2025-02-03 Podcast - Jekaterina Macuka

 

Jekaterina Macuka is a lawyer and public official who currently serves as the Director of the Data State Inspectorate of Latvia and a member of European Data Protection Board. She have worked in the Ministry of Justice and even as director of Patent Office.

We met recently at a conference where we had a heated debate about GDPR regulations and some famous cases in the Baltics, discussing how they have impacted businesses in the region.

Law and AI

  1. How you use AI in your work?

  2. Will AI replace judges? Why?

  3. Will AI replace lawyers? Why?

  4. What was the most fun legal case you have worked on?

  5. What has been the most challenging case?

Questions about GDPR and business cases

  1. How large is Data State Inspectorate of Latvia?

  2. How do you opeate? Do you actively look for violations of GDPR?

  3. Are your job soley focused on GDPR or you enforce other regulations as well?

  4. What is GDPR in detail?

  5. How to implement GDPR in practice?

  6. Do all EU companies require a Data Specialist, and what is their job?

  7. Why it is so important for companies to be compliant with GDPR?

Context: I have heard that actually by adding GDPR checkbox or attachment to agreement it is easier nowadays to sell your data to third parties, because you just carelesly consent to it.

  1. Is it possible to still do it if you sign such contracts?

  2. What cannot company do with your data even if you consent to it?

  3. What's the wierdest GDPR violation you've encountered?

Context: The Latvian telecommunications company Tet has been involved in a significant GDPR violation case that resulted in a €1.2 million fine, which was recently upheld by the Riga Regional Court in June 2024. The investigation began following a 2020 incident where someone attempted to fraudulently access Tet+ platform services using another person's data3. In one notable case, the personal data of a minor was transferred to a debt recovery service due to lack of proper verification.

  1. What exactly happened with Tet GDPR Case? Why fine and not just warning and help to be compliant?

  2. Have you had cases where you settled silently without any fine?

  3. How the business would be different if GDPR would not exist?

Questions about AI Act

Context: There has recently been ratified AI Act in EU and now local goverments have to implement till 2027, but Unacceptable risk solutions should be banned by February 2, 2025.

image-20250203191512312

  1. What is AI Act in detail? (Unacceptable risk, High risk, Limited risk, Low risk, No risk solutions and requirements)

  2. Will security cameras with face recognition be banned?

  3. Why are deepfakes considered a limited risk, while systems such as those dealing with human resource allocation are considered high risk?

  4. How practically companies will have to change their business to be compliant with AI Act?

  5. Will there be another checkbox and contract for AI Act and all employment related systems will "high risk"?

  6. Are we going to need "AI compliance officers" like we have GDPR officers?

  7. Who will be responsible for AI Act compliance in Latvia?

Effects of regulation on AI

  1. How could EU regulations actually help create better AI systems?

  2. Do you think EU politicians understand AI enough to regulate it?

  3. Could EU regulations create an "AI black market" of restricted solutions?

  4. Will AI companies start using "Made in US" labels to avoid EU regulations?

  5. How this will affect innovation in AI?