This edition at a glance: 👈 Swipe left for a quick overview, then find 🔍 more details on each topic below. Subscribe 🇮🇹🤖 Italian DPA Issues Guidance on Protecting Online Personal Data from Web Scraping The Italian Data Protection Authority (Garante) has issued guidance to protect personal data published online by public and private entities […]
The Privacy Explorer | Week 22 Read More »
Estonia’s Information Systems Authority released a report titled “Risks and Controls for Artificial Intelligence and Machine Learning Systems”. The report covers the history and applications of AI, providing practical controls to mitigate risks. Key topics include use cases, explainability, regulatory trends such as the EU AI Act, legal roles of stakeholders under GDPR, deployment models, and risk assessment. Section 8 offers a practical quick reference guide for organizations, detailing steps for identifying threats, applicable laws, and selecting controls.
The Quebec government’s Personal Information Anonymization Regulation came into force on 30 May 2024. This regulation sets criteria and procedures for anonymizing personal data, requiring public bodies and private businesses to destroy or anonymize data once its intended use is fulfilled. Organizations must follow best practices and regularly reassess anonymized data to ensure continued anonymity. Article 9, detailing record-keeping requirements, will take effect on 1 January 2025.
Quebec Implements Anonymization Regulation Read More »
The Data Protection Commission (DPC) published its 2023 Annual Report, detailing significant actions and statistics. The DPC issued 19 decisions, resulting in €1.55 billion in fines, including €1.2 billion against Meta for data transfers to the US and €345 million against TikTok for child data processing violations. The report highlighted a 20% increase in new cases, totaling 11,200, and the DPC’s input on over 37 legislative proposals.
Irish Data Protection Commission Published 2023 Annual Report Read More »
The European Data Protection Board (EDPB) adopted Statement 2/2024, addressing the European Commission’s proposals for Financial Data Access (FIDA), Payment Service Regulation (PSR), and Payment Service Directive (PSD3). The EDPB highlights the need for clear rules on recording and disclosing personal data, defines obligations for Account Information Service Providers (AISPs) and Payment Initiation Service Providers (PISPs), and emphasizes data protection, transparency, and minimization. Key recommendations include robust safeguards in transaction monitoring, defining ‘permission’ distinct from GDPR consent, and enhancing cooperation among supervisory authorities.
EDPB Statement on Financial Data Access and Payments Package Read More »