It is hard to deny that dominant internet services provide essential consumer goods for much of the world. Having to go a week, much less a day, without efficient Google searches, or losing the ability to interact with others via a social media platform like Instagram, would surely upend many

Today, the Future of Privacy Forum (FPF) releases the Generative AI for Organizational Use: Internal Policy Checklist. With the proliferation of employee use of generative AI tools, this checklist provides organizations with a powerful tool to help revise their internal policies and procedures to ensure that employees are using generative

On July 19, 2023, the European Data Protection Board issued an Information Note regarding data transfers to the U.S. following the adoption of an adequacy decision on the EU-U.S. Data Privacy Framework on July 10, 2023. Continue Reading https://www.huntonprivacyblog.com/2023/07/31/european-data-protection-board-issues-information-note-on-data-transfers-under-the-data-privacy-framework/

On July 14, 2023, the Norwegian Data Protection Authority ordered Meta Platforms Ireland Limited and Facebook Norway AS to temporarily cease the processing of personal data of data subjects in Norway for the purpose of targeting ads on the basis of “observed behavior” when relying on the contractual necessity legal

Artificial intelligence is increasingly an integral part of our daily lives, but at the same time it generates concerns, including legal issues, of a potential cognitive “bias”, and the resulting discrimination of the algorithm. In this article we analyze the legal issues of cognitive biases in artificial intelligence systems: What

The European Commission published its FAQs on the adequacy decision regarding data transfers, which don’t give all the necessary answers; let’s try to give some clarifications on potential grey areas. Based on the initial discussions with clients, here are the main requests of clarifications and relevant answers on

France's data protection authority, the Commission nationale de l'informatique et des libertés, published best practices for sharing personal data through application program interfaces. The CNIL identified cases when API use is recommended, listed risk factors to help organizations conduct a risk analysis, and offered recommended measures to help them achieve

Artificial intelligence (AI) has emerged as a game-changer in the healthcare sector, offering immense potential to revolutionize patient care, diagnostics, and medical research, but raising legal challenges as well. In particular, integrating artificial intelligence into the healthcare industry comes with legal challenges that must be tackled promptly since they might

The GDPR demonstrates the capacity of the European Union to prioritise data protection and privacy. The collection and use of health data by private corporations makes privacy protections critically important. Taken together, the provided policy recommendations here create comprehensive steps forward. https://edri.org/our-work/guarding-health-data-privacy-in-europe-the-limits-and-challenges-of-current-regulations/

Global flows of personal data have been a source of geopolitical concern for many years now. The Court of Justice of the European Union’s “Schrems II” judgement has revived the debate and organisations around the world now have to map personal data flows and conduct transfer impact assessments, while

Key takeaways Privacy laws around the world contain core principles and requirements (such as data minimization) that present new challenges for those using and developing AI At the same time, variations in approach and detail, specifically as regards consent and the use of publicly available data, mean that it is

Today, FPF released a new report on the effectiveness of a key federal children’s privacy requirement known as verifiable parental consent (VPC). The Children’s Online Privacy and Protection Act (COPPA) requires operators of child-directed services to provide parents with detailed, direct notice and obtain parents’ affirmative express consent

As with a colorblindness hue test, if you stare at the new version of the EU Artificial Intelligence Act for long enough, some patterns form (or maybe you are just losing your vision or your mind). Below is a decision tree to help assess whether you fall in scope. Is

On 22 May 2023, the Irish Data Protection Commission (“DPC”) fined Facebook parent Meta EUR 1.2 billion for transferring personal data to the U.S. in violation of GDPR. The DPC also ordered Meta to suspend further transfers unless it can bring such transfers into compliance within 5 months.

What is XAI? How does it work in practice? What are its benefits, risks, impact on data protection? Read Blogpost by EDPS Director EDPS Wojciech Wiewiórowski attended ENISA's Annual Privacy Forum where he delivered a keynote speech on Artificial Intelligence and Data Protection. Read Speech.Read Closing Remarks of the

The Italian Privacy Authority, the Garante, has sanctioned the use of dark patterns to collect personal data for the first time under the terms of the GDPR. On February. 23, 2023, the first ruling of the Italian data protection authority sanctioning the use of dark patterns for personal data collection

The AI Act is a European Commission proposal to regulate artificial intelligence. The AI Act bans certain AI practices and imposes specific requirements and obligations on creators and users of AI. The goal of these measures is to increase trust in AI, ensure the safety and fundamental rights of people

The Association of Southeast Asian Nations and the European Commission released joint guidance on the application and use of respective contractual clauses. The guide aims to provide a high-level comparison of ASEAN model contractual clauses and the EU's standard contractual clauses to help facilitate cross-border data transfers. By comparing and

The U.K. Information Commissioner's Office published guidance on responding to subject access requests. The ICO said businesses and employers risk fines or reprimands for compliance failures, but ICO Policy Group Manager Elanor McCombe said many employers misunderstand the requests or underestimate their importance. "It's important not to get caught

Decision could imperil other companies’ transatlantic transfers as well By: John Magee, Andrew Dyson, James Sullivan, Andrew Serwin, Claire O’Brien & Rachel De Souza The Irish Data Protection Commission (DPC) has published a decision that could impact the ability of thousands of companies to move personal data from the European

The GDPR fine of € 1.2 billion issued by the Irish data protection commission against Meta raises the question of how companies deal with data transfers leading to a status of anxiety perfectly expressed by The Scream of Munch. But let’s start from the beginning: The GDPR fine against

In this landmark decision, the DPC considered that even though Meta Ireland relied on the EU Standard Contractual Clauses in conjunction with additional supplementary measures to legitimize its data transfers to the U.S., these arrangements were not sufficient to address the requirements arising from the Court of Justice’s

The Future of Privacy Forum released a report on the efficacy of Article 25 of the EU General Data Protection Regulation's data protection by design and by default obligations. The report draws on more than 92 data protection authority cases, court rulings and guidance issued by 16 European Economic Area

On 26th April, the General Court of the European Union (EGC), published its judgment in Case T-557/20, Single Resolution Board (SRB) v European Data Protection Supervisor (EDPS), in relation to the threshold between pseudonymous and anonymous data. The EGC held that pseudonymised data transmitted to a data recipient will

In the same week the European Court of Justice published three rulings on the interpretation of the EU General Data Protection Regulation, the European General Court handed down a landmark ruling on the concept of personal data that IAPP DACH Regional Leader and Baumgartner Baumann Partner Ulrich Baumgartner, CIPP/E,