Andreea Lisievici, Author at The PrivacyCraft Blog

Latvian DVI Outlines Actions Post-DPO Appointment

DPO, GDPR | June 8, 2024

The Latvian Data State Inspectorate (DVI) issued guidelines for organizations after appointing a Data Protection Officer (DPO). The guidelines emphasize informing the DVI of the DPO’s contact details, notifying citizens, updating changes, and reporting terminations. The DPO can be either DVI-certified or a knowledgeable professional, appointed via employment or outsourcing. Ensuring DPO availability during absences is crucial for continuous data protection compliance.

Latvian DVI Outlines Actions Post-DPO Appointment Read More »

Quebec CAI Releases User-Friendly PIA Companion Guide

Quebec CAI Releases Updated Privacy Impact Assessment template and Companion Guide

DPIA | June 8, 2024

The Quebec Commission on Access to Information (CAI) has introduced a new, user-friendly version of its Privacy Impact Assessment (PIA) Companion Guide on May 14, 2024. This guide, updated from its September 2023 edition, enhances accessibility for those overseeing personal information protection. It outlines when a PIA is necessary, steps for conducting a PIA, and preparing PIA reports. Additionally, a non-mandatory PIA reporting template is provided to assist public bodies and businesses, promoting thorough and compliant privacy practices.

Quebec CAI Releases Updated Privacy Impact Assessment template and Companion Guide Read More »

Advocate General Opinion on GDPR and Company Registers (Case C‑200/23)

EU law, GDPR, Right to deletion | June 8, 2024

Advocate General Medina addressed the interplay between EU data protection regulations and company law concerning the public disclosure of personal data in company registers. The case involves the refusal by Bulgaria’s Registration Agency to erase personal data from a company’s constitutive instrument, published in the commercial register. The AG emphasized that the agency must balance data protection rights with legal transparency obligations. The opinion underscored the need for procedural safeguards to protect personal data while ensuring necessary public access to company information.

Advocate General Opinion on GDPR and Company Registers (Case C‑200/23) Read More »

NIST Reports First Results From Age Estimation Software Evaluation

AFR, Age verification, NIST | June 8, 2024

The National Institute of Standards and Technology (NIST) has released a report on age estimation software, evaluating six algorithms. The study found no single algorithm significantly outperformed the others. NIST plans to update results every four to six weeks, anticipating improvements due to advancements in artificial intelligence. The study highlights variations in age estimates due to factors like facial expressions and eyeglasses. The evaluation used around 11.5 million photos from various U.S. government sources, emphasizing the need for ongoing testing to keep up with technological advancements.

NIST Reports First Results From Age Estimation Software Evaluation Read More »

EDPB Issues Opinion on Facial Recognition at Airports

AFR, AI, EDPB, EU law | June 8, 2024

The European Data Protection Board (EDPB) issued an Opinion regarding the use of facial recognition technologies by airport operators and airlines to streamline passenger flow. The Opinion, prompted by a request from the French Data Protection Authority, emphasizes the need for maximum control by individuals over their biometric data due to significant privacy risks. It finds that only storage solutions where biometric data is kept by individuals or encrypted centrally with keys in individuals’ hands are compliant with GDPR principles of data protection by design and security. Less intrusive alternatives should be sought to avoid excessive data processing.

EDPB Issues Opinion on Facial Recognition at Airports Read More »