EU law

noyb Files Complaint Against Microsoft for Violating Children's Privacy

noyb Files Complaint Against Microsoft for Violating Children’s Privacy

Enforcement, EU law, GDPR, Microsoft, noyb |

noyb filed a complaint with the Austrian Data Protection Authority against Microsoft on 4 June 2024, alleging that Microsoft’s 365 Education services violate children’s privacy rights. The complaint claims that Microsoft shifts GDPR responsibilities to schools, which lack control over data processing. Microsoft’s use of tracking cookies without proper consent from minors or their guardians breaches GDPR. noyb calls for an investigation and penalties, arguing that Microsoft’s practices harm children’s data protection rights.

noyb Files Complaint Against Microsoft for Violating Children’s Privacy Read More »

CNIL launches new public consultation on practical guidelines for developing AI systems

CNIL launches new public consultation on practical guidelines for developing AI systems

AI, CNIL, DPA guidance, EU law, GDPR |

The CNIL launched a second public consultation on developing AI systems, releasing new practical guides and a questionnaire to help professionals balance innovation with privacy rights. These “AI how to sheets”, available for consultation until 1 September 2024, cover key issues like web scraping, open-source models, and data subjects’ rights. This follows initial recommendations published in April 2024, aiming to clarify GDPR application to AI.

CNIL launches new public consultation on practical guidelines for developing AI systems Read More »

CNIL’s Recommendations on GDPR Compliance for AI Systems

CNIL’s Recommendations on GDPR Compliance for AI Systems

AI, CNIL, DPA guidance, EU law, GDPR |

On 7 June 2024 CNIL released the English translation of its recommendations for applying GDPR to AI system development (published in April), addressing the misconception that GDPR hinders AI innovation. These guidelines – “AI how-to Sheets” 1 to 7 – emphasize responsible handling of personal data, essential for model training. Key aspects include defining a clear objective for AI systems, determining responsibilities, establishing a legal basis for data processing, ensuring lawful data reuse, minimizing data usage, setting data retention periods, and conducting Data Protection Impact Assessments (DPIAs).

CNIL’s Recommendations on GDPR Compliance for AI Systems Read More »

Multistakeholder Expert Group’s Report on GDPR Application

EU law, GDPR |

On 10 June 2024, the Multistakeholder Expert Group on GDPR published a comprehensive report evaluating GDPR application. The report highlights increased data protection awareness and compliance among stakeholders. However, it also identifies ongoing issues such as legal fragmentation, difficulties in applying specific provisions, and challenges for SMEs. Concerns include transparency obligations, the interplay with other regulations like AML and PSD2, and complexities in data transfers. The report calls for enhanced guidance and consistency in GDPR application across EU member states.

Multistakeholder Expert Group’s Report on GDPR Application Read More »

FRA publishes “GDPR in practice – Experiences of data protection authorities”

EU law, GDPR |

The European Union Agency for Fundamental Rights (FRA) report analyzes the challenges faced by data protection authorities (DPAs) in the implementation of the General Data Protection Regulation (GDPR). Key findings include inadequate resources threatening DPAs’ mandates, high volumes of complaints, public misunderstanding of data protection laws, and challenges posed by new technologies. The report emphasizes the need for additional tools and stronger cooperation between DPAs, highlighting significant discrepancies in resources and capacities across Member States. This report complements the European Commission’s evaluation of GDPR.

FRA publishes “GDPR in practice – Experiences of data protection authorities” Read More »

Scroll to Top