The European Commission Wednesday unveiled its latest proposals that are intended to reduce administrative costs for European business by simplifying a range of rules, including in the General Data Protection Regulation (GDPR). The GDPR change, which differed slightly from what was expected, drew mixed reactions from stakeholders.
GDPR
The General Data Protection Regulation (GDPR) is the European Union’s landmark privacy law governing how organizations collect, process and protect personal data. In effect since 2018 it applies to any entity handling EU residents’ information regardless of where the company is based and imposes strict requirements around consent, transparency, data minimization and user rights. GDPR enforcement has led to billions in fines against global companies setting a high bar for compliance frameworks worldwide and influencing privacy legislation in the U.S. and other regions.
The rise of technologies like generative AI (GAI) and the advent of large language models (LLM) have serious privacy implications, including the idea that individuals can control their data, said three students at UCLA School of Law in a blog for TechPolicy.Press. The "right to be forgotten," as the removal of personal data from public access is called, gained legal acknowledgment under the EU's General Data Protection Regulation (GDPR), which allows individuals to view, edit or delete personal data.
Italian privacy regulator Garante fined U.S. consumer AI company Luka $5.6 million (5 million euros) for General Data Protection Regulation breaches and launched a probe into how it processes data during the life cycle of the generative AI systems that underlie its Replika chatbot, it announced Monday.
The EU-U.S. Data Privacy Framework (DPF) appears to be holding despite Trump administration actions in connection with the FTC and Privacy and Civil Liberties Oversight Board (PCLOB), Irish Data Protection Commissioner Dale Sunderland said during a May 14 interview at the IAPP AI Governance Global Europe conference in Dublin.
Businesses must traverse an expanding “minefield of state and international regulations,” said BigID CEO Dimitri Sirota in an interview last month at the IAPP Global Privacy Conference in Washington. The emergence of AI has also created privacy compliance challenges -- but the emerging technology could also make some aspects of the data protection profession more efficient, he said.
DUBLIN -- EU digital rules such as the General Data Protection (GDPR) and AI Act must align with technological reality or risk harming innovation, speakers said Wednesday at the IAPP AI Governance Global Europe 2025 conference.
DUBLIN -- One of the least clear aspects of the EU AI Act is its content on using biometric data, panelists said Wednesday at the IAPP AI Governance Global Europe 2025 conference.
Massachusetts senators advanced a comprehensive privacy bill that includes a private right of action and Maryland-like data-minimization requirements. On Monday, the Senate side of the legislature’s joint Advanced Information Technology Committee advanced to the Ways and Means Committee a new draft of the Massachusetts Data Privacy Act (S-2516) that replaces bills by the committee’s Senate Chair Michael Moore (D), Senate Majority Leader Cynthia Creem (D) and Sen. William Driscoll (D). Some alternatives remain pending, including legislation by Sen. Barry Finegold (D), his spokesperson told Privacy Daily.
Age-verification tools are not a silver bullet that will protect children and young people on internet sites and social media platforms, speakers said Monday at a session of the European Dialogue on Internet Governance.
The European Data Protection Board (EDPB) and European Data Protection Supervisor (EDPS) offered preliminary support Thursday for an upcoming European Commission proposal to make changes to the General Data Protection Regulation (GDPR).