News Archives

Thursday, May 31, 2018

Monitoring Brainwaves of Employees Growing in China

According to a report in the South China Morning Post, use of brain-reading technology to detect changes in the emotional states of employees is increasingly common in Chinese factories, public transport, state-owned companies and the military.  Wireless sensors concealed in safety helmets or uniform hats stream brainwave data to computers that use AI algorithms to detect emotional spikes, such as depression, anxiety, rage of fatigue.  Use of the technology in safety-sensitive positions, such as high-speed train operators or airline pilots, or amongst workers on a high-tech assembly line, where a single over-stressed employee could bring down an entire production line, has evident value.  The same can be said of using it to monitor employee responses in virtual reality training sessions.

However, where to draw the line between appropriate and inappropriate usage of the technology is a challenge.  Should it be used to increase the speed of a production line to the maximum its workers can tolerate?  To sideline, demote or discipline employees?  To assess the response of employees to company pronouncements?  There is clearly a slippery slope from reasonable usage to that which is not, conjuring up Orwell’s thought police.  Are workers surrendering their autonomy when their brainwaves are being read?  Do they have any protections against abuse of the technology?  Furthermore, according to a note in the MIT Technology Review, what can be reliably detected about human emotions from over-the-skin EEG sensors is still fairly unclear. 

Tuesday, May 29, 2018

General Data Protection Regulation Arrives, Ready or Not

On May 25, after advance notice that gave companies two years to bring their practices and policies into compliance, the EU’s General Data Protection Regulation came into effect.  From all reports, the majority of US firms still have a lot of work to carry out to achieve compliance.  At the same time, EU member states were equally lax, with only 11 meeting the deadline for enacting legislation reconciling their Directive-era data protection laws with the Regulation.  Only Germany, Austria, Slovakia, Denmark, Sweden, UK, the Netherlands, Poland, Belgium, Ireland and Croatia met the deadline; France did adopt a new DP law but it was immediately placed under constitutional review.  The 16 member states failing to implement the Regulation are technically subject to infringement proceedings by the European Commission, although such proceedings are unlikely given the fact that the Regulation itself came into immediate effect in each member state.  Rounding out the unreadiness of US firms and member state legislators was the lack of preparedness of regulators.  Seventeen of 24 DPAs responding to a Reuters survey in early May said they lacked the necessary funding, or would initially lack the powers, to fulfill their GDPR responsibilities.   GDPR compliance and enforcement are clearly works-in-progress.

Monday, May 28, 2018

Support for Privacy Shield Waning in the EU

During the week prior to the General Data Protection Regulation coming into effect two of the top EU officials responsible for data protection matters expressed their declining acceptance of the Privacy Shield framework as a viable mechanism for cross-border data transfers.  Giovanni Buttarelli, the European Data Protection Supervisor, was quoted as saying “Privacy Shield is still there but is less relevant for me because the entire set of standards, including the transfer, should be subject to higher standards.”  With the GDPR in place, he said, US firms will no longer be able to use Privacy Shield as a “free pass” to use data as they see fit.  A few days earlier, Vera Jourova, the EU Justice Commissioner, who had unsuccessfully pressed the Trump administration to live up to its commitments with respect to an ombudsman and the Privacy and Civil Liberties Oversight Board, stated “I made clear that my patience is running to an end.”  The European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE) scheduled a vote on a report on the functioning of Privacy Shield for May 24.  Earlier in the month, the Irish High Court rejected Facebook's attempt to stop the Court's referral of questions about the legality and sufficiency of both Privacy Shield and standard contractual clauses to the Court of Justice of the European Union.