Andreea Lisievici, Author at The PrivacyCraft Blog

OpenAI’s GDPR Compliance Faces New Challenge in Europe

Enforcement, EU law, GDPR, noyb, OpenAI | April 29, 2024

It’s hardly shocking that LLM chatbots like OpenAI’s ChatGPT struggle with GDPR compliance, particularly with data subject requests like rectification or deletion. Why? Because these LLMs generate responses based on training patterns rather than accessing or storing personal data from interactions—meaning they can invent data if it seems fitting to the algorithm. 💡🤖Despite hopes that […]

OpenAI’s GDPR Compliance Faces New Challenge in Europe Read More »

The Privacy Explorer – Week 16

The Privacy Explorer | April 25, 2024

✨Welcome to the privacy news recap for week 16 of 2024!

In this edition:
✳ FISA 702 was reauthorised in the US,
✳ Avast was fined heavily in Czechia for the misshap in 2019, after they have just settled in the US two month ago for the same thing. Ouch!
✳ The draft US federal law (ARPA) is already under scrutiny by none other than the CCPA,
✳ EDPB gave its opinion on the “consent or pay” model,

and more!

The Privacy Explorer – Week 16 Read More »

EDPB Opinion on Consent or Pay – A Quick Summary

Consent, Consent or Pay, EDPB, EU law, Facebook, GDPR | April 18, 2024

The European Data Protection Board has examined the legality of ‘consent or pay’ models, where users are presented with a choice between consenting to the processing of their personal data for behavioral advertising purposes or paying a fee. In the opinion published on 17 April 2024 the EDPB has concluded that such models can be used lawfully only with significant changes to the current practice. Here’s why they say this and what they think is the way to go.

EDPB Opinion on Consent or Pay – A Quick Summary Read More »

The Privacy Explorer – Week 13

The Privacy Explorer | April 5, 2024

Welcome to the privacy news recap for week 13 of 2024!

In this edition:
✳ French CNIL Issues Draft Recommendation on Multi-Factor Authentication,
✳ UK DSIT issues Guide on Responsible AI in Recruitment,
✳ US Treasury Department Issues AI Cybersecurity Framework for Financial Services,
✳ Italian Garante Issues Guidelines for Interaction Platforms between Medical Professionals and Patients,
and more!

The Privacy Explorer – Week 13 Read More »

CNIL Updates Its Practice Guide for the Security of Personal Data

CNIL, cybersecurity | April 4, 2024

🚀 CNIL’s 2024 update to the Guide on Security of Personal Data is out and here are some key points:

🎓 Aimed at DPOs, CISOs, computer scientists, and privacy lawyers, the guide provides actionable advice for implementing effective security measures in compliance with GDPR Article 32.
🛠️ It offers a structured approach across five key areas: users, IT and equipment, data control, incident preparedness, and and specialized topics, simplifying navigation and understanding of complex security requirements.
🔄 New factsheets on cloud computing, mobile apps, AI, APIs, and data management have been added, reflecting the latest advancements in technology and data security challenges, aiming to provide a comprehensive resource for implementing effective data security measures.

💡Deeper dive in the article! 🔐

CNIL Updates Its Practice Guide for the Security of Personal Data Read More »