Quick
Quick briefs on Tech, Legal & Ethical Matters
EDPS’ assessment of the draft of Framework Convention on AI
Yesterday 11 March 2024, the EU Data Protection Supervisor (EDPS) released its statement about the draft of the Framework Convention on AI, Human Rights, Democracy and the Rule of Law. EDPS considers that the framework should be consistent with EU values, protect individuals’ fundamental rights, freedoms, and provide clear, strong safeguards for the subjects affected…
EDPS: EC violates data protection regulations by using Microsoft 365
Yesterday, the Eu Data Protection Supervisor released its conclusion of an investigation into the Eu Commission’s use of Microsoft 365. Accordingly, the latter has infringed the Regulation of 2018/1725 regarding the ‘transfers of personal data outside the EU/ European Economic Area (EEA)’. As the controller, ‘the Commission did not sufficiently specify what types of personal…
Database of personal information sold in enforcement proceedings
On 22 February 2024, the Court of Justice of the European Union released the Advocate General’s opinion on the sale of databases containing personal data within an enforcement proceedings which is considered to be lawful. According to his opinion, the GDPR governs the operations of the objectives that the court enforcement officer estimates the value…
EC takes actions against Tiktok
The European Commission initiates proceedings to investigate the alleged breaches of the platform’s obligations under the Digital Services Act (DSA). The EU took this decision after its early investigation, TikTok’s risk assessment report and responses to the Commission’s information requests from last year. The allegations include the negative effects of the platform design, algorithmic systems,…
EU Data Act
Today, 27 November 2023, the EU Council officially adopted the Data Act. This will become one of the most important regulations on data related to Internet of Things (IoT), including connected devices in addition to forthcoming ePrivacy Regulation and Cyber Resilience Act. The Data Act will have a significant impact on the data governance, e.g.…
CJEU: judicial review of ground, evidence of supervisory authority’s data processing
Today, 16 November 2023, the Court of Justice of the EU (CJEU) released its judgement in case C-333/22 Ligue des droits humains. According to the Court, the decision of the result of the assessment by a national supervisory authority regarding the lawfulness of the data processing is susceptible to judicial review. It will enable the…
NIST: public consultation of data classification and concepts to improve its protection
Yesterday, 15 November 2023, the U.S. National Cybersecurity Center of Excellence (NCCoE) published the initial version of the U.S. National Institute of Standards and Technology (NIST) Internal Report on Data Classification Concepts and Considerations for Improving Data Protection. The public consultation is open until 9 January 2024. The report introduced the notion of data classification…
France: Data processing system in harassment investigation
On 7 November, the Ministry of Education and Youth released the Decree 2023-1027 on implementation of the data processing system of the harassment investigation in elementary, middle and high schools. It provides the processing purposes, including bullying incidents information, detecting, preventing and resolving measures. Furthermore, the Decree enumerates the persons who may access responses to…
Quebec: Privacy policies of public agencies collecting personal data
Today, 8 November 2023, Quebec government published Decree 1544-2023 dated 25 October 2023 on the privacy policies of public bodies collecting personal data by technological measure. It provides the compulsory content of privacy policy required under art. 63.4 chapter A-2.1 Law on access of public bodies’ documents and personal data protection. The policy must define…