Is the EU AI Act a Jenga piece that can easily be removed from the regulatory tower? Here are some key points from the “AI Regulation – a critical comment” workshop at the Alpine Privacy Days Conference, courtesy of Florent...more
The European Commission recently issued a formula for identifying Artificial Intelligence Systems:
Machine-based system-
Designed to operate with varying levels of autonomy-
•Some degree of independence of actions from...more
2/10/2025
/ Algorithms ,
Artificial Intelligence ,
Automated Decision Systems (ADS) ,
Data Privacy ,
Data Protection ,
EU ,
European Commission ,
Machine Learning ,
Regulatory Agenda ,
Technology ,
Technology Sector
App permissions do not satisfy the requirements for valid consent for the purpose of GDPR because they lack sufficient detail and granularity, according to the Commission Nationale de l’Informatique et des Libertés (CNIL)....more
1/17/2025
/ CNIL ,
Compliance ,
Consent ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
General Data Protection Regulation (GDPR) ,
Mobile Apps ,
Personal Data ,
Privacy Laws ,
Privacy Policy
There is more to learn from the European Data Protection Board’s recent opinion on AI models. I previously reviewed the EDPB’s take on what the consequences could be for the unlawful processing of personal data in the...more
The European Data Protection Board’s recent opinion on AI models can be useful in several ways. Last week, I covered EDPB’s take on what the consequences could be for the unlawful processing of personal data in the...more
The European Data Protection Board recently issued an opinion on AI models, shedding light on what the consequences could be for the unlawful processing of personal data in the development phase of an AI model on the...more
The Commission Nationale de l’Informatique et des Libertés in France recently took action against misleading cookie banners as subverting true consent. This is not a new issue, though, with the Federal Trade Commission, the...more
So you have a court order from a U.S. court seeking data? In the words of Shania Twain, “That don’t impress me much!” The European Data Protection Board recently issued an opinion on cross border transfers pursuant to Art 48...more
I recently had the pleasure of speaking with the Atlantic County Bar Association. Here are some of the key takeaways from my presentation: Employees are “consumers” under the California Consumer Privacy Act. It requires:...more
What can U.S.-based and multi-national companies learn from the 290 million euro fine Autoriteit Persoonsgegevens, the Dutch Data Protection Authority, issued against Uber in connection with the processing of Dutch driver...more
Colorado recently enacted its Artificial Intelligence law, launching a new era of state AI laws. What do you need to know?
•The bill is effective February 1, 2026 and enforceable by the Attorney General.
•This is a...more
The Office of the Data Protection Authority of the Bailiwick of Guernsey has issued concise guide on the definition of consent.
This is helpful not only for GDPR, but also for understanding and implementing consent under the...more
Are test questions and answers personal data that needs to be provided pursuant to an access request? A German court recently weighed in, providing some good insight regarding both GDPR and U.S. state data privacy laws....more
A cookie is not just a cookie, according to the European Data Protection Board. It’s also similar technologies, and access and Internet of Things (IOT). Here are some key takeaways you need to know from the EDPB’s draft...more
In a letter to the National Telecommunications and Information Administration, attorneys generals from 21 states, the District of Columbia and the U.S. Virgin Islands recently weighed in on Artificial Intelligence...more
Ireland’s Data Protection Commission has fined Meta Ireland 1.2 billion EUR.
While you have probably heard about that, there is much, much more to this case and the larger Schrems II cross border saga. Here is what you...more
Ireland’s Data Protection Commission has fined Meta €1.2 billion. What, however, did the commission say in the case about using Art 49 derogations for transfers to the U.S.? An overview: I will discuss the Meta decision...more
The GDPR journey has not been wonderful.
NOYB has 800 cases out and the enforcement process is difficult because procedural law is different in different countries....more
The European Data Protection Board (EDPB) has issued a long-awaited opinion on the EU-US Data Privacy Framework.
Here are some key takeaways:
The scope of the exemptions to the adherence to the principles, including on the...more
The United States is adequate, at least according to a draft opinion on the EU-U.S. Data Privacy Framework. Here is a look at what the opinion says, and what U.S. companies involved in EU-U.S. transfers should be doing now....more
The European Data Protection Supervisor (EDPS) has submitted comments to FTC Rulemaking on commercial surveillance.
Here are some key takeaways.
IOT devices:
•It is important that data from the Internet of Things are...more
You need a data retention plan. No really.
And not just in the European Union. In California too.
Commission Nationale de l’Informatique et des Libertés (CNIL) has fined messaging platform Discord 800,000 EUR for (non...more
Employers should have in place a process to delete former employees’ information – including public facing information and photos – to meet their retention limitation requirements, according to the Belgian Data Protection...more
After the recent Court of Justice of the European Union decision on sensitive inferences that can be drawn from the name of your spouse, it is fair to ask: Is everything sensitive data (special category data)?...more
Please take note!
1.SchremsII and cross border transfers: Risk based, wherefore art thou? With the Google Analytics, Google Fonts, Amazon AWS, Google Workspace other cases, the SchremsII and DPA guidance is piling up....more
9/30/2022
/ Biometric Information Privacy Act ,
California Privacy Rights Act (CPRA) ,
Cookies ,
Cross Border Privacy Rules (CBPR) ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
EU ,
International Data Transfers ,
Privacy Laws ,
Schrems I & Schrems II