Poland's data protection authority issued guidance Wednesday to help data controllers decide when to perform a data protection impact assessment (DPIA). It noted that the General Data Protection Regulation doesn't require a DPIA for every processing operation a controller plans to carry out, but an assessment is mandatory if that processing, in particular involving new technologies, is likely to result in a high risk to someone's rights or freedoms.
The Hamburg Commission for Data Protection and Freedom of Information published a report Tuesday on its 2024 data protection activities.
The Austrian Data Protection Authority announced a review of state police directorates' compliance with General Data Protection Regulation provisions on data processing. The authority said its inspection will focus on how police bodies are implementing data subjects' right to erasure of their data and the mechanisms by which they allow people to exercise their rights.
Facial recognition technology brings "clear benefits" for preventing and detecting crime, but it relies on processing large amounts of sensitive personal data, so its use must be necessary and proportionate, the U.K. Information Commissioner's Office (ICO) said in a statement Wednesday.
The Norwegian Data Protection Authority Tuesday published answers to frequently asked questions about AI from applicants and participants in its regulatory sandbox.
The U.K. Information Commissioner's Office takes too long to respond to complaints, it admitted Tuesday. We "are not where we want ... to be," the ICO said.
The financial services sector can do better when handling children's data, the U.K. Information Commissioner's Office said Tuesday. As such, it published a review of how companies collect children's data when supplying them with checking and savings accounts, prepaid cards and other products.
Many new cars collect large amounts of data about people, often without their knowledge, Denmark's Data Protection Agency said Monday.
France's competition authority Monday fined Apple 150 million euros ($162 million) for abusing its dominant position in the market for mobile app distribution in iOS and iPadOS devices.
The French privacy watchdog CNIL Friday posted advice on how users of genetic testing company 23andMe can erase their personal data. The company was recently placed in receivership and could be resold, CNIL noted.