{"id":5591,"date":"2022-03-21T11:49:46","date_gmt":"2022-03-21T10:49:46","guid":{"rendered":"https:\/\/s8.tgin.eu\/?p=5591"},"modified":"2024-03-25T13:10:15","modified_gmt":"2024-03-25T12:10:15","slug":"weekly-digest-21032022-smart-contracts-ai-bias-password-managers-and-privacy","status":"publish","type":"post","link":"https:\/\/techgdpr.com\/blog\/weekly-digest-21032022-smart-contracts-ai-bias-password-managers-and-privacy\/","title":{"rendered":"Weekly digest March 14 &#8211; 20, 2022: smart contracts, AI bias, password managers &amp; privacy"},"content":{"rendered":"\n<h6 class=\"wp-block-heading\"><em>TechGDPR\u2019s review of international data-related stories from press and analytical reports.<\/em><\/h6>\n\n\n\n<h4 class=\"wp-block-heading\">Official guidance: smart contracts, DPOs, AI risk management, GDPR cooperation<\/h4>\n\n\n\n<p>The Spanish data protection authority AEPD analyzed smart contracts. Smart contracts are algorithms that are stored in a blockchain and that execute automated decisions. <a href=\"https:\/\/www.aepd.es\/es\/prensa-y-comunicacion\/blog\/blockchain-iii-smart-contracts-y-datos-personales\">The very nature of the smart contract, when applied to data of natural persons, falls within the scope defined by Art. 22 of the GDPR. <\/a>This refers to the right of an interested party not to be subject to decisions based solely on automated means, including profiling, when those decisions have legal effects on them or significantly affect them, and that the interested party can challenge that automated decision. It also establishes three exceptions to said prohibition: explicit consent, the conclusion or execution of a contract between the interested party and a data controller, or the existence of an enabling law. In any of the cases, it is necessary to identify a person responsible for the execution of the said smart contract. The most famous use case is the one known as the <a href=\"https:\/\/ethereum.org\/en\/history\/#dao-fork\">DAO Fork of Ethereum<\/a>.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/www.cnil.fr\/sites\/default\/files\/atoms\/files\/cnil-gdpr_practical_guide_data-protection-officers.pdf\">A new practical guide for Data Protection Officers<\/a> was published by the French data protection authority CNIL, (available in English). The spirit of the GDPR is to make the DPO the \u201corchestra conductor\u201d of the management of personal data in the organization which designates them. The hierarchical position of the DPO must bear witness to this, and their resources must be adapted so that they can fully accomplish their job and their role of compliance coordinator. They should not work in a vacuum but be fully integrated into the operational activities of their organization, in conjunction with the CISO and the IT department, etc. The DPO guide is divided into 4 chapters:\u00a0<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>the role of the DPO;&nbsp;<\/li>\n\n\n\n<li>designating the DPO;&nbsp;<\/li>\n\n\n\n<li>the exercise of the DPO\u2019s tasks;&nbsp;<\/li>\n\n\n\n<li>CNIL\u2019s support for the DPO.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>Each theme is illustrated by concrete cases and frequently asked questions related to the subject being dealt with.<\/p>\n\n\n\n<p><a href=\"https:\/\/www.nist.gov\/news-events\/news\/2022\/03\/nist-seeks-comments-draft-ai-risk-management-framework-offers-guidance-ai\">The US NIST seeks comments on the draft AI risk management framework, (AI RMF), and offers guidance on AI bias<\/a>. It is intended for voluntary use and to improve the ability to incorporate trustworthiness considerations into the design, development, use, and evaluation of AI products, services, and systems. It aims to provide a flexible, structured, and measurable process to address AI risks throughout the AI lifecycle. Similarly, bias in AI can harm individuals. The NIST researchers thus recommend widening the scope of where we look for the source of these biases \u2014 beyond the machine learning processes and data used to train AI software to the broader societal factors that influence how technology is developed. AI can make decisions that affect whether a person is admitted into a school, authorized for a bank loan, or accepted as a rental applicant. AI systems can exhibit biases that stem from their programming and data sources, (eg, machine learning software could be trained on a dataset that underrepresents a particular gender or ethnic group). Read <a href=\"https:\/\/www.nist.gov\/system\/files\/documents\/2022\/03\/17\/AI-RMF-1stdraft.pdf\">the full draft AI RMF<\/a> and <a href=\"https:\/\/www.nist.gov\/news-events\/news\/2022\/03\/theres-more-ai-bias-biased-data-nist-report-highlights\">guidance on AI bias here<\/a>.<\/p>\n\n\n\n<p>The <a href=\"https:\/\/edpb.europa.eu\/news\/news\/2022\/edpb-adopts-guidelines-art-60-gdpr-guidelines-dark-patterns-social-media-platform_en\">EDPB adopted a couple of new guides<\/a> last week:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>on <a href=\"https:\/\/edpb.europa.eu\/system\/files\/2022-03\/guidelines_202202_on_the_application_of_article_60_gdpr_en.pdf\">Art. 60 of the GDPR<\/a>, (provides a detailed description of the GDPR cooperation between Supervisory Authorities, (SAs), and helps them to interpret and apply their own national procedures in such a way that it conforms to and fits in the cooperation under the one-stop-shop mechanism).&nbsp;<\/li>\n\n\n\n<li>on<a href=\"https:\/\/edpb.europa.eu\/system\/files\/2022-03\/edpb_03-2022_guidelines_on_dark_patterns_in_social_media_platform_interfaces_en.pdf\"> dark patterns in social media platform interfaces<\/a>, (gives concrete examples of dark pattern types, presents best practices for different use cases, and contains specific recommendations for designers of user interfaces that facilitate the effective implementation of the GDPR), and<\/li>\n\n\n\n<li>the toolbox on essential <a href=\"https:\/\/edpb.europa.eu\/system\/files\/2022-03\/toolbox_on_essential_data_protection_safeguards_for_enforcement_cooperation_with_third_country_sas_en.pdf\">data protection safeguards for enforcement cooperation between EEA and <\/a>third-country SAs, (covers key topics, such as enforceable rights of data subjects, compliance with data protection principles, and judicial redress).<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">Legal processes: cyberattack disclosure in the US<\/h4>\n\n\n\n<p>New US cyber security incident reporting mandates have been signed into <a href=\"https:\/\/www.computerweekly.com\/news\/252514695\/Biden-signs-ransomware-reporting-mandate-into-law\">law, making it a legal requirement for operators of critical national infrastructure, (CNI), to disclose cyberattacks to the government<\/a>. Namely, it will require CNI owners within the US to report substantial cyber attacks to the Cybersecurity and Infrastructure Security Agency, (CISA),\u00a0 within 72 hours, and any ransomware payments made within 24 hours. It enables CISA to subpoena organizations that fail to do so, with the threat of referral to the US Department of Justice for non-compliance. <a href=\"https:\/\/www.bloomberg.com\/news\/articles\/2022-03-16\/biden-signs-law-requiring-firms-to-report-hacks-in-72-hours?srnd=code-wars\">CISA has not said how it will use data gleaned from breach reports<\/a> but has been seeking to build its capabilities and work more closely with the private sector on a voluntary basis. The CISA lists 16 broad sectors spanning health, energy, food, and transportation as critical to the US, although the new legislation is yet to spell out precisely which companies would be required to report cyber incidents.\u00a0<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Data breaches and enforcement actions: insufficient TOMs, ransomware, unwanted marketing calls, Irish\/Meta fine<\/h4>\n\n\n\n<p>The Danish data protection authority Datatilsynet <a href=\"https:\/\/www.dataguidance.com\/news\/denmark-datatilsynet-issues-decision-criticising-kombit\">criticized Kombit, (IT\/project organization), for violating Art. 32 of the GDPR, following data breaches reported by 30 municipalities<\/a>, Data Guidance reports. An error occurred in the platform used by the municipalities, where a user could access another user&#8217;s files, which included personal data if the latter was not logged out of their computer. The IT company had not complied with the rules on data security, namely: no sufficient testing of the platform was carried out in connection with the change of the code implemented, <a href=\"https:\/\/www.datatilsynet.dk\/afgoerelser\/afgoerelser\/2022\/feb\/datatilsynet-udtaler-alvorlig-kritik-af-kombits-behandling-af-personoplysninger-som-databehandler-for-en-raekke-kommuner\">(development of a change to the login solution in the platform)<\/a>, and it applied for insufficient access right controls. Additionally, Kombit along with another company could not agree on what tests could be expected to be performed in connection with the code changes, and whether another company was acting as a sub-processor or not.<\/p>\n\n\n\n<p>The UK Information Commissioner\u2019s Office, (ICO), announced fines totalling approx 482,000 euros to five companies responsible for over 750,000 unwanted marketing calls targeted at older, vulnerable people. Companies, (Domestic Support Ltd, Home Sure Solutions, Seaview Brokers, UK Appliance Cover, UK Platinum Home Care Services), were calling people to sell insurance products or services for large household appliances, such as televisions, washing machines, and fridges. In the UK live marketing calls should not be made to anyone who has registered with the Telephone Preference Service unless they have told the caller that they wish to receive such calls from them. The ICO also issued these companies with enforcement notices that require them to immediately stop making these predatory calls.<\/p>\n\n\n\n<div class=\"wp-block-media-text has-media-on-the-right is-stacked-on-mobile\" style=\"grid-template-columns:auto 40%\"><div class=\"wp-block-media-text__content\">\n<p><\/p>\n\n\n\n<p>The ICO also fined a law firm approx 116,784 euros for contravening Art. 5 and Art. 32 of the GDPR by failing to process personal data in a manner that ensured <a href=\"https:\/\/techgdpr.com\/blog\/category\/security\/\">appropriate security<\/a> of the personal data, GDPRHub reports. Tuckers Solicitors, a limited liability partnership of solicitors, was the data controller. In 2020, they became<a href=\"https:\/\/gdprhub.eu\/index.php?title=ICO_(UK)_-_Tuckers_Solicitors_LLP\"> aware that their systems were hit by a ransomware attack and reported the data breach to the ICO on the same day.<\/a> Here are some facts and findings from the case:\u00a0\u00a0<\/p>\n<\/div><figure class=\"wp-block-media-text__media\"><img decoding=\"async\" width=\"1024\" height=\"734\" src=\"https:\/\/techgdpr.com\/wp-content\/uploads\/2022\/03\/malware-ge82945d34_1280-1024x734.png\" alt=\"\" class=\"wp-image-5596 size-full\" srcset=\"https:\/\/techgdpr.com\/wp-content\/uploads\/2022\/03\/malware-ge82945d34_1280-1024x734.png 1024w, https:\/\/techgdpr.com\/wp-content\/uploads\/2022\/03\/malware-ge82945d34_1280-300x215.png 300w, https:\/\/techgdpr.com\/wp-content\/uploads\/2022\/03\/malware-ge82945d34_1280-768x550.png 768w, https:\/\/techgdpr.com\/wp-content\/uploads\/2022\/03\/malware-ge82945d34_1280.png 1280w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure><\/div>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The attack had resulted in the encryption of numerous civil and criminal legal case bundles stored on an archive server.&nbsp;<\/li>\n\n\n\n<li>Backups were also encrypted by the attacker.<\/li>\n\n\n\n<li>Although the firm\u2019s GDPR and Data Protection Policy required two-factor authentication where available, it was not using the same for remote access.&nbsp;<\/li>\n\n\n\n<li>The firm installed the patch after months of its release, during which the attacker could have exploited the vulnerability.&nbsp;<\/li>\n\n\n\n<li>The firm moved its servers to a new environment and the business was now back to running as normal, albeit without the restoration of the compromised data.<\/li>\n\n\n\n<li>The proper encryption could have mitigated the damage, (however it would not have prevented the ransomware attack).<\/li>\n<\/ul>\n\n\n\n<p>The ICO held that multi-factor authentication was a low-cost measure that could have substantially supported Tuckers in preventing access to its network. The firm also should not have been processing sensitive personal data on an infrastructure containing known critical vulnerabilities without appropriately addressing the risk.<\/p>\n\n\n\n<p><a href=\"https:\/\/www.dataprotection.ie\/en\/news-media\/press-releases\/data-protection-commission-announces-decision-meta-facebook-inquiry\">Ireland&#8217;s data protection authority, (DPC), imposed a 17 mln euro fine on Facebook parent Meta Platforms after an inquiry into 12 data breach notifications<\/a> from 2018. The DPC found that Meta Platforms failed to have in place appropriate technical and organisational measures which would enable it to readily demonstrate the security measures that it implemented in practice to protect EU users&#8217; data. Given that the processing under examination constituted \u201ccross-border\u201d processing, the DPC\u2019s decision was subject to the co-decision-making process outlined in Art. 60 of the GDPR and all of the other European supervisory authorities were engaged as co-decision-makers. While objections to the DPC\u2019s draft decision were raised by two of the European supervisory authorities, a consensus was achieved through further engagement between the DPC and the supervisory authorities concerned. Ireland regulates Meta and a number of other large US tech giants because their EU headquarters are in the country. The DPC, which has a number of ongoing investigations into Meta, last year fined its WhatsApp subsidiary a record 225 mln euros.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Data security: password managers<\/h4>\n\n\n\n<p>An analysis by the Guardian looks at <a href=\"https:\/\/www.theguardian.com\/technology\/2022\/mar\/19\/not-using-password-manager-why-you-should-online-security\">password managers for convenience and enhanced online safety<\/a>. The article argues that long and complex passwords are more secure but difficult to remember, leaving many people using weak and easy-to-guess credentials. Password manager apps can resolve this problem by creating long and complex credentials for you, and remember them the next time you log in: \u201cPassword managers keep your details secure by encrypting your logins so they can only be accessed when you enter the master password.\u201d Yet reportedly only about one in five people in the UK use one. Some other findings by UK experts are:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Never create a virtual book or document on your computer, which could be viewable if your device is hacked.<\/li>\n\n\n\n<li>Password managers should be backed by two-factor authentication, whereby you are asked for something such as a one-time code in addition to a password when you log in using a new device.<\/li>\n\n\n\n<li>A security key is an option \u2013 a token you can insert into your device to double-secure high-risk accounts such as email.&nbsp;<\/li>\n\n\n\n<li>Authenticator apps are another option. These generate a unique code for you to enter into the site and are very straightforward to use.<\/li>\n\n\n\n<li>Apple Keychain and the Google Chrome Password Manager lack the features of \u201cfull-service\u201d ones.&nbsp;<\/li>\n\n\n\n<li>Physical password books aren\u2019t a bad idea, as long as you create strong, unique logins, and the book is kept somewhere secure and doesn\u2019t leave the house.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">DPIA: Zoom case<\/h4>\n\n\n\n<p><a href=\"https:\/\/www.surf.nl\/en\/zoom-adapts-approach-to-privacy-after-intensive-collaborative-consultation-with-surf\">Zoom is making changes to the privacy agreements for all education and enterprise users in Europe<\/a> in collaboration with SURF, (the ICT service provider for Dutch education and research).&nbsp; It has removed the privacy risks identified in the DPIA from 2021 by making changes to the software, making processor agreements, and promising future changes. These contractual and technical adjustments are described in the <a href=\"https:\/\/www.surf.nl\/files\/2022-03\/dpia-zoom-25-february-2022_0.pdf\">new recently published DPIA<\/a>. They include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Data location solutions, (all personal data be processed in the EU by the end of the year).&nbsp;<\/li>\n\n\n\n<li>Data Subject Access Requests: Zoom to use two self-service tools for enterprise and education account administrators.&nbsp;<\/li>\n\n\n\n<li>Clarifying the data protection role of Zoom and its customers, (universities and government organizations).<\/li>\n\n\n\n<li>Clarified and minimized customer personal data retention practices.&nbsp;<\/li>\n\n\n\n<li>Privacy by design and default.<\/li>\n\n\n\n<li>Updated Data Transfer Impact Assessment, and much more.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">Big Tech: all-new GA, apps leaking sensitive data, Tesla\u2019s facial and optical tracking<\/h4>\n\n\n\n<p><a href=\"https:\/\/blog.google\/products\/marketingplatform\/analytics\/prepare-for-future-with-google-analytics-4\/\">The all-new Google Analytics 4 will be the first data measurement tool released by the company with privacy designed &#8220;at its core&#8221;<\/a>, an upgrade on the privacy features in the recent Analytics 360 tool, which will be retired, along with Universal Analytics. The company says IP addresses will no longer be stored, which could ease compliance in international markets, and the EU <a href=\"https:\/\/www.cnil.fr\/en\/use-google-analytics-and-data-transfers-united-states-cnil-orders-website-manageroperator-comply\">GDPR requirements for data transfers.<\/a><\/p>\n\n\n\n<p>Are your apps leaking sensitive user data? <a href=\"https:\/\/iapp.org\/news\/a\/misconfiguration-of-firbebase-cloud-databases-responsible-for-leak-of-user-data-from-popular-apps\/\">A study revealed that 2113 apps had vulnerabilities in their Firebase back end because of cloud misconfigurations<\/a>, IAPP News reports. Certain apps had tens of millions of downloads and included popular e-commerce, social audio platform, logo design, bookkeeping sites, and even a dating app. Lost data included user names, passwords, phone numbers, bank details, and some 50,000 chat messages. A separate study also found that 14% of Android and iOS apps using public cloud back ends had similar privacy issues due to misconfigurations.<\/p>\n\n\n\n<p><a href=\"https:\/\/iapp.org\/news\/a\/illinois-action-lawsuit-against-tesla-alleges-vehicles-scan-for-facial-and-eye-tracking\/\">Integral to Tesla&#8217;s autopilot and full self-driving features is the fact that software looks at your eyes while you look at the road, using facial and optical tracking<\/a> to check your driving. Now a driver in Illinois has filed a proposed class action against Tesla Inc. for recording and storing biometric data without informed consent, illegal under Illinois&#8217;s Biometric Information Privacy Act, (BIPA). The suit also claims Tesla failed to make its data retention policy public, and failed to inform customers where facial recognition data was stored. Damages of 5000 dollars per BIPA violation are being sought. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>TechGDPR\u2019s review of international data-related stories from press and analytical reports. Official guidance: smart contracts, DPOs, AI risk management, GDPR cooperation The Spanish data protection authority AEPD analyzed smart contracts. Smart contracts are algorithms that are stored in a blockchain and that execute automated decisions. The very nature of the smart contract, when applied to [&hellip;]<\/p>\n","protected":false},"author":21,"featured_media":5592,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[94],"tags":[51,98,126,89,96,177,178],"class_list":["post-5591","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-data-protection-digest","tag-artificial-intelligence","tag-direct-marketing","tag-dpia","tag-dpo","tag-google-analytics","tag-password-management","tag-smart-contracts"],"acf":[],"featured_image_urls":{"full":["https:\/\/techgdpr.com\/wp-content\/uploads\/2022\/03\/mobile-phone-g0a9526784_1280.png",1280,792,false],"thumbnail":["https:\/\/techgdpr.com\/wp-content\/uploads\/2022\/03\/mobile-phone-g0a9526784_1280-150x150.png",150,150,true],"medium":["https:\/\/techgdpr.com\/wp-content\/uploads\/2022\/03\/mobile-phone-g0a9526784_1280-300x186.png",300,186,true],"medium_large":["https:\/\/techgdpr.com\/wp-content\/uploads\/2022\/03\/mobile-phone-g0a9526784_1280-768x475.png",640,396,true],"large":["https:\/\/techgdpr.com\/wp-content\/uploads\/2022\/03\/mobile-phone-g0a9526784_1280-1024x634.png",640,396,true],"1536x1536":["https:\/\/techgdpr.com\/wp-content\/uploads\/2022\/03\/mobile-phone-g0a9526784_1280.png",1280,792,false],"2048x2048":["https:\/\/techgdpr.com\/wp-content\/uploads\/2022\/03\/mobile-phone-g0a9526784_1280.png",1280,792,false],"image-200-200":["https:\/\/techgdpr.com\/wp-content\/uploads\/2022\/03\/mobile-phone-g0a9526784_1280-200x200.png",200,200,true]},"post_excerpt_stackable":"<p>TechGDPR\u2019s review of international data-related stories from press and analytical reports. Official guidance: smart contracts, DPOs, AI risk management, GDPR cooperation The Spanish data protection authority AEPD analyzed smart contracts. Smart contracts are algorithms that are stored in a blockchain and that execute automated decisions. The very nature of the smart contract, when applied to data of natural persons, falls within the scope defined by Art. 22 of the GDPR. This refers to the right of an interested party not to be subject to decisions based solely on automated means, including profiling, when those decisions have legal effects on them&hellip;<\/p>\n","category_list":"<a href=\"https:\/\/techgdpr.com\/blog\/category\/data-protection-digest\/\" rel=\"category tag\">Data Protection Digest<\/a>","author_info":{"name":"Olya Vasylyk","url":"https:\/\/techgdpr.com\/blog\/author\/olyav\/"},"comments_num":"0 comments","featured_image_urls_v2":{"full":["https:\/\/techgdpr.com\/wp-content\/uploads\/2022\/03\/mobile-phone-g0a9526784_1280.png",1280,792,false],"thumbnail":["https:\/\/techgdpr.com\/wp-content\/uploads\/2022\/03\/mobile-phone-g0a9526784_1280-150x150.png",150,150,true],"medium":["https:\/\/techgdpr.com\/wp-content\/uploads\/2022\/03\/mobile-phone-g0a9526784_1280-300x186.png",300,186,true],"medium_large":["https:\/\/techgdpr.com\/wp-content\/uploads\/2022\/03\/mobile-phone-g0a9526784_1280-768x475.png",640,396,true],"large":["https:\/\/techgdpr.com\/wp-content\/uploads\/2022\/03\/mobile-phone-g0a9526784_1280-1024x634.png",640,396,true],"1536x1536":["https:\/\/techgdpr.com\/wp-content\/uploads\/2022\/03\/mobile-phone-g0a9526784_1280.png",1280,792,false],"2048x2048":["https:\/\/techgdpr.com\/wp-content\/uploads\/2022\/03\/mobile-phone-g0a9526784_1280.png",1280,792,false],"image-200-200":["https:\/\/techgdpr.com\/wp-content\/uploads\/2022\/03\/mobile-phone-g0a9526784_1280-200x200.png",200,200,true]},"post_excerpt_stackable_v2":"<p>TechGDPR\u2019s review of international data-related stories from press and analytical reports. Official guidance: smart contracts, DPOs, AI risk management, GDPR cooperation The Spanish data protection authority AEPD analyzed smart contracts. Smart contracts are algorithms that are stored in a blockchain and that execute automated decisions. The very nature of the smart contract, when applied to data of natural persons, falls within the scope defined by Art. 22 of the GDPR. This refers to the right of an interested party not to be subject to decisions based solely on automated means, including profiling, when those decisions have legal effects on them&hellip;<\/p>\n","category_list_v2":"<a href=\"https:\/\/techgdpr.com\/blog\/category\/data-protection-digest\/\" rel=\"category tag\">Data Protection Digest<\/a>","author_info_v2":{"name":"Olya Vasylyk","url":"https:\/\/techgdpr.com\/blog\/author\/olyav\/"},"comments_num_v2":"0 comments","yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Weekly digest March 14 - 20, 2022: smart contracts, AI bias, password managers &amp; privacy - TechGDPR<\/title>\n<meta name=\"description\" content=\"TechGDPR\u2019s review of the most important privacy and data-related stories: smart contracts, AI bias, password managers &amp; privacy\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/techgdpr.com\/blog\/weekly-digest-21032022-smart-contracts-ai-bias-password-managers-and-privacy\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Weekly digest March 14 - 20, 2022: smart contracts, AI bias, password managers &amp; privacy - TechGDPR\" \/>\n<meta property=\"og:description\" content=\"TechGDPR\u2019s review of the most important privacy and data-related stories: smart contracts, AI bias, password managers &amp; privacy\" \/>\n<meta property=\"og:url\" content=\"https:\/\/techgdpr.com\/blog\/weekly-digest-21032022-smart-contracts-ai-bias-password-managers-and-privacy\/\" \/>\n<meta property=\"og:site_name\" content=\"TechGDPR\" \/>\n<meta property=\"article:published_time\" content=\"2022-03-21T10:49:46+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-03-25T12:10:15+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/techgdpr.com\/wp-content\/uploads\/2022\/03\/mobile-phone-g0a9526784_1280.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"792\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Olya Vasylyk\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@techgdpr\" \/>\n<meta name=\"twitter:site\" content=\"@techgdpr\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Olya Vasylyk\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"10 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/weekly-digest-21032022-smart-contracts-ai-bias-password-managers-and-privacy\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/weekly-digest-21032022-smart-contracts-ai-bias-password-managers-and-privacy\\\/\"},\"author\":{\"name\":\"Olya Vasylyk\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#\\\/schema\\\/person\\\/07e9c14fd01b25bd2c1907537e8547e8\"},\"headline\":\"Weekly digest March 14 &#8211; 20, 2022: smart contracts, AI bias, password managers &amp; privacy\",\"datePublished\":\"2022-03-21T10:49:46+00:00\",\"dateModified\":\"2024-03-25T12:10:15+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/weekly-digest-21032022-smart-contracts-ai-bias-password-managers-and-privacy\\\/\"},\"wordCount\":2163,\"publisher\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/weekly-digest-21032022-smart-contracts-ai-bias-password-managers-and-privacy\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/techgdpr.com\\\/wp-content\\\/uploads\\\/2022\\\/03\\\/mobile-phone-g0a9526784_1280.png\",\"keywords\":[\"Artificial Intelligence\",\"direct marketing\",\"DPIA\",\"dpo\",\"Google Analytics\",\"password management\",\"smart contracts\"],\"articleSection\":[\"Data Protection Digest\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/weekly-digest-21032022-smart-contracts-ai-bias-password-managers-and-privacy\\\/\",\"url\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/weekly-digest-21032022-smart-contracts-ai-bias-password-managers-and-privacy\\\/\",\"name\":\"Weekly digest March 14 - 20, 2022: smart contracts, AI bias, password managers &amp; privacy - TechGDPR\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/weekly-digest-21032022-smart-contracts-ai-bias-password-managers-and-privacy\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/weekly-digest-21032022-smart-contracts-ai-bias-password-managers-and-privacy\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/techgdpr.com\\\/wp-content\\\/uploads\\\/2022\\\/03\\\/mobile-phone-g0a9526784_1280.png\",\"datePublished\":\"2022-03-21T10:49:46+00:00\",\"dateModified\":\"2024-03-25T12:10:15+00:00\",\"description\":\"TechGDPR\u2019s review of the most important privacy and data-related stories: smart contracts, AI bias, password managers & privacy\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/weekly-digest-21032022-smart-contracts-ai-bias-password-managers-and-privacy\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/techgdpr.com\\\/blog\\\/weekly-digest-21032022-smart-contracts-ai-bias-password-managers-and-privacy\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/weekly-digest-21032022-smart-contracts-ai-bias-password-managers-and-privacy\\\/#primaryimage\",\"url\":\"https:\\\/\\\/techgdpr.com\\\/wp-content\\\/uploads\\\/2022\\\/03\\\/mobile-phone-g0a9526784_1280.png\",\"contentUrl\":\"https:\\\/\\\/techgdpr.com\\\/wp-content\\\/uploads\\\/2022\\\/03\\\/mobile-phone-g0a9526784_1280.png\",\"width\":1280,\"height\":792},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/weekly-digest-21032022-smart-contracts-ai-bias-password-managers-and-privacy\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/techgdpr.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Weekly digest March 14 &#8211; 20, 2022: smart contracts, AI bias, password managers &amp; privacy\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#website\",\"url\":\"https:\\\/\\\/techgdpr.com\\\/\",\"name\":\"TechGDPR\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/techgdpr.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#organization\",\"name\":\"TechGDPR\",\"url\":\"https:\\\/\\\/techgdpr.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/staging.techgdpr.com\\\/wp-content\\\/uploads\\\/2018\\\/04\\\/TGDPR_logo_500px.png\",\"contentUrl\":\"https:\\\/\\\/staging.techgdpr.com\\\/wp-content\\\/uploads\\\/2018\\\/04\\\/TGDPR_logo_500px.png\",\"width\":501,\"height\":334,\"caption\":\"TechGDPR\"},\"image\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/techgdpr\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/techgdpr\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#\\\/schema\\\/person\\\/07e9c14fd01b25bd2c1907537e8547e8\",\"name\":\"Olya Vasylyk\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/wp-content\\\/uploads\\\/2021\\\/10\\\/readyIMG_3694-1-2-150x150.jpg\",\"url\":\"https:\\\/\\\/techgdpr.com\\\/wp-content\\\/uploads\\\/2021\\\/10\\\/readyIMG_3694-1-2-150x150.jpg\",\"contentUrl\":\"https:\\\/\\\/techgdpr.com\\\/wp-content\\\/uploads\\\/2021\\\/10\\\/readyIMG_3694-1-2-150x150.jpg\",\"caption\":\"Olya Vasylyk\"},\"description\":\"Creator and editor of TechGDPR\u2019s weekly Digest. Postgraduate masters Diploma in Data Protection, Digital law and Management. Over a decade Olga previously was a broadcast journalist in Ukraine and France specializing in international affairs.\",\"url\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/author\\\/olyav\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Weekly digest March 14 - 20, 2022: smart contracts, AI bias, password managers &amp; privacy - TechGDPR","description":"TechGDPR\u2019s review of the most important privacy and data-related stories: smart contracts, AI bias, password managers & privacy","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/techgdpr.com\/blog\/weekly-digest-21032022-smart-contracts-ai-bias-password-managers-and-privacy\/","og_locale":"en_US","og_type":"article","og_title":"Weekly digest March 14 - 20, 2022: smart contracts, AI bias, password managers &amp; privacy - TechGDPR","og_description":"TechGDPR\u2019s review of the most important privacy and data-related stories: smart contracts, AI bias, password managers & privacy","og_url":"https:\/\/techgdpr.com\/blog\/weekly-digest-21032022-smart-contracts-ai-bias-password-managers-and-privacy\/","og_site_name":"TechGDPR","article_published_time":"2022-03-21T10:49:46+00:00","article_modified_time":"2024-03-25T12:10:15+00:00","og_image":[{"width":1280,"height":792,"url":"https:\/\/techgdpr.com\/wp-content\/uploads\/2022\/03\/mobile-phone-g0a9526784_1280.png","type":"image\/png"}],"author":"Olya Vasylyk","twitter_card":"summary_large_image","twitter_creator":"@techgdpr","twitter_site":"@techgdpr","twitter_misc":{"Written by":"Olya Vasylyk","Est. reading time":"10 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/techgdpr.com\/blog\/weekly-digest-21032022-smart-contracts-ai-bias-password-managers-and-privacy\/#article","isPartOf":{"@id":"https:\/\/techgdpr.com\/blog\/weekly-digest-21032022-smart-contracts-ai-bias-password-managers-and-privacy\/"},"author":{"name":"Olya Vasylyk","@id":"https:\/\/techgdpr.com\/#\/schema\/person\/07e9c14fd01b25bd2c1907537e8547e8"},"headline":"Weekly digest March 14 &#8211; 20, 2022: smart contracts, AI bias, password managers &amp; privacy","datePublished":"2022-03-21T10:49:46+00:00","dateModified":"2024-03-25T12:10:15+00:00","mainEntityOfPage":{"@id":"https:\/\/techgdpr.com\/blog\/weekly-digest-21032022-smart-contracts-ai-bias-password-managers-and-privacy\/"},"wordCount":2163,"publisher":{"@id":"https:\/\/techgdpr.com\/#organization"},"image":{"@id":"https:\/\/techgdpr.com\/blog\/weekly-digest-21032022-smart-contracts-ai-bias-password-managers-and-privacy\/#primaryimage"},"thumbnailUrl":"https:\/\/techgdpr.com\/wp-content\/uploads\/2022\/03\/mobile-phone-g0a9526784_1280.png","keywords":["Artificial Intelligence","direct marketing","DPIA","dpo","Google Analytics","password management","smart contracts"],"articleSection":["Data Protection Digest"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/techgdpr.com\/blog\/weekly-digest-21032022-smart-contracts-ai-bias-password-managers-and-privacy\/","url":"https:\/\/techgdpr.com\/blog\/weekly-digest-21032022-smart-contracts-ai-bias-password-managers-and-privacy\/","name":"Weekly digest March 14 - 20, 2022: smart contracts, AI bias, password managers &amp; privacy - TechGDPR","isPartOf":{"@id":"https:\/\/techgdpr.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/techgdpr.com\/blog\/weekly-digest-21032022-smart-contracts-ai-bias-password-managers-and-privacy\/#primaryimage"},"image":{"@id":"https:\/\/techgdpr.com\/blog\/weekly-digest-21032022-smart-contracts-ai-bias-password-managers-and-privacy\/#primaryimage"},"thumbnailUrl":"https:\/\/techgdpr.com\/wp-content\/uploads\/2022\/03\/mobile-phone-g0a9526784_1280.png","datePublished":"2022-03-21T10:49:46+00:00","dateModified":"2024-03-25T12:10:15+00:00","description":"TechGDPR\u2019s review of the most important privacy and data-related stories: smart contracts, AI bias, password managers & privacy","breadcrumb":{"@id":"https:\/\/techgdpr.com\/blog\/weekly-digest-21032022-smart-contracts-ai-bias-password-managers-and-privacy\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/techgdpr.com\/blog\/weekly-digest-21032022-smart-contracts-ai-bias-password-managers-and-privacy\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/techgdpr.com\/blog\/weekly-digest-21032022-smart-contracts-ai-bias-password-managers-and-privacy\/#primaryimage","url":"https:\/\/techgdpr.com\/wp-content\/uploads\/2022\/03\/mobile-phone-g0a9526784_1280.png","contentUrl":"https:\/\/techgdpr.com\/wp-content\/uploads\/2022\/03\/mobile-phone-g0a9526784_1280.png","width":1280,"height":792},{"@type":"BreadcrumbList","@id":"https:\/\/techgdpr.com\/blog\/weekly-digest-21032022-smart-contracts-ai-bias-password-managers-and-privacy\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/techgdpr.com\/"},{"@type":"ListItem","position":2,"name":"Weekly digest March 14 &#8211; 20, 2022: smart contracts, AI bias, password managers &amp; privacy"}]},{"@type":"WebSite","@id":"https:\/\/techgdpr.com\/#website","url":"https:\/\/techgdpr.com\/","name":"TechGDPR","description":"","publisher":{"@id":"https:\/\/techgdpr.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/techgdpr.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/techgdpr.com\/#organization","name":"TechGDPR","url":"https:\/\/techgdpr.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/techgdpr.com\/#\/schema\/logo\/image\/","url":"https:\/\/staging.techgdpr.com\/wp-content\/uploads\/2018\/04\/TGDPR_logo_500px.png","contentUrl":"https:\/\/staging.techgdpr.com\/wp-content\/uploads\/2018\/04\/TGDPR_logo_500px.png","width":501,"height":334,"caption":"TechGDPR"},"image":{"@id":"https:\/\/techgdpr.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/techgdpr","https:\/\/www.linkedin.com\/company\/techgdpr"]},{"@type":"Person","@id":"https:\/\/techgdpr.com\/#\/schema\/person\/07e9c14fd01b25bd2c1907537e8547e8","name":"Olya Vasylyk","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/techgdpr.com\/wp-content\/uploads\/2021\/10\/readyIMG_3694-1-2-150x150.jpg","url":"https:\/\/techgdpr.com\/wp-content\/uploads\/2021\/10\/readyIMG_3694-1-2-150x150.jpg","contentUrl":"https:\/\/techgdpr.com\/wp-content\/uploads\/2021\/10\/readyIMG_3694-1-2-150x150.jpg","caption":"Olya Vasylyk"},"description":"Creator and editor of TechGDPR\u2019s weekly Digest. Postgraduate masters Diploma in Data Protection, Digital law and Management. Over a decade Olga previously was a broadcast journalist in Ukraine and France specializing in international affairs.","url":"https:\/\/techgdpr.com\/blog\/author\/olyav\/"}]}},"_links":{"self":[{"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/posts\/5591","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/users\/21"}],"replies":[{"embeddable":true,"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/comments?post=5591"}],"version-history":[{"count":22,"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/posts\/5591\/revisions"}],"predecessor-version":[{"id":8372,"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/posts\/5591\/revisions\/8372"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/media\/5592"}],"wp:attachment":[{"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/media?parent=5591"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/categories?post=5591"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/tags?post=5591"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}