Andreea Lisievici, Author at The PrivacyCraft Blog

Danish DPA publishes AI data protection impact assessment template

AI, DPIA, EU law, GDPR | June 8, 2024

On 22 May 2024, the Danish Data Protection Agency (Datatilsynet) released two templates to assist companies and authorities in conducting impact assessments. One template addresses AI solutions, and the other is more general. These templates aim to help organizations perform adequate and timely assessments, addressing challenges identified in an October 2023 survey. The AI-specific template includes examples of risks and mitigation measures and emphasizes clear documentation, stakeholder consultation, and regular updates.

Danish DPA publishes AI data protection impact assessment template Read More »

EDPS Issues Guidelines on Generative AI for EU Institutions

AI, EU law | June 8, 2024

The European Data Protection Supervisor (EDPS) published its first orientations on generative AI and data protection. The guidelines provide EU institutions with advice on processing personal data using generative AI systems to ensure compliance with Regulation (EU) 2018/1725. Emphasizing data protection principles, the orientations aim to cover various scenarios without prescribing specific technical measures. They mark the first step towards more detailed guidance that will evolve with generative AI technologies and the EDPS’s oversight activities.

EDPS Issues Guidelines on Generative AI for EU Institutions Read More »

Austria’s DSB Publishes Information on the relationship between the GDPR and the EU AI Act for controllers

AI, EU law, GDPR | June 8, 2024

The Austrian Data Protection Authority (DSB) issued guidelines on the relationship between the GDPR and the new EU AI Act, formally adopted on 21 May 2024. The DSB emphasized that the GDPR remains applicable when personal data is processed by AI systems. The guidelines, one aimed at private controllers and another aimed at public controllers, stress the importance of legal bases under Articles 6(1) and 9(2) of the GDPR for processing personal data.

Austria’s DSB Publishes Information on the relationship between the GDPR and the EU AI Act for controllers Read More »

Italian DPA Issues Guidance on Protecting Online Personal Data from Web Scraping

AI, GDPR, web scraping | June 8, 2024

The Italian Data Protection Authority (Garante) has issued guidance to protect personal data published online by public and private entities from web scraping.

Italian DPA Issues Guidance on Protecting Online Personal Data from Web Scraping Read More »

German Court Decision Contrasts with EDPB Stance: Regensburg Court Validates Meta’s “Consent or Pay”

Consent, Consent or Pay, EDPB, EU law, GDPR | June 7, 2024

Remember the EDPB draft opinion on Meta’s “consent or pay”? If not, read here my summary. Well that one was published on 17 April, but I came across a court decision from 15 April, in Germany, also on “consent or pay”. Spoiler alert: the arguments don’t totally match, and the conclusion is entirely different! Here’s

German Court Decision Contrasts with EDPB Stance: Regensburg Court Validates Meta’s “Consent or Pay” Read More »