The European Data Protection Board Thursday published a report on AI privacy risks and mitigations for Large Language Models (LLMs). The report "helps Data Protection Authorities gain a comprehensive understanding and state-of-the-art information on the functioning of LLMs systems and the risks associated with LLMs," it said.
Garante of Italy will probe U.S. company Lusha Systems, which claims it provides a database of more than 150 million business profiles, the Italian privacy regulator said Tuesday.
The European Commission will seek to increase businesses' “access to large and high-quality data” as a key pillar of an AI Continent Action Plan unveiled Tuesday.
The European Data Protection Supervisor (EDPS) is participating in an EU-wide enforcement focus on people's right to the erasure of their personal data, it announced Monday.
The U.K. Investigatory Powers Tribunal (IPT) ruled Monday that disclosure of the "bare details" of a dispute over British government access to Apple's encrypted Advanced Data Protection (ADP) system won't harm the public or prejudice national security.
A European Data Protection Board (EDPB) study on the secondary use of personal data in scientific research found "no uniform approach or interpretation" among EU countries.
The European Data Protection Board will consider the state of play of the EU-U.S. Data Privacy Framework under the Trump Administration at its April 8 meeting (see REF:2504030004]). Also up for discussion are possible guidelines on processing personal data through blockchain technologies, and cooperation with the EU AI Office on guidelines relating to the interplay of the AI Act with data protection law.
Sweden's National Agency for Privacy Protection is auditing two search services that publish information about violations of the law, it announced Wednesday. The watchdog said it has received many complaints about search services that publish personal data about the population, especially information on criminal offenses and convictions.
Poland's data protection authority issued guidance Wednesday to help data controllers decide when to perform a data protection impact assessment (DPIA). It noted that the General Data Protection Regulation doesn't require a DPIA for every processing operation a controller plans to carry out, but an assessment is mandatory if that processing, in particular involving new technologies, is likely to result in a high risk to someone's rights or freedoms.
The Hamburg Commission for Data Protection and Freedom of Information published a report Tuesday on its 2024 data protection activities.