GDPR Archives

Meta Halts AI Rollout in Europe Following Irish DPC Request

AI, DPC, EU law, GDPR, Meta | June 19, 2024

Meta has paused the launch of its AI tools in Europe after a request from Ireland’s Data Protection Commission (DPC). This decision comes after the digital rights group Noyb filed complaints in 11 European countries, criticizing Meta’s vague AI plans and the opt-out requirement for users. Meta planned to use public posts from Facebook and Instagram to train AI models. The DPC’s decision, welcomed by other European authorities, followed intensive discussions with Meta. Meta expressed disappointment, noting it had incorporated regulatory feedback since March.

Meta Halts AI Rollout in Europe Following Irish DPC Request Read More »

noyb Files Complaint Against Google’s Privacy Sandbox

Enforcement, EU law, GDPR, Google, noyb | June 19, 2024

noyb has filed a complaint with the Austrian data protection authority against Google. The complaint argues that Google misled users into enabling an “ad privacy feature” through deceptive pop-ups, which actually track users via the new Privacy Sandbox API. The API replaces third-party cookies with first-party tracking within the Chrome browser. Google used manipulative design techniques, known as dark patterns, to secure user consent, violating GDPR requirements for informed and transparent consent. The complaint demands Google’s compliance with GDPR and suggests imposing a significant fine.

noyb Files Complaint Against Google’s Privacy Sandbox Read More »

noyb Files Complaint Against Microsoft for Violating Children’s Privacy

Enforcement, EU law, GDPR, Microsoft, noyb | June 19, 2024

noyb filed a complaint with the Austrian Data Protection Authority against Microsoft on 4 June 2024, alleging that Microsoft’s 365 Education services violate children’s privacy rights. The complaint claims that Microsoft shifts GDPR responsibilities to schools, which lack control over data processing. Microsoft’s use of tracking cookies without proper consent from minors or their guardians breaches GDPR. noyb calls for an investigation and penalties, arguing that Microsoft’s practices harm children’s data protection rights.

noyb Files Complaint Against Microsoft for Violating Children’s Privacy Read More »

CNIL launches new public consultation on practical guidelines for developing AI systems

AI, CNIL, DPA guidance, EU law, GDPR | June 19, 2024

The CNIL launched a second public consultation on developing AI systems, releasing new practical guides and a questionnaire to help professionals balance innovation with privacy rights. These “AI how to sheets”, available for consultation until 1 September 2024, cover key issues like web scraping, open-source models, and data subjects’ rights. This follows initial recommendations published in April 2024, aiming to clarify GDPR application to AI.

CNIL launches new public consultation on practical guidelines for developing AI systems Read More »

CNIL’s Recommendations on GDPR Compliance for AI Systems

AI, CNIL, DPA guidance, EU law, GDPR | June 19, 2024

On 7 June 2024 CNIL released the English translation of its recommendations for applying GDPR to AI system development (published in April), addressing the misconception that GDPR hinders AI innovation. These guidelines – “AI how-to Sheets” 1 to 7 – emphasize responsible handling of personal data, essential for model training. Key aspects include defining a clear objective for AI systems, determining responsibilities, establishing a legal basis for data processing, ensuring lawful data reuse, minimizing data usage, setting data retention periods, and conducting Data Protection Impact Assessments (DPIAs).

CNIL’s Recommendations on GDPR Compliance for AI Systems Read More »