GDPR

Danish DPA Reports Municipalities’ Steps Toward Compliance in the Google Chromebook Case

Datatilsynet, Denmark, Enforcement, EU law, GDPR, Google |

The Danish Data Protection Authority (Datatilsynet) reports that municipalities are taking steps to comply with the orders issued in January 2024. KL (Local Government Denmark), representing 52 municipalities, announced that from August 1, 2024, municipalities will stop sharing personal data with Google for purposes deemed unlawful by the Authority. Datatilsynet noted contract adjustments ensuring data processing strictly follows municipal instructions, except as required by EU law. Allan Frank, IT security specialist at Datatilsynet, highlighted remaining issues. The Authority awaits an opinion from the European Data Protection Board on documentation of subprocessors to make a final assessment.

Danish DPA Reports Municipalities’ Steps Toward Compliance in the Google Chromebook Case Read More »

Irish DPC Highlights GDPR Challenges with AI and Data Protection

AI, DPC, EU law |

On 18 July 2024, the Irish Data Protection Commission (DPC) highlighted important data protection issues with the growing use of Generative AI (Gen-AI) and Large Language Models (LLMs). These AI systems, which often process personal data during training and usage, raise concerns about data accuracy, retention, and potential biases. The DPC advises organizations using AI to ensure GDPR compliance by conducting risk assessments, understanding data flow, and safeguarding data subject rights. AI product designers must also consider GDPR obligations, transparency, and security to prevent misuse and protect personal data throughout the AI lifecycle.

Irish DPC Highlights GDPR Challenges with AI and Data Protection Read More »

Hamburg DPA Launches GDPR Discussion Paper on Personal Data in LLMs

AI, EU law, GDPR |

The Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI) has issued a discussion paper on the application of GDPR to Large Language Models (LLMs). It asserts that LLMs do not store personal data and thus do not constitute data processing under GDPR Article 4(2). However, any personal data processed within LLM-supported AI systems must comply with GDPR, particularly regarding output. The paper stresses that training LLMs with personal data must adhere to data protection laws, though violations during training do not impact the model’s lawful use in AI systems.

Hamburg DPA Launches GDPR Discussion Paper on Personal Data in LLMs Read More »

Scroll to Top