Category: Data Protection

Data Protection

Aphaia delivers a presentation on the new EU AI Act and the GDPR on 42Workspace in Rotterdam

Aphaia has opened its new office at 42Workspace in Rotterdam and had the chance to deliver the presentation “EU AI Act with GDPR fundamentals” to the Rotterdam tech community on 5th June.   42Workspace is the tech coworking space in Rotterdam, comprising a community of more than 40 startups and scale-ups providing digital services in

Right to be forgotten: how unfit data deletion protocol resulted in a fine from Dutch DPA

A company was fined by the Dutch Data Protection Agency for failure to delete data after receiving such requests, thereby violating individuals’ right to be forgotten under the GDPR.   The Dutch Data Protection Authority (DPA) has imposed a fine of 6,000 euros on a recruitment company. The company was fined for failing to delete

Data Protection and AI chatbots: Advice from the ICO

Following an investigation into the technology company Snap Inc, the ICO has published data protection advice with the use of AI chatbots.   Lately, it has become increasingly common for businesses and organisations to offer the option of an AI chatbot for website visitors and app users. Whether it be a social media chatbot, or

Guidance on the Use of Wi-Fi Tracking Technology

The AEPD has published guidance on the use of wi-fi technology in compliance with the GDPR.    In a collaborative effort to address the growing concerns surrounding Wi-Fi tracking technology, the Spanish Data Protection Agency (AEPD), in conjunction with the Catalan Data Protection Authority, the Basque Data Protection Authority, and the Transparency and Data Protection

Combat the threat of cyber attacks: A call to action from the ICO

The ICO has called on organisations to take action to combat the threat of cyber attacks, providing guidance based on 2023 data breach reports.    In light of the escalating risk of cyber threats, The Information Commissioner’s Office (ICO) is urging all organisations to strengthen their cyber security measures and safeguard the personal data under

Web Scraping is almost always unlawful under the GDPR

Under the GDPR, web scraping is almost always unlawful, except for in very few exceptional cases.    The automatic collection and storage of information from the Internet is referred to as web scraping. Through this process, a computer program automatically extracts data from the internet, for example by scanning social media platforms. Scraping involves the

Facial Recognition Technology: legal clarification from the Netherlands DPA

Netherlands DPA (AP) clarifies legal questions regarding the use of Facial Recognition Technology under the GDPR.   The Dutch Data Protection Authority, Autoriteit Persoonsgegevens (AP) has published a new guide that addresses and clarifies frequently asked legal questions about the use of facial recognition technology. The document is primarily designed for privacy professionals and organisations

Recommendations on the development of AI systems from European DPAs

DPAs across Europe have provided useful recommendations for organisations involved in the development and deployment of AI systems, aiding these organisations to remain in compliance with the GDPR and other regulations applicable to AI systems.    The French data protection authority, CNIL recently published its first recommendations on the development of AI systems. These recommendations

The EDPB releases its Opinion on ‘Pay or Ok’ Models

The EDPB highlights the need to comply with all the requirements of the GDPR, in particular those for valid consent.   In the rapidly evolving landscape of ecommerce and data protection, it is paramount for businesses to understand how any new practices involving the processing of personal data may affect their user’s privacy and the

Unlawful use of data results in significant fine for canvassing company

Unlawful use of data results in significant fine for canvassing company A company was fined by CNIL for unlawfully using data obtained from a data broker for commercial prospecting purposes.    On April 4, 2024, the French data protection authority, CNIL, imposed a significant fine of 525,000 euros on the company HUBSIDE.STORE. The fine was