, and Mexico to fight serious crime and terrorism.

The EDPS Opinions aim to provide advice on further developing data protection safeguards in these future International Agreements so that individuals’ personal data is protected according to EU standards.

...

Judgment of the Court (First Chamber) in Case C-487/21 | Österreichische Datenschutzbehörde and CRIF - 4 May 2023

***

On those grounds, the Court (First Chamber) hereby rules:

1. The first sentence of Article 15(3) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation),

must be interpreted as meaning that the right to obtain from the controller a copy of the personal data undergoing processing means that the data subject must be given a faithful and intelligible reproduction of all those data. That right entails the right to obtain copies of extracts from documents or even entire documents or extracts from databases which contain, inter alia, those data, if the provision of such a copy is essential in order to enable the data subject to exercise effectively the rights conferred on him or her by that regulation, bearing in mind that account must be taken, in that regard, of the rights and freedoms of others.

2. The third sentence of Article 15(3) of Regulation 2016/679

must be interpreted as meaning that the concept of ‘information’ to which it refers relates exclusively to the personal data of which the controller must provide a copy pursuant to the first sentence of that paragraph.

Sentenza della Corte (Prima Sezione) nella causa C-487/21 | Österreichische Datenschutzbehörde e CRIF - 4 maggio 2023

***

Per questi motivi, la Corte (Prima Sezione) dichiara:

1) L’articolo 15, paragrafo 3, prima frase, del regolamento (UE) 2016/679 del Parlamento europeo e del Consiglio, del 27 aprile 2016, relativo alla protezione delle persone fisiche con riguardo al trattamento dei dati personali, nonché alla libera circolazione di tali dati e che abroga la direttiva 95/46/CE (regolamento generale sulla protezione dei dati),

deve essere interpretato nel senso che:

il diritto di ottenere dal titolare del trattamento una copia dei dati personali oggetto di trattamento implica che sia consegnata all’interessato una riproduzione fedele e intelligibile dell’insieme di tali dati. Detto diritto presuppone quello di ottenere copia di estratti di documenti o addirittura di documenti interi o, ancora, di estratti di banche dati contenenti, tra l’altro, tali dati, se la fornitura di una siffatta copia è indispensabile per consentire all’interessato di esercitare effettivamente i diritti conferitigli da tale regolamento, fermo restando che occorre tener conto, al riguardo, dei diritti e delle libertà altrui.

2) L’articolo 15, paragrafo 3, terza frase, del regolamento 2016/679

deve essere interpretato nel senso che:

la nozione di «informazioni» ivi menzionata si riferisce esclusivamente ai dati personali di cui il titolare del trattamento deve fornire una copia in applicazione della prima frase di tale paragrafo.

Judgment of the Court (Third Chamber) in Case C-300/21 | Österreichische Post (Non-material damage resulting from unlawful processing of data) - 4 May 2023

***

On those grounds, the Court (Third Chamber) hereby rules:

1. Article 82(1) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

must be interpreted as meaning that the mere infringement of the provisions of that regulation is not sufficient to confer a right to compensation.

2. Article 82(1) of Regulation 2016/679

must be interpreted as precluding a national rule or practice which makes compensation for non-material damage, within the meaning of that provision, subject to the condition that the damage suffered by the data subject has reached a certain degree of seriousness.

3. Article 82 of Regulation 2016/679

must be interpreted as meaning that for the purposes of determining the amount of damages payable under the right to compensation enshrined in that article, national courts must apply the domestic rules of each Member State relating to the extent of financial compensation, provided that the principles of equivalence and effectiveness of EU law are complied with.

Sentenza della Corte (Terza Sezione) nella causa C-300/21 | Österreichische Post (Danno immateriale inerente al trattamento di dati personali) - 4 maggio 2023

***

Per questi motivi, la Corte (Terza Sezione) dichiara:

1) L’articolo 82, paragrafo 1, del regolamento (UE) 2016/679 del Parlamento europeo e del Consiglio, del 27 aprile 2016, relativo alla protezione delle persone fisiche con riguardo al trattamento dei dati personali, nonché alla libera circolazione di tali dati e che abroga la direttiva 95/46/CE (regolamento generale sulla protezione dei dati),

deve essere interpretato nel senso che:

la mera violazione delle disposizioni di tale regolamento non è sufficiente per conferire un diritto al risarcimento.

2) L’articolo 82, paragrafo 1, del regolamento 2016/679

deve essere interpretato nel senso che:

esso osta a una norma o una prassi nazionale che subordina il risarcimento di un danno immateriale, ai sensi di tale disposizione, alla condizione che il danno subito dall’interessato abbia raggiunto un certo grado di gravità.

3) L’articolo 82 del regolamento 2016/679

deve essere interpretato nel senso che:

ai fini della determinazione dell’importo del risarcimento dovuto in base al diritto al risarcimento sancito da tale articolo, i giudici nazionali devono applicare le norme interne di ciascuno Stato membro relative all’entità del risarcimento pecuniario, purché siano rispettati i principi di equivalenza e di effettività del diritto dell’Unione.

The capacity for public authorities and external auditors to access the source code of Artificial Intelligence in an upcoming EU rulebook was restricted based on a digital trade agreement, according to internal documents from the European Commission.

The internal documents were obtained via a freedom of information request by Kristina Irion, a law professor at the University of Amsterdam, showing several requests from the Commission’s trade department to the digital policy department on the draft AI Act.

...

The EU Digital Markets Act (DMA) applies from today. Now that the DMA applies, potential gatekeepers that meet the quantitative thresholds established have until 3 July to notify their core platform services to the Commission.

...

TAKASAKI, April 30 (Reuters) - European Union tech regulation chief Margrethe Vestager said on Sunday the bloc will likely reach a political agreement this year that will pave the way for the world's first major artificial intelligence (AI) legislation.

This would follow a preliminary deal reached on Thursday on the EU's Artificial Intelligence Act.

In an interview with Reuters at a Group of Seven digital ministers' meeting in Takasaki, Japan, Vestager suggested legislative measures for the use of AI tools, such as "labelling obligations for AI-generated images".

...

STOCKHOLM, April 27 (Reuters) - Companies deploying generative AI tools, such as ChatGPT, will have to disclose any copyrighted material used to develop their systems, according to an early EU agreement that could pave the way for the world's first comprehensive laws governing the technology.

The European Commission began drafting the AI Act nearly two years ago to regulate emerging artificial intelligence technology, which underwent a boom in investment and popularity following the release of OpenAI's AI-powered chatbot ChatGPT.

...

SimpleX Chat

Abbiamo già scritto alcuni articoli sulle app di messaggistica istantanea che rispettano la privacy1.

In questo articolo presentiamo SimpleX Chat (già alla versione 5.0, ma seguiamo il progetto da tempo), che ha la particolarità - come si può leggere sul sito ufficiale - di essere il primo messenger senza ID utente. Va segnalato che anche Session non utilizza identificatori.

SimpleX Chat, fondato da Evgeny Poberezkin, è un progetto open-source sotto licenza AGPL-3.0, avviato nel 2020. Essendo un progetto open-source, è possibile accedere al suo repository GitHub per visualizzare e verificare il codice. Crediamo e sosteniamo l’open-source, considerandolo un valore considerevole. Pertanto, complimenti agli sviluppatori di Simplex Chat. Il progetto è ben curato e in continuo sviluppo, tanto che l’attuale SimpleX Chat v5.0 supporta video e file fino a 1GB.

...

SimpleX Chat

We already wrote some articles on instant messaging apps that respect privacy1.

In this article, we present SimpleX Chat (already to version 5.0, but we have been following the project since some time ago), which has the particularity - as you can read on the official website - to be the first messenger without user IDs. We should point out that Session also does not use identifiers.

SimpleX Chat, founded by Evgeny Poberezkin, is an open-source project under AGPL-3.0 license, started in 2020. Being an open-source project, you can access its GitHub repository to view and verify the code. We believe in and support open-source, considering it as a considerable value. Thus, kudos to Simplex Chat’s developers. The project is well attended and in continuous development, so much so that the current SimpleX Chat v5.0 supports videos and files up to 1GB.

...

Threat actors are advertising a new information stealer for the Apple macOS operating system called Atomic macOS Stealer (or AMOS) on Telegram for $1,000 per month, joining the likes of MacStealer.

"The Atomic macOS Stealer can steal various types of information from the victim's machine, including Keychain passwords, complete system information, files from the desktop and documents folder, and even the macOS password," Cyble researchers said in a technical report.

Among other features include its ability to extract data from web browsers and cryptocurrency wallets like Atomic, Binance, Coinomi, Electrum, and Exodus. Threat actors who purchase the stealer from its developers are also provided a ready-to-use web panel for managing the victims.

...