cad图纸导入ai尺寸变了
In a judgment issued last week, the European Court of Justice invalidated the EU-U.S. Privacy Shield Program by which businesses in the United States could self-certify their compliance with a framework of principles for data protection. This judgment is the top privacy story for multinational companies this year. What does this mean for artificial intelligence companies? For AI companies using personal data to train machine learning systems, the answer is that it just got harder to import personal data from the European Union (EU) and broader European Economic Area (EEA) to the United States.
在上周发布的一项判决中,欧洲法院裁定“欧盟-美国隐私保护计划”无效,通过该计划,美国企业可以自我证明其对数据保护原则框架的遵守情况。 这一判断是今年跨国公司最重要的隐私故事。 这对人工智能公司意味着什么? 对于使用个人数据来训练机器学习系统的AI公司而言,答案是,将个人数据从欧盟(EU)和更广泛的欧洲经济区(EEA)导入美国变得更加困难。
The background is that some U.S. businesses in the artificial intelligence field are importing personal data from European countries to train machine learning systems with a myriad of applications. Companies with a physical presence in the EEA, companies directing marketing efforts to EEA member states, and companies monitoring the behavior of individuals present in EEA member states are subject to the European Union’s General Data Protection Regulation. For more details, see my earlier blog post. In addition, other U.S. businesses may provide services to another U.S. business that has already imported personal data from EEA countries. Such U.S. businesses must then agree by contract to protect personal data from those countries with the same level of protection they would receive under GDPR in the EEA. Therefore, some AI companies are required, directly or indirectly, to meet GDPR standards.
背景是,人工智能领域的一些美国企业正在从欧洲国家导入个人数据,以训练具有众多应用程序的机器学习系统。 在欧洲经济区有实体机构的公司,将市场营销工作指向欧洲经济区成员国的公司以及监视欧洲经济区成员国中个人行为的公司均受欧盟《通用数据保护条例》的约束。 有关更多详细信息,请参见我之前的博客文章。 此外,其他美国企业可能会向已经从EEA国家导入个人数据的另一美国企业提供服务。 然后,此类美国企业必须通过合同达成协议,以保护这些国家/地区的个人数据,并获得与EEA中GDPR相同的保护水平。 因此,一些AI公司被要求直接或间接满足GDPR标准。
GDPR allows for the free flow of personal data from EEA countries to countries that the European Commission has found to have an adequate level of data protection. So if the laws in those countries are stringent enough, then there is no barrier to exporting personal data to those countries from the EEA. And by “export,” I mean that a company in an EEA member state could, for instance, send the personal data to a vendor in one of those countries. As one example, a cloud storage provider in Canada could receive personal data from EEA companies without any GDPR-imposed restrictions. The laws in Canada are stringent enough to protect personal data. Other countries with such adequacy decisions include Argentina, Israel, Japan, Switzerland, and New Zealand.
GDPR允许个人数据从EEA国家自由流向欧洲委员会发现具有足够数据保护水平的国家。 因此,如果这些国家/地区的法律足够严格,那么从EEA向这些国家/地区导出个人数据就没有障碍。 所谓“出口”,是指欧洲经济区成员国的公司可以将个人数据发送给其中一个国家的供应商。 例如,加拿大的云存储提供商可以从EEA公司接收个人数据,而不受GDPR施加的任何限制。 加拿大的法律非常严格,可以保护个人数据。 做出此类适当决定的其他国家/地区包括阿根廷,以色列,日本,瑞士和新西兰。
For countries that don’t have stringent enough laws, some “transfer mechanism” must be in place to allow for the export of personal data from EEA member states to those countries. The United States is one of those countries. The three main options for transfer mechanisms that U.S. businesses chose to use to import personal data have been:
对于没有足够严格法律的国家,必须建立某种“转移机制”,以允许将个人数据从EEA成员国输出到这些国家。 美国是这些国家之一。 美国企业选择用于导入个人数据的传输机制的三个主要选择是:
- Standard contract terms (called “Standard Contractual Clauses”), which were developed to allow for a personal data importer to commit to an adequate level of protection by contract标准合同条款(称为“标准合同条款”)的制定是为了允许个人数据导入者通过合同承诺提供足够的保护水平
- “Binding corporate rules” that allows for an intra-enterprise transfer of personal data, say, within a conglomerate of affiliated multinational companies“具有约束力的公司规则”,例如,允许在关联的跨国公司集团内在企业内部传输个人数据
Privacy Shield allowed a U.S. AI company to self-certify to the U.S. Department of Commerce that it is in compliance with a framework of privacy and security principles. Once registered, the self-certification meant that a company didn’t have to include the lengthy and cumbersome Standard Contractual Clauses into every cross-border deal, thereby speeding up the contracting process and making it more efficient. Privacy Shield was therefore attractive for U.S. companies doing frequent deals to import personal data from EEA member states. Binding corporate rules are only for intra-enterprise transfers and so technically don’t apply to a transaction between unrelated customers and vendors overseas. Moreover, they require advance approval by a data protection authority.
Privacy Shield允许一家美国AI公司向美国商务部进行自我认证,证明其符合隐私和安全原则的框架。 一旦注册成功,自我认证意味着公司不必在每项跨境交易中都加入冗长而繁琐的标准合同条款,从而加快了签约流程并提高了签约效率。 因此,Privacy Shield对频繁进行交易以从EEA成员国导入个人数据的美国公司具有吸引力。 具有约束力的公司规则仅适用于企业内部转移,因此从技术上讲不适用于无关客户和海外供应商之间的交易。 此外,它们需要数据保护机构的事先批准。
Last week’s decision means that AI companies can no longer rely on the Privacy Shield program to import personal data from EEA member states to the U.S. There might be a way to make binding corporate rules work for intra-enterprise transfers to the U.S. But for the vast majority of U.S.-based AI companies, they will now need to use the Standard Contractual Clauses as a transfer mechanism. What does that mean as a practical matter?
上周的决定意味着AI公司不再能够依靠Privacy Shield计划从EEA成员国向美国导入个人数据。也许有一种方法可以使具有约束力的公司规则适用于企业内部向美国的转移。大多数位于美国的AI公司,他们现在将需要使用标准合同条款作为转移机制。 这实际上意味着什么?
First, it means that AI companies reliant on Privacy Shield as a transfer mechanism and describing their transfers in their privacy policies must now revise their privacy policies right away. Any mention of reliance on Privacy Shield must now be eliminated. Second, any data processing addendums or agreements with European entities calling out Privacy Shield as the transfer mechanism used must now be amended to delete references to Privacy Shield. Instead, they must make sure Standard Contractual Clauses are now in place. If the AI business struck a lot of these deals, there will be a lot of time and effort spent to review relevant agreements and renegotiate each one with counter parties in EEA countries.
首先,这意味着AI公司依靠Privacy Shield作为一种转移机制,并在其隐私政策中描述其转移必须立即修改其隐私政策。 现在必须消除对“隐私盾”的依赖。 其次,现在必须修改与欧洲实体的任何数据处理附录或协议,称隐私盾为使用的传输机制,以删除对隐私盾的引用。 相反,他们必须确保标准合同条款现已到位。 如果AI业务达成了很多这样的交易,那么将花费大量的时间和精力来审查相关协议,并与EEA国家/地区的交易对方重新谈判。
The judgment allowed for continued use of the Standard Contractual Clauses for now. Nonetheless, the problems with Privacy Shield may also be determined later to apply to the Standard Contractual Clauses as well. The unfortunate thing about the Court of Justice’s opinion is that it was not based on a failure by U.S. businesses to take proper care of personal data from EEA countries. On the contrary, the decision was based on the U.S. government’s surveillance of EEA residents without privacy rights such as the right to access what information was collected, the right to rectify incorrect personal data or the right of erasure of that data. The U.S. government does not have official mechanisms to allow for EEA residents to have such rights.
该判决允许暂时继续使用标准合同条款。 但是,隐私屏蔽的问题也可以在以后确定,也适用于标准合同条款。 法院观点的不幸之处在于,它并非基于美国企业未能妥善保管来自EEA国家的个人数据。 相反,该决定是基于美国政府对EEA居民的监视而没有隐私权,例如访问所收集信息的权利,纠正不正确的个人数据的权利或删除该数据的权利。 美国政府没有允许EEA居民拥有此类权利的官方机制。
Therefore, no matter how well-behaved U.S. businesses were in terms of their compliance with Privacy Shield, the U.S. federal government’s surveillance meant EEA residents could not have comprehensive adequate privacy protections in the U.S. But the same reasoning could apply to Standard Contractual Clauses as well. Businesses could agree privately to provide adequate protection using Standard Contractual Clauses. But if the U.S. government could still conduct surveillance of EEA residents without affording privacy rights to them under Privacy Shield, they could do the same for companies using the Standard Contractual Clauses. If the Standard Contractual Clauses are later invalidated or do not permit the importation of personal data from Europe to the U.S., European-U.S. cross-border commerce in data will grind to a halt and disaster will ensue.
因此,无论美国企业在遵守Privacy Shield方面表现如何,美国联邦政府的监视都意味着EEA居民在美国无法获得全面的充分隐私保护,但同样的理由也适用于标准合同条款。 企业可以私下达成一致,以使用标准合同条款提供足够的保护。 但是,如果美国政府仍然可以对欧洲经济区居民进行监视,而又没有在“隐私保护盾”下赋予其隐私权,那么他们可以对使用标准合同条款的公司采取同样的措施。 如果后来使标准合同条款失效或不允许将个人数据从欧洲进口到美国,则欧美之间的数据跨境贸易将陷入停顿,灾难将接disaster而至。
Originally published at https://www.airoboticslaw.com.
cad图纸导入ai尺寸变了
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
