The leaking of several documents Friday that apparently are a draft of the European Commission's digital simplification package, including GDPR reform, prompted mixed reactions from privacy professionals and advocates.
GDPR
The General Data Protection Regulation (GDPR) is the European Union’s landmark privacy law governing how organizations collect, process and protect personal data. In effect since 2018 it applies to any entity handling EU residents’ information regardless of where the company is based and imposes strict requirements around consent, transparency, data minimization and user rights. GDPR enforcement has led to billions in fines against global companies setting a high bar for compliance frameworks worldwide and influencing privacy legislation in the U.S. and other regions.
The Irish Data Protection Commission (DPC) won't take further regulatory action for the moment against LinkedIn for using personal data to train its generative AI model. That's because the platform has sufficiently addressed its concerns, the watchdog announced Friday. The DPC stressed, however, that it hasn't approved the use and will continue monitoring LinkedIn's GDPR compliance.
The European Data Protection Board (EDPB) backed the European Commission's plans to grant Brazil an adequacy decision to allow data flows but urged the EC to address "a few remaining points," it said Wednesday in an email.
French DPA CNIL is taking part in an initiative to assess the impact of AI on the role of data protection officers (DPOs), it announced Wednesday.
The ICO updated its guidance Tuesday on personal data processing for law enforcement purposes. Privacy rules for the police, criminal courts, prisons and other law-enforcement-related entities are governed by Part 3 of the Data Protection Act 2018, which is separate from the U.K. GDPR regime, the watchdog noted.
As the European Commission readies a "digital omnibus" proposal to simplify data laws and reduce business obligations, any reforms -- including to the GDPR -- must be evidence-based and continue recognizing data protection as a fundamental right, privacy lawyers said.
Differences in data transfer regulatory regimes adversely affect international trade in digital and data-reliant services, economists from the European Centre for International Political Economy said in a paper published last month.
Privacy regulation might have short-term costs, but there’s a dearth of evidence about its long-term economic harms, Carnegie Mellon University professor Alessandro Acquisti said. Speaking on a Thursday webinar hosted by George Washington University privacy professor Daniel Solove, Acquisti also addressed the so-called “privacy paradox” and the challenges of assigning a price to someone’s personal data.
The European Data Protection Board (EDPB) should revise its guidelines on the interaction between the GDPR and the Digital Services Act (DSA), and refrain from interpreting DSA provisions that fall outside its expertise, the Interactive Advertising Bureau Europe said Friday.
The ICO wants feedback on new guidance about its investigation and enforcement processes under the U.K. GDPR and Data Protection 2018, it announced Friday.