EU law Archives

EDPB Statement on Financial Data Access and Payments Package

EDPB, EU law | June 8, 2024

The European Data Protection Board (EDPB) adopted Statement 2/2024, addressing the European Commission’s proposals for Financial Data Access (FIDA), Payment Service Regulation (PSR), and Payment Service Directive (PSD3). The EDPB highlights the need for clear rules on recording and disclosing personal data, defines obligations for Account Information Service Providers (AISPs) and Payment Initiation Service Providers (PISPs), and emphasizes data protection, transparency, and minimization. Key recommendations include robust safeguards in transaction monitoring, defining ‘permission’ distinct from GDPR consent, and enhancing cooperation among supervisory authorities.

EDPB Statement on Financial Data Access and Payments Package Read More »

Advocate General Opinion on GDPR and Company Registers (Case C‑200/23)

EU law, GDPR, Right to deletion | June 8, 2024

Advocate General Medina addressed the interplay between EU data protection regulations and company law concerning the public disclosure of personal data in company registers. The case involves the refusal by Bulgaria’s Registration Agency to erase personal data from a company’s constitutive instrument, published in the commercial register. The AG emphasized that the agency must balance data protection rights with legal transparency obligations. The opinion underscored the need for procedural safeguards to protect personal data while ensuring necessary public access to company information.

Advocate General Opinion on GDPR and Company Registers (Case C‑200/23) Read More »

EDPB Issues Opinion on Facial Recognition at Airports

AFR, AI, EDPB, EU law | June 8, 2024

The European Data Protection Board (EDPB) issued an Opinion regarding the use of facial recognition technologies by airport operators and airlines to streamline passenger flow. The Opinion, prompted by a request from the French Data Protection Authority, emphasizes the need for maximum control by individuals over their biometric data due to significant privacy risks. It finds that only storage solutions where biometric data is kept by individuals or encrypted centrally with keys in individuals’ hands are compliant with GDPR principles of data protection by design and security. Less intrusive alternatives should be sought to avoid excessive data processing.

EDPB Issues Opinion on Facial Recognition at Airports Read More »

Danish DPA publishes AI data protection impact assessment template

AI, DPIA, EU law, GDPR | June 8, 2024

On 22 May 2024, the Danish Data Protection Agency (Datatilsynet) released two templates to assist companies and authorities in conducting impact assessments. One template addresses AI solutions, and the other is more general. These templates aim to help organizations perform adequate and timely assessments, addressing challenges identified in an October 2023 survey. The AI-specific template includes examples of risks and mitigation measures and emphasizes clear documentation, stakeholder consultation, and regular updates.

Danish DPA publishes AI data protection impact assessment template Read More »

EDPS Issues Guidelines on Generative AI for EU Institutions

AI, EU law | June 8, 2024

The European Data Protection Supervisor (EDPS) published its first orientations on generative AI and data protection. The guidelines provide EU institutions with advice on processing personal data using generative AI systems to ensure compliance with Regulation (EU) 2018/1725. Emphasizing data protection principles, the orientations aim to cover various scenarios without prescribing specific technical measures. They mark the first step towards more detailed guidance that will evolve with generative AI technologies and the EDPS’s oversight activities.

EDPS Issues Guidelines on Generative AI for EU Institutions Read More »