Here we are! It took the Italian Data Protection Supervisory Authority (SA) only a few months to react to the widespread use of ChatGPT. On 30 March the SA ordered the immediate suspension of the processing of the personal data of data subjects located in Italy. OpenAI has been quick to react to the order, … Continue reading
Tag Archives: privacy
big data / Consumer data / GDPR / Legitimate interest / metadata / Privacy impact assessment / pseudonymisation
EU Article 29 Working Party consults on draft guidance on automated decision-making and profiling
“Computer says ‘No’”? …So, what exactly do the regulators think that the GDPR says in response? Last month, the Article 29 Working Party (Art.29 WP) announced that it is seeking feedback on draft Guidelines on automated individual decision-making including profiling (WP251) under the General Data Protection Regulation ((EU) 2016/679) (GDPR) in advance of its arrival … Continue reading
big data / Data protection / data protection agencies / General Data Protection Regulation / Privacy impact assessment / Risk-based approach / sensitive data
New EU Guidelines on Data Protection Impact Assessments
Assessing the likelihood of a ‘deep impact’ – but how ‘deep’ is ‘deep enough’ and by whose standards? In other words, how exactly do you develop a methodology for determining whether processing is “likely to result in a high risk” to data subjects under the GDPR? Draft guidelines on conducting data protection impact assessments (DPIAs) … Continue reading
Data protection / General Data Protection Regulation / ICO / Personal data / pseudonymisation / Risk-based approach / sensitive data
ICO Requests Feedback on New Data Protection Profiling Provisions
If we stopped calling it ‘profiling’ and started calling it “creating composite, digital ‘mosaics’ by singling out, linking, and inferring personal attributes”, people might say “Well, it’s about time” The UK Information Commissioner’s Office (ICO) has published a discussion paper seeking feedback on profiling provisions under the EU’s General Data Protection Regulation (GDPR). The deadline … Continue reading
CJEU in Breyer: Dynamic IP addresses will (very?) often be personal data and German Law is too restrictive! Okay but how shall we care about voluntary and systematic retention of logs?
And here is delivered by the Court of Justice of the European Union (CJEU) another landmark judgment: C‑582/14 Breyer v Bundesrepublik Deutschland concerning the proper characterisation of IP addresses and the compatibility of German national law with Article 7(f) of the Data Protection Directive (DPD). The judgement is not available in English yet, but … Continue reading
anonymisation / Brexit / Data protection / Data transfer / digital identity / e-government / eIDAS / General Data Protection Regulation / safe harbour
eIDAS applies from 1 July 2016: An EU dream come true after a Brexit nightmare?
Six days after the results of the UK Brexit referendum and it is still very hard to go back to a “normal” life, especially while remaining an EU citizen living in the UK. One of the most upsetting things of the referendum, at least for lawyer, is its nonsense. This holds true in particular … Continue reading
New Air Passenger Data Processing Rules to Apply from 2018
Ready, steady, go… Clock countdown formally starts for the reform of three major pieces of EU data legislation! It’s finally final – three separate pieces of data privacy-related legislation in the EU will be coming into effect soon: As anticipated by Sophie last month here, the final version of the General Data Protection Regulation (GDPR) … Continue reading
anonymisation / big data / Data protection / data protection agencies / European Data Protection Supervisor / General Data Protection Regulation / ICO / Privacy / pseudonymisation / Risk-based approach
The GDPR and the biggest mess of all: why accurate legal definitions really matter….
Issued last week, here is what seems to be the final version of the General Data Protection Regulation (the GDPR)! This 6 April 2016 version, likely to be adopted by the European Parliament this week, is now in the kiosks! HIP HIP HOORRAY I hear you thinking, either ironically because more than 4 years of … Continue reading
EU Commission publishes Legal Texts of New ‘Privacy Shield’ Framework for Trans-Atlantic Data Transfers
…But, will the highly anticipated EU-US ‘Privacy Shield’ live up to its super-hero billing? Last month proved to be a particularly busy time for data protection news. First, the Council of the EU adopted a political agreement on the texts that will form part of the new Data Protection Reform Package. Also hitting headlines was … Continue reading
MTE v Hungary: is the ECtHR rewriting Delfi v Estonia?
A few months after the now infamous decision Delfi v Estonia of the Grand Chamber of the European Court of Human Rights (ECtHR) [for background, see my earlier post here], the Fourth Section of the Court issued on 2 February 2016 a judgement (MTE v Hungary) dealing with similar issues. Starting with the end of … Continue reading