European privacy law changes might be needed to address legal uncertainty related to interplay between Europe’s AI Act and the General Data Protection Regulation (GDPR), said the European Parliamentary Research Service in a report released Wednesday.
The European Union’s Court of Justice Thursday issued a preliminary ruling that said data subjects are entitled to an explanation of how an automated decision was made. The court sided with an Austrian court's previous ruling that said an automated credit check of a mobile provider customer that didn't offer the customer an explanation of the logic behind its decision, violated the GDPR.
Having thorough and understandable guidelines for highly organized data storage is key in data minimization, which saves money in the long run, said a panel of privacy experts during a HaystackID webinar Wednesday on data minimization.
The Irish Data Protection Commission circulated a draft decision in a TikTok inquiry to other concerned supervisory authorities across the EU and European Economic Area (EEA), the Irish DPC said Monday.
French data protection regulator CNIL's guidelines on AI models "illustrate a more pragmatic approach than other regulatory positions addressing multiple issues raised by AI," Hogan Lovells privacy attorneys argued in a Feb. 18 post. For example, CNIL's position differs from that of Garante, the data protection authority (DPA) in Italy. Meanwhile, DPAs in other EU countries are waiting to see if the European Data Protection Board (EDPB) can craft a consensus, Etienne Drouard, a co-author of the post, said in an interview Thursday.
Public administrations must take data protection by design into account in public contracts and that requirement isn't fulfilled by simply including generic clauses regarding General Data Protection Regulation (GDPR) obligations, Spain's data protection agency said Wednesday.
The European Data Protection Board's (EDPB's) Dec. 18 opinion on processing personal data for AI models has "sparked intense debate" because "the more you reflect on it, the more it resembles a Rorschach test -- everyone seems to see what they want to see," civil and human rights group European Digital Rights (EDRi) posted Wednesday.
A high school in Romania breached the General Data Protection Regulation by processing personal data through a video surveillance system whose monitors were illegally and excessively installed in the principal's office, giving his personal phone access to images and audio captured in hallways, the stairwell and bathrooms. The Romanian National Supervisory Authority for Personal Data Processing announced results of its investigation Feb. 7.
Privacy and data protection laws are mushrooming, with nearly 150 countries adopting such regulations, speakers said during a Thursday IAPP webinar. There are 144 nations with national data protection measures, covering nearly 82% of the world's population, IAPP said in an updated report.
The EU needs a consistent approach to age assurance, the European Data Protection Board (EDPB) said in a statement Wednesday after its Feb. 9 plenary. It set out specific guidance and high-level principles arising from the General Data Protection Regulation (GDPR) that it said should be considered when personal data is processed in the context of age verification.