News

English Summary }}}} A court awarded €3,000 to a data subject after finding a news portal violated her privacy under [[Article 5 GDPR]] by publishing her personal data unnecessarily and disproportionately, despite claims of public interest.A court awarded €3,000 in damages to a data subject after finding that a news portal violated her right to privacy by publishing her personal data unnecessarily and disproportionately in two articles, despite the controller’s claims of public interest. == Engl

Report from EFF, Center for Just Journalism, and IPVM Helps Cut Through Sales HypeSAN FRANCISCO — A new report released today offers journalists tips on cutting through the sales hype about police surveillance technology and report accurately on costs, benefits, privacy, and accountability as these invasive and often ineffective tools come to communities across the nation. The “Selling Safety” report is a joint project of the Electronic Frontier Foundation (EFF), the Center for Just Journalism (

Surveillance technology vendors, federal agencies, and wealthy private donors have long helped provide local law enforcement “free” access to surveillance equipment that bypasses local oversight. The result is predictable: serious accountability gaps and data pipelines to other entities, including Immigration and Customs Enforcement (ICE), that expose millions of people to harm. The cost of “free” surveillance tools — like automated license plate readers (ALPRs), networked cameras, face recognit

Federal agencies like Immigration and Customs Enforcement (ICE) and Customs and Border Protection (CBP) have descended into utter lawlessness, most recently in Minnesota. The violence is shocking. So are the intrusions on digital rights. For example, we have a First Amendment right to record on-duty police, including ICE and CBP, but federal agents are violating this right. Indeed, Alex Pretti was exercising this right shortly before federal agents shot and killed him. So were the many people wh

Dangerously unchecked surveillance and rights violations have been a throughline of the Department of Homeland Security since the agency’s creation in the wake of the September 11th attacks. In particular, Immigration and Customs Enforcement (ICE) and Customs and Border Protection (CBP) have been responsible for countless civil liberties and digital rights violations since that time. In the past year, however, ICE and CBP have descended into utter lawlessness, repeatedly refusing to exercise or

Brussels, 21 January - The European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) have adopted a Joint Opinion on the European Commission’s Proposal for the ‘Digital Omnibus on AI’. The Proposal seeks to simplify the implementation of certain harmonised rules under the AI Act to ensure their effective application.The EDPB and the EDPS support the objective of addressing practical challenges relating to the implementation of the AI Act. Administrative simplificat

Spyware continues to spread across Europe despite years of scandals and undisputable evidence of fundamental rights violations. As the European Commission remains inactive, civil society, journalists and some lawmakers at the European Parliament are stepping up pressure for accountability. In this context, EDRi is launching a document pool to centralise resources that tracks abuse and support the growing push for a full EU-wide ban of spyware. The post EDRi launches new resource to document abus

join the international community, including the UN’s Independent International Fact-Finding Mission, in calling on Iran to immediately restore internet and mobile communications and in demanding accountability and transparency for the grave human rights violations documented in the country The post #KeepItOn: Iran plunged into digital darkness, concealing human rights abuses appeared first on Access Now.

Fixed Link The controller did not respond adequately, providing unclear information or referring the data subject to third parties. As a result, the data subject lodged a complaint with the DPA.The controller did not respond adequately, providing unclear information or referring the data subject to third parties. As a result, the data subject lodged a complaint with the DPA. The DPA issued a final decision warning the controller for violating [[Article 6(1) GDPR|Article 6(1)]] and [[Article 5(1)

Commentary CoC are a voluntary accountability tool providing for specific data protection rules for categories of controllers and processors. In other words, CoC can provide a rule book for a group of controllers and processors describing how a GDPR compliant processing operation looks like in the specific processing situation.<ref>EDPB, ‘Guidelines 1/2019 on Codes of Conduct and Monitoring Bodies under Regulation 2016/679’, 4 June 2019 (Version 2.0), margin number 7 (available [https://ww

Access Now,together with several human rights organizations, are calling on MTN Group to protect mobile service subscribers and ensure transparency and accountability for data breaches perpetuated by their subsidiaries in the Republic of Congo. The post MTN Group must answer for dangerous bounty SMS campaign in the Republic of Congo appeared first on Access Now.

The European Parliament has approved the EU–Singapore Digital Trade Agreement, rejecting a motion to seek a Court of Justice opinion on its legality. This decision weakens the Union’s capacity to safeguard privacy, data protection, and accountability over software systems, at a time when deregulation pressures are increasing across Europe. The post EU adopts Digital Trade Agreement with Singapore despite warnings: a setback for digital rights and democratic oversight appeared first on European D

> The harms from so-called AI are real and present and follow from the acts of people and corporations deploying automated systems. Regulatory efforts should focus on transparency, accountability and preventing exploitative labor practices. By Angelina McMillan-Major, Emily M. Bender, Margaret Mitchell and Timnit Gebru for DAIR on March 31, 2023

> The growth of generative artificial intelligence systems has led EU lawmakers to focus on General Purpose AI in drafting the AI Act, which will set the framework governing artificial intelligence in the European Union. As previously reported, the EU Parliament has already broadened the definition of artificial intelligence for the purposes of the AI Act… The post Is the AI Act caging ChatGPT and other General Purpose Artificial Intelligence systems? appeared first on GamingTechLaw.

> Spain’s data protection authority, the Agencia Española de Protección de Datos, published guidance for anonymizing data. The guidance called for a trained professional to handle the anonymization of a personal data set who also has experience in reidentification attacks. Even though “residual probability” of reidentification will always exist, a data controller must apply accountability to the anonymization process “with appropriate measures to ensure compliance taking i

The purpose limitation principle does not preclude a controller from capturing and storing in a test database established for testing and error correction purposes personal data previously collected and stored in another database. However, such "further processing" of personal data must be compatible with the specific purposes for which the personal data were originally collected. The principle of storage limitation precludes the retention of personal data in that test database for longer than n

> On October 14, 2022, the Federal Trade Commission announced it is extending the deadline by one month to submit comments on its Advanced Notice of Proposed Rulemaking on commercial surveillance and lax data security practices.

Data ownership proposals are misguided and would be self-defeating if implemented. Instead, privacy law reform should focus on strengthening ongoing use restrictions over personal data, according to this article.

The GDPR incorporates the RBA for all obligations of the controller in the GDPR. Where the transfer rules are stated as obligations of the controller (rather than as absolute principles), the RBA of Article 24 therefore applies. Other than the DPAs assume, this is not contradicted by the ECJ in Schrems II nor by the EDPB recommendations on additional measures following the Schrems II judgment, according to Lokke Moerel, Professor of Global ICT Law at Tilburg University and a Dutch Cyber Security

The Danish Data Protection Agency has looked into the tool Google Analytics and its settings, and the terms under which the tool is provided. On the basis of this review, the Danish Data Protection Agency concludes that the tool cannot, without more, be used lawfully. Lawful use requires the implementation of supplementary measures in addition to the settings provided by Google.

The European Data Protection Supervisor ordered Europol to hand over personal data to Dutch activist Frank van der Linde. The decision is the result of a two-year investigation into Europol's possession and storage of van der Linde's personal data.

> The fine is the result of an investigation that began in 2020 and focused on the company’s processing of children’s personal data. Based on press reports, the investigation focused on children between the ages of 13 and 17 who were allowed to operate business or creator Instagram accounts. As a result, children’s phone numbers and email addresses were publicly accessible.

> The current version of the Bill seeks to maintain the majority of key principles that underpin the UK data protection law framework, while at the same time modifying certain key provisions in relation to accountability, lawful grounds for processing, data subject access requests and cookies, amongst others. A [consolidated redline version of the UK GDPR by Hogan Lovells](https://www.engage.hoganlovells.com/knowledgeservices/attachment_dw.action?attkey=FRbANEucS95NMLRN47z%2BeeOgEFCt8EGQJsWJiCH

> The proposed fine follows complaints filed by privacy NGO ‘Privacy International’ against Criteo. […] Under the CNIL’s sanction procedure, Criteo has the right to respond to the report, both with respect to the alleged infringements and the proposed sanction.

> A firehose of sensitive data from your vehicle is flowing to a group of companies you’ve probably never heard of

Lawfully collected and stored personal data may be retained in an additional internal database, to the extent that it pursues the same data processing purposes as the original data collection. That is the opinion of Advocate General Pikamäe to the EU Court in response to questions from a Hungarian judge.