Aphaia attends FOAN2019

8th International conference on Fiber Optics in Access Networks (FOAN2019) was held 2-4 September on Swissotel, Sarajevo.

More than 60 talks were delivered by the most top professionals in the Telecoms field, including people from Industry, Academy, Government and Regulatory Agencies during FOAN2019. The event brought together attendees from all around the world, from southern and eastern Europe, Japan and US, among others.

During the three whole days, the participants were able to share their thoughts and projects, plus enjoy two networking dinners in the beautiful old town of Sarajevo.

Special mention to Edvin Skaljo, who as a chair, together with the rest of the team, made this all possible.

The talks, focused on Fiber Optics in Access Networks, addressed the field from several different perspectives: IoT, Big Data, 5G, IP Rights, Data Protection and Smart Cities, etc. Some workshops and student demo sessionswere run in parallel in another room of the venue. Local TV and press came to FOAN2019 and documented the different activities and talks.

Aphaia was invited to deliver a speech and to moderate a Panel Discussion. Our Partner Cristina Contero Almagro offered a talk about Smart Cities and Privacy and alsochaired a Panel Discussion about Smart Cities and Regulation on the Day Three of FOAN2019.

She presented some of the main privacy and security challenges that Smart Cities are currently tackling, like the potential data breach risks and the need of identifying an adequate legitimate basis for the processing.

The guests of the Panel Discussion were Igor Jurcic, head of marketing Business group for VSE/SME; Tarik Hamzic, Vice President of Operations at Ministry of Programming in Bosnia and Herzegovina; Aleksandar Mastilovic, Expert Adviser to the Director General at Communications Regulatory Agency of Bosnia and Herzegovina and Aljo Mujcic, Professor at University of Tuzla (Bosnia), Faculty of electrical/engineering. They discussed three pillars of the Smart Cities’ Regulation: Smart Cities concept, Smart Cities and Academy and Smart Cities Investment.

FOAN2019 was an enriching experience we are very grateful to have been part of, and we are already looking forward for FOAN2020!


Do you require assistance with GDPR and Data Protection Act 2018 compliance? Aphaia provides both GDPR adaptation consultancy services, including data protection impact assessments, and Data Protection Officer outsourcing.

AI Auditing and Ethical issues

Auditing is one of the main challenges that faces the Regulation of the AI.

It’s important to note that audits can be internal or external.

An internal AI audit helps an organisation evaluate, understand and communicate the degree to which AI will have an effect (either negative or positive) on the organisation’s ability to create value in the short, medium, or long term, while an external audit assesses if the company is actually complying with rules and standards.

According to the Institute of Internal Auditors, an AI auditing framework should be comprised of three overarching components — AI Strategy, Governance, and the Human Factor — and seven elements: Cyber Resilience; AI Competencies; Data Quality; Data Architecture & Infrastructure; Measuring Performance; Ethics; and The Black Box-elaborate on Black Box.

As for external audits, DPAs (Data Protection Authorities) and other bodies are still working on reaching an agreement on what the standards should be.

The ICO, from its side, aims at building a reference framework, and is gathering feedback from organisations in order to come up with a solid methodology to audit AI applications and ensure they are transparent, fair; and that the necessary measures to assess and manage data protection risks arising from them, are in place. Their proposed structure includes:

1.- Governance and accountability.

  • Risk appetite.
  • Leadership engagement and oversight.
  • Management and reporting structures.
  • Compliance and assurance capabilities.
  • Data protection by design and by default.
  • Policies and procedures.
  • Documentation and audit trails.
  • Training and awareness.

2.- AI-specific risk areas.

  • Fairness and transparency in profiling – including issues of bias and discrimination, interpretability of AI applications, and explainability of AI decisions to data subjects.
  • Accuracy – covering both accuracy of data used in AI applications and of data derived from them.
  • Fully automated decision making models – including classification of AI solutions (fully automated vs. non-fully automated decision making models) based on the degree of human intervention, and issues around human review of fully automated decision-making models.
  • Security and cyber – including testing and verification challenges, outsourcing risks, and re-identification risks.
  • Trade-offs – covering challenges of balancing different constraints when optimising AI models (e.g. accuracy vs. privacy).
  • Data minimisation and purpose limitation.
  • Exercising of rights.
  • Impact on broader public interests and rights.

The CNIL (France’s data protection authority) from its end, considers that  countries should set up a national platform for auditing algorithms, but in order to reach this goal there is a prior need to identify what resources the State has available, as well as the different needs-, and pool the expertise and means to hand within a national platform.

According to the CNIL, in practice, these audits could be performed by a public body of algorithm experts who would monitor and test algorithms. Given the size of the sector to be audited, another solution could involve the public authorities accrediting private audit firms on the basis of a frame of reference. Companies and public authorities would be well advised to adopt certification-type solutions.

If you need advice on your AI product, Aphaia offers both AI ethics and Data Protection Impact Assessments.

ICO new cookies guidance

The new guidance aims to align the ICO’s position on cookies with GDPR.

What should I do?

There are steps a business must take to ensure compliance with the new guidance:

  1. Say what cookies will be set and explain what the cookies do

The information provided to the data subject must cover: the cookies intended to be used and the purposes for which they will be used, plus it must be aligned with GDPR transparency standards (i.e. “concise, transparent, intelligible and easily accessible form, using clear and plain language“).

These requirements also apply to cookies set by any third parties whose technologies the online service incorporates – this would include cookies, pixels and web beacons, JavaScript and any other means of storing or accessing information on the device including those from other services such as online advertising networks or social media platforms.

  1. Obtain consent to store cookies on devices
  • The user must take a clear and positive action to give their consent to non-essential cookies.
  • Consent should be granular – the user must be provided with the ability to consent to cookies used for some purposes, but not others.
  • When it comes to the use of third party cookies, one must clearly and specifically name who the third parties are and explain what they will do with the information.
  • Pre-ticked boxes (or equivalents such as ‘on’ sliders) are not valid for non-essential cookies.
  • Users must be provided with controls over any non-essential cookies, and the users should still be allowed to access the website if they don’t consent to these cookies, so ‘Cookie walls’ are prohibited if they prevent access to the website in general, even though the ICO is seeking further submissions and opinions on this point from interested parties.
  • Non-essential cookies should not be placed on the landing page (and similarly that any non-essential scripts or other technologies do not run until the user has given their consent).

It is important to keep in mind that consent is invalid if:

  • message boxes are hard to read or interact with when using a mobile device, or
  • users do not click on any of the options available and go straight through to another part of your site without engaging with the consent box.

Are there any exemptions to the information and consent requirements?

Yes, there are. You do not need to comply with them for strictly necessary cookies. The concept of “strictly necessary cookies” is very limited though. The storage of (or access to) information should be essential to provide the service requested by the user and it also covers what is required to comply with any other legislation that applies. You can find some examples in the table below.

Apart from the “strictly necessary cookies” exemption, information and consent requirements neither apply for the cookies that enable the transmission of a communication over an electronic communications network.

Do you require assistance with GDPR and Data Protection Act 2018 compliance? Aphaia provides both GDPR adaptation consultancy services, including data protection impact assessments, and Data Protection Officer outsourcing.

Artificial Intelligence in H2020 overview

The Spanish Centre for Technological Industry Development (CDTI) held last Thursday 11th an info day about the importance of the artificial intelligence in H2020.

Horizon 2020 is the biggest EU Research and innovation programme ever with nearly €80 billion of funding available over 7 years, from 2014 to 2020 and it aims to reach three strategic goals:

  • Excellent science, in order to make the EU become a world leader in science.
  • Industrial leadership, for the improvement of European competitiveness.
  • Societal challenges, where targeted investment in research and innovation can have a real impact benefitting the citizen

Horizon 2020 is expected to help the EU with the development of the AI and then the Digital Europe Programme will support its implementation.

Fernando Rico, ICT representative from H2020, went through the different scenarios of H2020 where the AI has performed a relevant role and highlighted one of its main milestones, the Communication from the Commission, which took place last year. From that point onwards, some other landmarks have been reached, as the creation of the AI HLEG, the launch of an action plan and the adoption of a new strategy agenda for the development of the AI, among others.

In terms of the budget, whereas the Commission allocated €500 mill. towards AI projects during 2018-2019, the goal is to reach €20.000 mill per year by 2020, together with the Member States.

Enrique Pelayo, national ICT 2020 point of contact, underlined some H2020 topics where the AI takes a main role:

  • ICT48- Towards a vibrant European network of AI excellence centers.
  • ICT49- AI on demand platform.
  • ICT38- Artificial Intelligence for Manufacturing.

While the first two ones set up the general basis for AI in ICT, the latter addresses the involvement of AI in a specific sector.

The speakers also referred to InnovFin, a joint initiative in cooperation with the European Investment Bank Group which aims to facilitate and accelerate access to finance for innovative businesses and other innovative entities in Europe.

David González, from the technical office of SGCPC (MICINN), talked about the I+D+i strategy and focused on the national angle. Several discussions and meetings with businesses and companies that provide AI products and services are being held, with the aim of having a draft ready by the next Autumn.

AI key challenges and opportunities were discussed at the end of the event, both from a general and industry side.  When it comes to the pitfalls, the speakers pointed out the lack of administrative staff and the need of practical guidelines that can be easily materialised. AI Ethics and Regulation stood out as one of the most influencer fields where “reaching an agreement among EU Member States becomes an essential step that should be prioritized”, all the speakers agreed.

If you need advice on your AI product, Aphaia offers both AI ethics and Data Protection Impact Assessments.