Andreea Lisievici, Author at The PrivacyCraft Blog

Advocate General Opinion on GDPR and Company Registers (Case C‑200/23)

EU law, GDPR, Right to deletion | June 8, 2024

Advocate General Medina addressed the interplay between EU data protection regulations and company law concerning the public disclosure of personal data in company registers. The case involves the refusal by Bulgaria’s Registration Agency to erase personal data from a company’s constitutive instrument, published in the commercial register. The AG emphasized that the agency must balance data protection rights with legal transparency obligations. The opinion underscored the need for procedural safeguards to protect personal data while ensuring necessary public access to company information.

Advocate General Opinion on GDPR and Company Registers (Case C‑200/23) Read More »

NIST Reports First Results From Age Estimation Software Evaluation

AFR, Age verification, NIST | June 8, 2024

The National Institute of Standards and Technology (NIST) has released a report on age estimation software, evaluating six algorithms. The study found no single algorithm significantly outperformed the others. NIST plans to update results every four to six weeks, anticipating improvements due to advancements in artificial intelligence. The study highlights variations in age estimates due to factors like facial expressions and eyeglasses. The evaluation used around 11.5 million photos from various U.S. government sources, emphasizing the need for ongoing testing to keep up with technological advancements.

NIST Reports First Results From Age Estimation Software Evaluation Read More »

EDPB Issues Opinion on Facial Recognition at Airports

AFR, AI, EDPB, EU law | June 8, 2024

The European Data Protection Board (EDPB) issued an Opinion regarding the use of facial recognition technologies by airport operators and airlines to streamline passenger flow. The Opinion, prompted by a request from the French Data Protection Authority, emphasizes the need for maximum control by individuals over their biometric data due to significant privacy risks. It finds that only storage solutions where biometric data is kept by individuals or encrypted centrally with keys in individuals’ hands are compliant with GDPR principles of data protection by design and security. Less intrusive alternatives should be sought to avoid excessive data processing.

EDPB Issues Opinion on Facial Recognition at Airports Read More »

Danish DPA publishes AI data protection impact assessment template

AI, DPIA, EU law, GDPR | June 8, 2024

On 22 May 2024, the Danish Data Protection Agency (Datatilsynet) released two templates to assist companies and authorities in conducting impact assessments. One template addresses AI solutions, and the other is more general. These templates aim to help organizations perform adequate and timely assessments, addressing challenges identified in an October 2023 survey. The AI-specific template includes examples of risks and mitigation measures and emphasizes clear documentation, stakeholder consultation, and regular updates.

Danish DPA publishes AI data protection impact assessment template Read More »

EDPS Issues Guidelines on Generative AI for EU Institutions

AI, EU law | June 8, 2024

The European Data Protection Supervisor (EDPS) published its first orientations on generative AI and data protection. The guidelines provide EU institutions with advice on processing personal data using generative AI systems to ensure compliance with Regulation (EU) 2018/1725. Emphasizing data protection principles, the orientations aim to cover various scenarios without prescribing specific technical measures. They mark the first step towards more detailed guidance that will evolve with generative AI technologies and the EDPS’s oversight activities.

EDPS Issues Guidelines on Generative AI for EU Institutions Read More »