Niels Westerlaken - Legal.digital

Sign in Subscribe

Niels Westerlaken

Explainable Artificial Intelligence needs Human Intelligence

Explainable Artificial Intelligence needs Human Intelligence

What is XAI? How does it work in practice? What are its benefits, risks, impact on data protection? Read Blogpost by EDPS Director EDPS Wojciech Wiewiórowski attended ENISA's Annual Privacy Forum where he delivered a keynote speech on Artificial Intelligence and Data Protection. Read Speech.Read Closing Remarks of the

Keynote Speech - Annual Privacy Forum 2023

Supervisory Authorities

Keynote Speech - Annual Privacy Forum 2023

EDPS Wojciech Wiewiórowski attended ENISA's Annual Privacy Forum where he delivered a keynote speech on Artificial Intelligence and Data Protection. Read Speech.Read Closing Remarks of the CPDP Conference 2023.The EDPS and the German BfDI, and the Bavarian BayLDA organise the high-level event: “5th Anniversary of the GDPR: Still

The first GDPR fine of the Garante against dark patterns: the importance of legal design

The first GDPR fine of the Garante against dark patterns: the importance of legal design

The Italian Privacy Authority, the Garante, has sanctioned the use of dark patterns to collect personal data for the first time under the terms of the GDPR. On February. 23, 2023, the first ruling of the Italian data protection authority sanctioning the use of dark patterns for personal data collection

"Aruba Court of First Instance rules that mandatory biometric time clock is not an impermissible invasion of privacy"

"Aruba Court of First Instance rules that mandatory biometric time clock is not an impermissible invasion of privacy"

Labor. The requirement imposed by ANSA on employees to use its biometric time clock is not unlawful in the sense of an impermissible invasion of their right to privacy. ANSA has not unilaterally changed the terms and conditions of employment of air traffic controllers in the sense of requiring air

GDPR request by courts inhouse lawyer to the board and Council for the Judiciary (The Hague Court of Appeal)

GDPR request by courts inhouse lawyer to the board and Council for the Judiciary (The Hague Court of Appeal)

GDPR requests from lawyer of a court to the board of the court and the Judicial Council in connection with an employment dispute (Machine translated) https://deeplink.rechtspraak.nl/uitspraak?id=ECLI:NL:GHDHA:2023:875

Berlin DPA fines bank over automated decision-making

Supervisory Authorities

Berlin DPA fines bank over automated decision-making

The Berlin Commissioner for Data Protection and Freedom of Information fined an unnamed bank 300,000 euros for violating transparency obligations under the EU General Data Protection Regulation in an automated decision rejecting a credit card application. "When companies make automated decisions, they are obliged to justify them in a

USA border plan requires “continuous and systematic” transfers of biometric data

USA border plan requires “continuous and systematic” transfers of biometric data

Last year, it was revealed that the USA planned to launch Enhanced Border Security Partnerships (EBSPs) with other states around the world, seemingly targeting the EU, UK and Israel first. These would involve “continuous and systematic” transfers of biometric data to the USA for the purposes of immigration and asylum

Report alleges weak data protection practices at Tesla

Report alleges weak data protection practices at Tesla

The Netherlands' data protection authority, Autoriteit Persoonsgegevens, claimed it was made aware of a potential data breach of Tesla, Reuters reports. A German publication claimed to have received 100 gigabytes of confidential data from a whistleblower, indicating lax data practices on the part of Tesla. AP officials declined to state

NHS trusts shared patient data; report claims ICO failed to protect health data

NHS trusts shared patient data; report claims ICO failed to protect health data

The Guardian reports the websites of 20 U.K. National Health Service trusts are collecting browser information and sharing details about patients' medical conditions, appointments and treatments with Facebook through a Meta Pixel tool. The U.K. Information Commissioner's Office is investigating. A report published by the Open Rights Group

All about the amendments to the AI Act

All about the amendments to the AI Act

The AI Act is a European Commission proposal to regulate artificial intelligence. The AI Act bans certain AI practices and imposes specific requirements and obligations on creators and users of AI. The goal of these measures is to increase trust in AI, ensure the safety and fundamental rights of people

Closure of the injunction issued against MICROSOFT IRELAND OPERATIONS LIMITED

Supervisory Authorities

Closure of the injunction issued against MICROSOFT IRELAND OPERATIONS LIMITED

On December 19, 2022, MICROSOFT IRELAND OPERATIONS LIMITED was fined 60 million euros by the CNIL's restricted committee, the body responsible for imposing sanctions. It also required the company, within three months, to allow users of "bing.com" located in France to give their consent to the use of tracers

Amsterdam court orders Hoster to provide name and address information

Amsterdam court orders Hoster to provide name and address information

Headline March 20, 2018, elaboration March 28, 2018. Hoster ordered to provide NAW data in summary proceedings. Unmistakably wrongful conduct Anonymous Person.Data Protection Act does not prevent conviction. (Machine translated) https://deeplink.rechtspraak.nl/uitspraak?id=ECLI:NL:RBAMS:2018:1873

Anu Talus elected new Chair of the European Data Protection Board

Supervisory Authorities

Anu Talus elected new Chair of the European Data Protection Board

The EDPB has elected Anu Talus as the new Chair of the European Data Protection Board (EDPB) to replace outgoing Chair Andrea Jelinek. She was elected with 19 votes out of 27, in two rounds. Anu Talus is the head of the Finnish Data Protection Authority (DPA), a function she

Google’s Photo App Still Can’t Find Gorillas. And Neither Can Apple’s.

Google’s Photo App Still Can’t Find Gorillas. And Neither Can Apple’s.

Eight years after a controversy over Black people being mislabeled as gorillas by image analysis software — and despite big advances in computer vision — tech giants still fear repeating the mistake. By Kashmir Hill and Nico Grant for The New York Times on May 22, 2023 https://www.nytimes.com/2023/

‘There was all sorts of toxic behaviour’: Timnit Gebru on her sacking by Google, AI’s dangers and big tech’s biases

‘There was all sorts of toxic behaviour’: Timnit Gebru on her sacking by Google, AI’s dangers and big tech’s biases

The Ethiopian-born computer scientist lost her job after pointing out the inequalities built into AI. But after decades working with technology companies, she knows all too much about discrimination. By John Harris for The Guardian on May 22, 2023 https://www.theguardian.com/lifeandstyle/2023/may/22/there-was-all-sorts-of-toxic-behaviour-timnit-gebru-on-her-sacking-by-google-ais-dangers-and-big-techs-biases

CNIL publishes 2022 annual report

Supervisory Authorities

CNIL publishes 2022 annual report

France's data protection authority, the Commission nationale de l'informatique et des libertés, published its 2022 annual report. Among the highlights, the CNIL said for the first time since the EU General Data Protection Regulation entered into force, it handled more complaints — 13,160 — than it received — 12,193. The CNIL

Answers to parliamentary questions on providing information from FSV

Answers to parliamentary questions on providing information from FSV

State Secretary Van Rij (Tax and Customs Administration) answers questions about the way in which information from the Fraud Alert Facility (FSV) is provided by the Tax and Customs Administration to municipalities and other cooperating agencies. Member of Parliament Omtzigt (Omtzigt) asked these questions. (Machine translated) https://www.rijksoverheid.nl/

Finland's DPA issues Google Analytics data transfers decision

Supervisory Authorities

Finland's DPA issues Google Analytics data transfers decision

Finland's Office of the Data Protection Ombudsman ordered the Finnish Meteorological Institute to halt EU-U.S. data transfers using Google Analytics and Google's reCAPTCHA. The ombudsman ruled the institute had no legal basis for processing to facilitate data flows and continued transfers based on cookie consent despite the invalidation of

Joint guide to ASEAN, EU contractual clauses published

Joint guide to ASEAN, EU contractual clauses published

The Association of Southeast Asian Nations and the European Commission released joint guidance on the application and use of respective contractual clauses. The guide aims to provide a high-level comparison of ASEAN model contractual clauses and the EU's standard contractual clauses to help facilitate cross-border data transfers. By comparing and

ICO issues guidance on subject access requests

ICO issues guidance on subject access requests

The U.K. Information Commissioner's Office published guidance on responding to subject access requests. The ICO said businesses and employers risk fines or reprimands for compliance failures, but ICO Policy Group Manager Elanor McCombe said many employers misunderstand the requests or underestimate their importance. "It's important not to get caught

Ireland/EU: Irish DPC bans Meta’s EU-US data flows and issues record €1.2bn fine

Ireland/EU: Irish DPC bans Meta’s EU-US data flows and issues record €1.2bn fine

Decision could imperil other companies’ transatlantic transfers as well By: John Magee, Andrew Dyson, James Sullivan, Andrew Serwin, Claire O’Brien & Rachel De Souza The Irish Data Protection Commission (DPC) has published a decision that could impact the ability of thousands of companies to move personal data from the European

Data & Society Announces the Launch of its Algorithmic Impact Methods Lab

Data & Society Announces the Launch of its Algorithmic Impact Methods Lab

Lab will advance assessments of AI systems in the public interest. From Data & Society on May 10, 2023 https://datasociety.net/announcements/2023/05/10/data-society-announces-the-launch-of-its-algorithmic-impact-methods-lab/

Meta € 1.2 bn GDPR fine, what to do with data transfers now?

Meta € 1.2 bn GDPR fine, what to do with data transfers now?

The GDPR fine of € 1.2 billion issued by the Irish data protection commission against Meta raises the question of how companies deal with data transfers leading to a status of anxiety perfectly expressed by The Scream of Munch. But let’s start from the beginning: The GDPR fine against

Irish Regulator Fines Meta 1.2 Billion Euros and Orders it to Cease Data Transfers to the U.S.

Irish Regulator Fines Meta 1.2 Billion Euros and Orders it to Cease Data Transfers to the U.S.

In this landmark decision, the DPC considered that even though Meta Ireland relied on the EU Standard Contractual Clauses in conjunction with additional supplementary measures to legitimize its data transfers to the U.S., these arrangements were not sufficient to address the requirements arising from the Court of Justice’s

1.2 billion euro fine for Facebook as a result of EDPB binding decision

Supervisory Authorities

1.2 billion euro fine for Facebook as a result of EDPB binding decision

Brussels, 22 May - Following the EDPB’s binding dispute resolution decision of 13 April 2023, Meta Platforms Ireland Limited (Meta IE) was issued a 1.2 billion euro fine following an inquiry into its Facebook service, by the Irish Data Protection Authority (IE DPA). This fine, which is the