AI (Artificial Intelligence) is becoming a big part of how businesses operate. But with this technology comes new rules that companies must follow. The EU AI Act, effective since August 1st 2024, is one of these important new rules. If your company uses or develops AI, it’s important to know what this means for you. […]
mb-firstprivacyenglisch
Voice Data as a Health Indicator
In the era of digital health and artificial intelligence, we are witnessing an unprecedented ability to collect and analyze personal data for health insights. One emerging area of interest is the use of voice data as a health indicator. While this technology holds promise for early detection and monitoring of various health conditions, it also […]
Swiss-U.S. Data Transfers: New Framework solves Privacy Hassles, finally!
Starting September 15, 2024, transferring personal data from Switzerland to the United States will become significantly easier, thanks to a new framework approved by the Swiss Federal Council. This marks a significant shift, allowing these data transfers to rely on an adequacy decision rather than the more complex Standard Contractual Clauses (SCCs). Until this decision, […]
Can Legitimate Interest Be Used to Train an AI Model? noyb Disagrees
In August 2024, the European Center for Digital Rights (noyb), co-founded by privacy advocate Max Schrems, filed a series of complaints against X (formerly Twitter), the social media platform owned by Elon Musk. The nine complaints, lodged in nine different countries, focus on X’s use of personal data to train its Artificial Intelligence (AI) technologies. […]
GDPR Breach due to Health Data Leak results in 80,000 euro fine for Private Clinic
A private clinic specializing in assisted reproductive technology (ART), experienced a significant data breach due to a cyberattack. The breach compromised the personal data of approximately 400 individuals, including patients and employees. The affected data included identity, contact information, financial details, and sensitive health and genetic information. Even though the breach was detected on 21 […]
Resolution from the DSK regarding the secondary use of genetic data
Before we delve into the position paper of the Conference of Independent Federal and State Data Protection Supervisory Authorities (DSK), it is important to discuss the exceptional nature of genetic data. Genetic data, defined in Art. 4 (13) GDPR and in Recital 34 GDPR, was included within the special categories of data by the GDPR, […]
PIAs and DPIAs: A Two-Step Process to GDPR Compliance
If you work in a company in the European Union or the UK you have probably heard your fair share about data protection. From HR to Sales, personal data infiltrates almost every aspect of a company. One of the biggest tasks under the General Data Protection Regulation (GDPR) is collecting all the information required and […]
Why Canada is facing more Cyberattacks than ever
Ignorance is bliss, they say, but this is definitely not true when it comes to data protection and data security. Our daily lives revolve more and more around the online world (home office with video conferences, online banking, social media and the list goes on). This, most certainly, comes with a lot of amenities. However, […]
AI and HR – Navigating legal obligations in Europe
Artificial Intelligence (AI) is reshaping HR and recruitment practices worldwide, promising enhanced efficiency and precision. While the adoption of AI in HR is not groundbreaking news, as many large companies have relied on similar solutions for years, its undeniable benefits continue to drive organizations of all sizes towards embracing AI-powered tools. Technologies like resume screening […]
How to protect data from web scraping? Guidelines from The Italian DPA
The Italian Data Protection Authority (Garante per la protezione dei dati personali, or short Garante) has released in May 2024 guidelines aimed to protect personal data published online by public and private entities (in a role of data controller) from web scraping performed by third parties. While the purposes to perform data scraping or web […]
Retention of Metadata – legal and business impacts of the Italian DPA guideline – UPDATED
A few months ago, we delved into a new decision of the Italian data protection authority (Garante) on this blog, which recommended that employers set retention periods for their employees‘ email metadata not exceeding 7 days. This guideline created some confusion, leading the Garante to suspend its applicability and open it up for public consultation […]
Current legislation shaping Europe’s Digital Decade
In recent years, Europe has made decisive efforts to lead companies and people into the digital future. These efforts are ongoing and are leading to a dynamic process at legislative level with a flood of new legislation. This article provides an overview of several significant new pieces of legislation introduced by the EU as part […]
Italian Data Protection Authority imposed the highest fine so far on electricity provider
Telemarketing activities and aggressive practices against the consumers are again in the spotlight of the Italian Data Protection Authority (Garante), that imposed the highest fine ever on the Italian electricity provider Enel Energia. It is unfortunately very common that Italian consumers are harassed by unwanted telephone calls from marketing agencies proposing contracts for different services […]
Protecting Privacy, one State at a time: Maryland’s new Privacy Law
In the world we live in trends are an everyday thing, from YouTube Videos to TikTok challenges, from the clothes people wear to the music they listen to. We see trends in every part of our everyday lives. Sometimes in government, just like in our private lives, when something is a good idea (sometimes even […]
The GORE-Tex of Data Protection
The rapid rise of face recognition technology is undeniable these days. In some parts of the world, it is already omnipresent and used for a variety of purposes such as the identification of passengers at airports, the surveillance of citizens in public places or even criminal convictions. While Artificial Intelligence (AI) had not been able […]