Here we are! It took the Italian Data Protection Supervisory Authority (SA) only a few months to react to the widespread use of ChatGPT. On 30 March the SA ordered the immediate suspension of the processing of the personal data of data subjects located in Italy. OpenAI has been quick to react to the order, … Continue reading
Category Archives: Data protection
content regulation / Copyright / Data protection / filtering / GDPR / Internet intermediaries / notice-and-action
The EU Commission and the tackling of illegal content: is more too much?
The European Commission (EC) Recommendation of 1.3.2018 on measures to effectively tackle illegal content online (C(2018) 1177 final) is now freely accessible. As readers know, this is not the first time the EC has attempted to express meaningful thoughts (for lack of a better word, as once again the instrument is not strictly speaking … Continue reading
content regulation / Copyright / Data protection / filtering / freedom of expression / Human rights / illegal content / Internet intermediaries / notice-and-action / notice-and-take down / online platforms
Data Protection and Copyright: Could Art. 29 WP guidance on automated decision-making “help” with filters?
In its own way, the pan-EU Article 29 Data Protection Working Party (Art. 29 WP) has been very active in the past few months. One of the most awaited piece of advice released by Art. 29 WP this month covers automated individual decision-making and profiling for the purposes of Regulation 2016/679 (Opinion WP 251). Why … Continue reading
Advocate General Delivers Opinion on Whether Examination Scripts Are Personal Data under Data Protection Law
Exam scripts are personal data, says the AG, when the purpose it is to identify and record the performance of a particular individual; but that doesn’t mean you can go back and change your answers! On 20 July 2017, the EU Court of Justice’s Advocate General (AG) Kokott delivered her opinion in Peter Nowak v … Continue reading
The GDPR, the parallel regime and the ICO
The General Data Protection Regulation (GDPR) will be applicable in less than a year, and experts are still discussing the extent to which the new regulation will have a significant impact upon the ‘legal basis’ requirement. However, as Bob Miller suggests in this guest blog post, it might not be enough to read and re-read … Continue reading
big data / Data protection / data protection agencies / General Data Protection Regulation / Privacy impact assessment / Risk-based approach / sensitive data
New EU Guidelines on Data Protection Impact Assessments
Assessing the likelihood of a ‘deep impact’ – but how ‘deep’ is ‘deep enough’ and by whose standards? In other words, how exactly do you develop a methodology for determining whether processing is “likely to result in a high risk” to data subjects under the GDPR? Draft guidelines on conducting data protection impact assessments (DPIAs) … Continue reading
Data protection / General Data Protection Regulation / ICO / Personal data / pseudonymisation / Risk-based approach / sensitive data
ICO Requests Feedback on New Data Protection Profiling Provisions
If we stopped calling it ‘profiling’ and started calling it “creating composite, digital ‘mosaics’ by singling out, linking, and inferring personal attributes”, people might say “Well, it’s about time” The UK Information Commissioner’s Office (ICO) has published a discussion paper seeking feedback on profiling provisions under the EU’s General Data Protection Regulation (GDPR). The deadline … Continue reading
Data Protection & Intermediary liability: how do the French do it?
While the scope of intermediary liability exemptions is being discussed in several places around Europe (and beyond), it is interesting to go back to the Overblog legal saga, which a few years ago had been described by some as pre-announcing other popular sagas, such as the infamous Google Spain case (discussed in a previous post … Continue reading
Data Protection Concerns raised by Proposed EU Directive on Contracts for Supply of Digital Content
It may not be ‘all about the money’, but there is some ‘price tag’ often associated with what we do online…. And that’s our data! Updates on the incoming GDPR and the potential implications of the new E-Privacy Regulation dominate EU privacy and data protection discourse currently. Yet, there is another further (and potentially overlapping) … Continue reading
content regulation / Copyright / Data protection / General Data Protection Regulation / immunities / Internet intermediaries / ISPs / Right to be forgotten
The GDPR, the proposed Copyright Directive and intermediary liability: one more time!
A lot has been written on the topic of intermediary liability in the past few months. But has everything been said or read? And looking at the different pieces of the regulatory jigsaw together, are we heading in the right direction? One important piece of the jigsaw is certainly the General Data Protection Regulation (GDPR) … Continue reading