Data vs. Information & Digital Market Policies

Questions and Answers

The notification to the supervisory authority must be made within ______ hours.

72

If a personal data breach is likely to result in high risk, the controller shall communicate it to the data ______.

subject

DPC pushed to LinkedIn Ireland a punishment of about ______ million euros for breaching the GDPR.

310

They are replacing the person on their ______

decisions

In cases of breaches involving sensitive data, the regulations under articles ______ and 34 are stricter.

33

Limited risk AI systems are subject to ______ requirements.

transparency

Communications regarding data breaches should come from the legal ______ department.

department

Unregulated AI systems, such as AI enabled ______ filters, can pose risks.

spam

The digital euro signifies the ______ of currency.

evolution

The 'Open finance' proposal establishes a framework for responsible access to financial ______.

data

Europe should focus on controlling its own ______ and advanced technology to protect national data.

software

The European Digital Identity gives you full control on how much information you share with ______.

third parties

Artificial Intelligence can lead to better healthcare and ______ transport.

safer

The European data strategy aims to make the EU a role model for ______.

society

The European industrial strategy ensures European industry leads the transition towards climate ______.

neutrality

The EU-US Trade and Technology Council coordinates approaches to key global trade and ______ issues.

technology

The Digital Services Act and the Digital Market Act form a single set of ______ that apply across the whole EU.

rules

Maximising the growth potential of the European digital ______ is one of the key objectives.

economy

Without ______, businesses could deal with punishments.

transparency

______ is required to have the option to reject cookies in Europe.

Consent

Some companies, such as ______, prioritize privacy over gaining data.

Threema

Social plug-in content sharing cookies allow users to share content with their ______.

friends

The DSA aims to create a safer digital space in which the fundamental rights of all users of digital ______ are protected.

services

One of the goals of the DSA is to establish a level playing field to foster ______, growth, and competitiveness.

innovation

Non-exempted social plug-in tracking cookies can be used for ______ advertising.

behavioral

LinkedIn faced ______ for using non-allowed cookies.

punishments

The DSA includes specific rules for very large online platforms with more than ______ million users per month in the EU.

45

In Europe, it is required to have the option to ______ cookies, whereas this is not mandated in the United States.

reject

Companies can ______ data gained from cookies to other parties.

sell

A company's website must include key elements such as legal notice, privacy policy, and terms of ______.

use

In the ______, there are fewer requirements regarding cookie consent compared to Europe.

US

Cookies can be defined as any file that is downloaded on a user’s ______ to store data.

computer

Companies can use ______ to analyze users' behavior and gain insights on their preferences.

cookies

Some companies prioritize privacy over data collection, such as ______, which charges a fee to users.

Threema

AI systems can operate with varying levels of ______.

autonomy

AI may exhibit ______ after deployment.

adaptiveness

AI can influence ______ or virtual environments.

physician

Prohibited AI systems include subliminal techniques and social ______.

scoring

High-Risk AI systems are used in employment, education, and law ______.

enforcement

Health monitoring through AI can involve detection of diseases and ______ data.

biometric

AI systems that influence decision making can interfere with fundamental ______.

rights

The reliance on AI for tasks like analyzing emails may lead to dependency and ______.

descontrol

Flashcards

European Digital Identity

A system that gives individuals control over their online identity and the data they share with third parties.

EU Data Strategy

A plan to make the EU a global leader in data governance and promote ethical and responsible data use.

EU Industrial Strategy

A plan to ensure European industries lead the transition towards climate neutrality and digital leadership.

EU-US Trade and Technology Council

A platform for EU and US cooperation on global trade, economic, and technological issues.

Digital Single Market

A vision of a connected European market where consumers and businesses have access to online goods and services without barriers.

Objectives of the Digital Services Act (DSA)

To establish rules for online platforms to address issues like illegal content, transparency, and platform responsibility.

Objectives of the Digital Market Act (DMA)

To create fair competition in the digital market by regulating the behavior of large online platforms.

EU's Role in Regulating Technology

The EU plays a crucial role in setting rules and regulations for technology to protect citizens' rights, ensure public security, and foster innovation.

DSA Goals

The Digital Services Act (DSA) aims to create a safer digital space by protecting user rights and establishing fair competition for innovation and growth within the European Union and globally.

Very Large Online Platforms (VLOPs)

Online platforms and intermediaries with over 45 million monthly active users in the EU, subject to stricter regulations under the DSA.

Terms of Use

A legal document outlining rules for website access and use, including registration, intellectual property, links, data protection and liability.

Cookies

Small files downloaded to a user's computer to store data, enabling websites to track user behaviour and personalize experiences.

Cookie Consent

The requirement for websites to obtain explicit permission from users before placing cookies on their devices.

Data Protection

The legal framework governing how personal data is collected, processed and stored by companies, ensuring privacy and security for users.

AI & Cookies

The potential for AI to manipulate user behaviour and influence cookie consent decisions through personalized content and tailored experiences.

LinkedIn Penalty

LinkedIn faced sanctions for using cookies to track user behaviour without their consent, highlighting the importance of transparency and user rights in data collection.

Data Breach Notification

When a company discovers a data breach, they must report it to the supervisory authority within 72 hours. If there's a delay, they need to provide a clear explanation.

High Risk Breach Communication

If a data breach is likely to significantly harm individuals, the company must directly inform those affected without delay.

Why Paper Documents?

While digital documents can be easily altered, paper documents are considered more secure due to the potential for tampering.

GDPR Penalty Example

LinkedIn Ireland faced a hefty €310 million penalty for violating GDPR regulations.

Sensitive Data and Breach Response

Breaches involving sensitive information like sexual orientation require swift action and stricter measures to minimize harm.

Cookie Transparency

The practice of businesses being upfront and clear about how they use cookies to collect and use personal data. This includes providing options for users to control their cookie settings and giving clear explanations of the data collected and its purpose.

Cookie Rejection

The right of users to decline the use of specific cookies or all cookies on a website. This feature ensures user control over their privacy and data.

Social Plug-in Content Sharing Cookies

Cookies used by social networks to allow users to share content on websites with their 'friends' or social groups. They help recognize the user and facilitate content sharing.

Social Plug-in Tracking Cookies

Cookies used by social networks to collect data about user behavior, including non-members. While they can be used for 'explicitly requested' services like comments, they also track user activity for advertising, analytics, and market research.

Cookie Data Sale

The practice of businesses selling data collected from cookies to third parties, including advertising companies or market research firms.

Hereditary Data Use

The use of cookie data collected from individuals to predict health risks based on their family history. This data, when sold, could lead to higher insurance premiums.

AI-Generated Faces

The use of artificial intelligence to create realistic images of individuals from existing data, potentially leading to privacy concerns if misused.

Cookie-Manipulating Methods

Techniques used by companies to influence users into accepting cookies, including persuasive language, design tricks, and targeted messages.

AI System Definition

A machine-based system that operates with varying levels of autonomy, adapts after deployment, infers how to generate outputs (predictions, content, decisions) from input, and can influence environments.

AI's Influence

AI systems can impact various fields like healthcare, decision-making, and cybersecurity, often with both positive and negative implications.

Prohibited AI

AI systems deemed harmful, such as those using subliminal techniques, social scoring, exploiting vulnerabilities, or detecting emotions in the workplace, are prohibited under EU law.

High-Risk AI

AI systems used in sensitive areas like employment, education, law enforcement, and healthcare are classified as high-risk under EU law.

EU's Concern about AI

The EU has voiced concerns regarding AI's potential impact on fundamental rights, defense, and climate change, and has introduced regulations to address these concerns.

What makes AI High-Risk?

High-risk AI systems often involve personal data, decision-making that affects individuals, and have the potential to impact third parties.

AI's Sustainability

Despite claims of sustainability, AI can be resource-intensive due to its need for computing power and vast amounts of data.

AI's Role in Cyberattacks

AI can be used to generate sophisticated cyberattacks and can even learn from our responses to become more effective.

GPAI AI

Generative Pre-trained AI systems, such as large language models (LLMs), capable of generating text, code, and other creative content.

Limited Risk AI

AI systems that pose a limited risk but are subject to transparency requirements. This allows users to make informed choices about how AI influences their decisions.

Unregulated AI

AI systems with minimal oversight, like AI-enabled video games and spam filters. These systems can influence decision-making without clear regulations.

Digital Finance Efficiency

Digitization of financial services brings improvements in efficiency and effectiveness, but also introduces new risks to financial stability.

Open Finance

A proposed framework allowing responsible access to financial customer data across various services. This promotes financial innovation and better customer experiences.

Study Notes

Data vs. Information

• Data is raw facts and figures, unorganized and not meaningful. It's the input in a decision-making process.
• Information is processed data, arranged and organized. It's meaningful and the output of a decision-making process.
• Data precedes information.
• Information is often biased because the source has already leaked some data.
• Be careful with data because it can be lost or unreliable.

Digital Single Market Policy Areas

• Digital Services Act (DSA): Aims to create a safe and accountable online environment for businesses and users.
• Digital Markets Act (DMA): Ensures fair and open digital markets, protecting competition and innovation. Penalties may be imposed on companies found to be engaging in anti-competitive practices.
• European Chips Act: Aims to reduce European dependency on other countries for semiconductor technologies and build greater competitiveness in the industry.
• European Digital Identity: Grants users full control over sharing information with third parties.
• Artificial Intelligence: Promotes the development of AI for healthcare, transportation, manufacturing, and energy.
• European Data Strategy: Aims to position the EU as a role model for data-driven societies.
• European Industrial strategy: Ensures European industry leads the transition towards climate neutrality and digital leadership, and contributes to a strong European defense sector.
• Space: Develops a satellite-based connectivity system for management of space traffic.
• EU-US Trade and Technology Council: Coordinates approaches to global trade, economic, and technology issues. Laws may be introduced as technology becomes involved in areas outside its typical scope and creates conflicts between development and protection.

Pillars of the Digital Single Market

• Access to online products and services for consumers and businesses to foster innovation, increase product variety and reduce prices.
• Shaping the environment for digital networks and services to enable businesses to grow and thrive, by harmonizing regulations, enhancing efficiency, and allowing for seamless operation across borders.
• Maximizing the growth potential of the European digital economy.

Objectives of the DSA and DMA

• Digital Services Act (DSA): Creates a safer online space. Specifies rules for online platforms and intermediaries (e.g., marketplaces, social networks).
• Digital Market Act (DMA): Level playing field to foster innovation and competitiveness, both inside and outside the EU. Establishes rules for very large online platforms and search engines (over 45 million users monthly).

Website Content: Terms of Use

• Clear legal notice, terms of use, privacy policy, and cookies policy are required .
• Content of the website, access, use, rights of registered users, registration procedure, ownership of web content and user-generated content, links policy, data protection policy, and liability regime are all key components to include.
• Transparency in cookie usage. Users should have the option to reject cookies.

Cookies

• Files that store data on a user's computer.
• Can be used to track users' behavior and preferences.
• Can be dangerous if used for malicious purposes.
• Without transparency, there could be punishments from authorities.

Social Cookies

• Social plug-in content sharing cookies (e.g., sharing on social media).
• Non-exempted social plug-in tracking cookies used for third-party purposes (advertising, analytics, market research).

Functions of the DPO (Data Protection Officer)

• Attends meetings with top management, giving opinions and documenting decisions.
• Ensures regulations are followed.
• Provides advice and assistance with data protection issues.
• Maintains records on activities related to processing data.
• Independence from company management.

Rights Under the GDPR

• Right of access
• Right to erasure ("right to be forgotten")
• Right to rectification
• Right to data portability
• Right to restriction of processing
• Right to object
• Right to data subject.

Data Breach Action

• Analyze who is affected and what information needs to be addressed
• Review documents carefully
• Ensure consistency, avoid contradictions and keep documentation accurate
• Public disclosures, transparency is important
• Manage communications (to customers, suppliers)
• Corporate communications dept. should oversee communications.

Definition of AI

• Al systems are machine-based systems that operate with varying levels of autonomy.
• They can make predictions, generate content, provide recommendations, and influence environments.
• Some people worry about the potential disruption and job displacement.
• Concerns about uncontrolled resource consumption and lack of reliable information,

Classification of AI under EU Law

• Prohibited AI systems: Use subliminal techniques, social scoring, exploit vulnerabilities, and detect emotions in a workplace setting.
• High-Risk AI systems: Systems in employment, education, law enforcement, migration sectors and those related to health, diseases detection, privacy, biometric data.
• Generative AI (GPAI) systems: Large language models and AI systems that generate content.
• Limited-risk AI systems: Al systems that do not pose significant risks but require transparency.
• Unregulated AI systems: Al systems for video games and spam filters; should be cautious of privacy issues and potential misuse.

Regulatory Sandbox

• A testing area for innovations in the financial sector, with close monitoring and supervision.
• Controlled environment, allowing companies to test innovations, avoiding the complexities and costs of full-scale implementation.

Digital Finance Regulatory Issues

• Access to and improvements in efficiency of the financial system;
• Framework for digital financial instruments (cryptocurrencies);
• Evolution and management of the risks in a world that depends increasingly on software and digital operations
• A framework to support data access for business purposes and for individual financial services providers.

Description

This quiz explores the distinction between data and information, emphasizing the significance of each in decision-making processes. Additionally, it covers key policy areas related to the Digital Single Market, including the Digital Services Act, Digital Markets Act, and the European Chips Act. Test your knowledge on these crucial topics in the modern digital landscape.