DPA guidance Archives

CNIL Launches Public Consultation on Workplace Diversity Measurement

CNIL, DPA guidance, EU law | July 29, 2024

On 9 July 2024, the French data protection authority (CNIL) launched a public consultation on a draft recommendation for conducting diversity measurement surveys in workplaces, open until 13 September 2024. The draft emphasizes the need for anonymity, voluntary participation, and data minimization. It recommends involving a trusted third party to manage sensitive data and ensure compliance with GDPR. The goal is to help organizations measure diversity while protecting individual privacy and ensuring adherence to legal standards, including the 2007 Constitutional Council decision prohibiting ethno-racial data collection.

CNIL Launches Public Consultation on Workplace Diversity Measurement Read More »

Polish DPA Publishes Guide On Protecting Children’s Privacy Online

children, DPA guidance | July 29, 2024

On 8 July 2024, the Polish Data Protection Authority (UODO) and the Orange Foundation released a guide to help institutions and adults protect children’s privacy online. The guide highlights the dangers of sharing children’s images, such as cyberbullying, identity theft, and pedophilia. It emphasizes the ethical and legal responsibilities of adults in handling children’s images and offers practical advice on obtaining consent and mitigating risks. The guide aims to raise awareness and promote safer practices in the digital age.

Polish DPA Publishes Guide On Protecting Children’s Privacy Online Read More »

EDPS and AEPD Insights into Challenges of Neurodata Processing for Privacy and Data Protection

AI, DPA guidance, EDPB, EU law, GDPR, Neurodata | July 7, 2024

On 27 June 2024, the Spanish Data Protection Agency (AEPD) and the European Data Protection Supervisor (EDPS) published a joint report on neurodata processing. Neurodata, defined as information gathered from the brain and nervous system, includes brain activity, structure, and function data. The report warns of significant privacy risks, especially with the rise of neurotechnologies in marketing and entertainment. It proposes the creation of new “neurorights” and emphasizes stringent data protection principles, including proportionality and transparency, to address the invasive nature of neurodata.

EDPS and AEPD Insights into Challenges of Neurodata Processing for Privacy and Data Protection Read More »

AI Risks and Data Protection in Optical Character Recognition (OCR)

EDPB publishes report on data protection risks of AI for Optical Character Recognition (OCR)

AI, DPA guidance, EDPB, EU law, GDPR | July 7, 2024

On 27 June 2024, the EDPB published the results of a project under the Support Pool of Experts program, assessing data protection risks associated with AI-powered Optical Character Recognition (OCR). Conducted by external expert Isabel Barbera and completed in September 2023, the report identifies significant privacy risks in OCR technology, such as data breaches, unlawful data storage, and the unlawful handling of sensitive information. The findings emphasize the need for robust safeguards and strict compliance with data protection regulations to mitigate these risks effectively

EDPB publishes report on data protection risks of AI for Optical Character Recognition (OCR) Read More »

EDPB publishes Checklist for AI auditing

AI, DPA guidance, EDPB, EU law, GDPR | July 7, 2024

The EDPB, in collaboration with the Spanish data protection authority (AEPD), initiated a project to enhance the GDPR compliance of AI systems. This project includes the development and piloting of tools and a checklist to inspect and audit AI systems. Key elements involve model card requirements, system maps, bias identification and testing, adversarial audits, and the publication of audit reports. These measures aim to improve transparency and accountability in AI systems, facilitating better oversight by data protection authorities.

EDPB publishes Checklist for AI auditing Read More »