Andreea Lisievici, Author at The PrivacyCraft Blog

The German Federal Financial Supervisory Authority Issues Guidelines for DORA Implementation

DORA, Germany | July 29, 2024

On 8 July 2024, the German Federal Financial Supervisory Authority (BaFin) published guidelines for implementing the Digital Operational Resilience Act (DORA). These guidelines are intended to help supervised financial companies meet DORA requirements for ICT risk management and third-party ICT risk management. The guidelines cover governance, information risk management, IT operations, business continuity, project management, and operational security. They are aimed at banks and insurers under BaFin’s supervision and include minimum contract contents with ICT service providers. Effective 17 January 2025, these companies must comply with DORA’s comprehensive ICT risk management framework.

The German Federal Financial Supervisory Authority Issues Guidelines for DORA Implementation Read More »

India’s Supreme Court Finds That Google Pin Sharing as Bail Condition Violates Privacy

Case Law, India, Location | July 29, 2024

The Supreme Court of India ruled that any bail condition allowing police or investigative agencies to track an accused’s movements using technology violates the constitutional right to privacy. The Court also emphasized that tracking through a pin drop on Google Maps is ineffective for real-time monitoring and, therefore, redundant.

India’s Supreme Court Finds That Google Pin Sharing as Bail Condition Violates Privacy Read More »

Polish DPA Publishes Guide On Protecting Children’s Privacy Online

children, DPA guidance | July 29, 2024

On 8 July 2024, the Polish Data Protection Authority (UODO) and the Orange Foundation released a guide to help institutions and adults protect children’s privacy online. The guide highlights the dangers of sharing children’s images, such as cyberbullying, identity theft, and pedophilia. It emphasizes the ethical and legal responsibilities of adults in handling children’s images and offers practical advice on obtaining consent and mitigating risks. The guide aims to raise awareness and promote safer practices in the digital age.

Polish DPA Publishes Guide On Protecting Children’s Privacy Online Read More »

Regulatory Mapping on AI in Latin America

AI, Latam | July 29, 2024

Access Now has published the “Regulatory Mapping on Artificial Intelligence in Latin America,” a comprehensive report outlining AI governance across the region. This report, developed with TrustLaw’s pro bono legal network and supported by the Patrick J. McGovern Foundation, provides an in-depth analysis of AI definitions, soft law instruments, national strategies, and draft legislation in countries like Argentina, Brazil, and Mexico. It emphasizes human rights, transparency, and the need for region-specific AI policies, aiming to guide public policymakers towards effective AI regulation while promoting technical development and ethical standards.

Regulatory Mapping on AI in Latin America Read More »

Singapore’s PDPC Issues Guide on Synthetic Data Generation

Synthetic data | July 29, 2024

On 15 July 2024, the Personal Data Protection Commission (PDPC) of Singapore released a guide on generating synthetic data, emphasizing privacy-enhancing technologies. The guide outlines the benefits and applications of synthetic data, such as improving AI model training, data sharing, and software testing, while highlighting the importance of mitigating re-identification risks. It includes practical recommendations and case studies demonstrating synthetic data’s effectiveness in various sectors, including finance and healthcare.

Singapore’s PDPC Issues Guide on Synthetic Data Generation Read More »