AI

stonian Information System Authority publishes Report on Risks and Controls for AI and Machine Learning Systems

Estonian Information System Authority publishes Report on Risks and Controls for AI and Machine Learning Systems

AI, Risk management |

Estonia’s Information Systems Authority released a report titled “Risks and Controls for Artificial Intelligence and Machine Learning Systems”. The report covers the history and applications of AI, providing practical controls to mitigate risks. Key topics include use cases, explainability, regulatory trends such as the EU AI Act, legal roles of stakeholders under GDPR, deployment models, and risk assessment. Section 8 offers a practical quick reference guide for organizations, detailing steps for identifying threats, applicable laws, and selecting controls.

Estonian Information System Authority publishes Report on Risks and Controls for AI and Machine Learning Systems Read More »

EDPB Issues Opinion on Facial Recognition at Airports

AFR, AI, EDPB, EU law |

The European Data Protection Board (EDPB) issued an Opinion regarding the use of facial recognition technologies by airport operators and airlines to streamline passenger flow. The Opinion, prompted by a request from the French Data Protection Authority, emphasizes the need for maximum control by individuals over their biometric data due to significant privacy risks. It finds that only storage solutions where biometric data is kept by individuals or encrypted centrally with keys in individuals’ hands are compliant with GDPR principles of data protection by design and security. Less intrusive alternatives should be sought to avoid excessive data processing.

EDPB Issues Opinion on Facial Recognition at Airports Read More »

Danish DPA publishes AI data protection impact assessment template

AI, DPIA, EU law, GDPR |

On 22 May 2024, the Danish Data Protection Agency (Datatilsynet) released two templates to assist companies and authorities in conducting impact assessments. One template addresses AI solutions, and the other is more general. These templates aim to help organizations perform adequate and timely assessments, addressing challenges identified in an October 2023 survey. The AI-specific template includes examples of risks and mitigation measures and emphasizes clear documentation, stakeholder consultation, and regular updates.

Danish DPA publishes AI data protection impact assessment template Read More »

EDPS Issues Guidelines on Generative AI for EU Institutions

AI, EU law |

The European Data Protection Supervisor (EDPS) published its first orientations on generative AI and data protection. The guidelines provide EU institutions with advice on processing personal data using generative AI systems to ensure compliance with Regulation (EU) 2018/1725. Emphasizing data protection principles, the orientations aim to cover various scenarios without prescribing specific technical measures. They mark the first step towards more detailed guidance that will evolve with generative AI technologies and the EDPS’s oversight activities.

EDPS Issues Guidelines on Generative AI for EU Institutions Read More »

Austria’s DSB Publishes Information on the relationship between the GDPR and the EU AI Act for controllers

AI, EU law, GDPR |

The Austrian Data Protection Authority (DSB) issued guidelines on the relationship between the GDPR and the new EU AI Act, formally adopted on 21 May 2024. The DSB emphasized that the GDPR remains applicable when personal data is processed by AI systems. The guidelines, one aimed at private controllers and another aimed at public controllers, stress the importance of legal bases under Articles 6(1) and 9(2) of the GDPR for processing personal data.

Austria’s DSB Publishes Information on the relationship between the GDPR and the EU AI Act for controllers Read More »

Scroll to Top