Tarun Samtani
LightNews LightNews
banner
tsamtani.bsky.social
Tarun Samtani
@tsamtani.bsky.social
290 followers 51 following 8 posts
Data Protection & Privacy Leader | DPO | AI Governance | IAPP Advisory Board Member | Mentor | CIPM | Trainer & Speaker

www.linkedin.com/in/tsamtani
Posts Replies Media Videos
Reposted by Tarun Samtani
christinaayiotis.bsky.social
“ .. convergence of AI-driven mental health apps, attorney well-being .. data privacy .. important legal & ethical considerations, especially in relation to .. HIPAA .. various state-specific privacy regulations.” www.americanbar.org/groups/law_p...
Responsible AI Use in Attorney Well-Being: Legal and Ethical Considerations
AI-powered stress management tools are designed to help legal professionals maintain their composure in high-pressure situations.
www.americanbar.org
May 20, 2025 at 11:12 AM
Reposted by Tarun Samtani
mattjay.com
🧵 THREAD: A federal whistleblower just dropped one of the most disturbing cybersecurity disclosures I’ve ever read.

He's saying DOGE came in, data went out, and Russians started attempting logins with new valid DOGE passwords

Media's coverage wasn't detailed enough so I dug into his testimony:
April 18, 2025 at 12:10 AM
Reposted by Tarun Samtani
mofoprivacy.bsky.social
In an article for IAPP, MoFo’s Carrie H. Cohen, Boris Segalis, Katherine Wang, and Darcy Black review the New York attorney general's robust #privacy and #cybersecurity enforcement actions in 2024: bit.ly/4h9pllz
March 7, 2025 at 3:12 PM
Reposted by Tarun Samtani
evacide.bsky.social
We can learn so much about good opsec through the many negative examples brought to us by this carload of clowns: www.businessinsider.com/doge-nasa-go...
We found a DOGE guy at NASA because his Google Calendar was public
DOGE staffer Riley Sennott's Google Calendar wasn't private, exposing his interactions with DOGE and firms like Tesla and Palantir.
www.businessinsider.com
March 7, 2025 at 9:05 PM
Reposted by Tarun Samtani
christinaayiotis.bsky.social
“87% of security professionals report that their organisation has encountered an AI-driven cyber-attack in the last year, according to a new study by SoSafe, Europe’s largest security awareness and human risk management solution.” www.digit.fyi/87-of-firms-...
87% of Firms Hit By AI Cyber-attacks
87% of security professionals report that their organisation has encountered an AI-driven cyber-attack in the last year.
www.digit.fyi
March 8, 2025 at 12:08 AM
Reposted by Tarun Samtani
elsenor.bsky.social
Watch the #sxsw keynote on personal online security and tell me you are not a fan of @meredithmeredith.bsky.social – I won't believe you.

www.youtube.com/live/AyH7zoP...
The State of Personal Online Security and Confidentiality | SXSW LIVE
YouTube video by SXSW
www.youtube.com
March 7, 2025 at 8:40 PM
Reposted by Tarun Samtani
meredithmeredith.bsky.social
I did. Because it does.

techcrunch.com/2025/03/07/s...
Signal President Meredith Whittaker calls out agentic AI as having 'profound' security and privacy issues | TechCrunch
Signal President Meredith Whittaker warned Friday that agentic AI could come with a risk to user privacy. Speaking onstage at the SXSW conference in
techcrunch.com
March 8, 2025 at 3:56 AM
Reposted by Tarun Samtani
Wow!
If you're still uncertain why you should start using @signal.org (and @ProtonPrivacy.bsky.social btw.),

You must see this @GuyKawasaki.bsky.social @sxsw.com interview with @meredithmeredith.bsky.social

www.youtube.com/live/AyH7zoP...
March 8, 2025 at 10:45 PM
Reposted by Tarun Samtani
businessinsider.com
At SXSW, Signal President Meredith Whittaker warned about the 'profound' security risks to user privacy posed by agentic AI.
Signal president warns the hyped agentic AI bots threaten user privacy
At SXSW, Signal President Meredith Whittaker warned about the 'profound' security risks to user privacy posed by agentic AI.
www.businessinsider.com
March 8, 2025 at 9:36 PM
Reposted by Tarun Samtani
boscolo.co
"The Salt Typhoon hack was a catastrophic national security breach!" -Meredith Whittaker

fyi for those that weren't aware of the breach:
www.politico.com/news/2024/12...
March 8, 2025 at 9:09 PM
Reposted by Tarun Samtani
edzitron.com
Newsletter: The DeepSeek situation is a moment that should fill Silicon Valley with shame, a monument to the lack of vision and herd mentality of the American tech industry. OpenAI and Anthropic have no moat, no business, no innovation, and I believe no future.

www.wheresyoured.at/deep-impact/
Deep Impact
Soundtrack: The Hives — Hate To Say I Told You So In the last week or so, but especially over the weekend, the entire generative AI industry has been thrown into chaos. This won’t be a lengthy, tech...
www.wheresyoured.at
January 29, 2025 at 4:42 PM
Reposted by Tarun Samtani
christinaayiotis.bsky.social
Copyright and Artificial Intelligence
Part 2: Copyrightability
January 2025

www.copyright.gov/ai/Copyright...
www.copyright.gov
January 30, 2025 at 12:36 PM
Reposted by Tarun Samtani
montezumachavez.bsky.social
The Polish DPA announced that it has fined a bank for failing to ensure the independence of the data protection officer (DPO) and failing to register "profiling" as a processing activity under the ROPA. See uodo.gov.pl/decyzje/DKN.....
Decyzje Prezesa UODO- Urząd Ochrony Danych Osobowych.
uodo.gov.pl
January 20, 2025 at 1:32 PM
Reposted by Tarun Samtani
montezumachavez.bsky.social
News from Association of Southeast Asian Nations, or ASEAN,

ASEAN Guide on Data Anonymization. See

lnkd.in/dfrf7cYV

Joint Guide to ASEAN Model Contractual Clauses and LATAM Model Contractual Clauses. See

lnkd.in/dVAxSgcD
January 20, 2025 at 1:47 PM
Reposted by Tarun Samtani
montezumachavez.bsky.social
Key principles related to the processing of personal
data in FTC's decision in the Matter of General Motors LLC, General Motors and OnStar: (i) Lawfulness, fairness, and transparency; (ii) Purpose limitation; (iii) Data minimization; (iv) Storage limitation; and (v) Accountability.
January 18, 2025 at 10:10 PM
Reposted by Tarun Samtani
daniel-solove.bsky.social
ICYMI - Webinar: Privacy Litigation [Video (free] – Daniel Solove + Katherine Heaton (Beazley) + Melissa Siebert (Cozen) youtu.be/krjtQEic3ig
Webinar - Privacy Litigation
YouTube video by TeachPrivacy
youtu.be
January 18, 2025 at 10:54 PM
Reposted by Tarun Samtani
openmicmedia.bsky.social
Great paper from @davidthewid.bsky.social, @meredithmeredith.bsky.social and @smw.bsky.social outlines the real obstacle to diversity and accountability in the AI sector: concentration of power in the hands of a few corporations. www.nature.com/articles/s41...
Why ‘open’ AI systems are actually closed, and why this matters - Nature
A review of the literature on artificial intelligence systems to examine openness reveals that open AI systems are actually closed, as they are highly dependent on the resources of a few large corpora...
www.nature.com
December 6, 2024 at 2:11 PM
Reposted by Tarun Samtani
robertjbateman.bsky.social
The UK hopes to open up AI-driven decision-making.

The current prohibition (Art 22 UK GDPR) covers "automated decisions" based on all types of personal data.

The Data (Use and Access) Bill would narrow it to "special category" data only.

Safeguards would still be required for all personal data.
Under the current law, significant solely automated decision-making based on personal data is prohibited unless one of the following three conditions applies: The data subject gives explicit consent, or The decision is necessary for a contract between the data subject and a controller, or The decision is required or authorised by a UK law that provides safeguards for rights and freedoms. Under the new Article 22B, this prohibition would only apply where special category data is involved. The exceptions are also slightly different: The data subject gives explicit consent, or The processing is based on Article 9(2)(g) (“substantial public interest”), and either: The decision is necessary for a contract between the data subject and a controller, or The decision is required or authorised by law. Controllers cannot rely on the new legal basis of “recognised legitimate interests” for automated decisions. This would mean automated decision-making that only involves “non-special category data” is generally permitted, subject to certain safeguards.
December 5, 2024 at 2:24 PM
Reposted by Tarun Samtani
noyb.eu
🥳 As of yesterday, noyb is approved as a qualified entity to bring collective redress actions in EU courts!

This allows us to bring a European version of a "Class Action", where thousands or millions of users could be represented by noyb.

More Info 👇
noyb.eu
December 3, 2024 at 10:30 AM
Reposted by Tarun Samtani
sauvik.me
I created a starter pack for researchers who work at the nexus of HCI & cybersecurity / privacy here.

Please do let me know if you would like to be added to the list!I'm sure I've missed many folks.

go.bsky.app/RGsu5jn
November 20, 2024 at 4:22 PM
Reposted by Tarun Samtani
privacyguru.bsky.social
My “Privacy, Data Protection, & Ethical Tech” Starter Pack

#PrivacySky #EthicalAI #DataProtection

go.bsky.app/HSRZtb8
November 30, 2024 at 10:06 AM
Reposted by Tarun Samtani
montezumachavez.bsky.social
Missed the latest AI Pact webinar on the AI Act? Dive into insightful discussions, expert opinions, and practical takeaways by watching the full session on YouTube.

m.youtube.com/watch?v=eLlS...
Webinar exploring the Architecture of the AI Act
YouTube video by DigitalEU
m.youtube.com
November 30, 2024 at 12:50 PM
Reposted by Tarun Samtani
montezumachavez.bsky.social
But what about transparency under Article 14 of GDPR where the personal data is derived by the controller? See eur-lex.europa.eu/legal-content/…

Derived personal data is personal data that is created from other personal data by an organization in the course of business.
November 30, 2024 at 1:38 PM