Reliance on processors and sub-processors The EDPB has issued an opinion on the interpretation of certain duties of controllers relying on processors and sub-processors, arising from Art. 28 of the GDPR, as well as the wording of controller-processor contracts. In particular, controllers should have information on the identity of all processors and sub-processors etc. readily […]
Tag: online (user) tracking
Data protection digest 3 – 16 Aug 2024: data labelling for LLMs, third-party cookies as a cause of leaks
In this issue: X’s AI Grok training suspended in the EU, third-party cookies may lead to data breaches, Uniqlo ‘payroll’ mistake, car rental refusal based on client’s income, and AI non-transparency – data scraping, maximisation, risks of regurgitation, and what is behind data labelling for the LLMs industry. Stay up to date! Sign up to […]
Data protection digest 20 Jul – 2 Aug 2024: ‘legitimate interest’ criteria, surveillance pricing, Olympics and AI
This edition includes: the CJEU expands on the legitimate interest criteria, a summary of the most common mistakes by data controllers, AI tools enter Olympic venues in Paris, the US FTC expresses concern that user monitoring now permits AI-facilitated individualised pricing. Stay up to date! Sign up to receive our fortnightly digest via email. Legitimate […]
Data protection digest 18 Jun – 2 Jul 2024: end-to-end algorithmic audit, DPOs for small business, Vinted fine
In this issue we look at an end-to-end algorithmic audit, Vinted multimillion fine, Meta and Apple AI projects frozen in the EU, the fight against addictive feeds to minors in the US, and the Avanza Bank and Meta Pixel error case. Stay up to date! Sign up to receive our fortnightly digest via email. End-to-end […]
Data protection digest 3 – 17 Apr 2024: non-material damage dilemma when losing control of your data
In this issue, an alternative to the pay or okay consent model, the right for compensation for non-material damage, FISA reauthorisation and GDPR enforcement procedural rules updates, AI development and personal data… Stay tuned! Sign up to receive our fortnightly digest via email. Non-material damage under the GDPR In one of its recent decisions the […]
Data protection digest 1 – 15 Nov 2023: AI application must ensure digital self-determination of data subjects
This issue highlights a couple of analyses that perhaps help to understand the essence of AI and other new technology, to which the GDPR applies, and the urgent need for digital self-determination for its users. Self-determination and AI Digital self-determination of a user: The Swiss Federal Data Protection Commissioner FDPIC stresses that the current data […]
Data protection digest 17 – 30 July 2023: guide on website analytics, health care data sharing, and COPPA 2.0
TechGDPR’s review of international data-related stories from press and analytical reports. Official guidance Website analytics: There are many website analytics and tracking tools on the market notes the Norwegian data protection regulator, but that doesn’t necessarily mean it’s legal to use them on your website. Be prepared to follow the GDPR, even if you do […]
Data protection & privacy digest 3 – 17 Apr 2023: US data transfers and AI tools occupy EU
TechGDPR’s review of international data-related stories from press and analytical reports. Legal processes and redress US data transfers: A full parliamentary vote on the upcoming EU-US Data Privacy Framework is planned in the coming weeks. So far, a resolution adopted by Civil Liberties Committee MEPs argues that the European Commission should not grant the US […]
Data protection & privacy digest 4 – 17 March 2023: position of DPOs, user behavior analysis, creditworthiness and profiling
TechGDPR’s review of international data-related stories from press and analytical reports. Legal processes and redress DPOs enforcement action: The EDPB launches coordinated enforcement action on the designation and position of data protection officers. DPOs across the EU will be sent questionnaires, with the possibility of further formal investigations and follow-ups. According to the Portuguese data […]
Data protection & privacy digest 19 Jan – 3 Feb 2023: threshold for cookies, spy pixels, consent evidence, data storage and deletion
TechGDPR’s review of international data-related stories from press and analytical reports. Legal processes: threshold for cookies, advertising claims’ mediation, China’s outbound transfers The EDPB approved a minimum threshold for the use of cookies and subsequent processing of the data collected. No cookies that require consent can be set without positive action expressed by the user, […]