cad圖紙導入ai尺寸變了

In a judgment issued last week, the European Court of Justice invalidated the EU-U.S. Privacy Shield Program by which businesses in the United States could self-certify their compliance with a framework of principles for data protection. This judgment is the top privacy story for multinational companies this year. What does this mean for artificial intelligence companies? For AI companies using personal data to train machine learning systems, the answer is that it just got harder to import personal data from the European Union (EU) and broader European Economic Area (EEA) to the United States.

在上周發布的一項判決中，歐洲法院裁定“歐盟-美國隱私保護計劃”無效，通過該計劃，美國企業可以自我證明其對數據保護原則框架的遵守情況。 這一判斷是今年跨國公司最重要的隱私故事。 這對人工智能公司意味著什么？ 對于使用個人數據來訓練機器學習系統的AI公司而言，答案是，將個人數據從歐盟(EU)和更廣泛的歐洲經濟區(EEA)導入美國變得更加困難。

The background is that some U.S. businesses in the artificial intelligence field are importing personal data from European countries to train machine learning systems with a myriad of applications. Companies with a physical presence in the EEA, companies directing marketing efforts to EEA member states, and companies monitoring the behavior of individuals present in EEA member states are subject to the European Union’s General Data Protection Regulation. For more details, see my earlier blog post. In addition, other U.S. businesses may provide services to another U.S. business that has already imported personal data from EEA countries. Such U.S. businesses must then agree by contract to protect personal data from those countries with the same level of protection they would receive under GDPR in the EEA. Therefore, some AI companies are required, directly or indirectly, to meet GDPR standards.

背景是，人工智能領域的一些美國企業正在從歐洲國家導入個人數據，以訓練具有眾多應用程序的機器學習系統。 在歐洲經濟區有實體機構的公司，將市場營銷工作指向歐洲經濟區成員國的公司以及監視歐洲經濟區成員國中個人行為的公司均受歐盟《通用數據保護條例》的約束。 有關更多詳細信息，請參見我之前的博客文章。 此外，其他美國企業可能會向已經從EEA國家導入個人數據的另一美國企業提供服務。 然后，此類美國企業必須通過合同達成協議，以保護這些國家/地區的個人數據，并獲得與EEA中GDPR相同的保護水平。 因此，一些AI公司被要求直接或間接滿足GDPR標準。

GDPR allows for the free flow of personal data from EEA countries to countries that the European Commission has found to have an adequate level of data protection. So if the laws in those countries are stringent enough, then there is no barrier to exporting personal data to those countries from the EEA. And by “export,” I mean that a company in an EEA member state could, for instance, send the personal data to a vendor in one of those countries. As one example, a cloud storage provider in Canada could receive personal data from EEA companies without any GDPR-imposed restrictions. The laws in Canada are stringent enough to protect personal data. Other countries with such adequacy decisions include Argentina, Israel, Japan, Switzerland, and New Zealand.

GDPR允許個人數據從EEA國家自由流向歐洲委員會發現具有足夠數據保護水平的國家。 因此，如果這些國家/地區的法律足夠嚴格，那么從EEA向這些國家/地區導出個人數據就沒有障礙。 所謂“出口”，是指歐洲經濟區成員國的公司可以將個人數據發送給其中一個國家的供應商。 例如，加拿大的云存儲提供商可以從EEA公司接收個人數據，而不受GDPR施加的任何限制。 加拿大的法律非常嚴格，可以保護個人數據。 做出此類適當決定的其他國家/地區包括阿根廷，以色列，日本，瑞士和新西蘭。

For countries that don’t have stringent enough laws, some “transfer mechanism” must be in place to allow for the export of personal data from EEA member states to those countries. The United States is one of those countries. The three main options for transfer mechanisms that U.S. businesses chose to use to import personal data have been:

對于沒有足夠嚴格法律的國家，必須建立某種“轉移機制”，以允許將個人數據從EEA成員國輸出到這些國家。 美國是這些國家之一。 美國企業選擇用于導入個人數據的傳輸機制的三個主要選擇是：

• The Privacy Shield Program

  隱私保護計劃

• Standard contract terms (called “Standard Contractual Clauses”), which were developed to allow for a personal data importer to commit to an adequate level of protection by contract
  標準合同條款(稱為“標準合同條款”)的制定是為了允許個人數據導入者通過合同承諾提供足夠的保護水平
• “Binding corporate rules” that allows for an intra-enterprise transfer of personal data, say, within a conglomerate of affiliated multinational companies
  “具有約束力的公司規則”，例如，允許在關聯的跨國公司集團內在企業內部傳輸個人數據

Privacy Shield allowed a U.S. AI company to self-certify to the U.S. Department of Commerce that it is in compliance with a framework of privacy and security principles. Once registered, the self-certification meant that a company didn’t have to include the lengthy and cumbersome Standard Contractual Clauses into every cross-border deal, thereby speeding up the contracting process and making it more efficient. Privacy Shield was therefore attractive for U.S. companies doing frequent deals to import personal data from EEA member states. Binding corporate rules are only for intra-enterprise transfers and so technically don’t apply to a transaction between unrelated customers and vendors overseas. Moreover, they require advance approval by a data protection authority.

Privacy Shield允許一家美國AI公司向美國商務部進行自我認證，證明其符合隱私和安全原則的框架。 一旦注冊成功，自我認證意味著公司不必在每項跨境交易中都加入冗長而繁瑣的標準合同條款，從而加快了簽約流程并提高了簽約效率。 因此，Privacy Shield對頻繁進行交易以從EEA成員國導入個人數據的美國公司具有吸引力。 具有約束力的公司規則僅適用于企業內部轉移，因此從技術上講不適用于無關客戶和海外供應商之間的交易。 此外，它們需要數據保護機構的事先批準。

Last week’s decision means that AI companies can no longer rely on the Privacy Shield program to import personal data from EEA member states to the U.S. There might be a way to make binding corporate rules work for intra-enterprise transfers to the U.S. But for the vast majority of U.S.-based AI companies, they will now need to use the Standard Contractual Clauses as a transfer mechanism. What does that mean as a practical matter?

上周的決定意味著AI公司不再能夠依靠Privacy Shield計劃從EEA成員國向美國導入個人數據。也許有一種方法可以使具有約束力的公司規則適用于企業內部向美國的轉移。大多數位于美國的AI公司，他們現在將需要使用標準合同條款作為轉移機制。 這實際上意味著什么？

First, it means that AI companies reliant on Privacy Shield as a transfer mechanism and describing their transfers in their privacy policies must now revise their privacy policies right away. Any mention of reliance on Privacy Shield must now be eliminated. Second, any data processing addendums or agreements with European entities calling out Privacy Shield as the transfer mechanism used must now be amended to delete references to Privacy Shield. Instead, they must make sure Standard Contractual Clauses are now in place. If the AI business struck a lot of these deals, there will be a lot of time and effort spent to review relevant agreements and renegotiate each one with counter parties in EEA countries.

首先，這意味著AI公司依靠Privacy Shield作為一種轉移機制，并在其隱私政策中描述其轉移必須立即修改其隱私政策。 現在必須消除對“隱私盾”的依賴。 其次，現在必須修改與歐洲實體的任何數據處理附錄或協議，稱隱私盾為使用的傳輸機制，以刪除對隱私盾的引用。 相反，他們必須確保標準合同條款現已到位。 如果AI業務達成了很多這樣的交易，那么將花費大量的時間和精力來審查相關協議，并與EEA國家/地區的交易對方重新談判。

The judgment allowed for continued use of the Standard Contractual Clauses for now. Nonetheless, the problems with Privacy Shield may also be determined later to apply to the Standard Contractual Clauses as well. The unfortunate thing about the Court of Justice’s opinion is that it was not based on a failure by U.S. businesses to take proper care of personal data from EEA countries. On the contrary, the decision was based on the U.S. government’s surveillance of EEA residents without privacy rights such as the right to access what information was collected, the right to rectify incorrect personal data or the right of erasure of that data. The U.S. government does not have official mechanisms to allow for EEA residents to have such rights.

該判決允許暫時繼續使用標準合同條款。 但是，隱私屏蔽的問題也可以在以后確定，也適用于標準合同條款。 法院觀點的不幸之處在于，它并非基于美國企業未能妥善保管來自EEA國家的個人數據。 相反，該決定是基于美國政府對EEA居民的監視而沒有隱私權，例如訪問所收集信息的權利，糾正不正確的個人數據的權利或刪除該數據的權利。 美國政府沒有允許EEA居民擁有此類權利的官方機制。

Therefore, no matter how well-behaved U.S. businesses were in terms of their compliance with Privacy Shield, the U.S. federal government’s surveillance meant EEA residents could not have comprehensive adequate privacy protections in the U.S. But the same reasoning could apply to Standard Contractual Clauses as well. Businesses could agree privately to provide adequate protection using Standard Contractual Clauses. But if the U.S. government could still conduct surveillance of EEA residents without affording privacy rights to them under Privacy Shield, they could do the same for companies using the Standard Contractual Clauses. If the Standard Contractual Clauses are later invalidated or do not permit the importation of personal data from Europe to the U.S., European-U.S. cross-border commerce in data will grind to a halt and disaster will ensue.

因此，無論美國企業在遵守Privacy Shield方面表現如何，美國聯邦政府的監視都意味著EEA居民在美國無法獲得全面的充分隱私保護，但同樣的理由也適用于標準合同條款。 企業可以私下達成一致，以使用標準合同條款提供足夠的保護。 但是，如果美國政府仍然可以對歐洲經濟區居民進行監視，而又沒有在“隱私保護盾”下賦予其隱私權，那么他們可以對使用標準合同條款的公司采取同樣的措施。 如果后來使標準合同條款失效或不允許將個人數據從歐洲進口到美國，則歐美之間的數據跨境貿易將陷入停頓，災難將接disaster而至。

Originally published at https://www.airoboticslaw.com.

最初發布在https://www.airoboticslaw.com上。

翻譯自: https://medium.com/@stephenswu/it-just-got-harder-for-ai-companies-to-import-european-personal-data-daf3dc77152a

cad圖紙導入ai尺寸變了

總結

以上是生活随笔為你收集整理的cad图纸导入ai尺寸变了_AI公司导入欧洲个人数据变得更加困难的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。