Andreea Lisievici

CNIL launches new public consultation on practical guidelines for developing AI systems

CNIL launches new public consultation on practical guidelines for developing AI systems

AI, CNIL, DPA guidance, EU law, GDPR |

The CNIL launched a second public consultation on developing AI systems, releasing new practical guides and a questionnaire to help professionals balance innovation with privacy rights. These “AI how to sheets”, available for consultation until 1 September 2024, cover key issues like web scraping, open-source models, and data subjects’ rights. This follows initial recommendations published in April 2024, aiming to clarify GDPR application to AI.

CNIL launches new public consultation on practical guidelines for developing AI systems Read More »

CNIL’s Recommendations on GDPR Compliance for AI Systems

CNIL’s Recommendations on GDPR Compliance for AI Systems

AI, CNIL, DPA guidance, EU law, GDPR |

On 7 June 2024 CNIL released the English translation of its recommendations for applying GDPR to AI system development (published in April), addressing the misconception that GDPR hinders AI innovation. These guidelines – “AI how-to Sheets” 1 to 7 – emphasize responsible handling of personal data, essential for model training. Key aspects include defining a clear objective for AI systems, determining responsibilities, establishing a legal basis for data processing, ensuring lawful data reuse, minimizing data usage, setting data retention periods, and conducting Data Protection Impact Assessments (DPIAs).

CNIL’s Recommendations on GDPR Compliance for AI Systems Read More »

Netherlands DPA Issues Guidance on Social Media Use in Education

Netherlands DPA Issues Guidance on Social Media Use in Education

DPA guidance, GDPR, Netherlands, social media |

Dutch Data Protection Authority (AP) has advised educational institutions to use social media only if clear agreements are made with social media companies regarding the handling of student and teacher data. The AP highlighted significant risks associated with social media, emphasizing the need for transparent data handling and consent procedures. Institutions must ensure compliance with GDPR and prioritize data protection.

Netherlands DPA Issues Guidance on Social Media Use in Education Read More »

AG Opinion on the exemption to provide information under Art. 14(5)c GDPR

AG Opinion on the exemption to provide information under Art. 14(5)c GDPR

AG Opinion, GDPR, Transparency |

Advocate General Medina issued an opinion on interpreting GDPR Article 14(5)(c), addressing whether data controllers must inform data subjects about data generated by the controllers themselves. Medina clarified that Article 14(5)(c) exempts controllers from this obligation if obtaining or disclosing data is required by law and the law provides appropriate protective measures. Additionally, supervisory authorities can review whether these laws offer sufficient protection.

AG Opinion on the exemption to provide information under Art. 14(5)c GDPR Read More »

Bavarian Data Protection Authority Issues Joint Controllership Guidance

Bavarian Data Protection Authority Issues Joint Controllership Guidance

DPA guidance, GDPR, Germany, Joint controllership |

The Bavarian Data Protection Authority released new guidance on joint controllership under GDPR Article 26. This document clarifies the roles and responsibilities when two or more entities jointly determine the purposes and means of processing personal data. It aims to alleviate concerns and provide practical recommendations, emphasizing the legal necessity of a transparent agreement delineating each party’s obligations. This guidance helps entities navigate the complexities of shared data responsibilities, enhancing accountability and transparency in data processing activities.

Bavarian Data Protection Authority Issues Joint Controllership Guidance Read More »

Scroll to Top