On April 29, 2024, the European Center for Digital Rights, better known as noyb, co-founded by Austrian lawyer and privacy activist Max Schrems, has filed a formal complaint against OpenAI, the company behind the popular ChatGPT. The complaint raises concerns about the chatbot’s handling of personal data, focusing on two main issues: the provision of […]
Internationaler Datenschutz
Internationaler_Datenschutz
The Washington My Health My Data Act enters into force
The Washington My Health My Data Act (henceforth the “MHMDA”) passed the Washington State Legislature on April 17, 2023, and was signed into law on April 27, 2023. The Act includes effective dates on a section-by-section basis with regulated entities being bound to comply with its obligations and prohibitions beginning 31 March 2024. Small businesses […]
The American Privacy Rights Act – a new chapter in the U.S. data privacy story
The United States is seen throughout the world as a leader in technology. With major players growing from small start-ups to international household names. Despite such growth in the world of technology right in our backyards, the U.S. is also seen as lacking when it comes to regulating the implications of such technologies on our […]
Groeiende Relevantie AVG en Recordboetes in 2023
Volgens de Financial Times zijn de boetes onder de Algemene Verordening Gegevensbescherming (AVG) in het jaar 2023 met bijna 40 procent gestegen. Toezichthouders van Europese landen hebben vorig jaar een stuk strenger gehandhaafd en leggen steeds vaker druk op bedrijven en instanties. Uit onderzoek van DLA Piper is gebleken dat grote tech- en social mediabedrijven […]
A Tale of two Advisories: Untangling India’s latest foray into AI Regulation
Recently, Google’s AI platform Gemini provided what was perceived as a “biased” answer to a question on the Indian Prime Minister, Narendra Modi, asking “Is Modi a fascist?”. Gemini’s response was that Prime Minister Modi was “accused of implementing policies some experts have characterised as fascist.” This answer drew sharp criticism from the Indian government, […]
A new Regulation facilitates cross-border data transfers from China to a third country
China’s cross-border data transfer regulations have been relaxed for the first time after the country issued a series of cybersecurity and personal data protection laws that imposed strict conditions on cross-border data transfers, raising concerns among companies doing business in China and abroad. On 23 March 2024, the Cyberspace Administration of China („CAC“), China’s central […]
Colombia’s Database Registration Deadline Approaches
In 2012, Colombia enacted Law 1581, establishing the national regime for personal data protection in the country. Law 1581 mandates that data controllers register their databases containing personal data in a national registry managed by the personal data protection authority, the Superintendencia de Industria y Comercio (SIC). This registration obligation occurs annually, with the deadline […]
Controlling Working Times and Attendance via the Processing of Biometric Data: Guidelines by the Spanish DPA
In November 2023, the Spanish data protection authority (AEPD) unveiled new guidelines regarding the use of biometric data in the workplace to ensure companies’ compliance with data protection laws while implementing attendance control systems such as fingerprint scanners. Let’s take a look at what it says. Understanding Biometric Data Biometric data, like fingerprints, retina scans, […]
AI Act – What’s next?
After a record-long negotiation (36 hours), the EU Parliament declared on Friday, December 8, 2023, that they have successfully reached an agreement on the upcoming AI Act. As of now, there is no official text available. The only official sources of information that we have are press releases from the EU institutions involved in the […]
Internationales Abkommen zum Schutz vor KI-Missbrauch
Die Cybersecurity and Infrastructure Security Agency (CISA) als Teil des Ministeriums für innere Sicherheit der USA (DHS) und das National Cyber Security Centre (NCSC) des Vereinigten Königreichs haben am 26.11.2023 gemeinsam Richtlinien für die sichere Entwicklung von KI-Systemen veröffentlicht. Beteiligt waren insgesamt 23 Cybersicherheitsbehörden aus insgesamt 18 Ländern – darunter auch das deutsche Bundesamt für […]
What does the Data Privacy Framework Self-Certification mean for your company?
Let’s take a closer look at what the decision to self-certify under the DPF means for your company. In terms of costs, other then the applicable fees, you need to consider administrative and organizational costs aimed at ensuring accountability while implementing mechanisms to allow data subjects the exercise of their rights. We are providing you […]
Does your Company Need a Data Privacy Framework Certification?
Well, it depends. Let me begin by providing an overview of the Data Privacy Framework as adopted on July 11th 2023 and follow by providing my opinion on whether and for which companies a certification under the new framework would add value. The EU-US Data Privacy Framework in the Big Picture of the Adequacy Decisions […]
Access to employee emails: A delicate balance between business needs and privacy rights
In the landscape of corporate operations, accessing employee emails may sometimes feel like a necessity for companies. Whether to investigate suspected misconduct of current employees, facilitate operational management during an employee’s prolonged absence, or streamline the transition after an employee departs, the reasons can be varied. However, this task is not straightforward as there are […]
Datenschutz-Folgenabschätzungen nach dem revidierten Schweizer Datenschutzgesetz
Für Verantwortliche in der Europäischen Union, die Datenverarbeitungen mit einem hohen Risiko für die Rechte und Freiheiten der betroffenen Personen vornehmen, ist das Thema „Datenschutz-Folgenabschätzung“ (DSFA) bereits seit Jahren geläufig. Mittels der DSFA sollen datenschutzrechtliche Risiken erkannt, bewertet und durch Festlegung geeigneter Maßnahmen abgesenkt werden. Mit dem revidierten Schweizer Datenschutzgesetz gilt die Pflicht zur Durchführung […]
New Data Protection Law in Saudi Arabia
Individual privacy in Saudi Arabia and the protection of personal data have long fallen under the general provisions of Saudi law and not under the specific provisions on „data protection“ or „data security“. In the absence of specific laws, Islamic law generally applies in Saudi Arabia. Thus, Saudi courts dealt with data protection issues according […]