GDPR Archives

noyb Files Complaint Against Xander for GDPR Violations in RTB

Complaints, EU law, GDPR, noyb | July 29, 2024

On July 9, 2024, None Of Your Business (noyb.eu) filed a complaint with the Italian Data Protection Authority (Garante) against Xander Inc. for alleged GDPR violations. NOYB claims Xander violated several GDPR articles by mishandling user data and failing to comply with access and erasure requests. Xander, which operates a Real Time Bidding platform, is accused of collecting sensitive personal information and failing to adequately identify and respond to data subjects. The complaint requests Garante to enforce data protection rights, correct inaccurate profiles, and impose fines on Xander.

noyb Files Complaint Against Xander for GDPR Violations in RTB Read More »

Danish DPA Reports Municipalities’ Steps Toward Compliance in the Google Chromebook Case

Datatilsynet, Denmark, Enforcement, EU law, GDPR, Google | July 29, 2024

The Danish Data Protection Authority (Datatilsynet) reports that municipalities are taking steps to comply with the orders issued in January 2024. KL (Local Government Denmark), representing 52 municipalities, announced that from August 1, 2024, municipalities will stop sharing personal data with Google for purposes deemed unlawful by the Authority. Datatilsynet noted contract adjustments ensuring data processing strictly follows municipal instructions, except as required by EU law. Allan Frank, IT security specialist at Datatilsynet, highlighted remaining issues. The Authority awaits an opinion from the European Data Protection Board on documentation of subprocessors to make a final assessment.

Danish DPA Reports Municipalities’ Steps Toward Compliance in the Google Chromebook Case Read More »

Baden Wurtemberg DPA published a navigator for AI & data protection guidance (ONKIDA)

AI, EU law, GDPR | July 29, 2024

The LfDI Baden-Württemberg has published the ‘Orientation Aids Navigator AI & Data Protection’ (ONKIDA) on 19 July 2024. This tool helps organize and provide quick access to key regulatory documents on artificial intelligence and data protection, making it easier for authorities and companies to navigate GDPR compliance. ONKIDA includes a matrix that links central data protection requirements with guidance from various supervisory authorities, facilitating the understanding and application of these regulations in AI contexts.

Baden Wurtemberg DPA published a navigator for AI & data protection guidance (ONKIDA) Read More »

Hamburg DPA Launches GDPR Discussion Paper on Personal Data in LLMs

AI, EU law, GDPR | July 29, 2024

The Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI) has issued a discussion paper on the application of GDPR to Large Language Models (LLMs). It asserts that LLMs do not store personal data and thus do not constitute data processing under GDPR Article 4(2). However, any personal data processed within LLM-supported AI systems must comply with GDPR, particularly regarding output. The paper stresses that training LLMs with personal data must adhere to data protection laws, though violations during training do not impact the model’s lawful use in AI systems.

Hamburg DPA Launches GDPR Discussion Paper on Personal Data in LLMs Read More »

EDPS and AEPD Insights into Challenges of Neurodata Processing for Privacy and Data Protection

AI, DPA guidance, EDPB, EU law, GDPR, Neurodata | July 7, 2024

On 27 June 2024, the Spanish Data Protection Agency (AEPD) and the European Data Protection Supervisor (EDPS) published a joint report on neurodata processing. Neurodata, defined as information gathered from the brain and nervous system, includes brain activity, structure, and function data. The report warns of significant privacy risks, especially with the rise of neurotechnologies in marketing and entertainment. It proposes the creation of new “neurorights” and emphasizes stringent data protection principles, including proportionality and transparency, to address the invasive nature of neurodata.

EDPS and AEPD Insights into Challenges of Neurodata Processing for Privacy and Data Protection Read More »