Synthetic data undoubtedly offer several benefits to the privacy and data protection of individuals, however, the debate regarding the extent of their use and the potential risk of re-identification renders its use controversial. Specifically, the question of whether synthetic data can be rendered pseudonymous or anonymous remains unresolved and both views have acquired supporters and […]
English Posts
The EDPB releases report of the outcome of the cookie banner task force
Following the massive number of draft complaints (over 500) to companies implementing allegedly unlawful cookie banners issued in May 2021 by the non-profit organization NOYB, the EDPB decided to set up a task force composed of delegations of the EU Supervisory Authorities (SAs) to coordinate the response to complaints filed with several European SAs by […]
Privacy matters: the intrinsic value of data protection
Records of processing activities. Data processing agreements. Data processing impact assessments. Privacy notices. Cookie banners. Data subject requests. Data flow mapping…The world of data privacy can be overwhelming, even for those of us who work with it professionally. It is especially frustrating when companies feel that they are losing their competitive edge due to limiting […]
Synthetic data and data protection-related challenges
Synthetic data are information artificially generated by computer simulations or algorithms such as AI and ML tools, including ‘deep learning’ methods. They are generated from real data with the goal to capture, represent and reproduce the characteristics, patterns, and structure observed in the authentic data. Although they are not real data, they allow the same […]
ChatGPT: Risks and challenges from a Data Privacy perspective
AI-powered chatbots are all the rage these days and ChatGPT is the biggest star. With more than 100 million monthly users just two months after its launch, it officially holds the record for the fastest-growing web platform in history, beating giants like Instagram and TikTok. The appeal of OpenAI’s ChatGPT is easy to understand. The […]
EU – most relevant GDPR fines of the last years
More than four years after the General Data Protection Regulation 2016/679 (GDPR) came into force, companies and organizations that process personal data inside and outside the EU have come to realize the benefits that a privacy-friendly business management can entail. Moreover, in the last years it became evident that processing personal data in violation of […]
The New Look of Cross-Border Transfers in Switzerland
The Swiss Parliament passed the revised Federal Act on Data Protection (nFADP) in the fall of 2020. The Swiss Federal Council announced that the law will enter into force on September 1, 2023. As there will be no transition period, the requirements must be met from the first day the law becomes effective. While we […]
Italian Sunshine Act: a GDPR oriented analysis
In June 2022, Law 62/2022 known as the Sunshine Act entered into force in Italy, introducing new transparency regulations on transfers of value established between companies operating in the pharmaceutical and health care sector and health care professionals (HCPs) as well as health care organizations (HCOs). The Italian Sunshine Act is one of the newest […]
The priorities set by the Belgian Data Protection Authority for the 2023 Agenda
At the end of last year, in the context of setting the 2023 budget, the Belgian Data Protection Authority (Autorité de protection des données/ Gegevensbeschermingsautoriteit or APD) has highlighted the main topics that will be the focus of this year’s agenda, depending on the capacity of the authority, as the APD mentioned in its press […]
Cybersecurity in the EU: the new NIS 2 Directive comes into force
Cybersecurity has become an increasingly discussed topic in Europe and is more and more valued and controlled on a business level by most companies operating in the EU market. The reason for this rising trend can certainly be traced back to the impressive rate of cyber attacks, which continues to increase each year, as shown […]
How did your kid find out about that game they are constantly talking about? It is a mystery even to the most experienced elf…
Responsible advertising to children (during Christmas time and beyond) in the EU Children are at the heart of Christmas. Many businesses operate in the online world and target their products and services to children, trying to persuade them that they can make their Christmas dreams come true! What are the rules about targeting to children […]
EU Commission published Draft Adequacy Decision for EU – US data transfer
On 13 December 2022, approximately only 1 month after the signing of President Biden’s Executive Order, the European Commission announced the Draft Adequacy Decision for EU – US Data Transfers. This time-record achievement officially launches the process towards the adoption of the Adequacy Decision for the proposed EU-US Data Privacy Framework, and may put a […]
Irish DPC: Facebook Data Scraping not in line with Art. 25 of the GDPR
In 2021, media reports raised serious questions about how Facebook was dealing with the collected personal data of around 530 million Facebook users. Between 2018 and 2019, these datasets, which also included the email addresses and mobile phone numbers of Facebook users, were exposed on the internet. Following the media reports of these serious data […]
Google and the U.S.: A multi-state historic privacy settlement
Google, the giant U.S. tech company, will pay a total of $391.5 million to 40 U.S. states, which is the largest multi-state privacy settlement with state Attorneys General in the U.S. history. The main reason behind the fine is that the online search engine platform has engaged in deceptive and unfair actions in violation of […]
“Old” Standard Contractual Clauses to be Invalid as of the End of December (27.12.2022)
The European Commission decided on new Standard Contractual Clauses (SCCs) in June 2021. After 27 December 2022, only these “new” SCCs may be used without exception. What does that mean for companies and organizations? If personal data is transferred to processors (or their sub-processors) or to controllers in a country outside the EU or the […]