In this issue, cross-border cases get the full attention of the EDPB via its rulemaking on future enforcement procedures to complement the GDPR, resolving a complex case on TikTok children’s privacy, and being asked to permanently ban behavioural ads by Meta in the EU. Legal processes and redress: cross-border enforcement, Grindr fine, EU Data Governance […]
Tag: GDPR Compliance
Data protection digest 15 – 31 August 2023: financial data processing, misconducted learning platforms, and algorithmic disgorgement
This issue highlights details on financial data processing, the EU Digital Services Act took effect for large online operators, and the US FTC successfully launched “algorithmic disgorgement” via its enforcement. Legal processes Financial data: The EDPS discussed recommendations to encourage data sharing to extend the range of available financial services and products, while also giving […]
Misconceptions about the role of a Data Protection Officer (DPO)
For many organisations, the appointment of a DPO has become mandatory. Although Articles 37 to 39 of the GDPR make provisions for the designation, position and tasks of a DPO, somee misconceptions still exist about who needs one, who can be one and what kind of tasks a DPO can undertake. Who is a DPO? […]
Data protection digest 17 May – 1 June 2023: amassing data for machine learning is ‘no excuse for breaking the law’
TechGDPR’s review of international data-related stories from press and analytical reports. Legal processes ‘Machine learning is no excuse to break the law’: The US Federal Trade Commission alleged that Amazon, (Alexa voice assistant), kept kids’ data indefinitely to further refine its voice recognition algorithm. If approved by the federal court, on top of a multimillion […]
Data protection & privacy digest 3 – 16 May 2023: data processing roles and obligations elaborated by EU top court
TechGDPR’s review of international data-related stories from press and analytical reports. Legal redress Pseudonymised (non-personal) data processing: In the instance of SRB v. EDPS, the European General Court ruled that pseudonymised data communicated by one party with another would not be regarded as personal data in the recipient’s hands if that party lacks a legal […]
Using ChatGPT with personal data? Think again!
Recently we see more and more posts popping up on LinkedIn and elsewhere on how to optimize sales pipelines and other business processes using ChatGPT or some of its siblings. While the proposition is very tempting, there are huge problems for privacy and the protection of personal data, in particular as required under the GDPR. […]
Data protection & privacy digest 19 Mar – 2 Apr 2023: court-dismissed fine, cybersecurity tools, ChatGPT clampdown
TechGDPR’s review of international data-related stories from press and analytical reports. Legal processes and redress Court-dismissed fine: A multimillion-euro fine imposed by the Spanish privacy regulator has been overturned by a court decision, according to a publication by Clifford Chance law firm. The AEPD fined Banco Bilbao Vizcaya Argentaria 5 million euros in 2020, the […]
Understanding GDPR Compliance in Recruitment
In the process of recruitment and scouting for new potential hires for a vacancy in an organization, the collection and processing of personal data of those candidates is inevitably involved. Therefore, it is important to understand GDPR compliance. In most cases, the company that posts its vacancy and embarks on the recruitment process will be […]
Data protection & privacy digest 4 – 17 Feb 2023: synthetic data for fintech, MS Excel guide, Palantir technology ban
TechGDPR’s review of international data-related stories from press and analytical reports. Legal processes and redress: synthetic data for fintech, draft Data Act, DPO dismissals The UK Financial Conduct Authority, (FCA), issued a statement on synthetic data for beneficial innovation in UK financial markets. It strongly indicated fraud and anti-money laundering as a key use case […]
Data protection & privacy digest 19 Jan – 3 Feb 2023: threshold for cookies, spy pixels, consent evidence, data storage and deletion
TechGDPR’s review of international data-related stories from press and analytical reports. Legal processes: threshold for cookies, advertising claims’ mediation, China’s outbound transfers The EDPB approved a minimum threshold for the use of cookies and subsequent processing of the data collected. No cookies that require consent can be set without positive action expressed by the user, […]