The European Commission's adequacy decision permitting data flows from Europe to the U.K. expires June 27 and there are concerns about U.K. legislative reforms to data protection rules, a March Parliamentary Research Services memo said.
Businesses trying to limit information they would otherwise have to disclose under data protection laws but consider trade secrets could be forced to disclose those secrets to a court or arbitrator under a recent decision by the European Court of Justice (ECJ), Pinsent Masons attorneys noted Friday. The decision involves the interplay between General Data Protection Act provisions on automated decision-making and EU trade secrets law, they wrote.
The General Data Protection Regulation shouldn't become a tiered, risk-based entity, though the European Commission should have more centralized power to enforce it, Charly Helleputte, Squire Patton Boggs EU data privacy attorney, emailed. His comments responded to Axel Voss' recent tiered GDPR proposal. Voss is a German Member of the European Parliament from the European People's Party Group. He discussed his proposal during a March 3-4 Centre for European Policy Studies Ideas Lab panel.
The European Data Protection Board (EDPB) will focus this year on enforcing people's "right to be forgotten," or right to erasure, via its coordinated enforcement framework (CEF), it announced Wednesday. It chose this topic as it's one of the most frequently exercised rights under the General Data Protection Regulation (GDPR) and one where data protection authorities (DPAs) receive the most complaints, the board said.
European privacy law changes might be needed to address legal uncertainty related to interplay between Europe’s AI Act and the General Data Protection Regulation (GDPR), said the European Parliamentary Research Service in a report released Wednesday.
The European Union’s Court of Justice Thursday issued a preliminary ruling that said data subjects are entitled to an explanation of how an automated decision was made. The court sided with an Austrian court's previous ruling that said an automated credit check of a mobile provider customer that didn't offer the customer an explanation of the logic behind its decision, violated the GDPR.
Having thorough and understandable guidelines for highly organized data storage is key in data minimization, which saves money in the long run, said a panel of privacy experts during a HaystackID webinar Wednesday on data minimization.
The Irish Data Protection Commission circulated a draft decision in a TikTok inquiry to other concerned supervisory authorities across the EU and European Economic Area (EEA), the Irish DPC said Monday.
French data protection regulator CNIL's guidelines on AI models "illustrate a more pragmatic approach than other regulatory positions addressing multiple issues raised by AI," Hogan Lovells privacy attorneys argued in a Feb. 18 post. For example, CNIL's position differs from that of Garante, the data protection authority (DPA) in Italy. Meanwhile, DPAs in other EU countries are waiting to see if the European Data Protection Board (EDPB) can craft a consensus, Etienne Drouard, a co-author of the post, said in an interview Thursday.
Public administrations must take data protection by design into account in public contracts and that requirement isn't fulfilled by simply including generic clauses regarding General Data Protection Regulation (GDPR) obligations, Spain's data protection agency said Wednesday.