European Commission Proposes to Ease EU Regulations on Privacy and AI

On November 19, the European Commission is expected to unveil the “Digital Omnibus,” a package of reforms that could reshape the General Data Protection Regulation (GDPR), the AI Act, and the ePrivacy rules. Some of the most significant proposed changes include:

• Excluding certain pseudonymous identifiers from GDPR’s definition of “personal data.” More specifically, if an entity cannot reasonably use particular data to identify an individual, such data is not “personal” in relation to that entity.

• Creating a “legitimate interest” for use of personal data for AI training.

• Giving a one-year grace period to companies that have developed high-risk AI systems.

• Excluding some types of data collection from the “opt-in” requirement: “Currently, websites must get explicit consent before storing or accessing most cookies, think clicking ‘accept’ on cookie banners. Under the proposed changes, companies could collect some data without asking first, either for a limited list of ‘low-risk’ uses or under a broader legal basis called ‘legitimate interest,’ which lets companies argue they can use data if it serves their business.”

For a detailed analysis of the proposed legislation by a privacy watchdog, see this article.

UK High Court’s Ruling in Getty Images v. Stability AI

This ruling addresses one of two major IP infringement lawsuits filed by Getty Images, a global licensor of visual content, against Stability AI, the developer behind the generative image model Stable Diffusion (SD), with the other case proceeding in a US federal court in San Francisco. The British case focused specifically on secondary copyright infringement (the act of importing or dealing with infringing copies), rather than primary infringement (the unauthorized act of scraping content for training), because Getty couldn’t prove SD was trained in the UK.

The High Court ruled that:

• SD doesn’t constitute an “infringing copy” of Getty’s database.

• Stability was liable for trademark infringement because older versions of SD generated images containing Getty’s watermarks, though it has since mitigated that liability by using filtered training datasets and implementing guardrails against prompts requesting watermarked images.

65% of Leading AI Companies Found with Verified Secret Leaks

A comprehensive security analysis of the Forbes AI 50 companies has revealed a systemic cybersecurity crisis, with nearly two-thirds of these companies found to have verified credential leaks in their public code repositories. The exposed secrets include enterprise-level API keys providing direct access to organizational infrastructure, training datasets, and in one case, approximately 1,000 private AI models containing potentially sensitive user data.