French watchdog CNIL Thursday published a tool for tracking open-source AI models to help data subjects exercise their rights to access personal information, object to its use for AI and delete it.
GDPR
The General Data Protection Regulation (GDPR) is the European Union’s landmark privacy law governing how organizations collect, process and protect personal data. In effect since 2018 it applies to any entity handling EU residents’ information regardless of where the company is based and imposes strict requirements around consent, transparency, data minimization and user rights. GDPR enforcement has led to billions in fines against global companies setting a high bar for compliance frameworks worldwide and influencing privacy legislation in the U.S. and other regions.
Italian DPA Garante fined Verisure Italy and Aimaq hundreds of thousands of euros for serious data protection violations, it said Thursday.
French privacy watchdog CNIL slapped five political candidates with fines totaling 23,500 euros ($27,000) for GDPR breaches, it said Thursday.
Certain information collected by a body camera during a ticket inspection must be provided immediately to the passenger concerned under the GDPR, the European Court of Justice (ECJ) ruled Thursday (Case C-4242/24, Storstockholms Lokaltrafik).
Meta must give privacy advocate Max Schrems full access to all of his personal data within 14 days, the Austrian Supreme Court ruled and Noyb reported Thursday. Also, the social media giant must revamp its illegal personalized advertising model, the court said. Noyb said the decision sets an EU-wide precedent.
France's Ministry of National Education and privacy watchdog CNIL renewed their partnership to strengthen digital education and protection of students' data, they said Wednesday.
French watchdog CNIL launched FantomApp, an app to help 10-15-year olds protect their data on social networks, on Tuesday.
Businesses are working toward compliance with Maryland’s comprehensive privacy law, despite its differences with 19 other states' comprehensive privacy laws, two McNees privacy attorneys said in an interview with Privacy Daily on Monday. Devin Chwastyk, who co-chairs the firm’s privacy and data security group, predicted “the phone will start ringing with more vigor” as the Maryland Online Data Privacy Act’s April 1 “enforcement deadline approaches.” In addition, he said MODPA may signal the end of “cookie-cutter” state privacy bills.
Concerns about whether proposed changes to the GDPR in the European Commission's digital omnibus package could harm data flows between the EU and the U.K. are a "storm in a teacup" aimed at pressuring the EC's proposals, Shoosmiths privacy lawyer Alice Wallbank emailed us Monday.
It’s best to avoid building privacy compliance programs around specific regulations or treating customers differently by region, Iman Saleh, Airbnb senior manager of AI privacy architecture said during a panel at the Risk Digital Global virtual conference Thursday. “Generalize when possible" and "work within the spirit of the law, not the letter of the law,” she said.