Loading

Tag: Data Protection

Tag: Data Protection

Using AI in recruitment: Recommendations for business owners

The ICO has published recommendations for business owners on using AI in recruitment processes lawfully and ethically.   Artificial intelligence (AI) is transforming recruitment by saving time and improving efficiency for businesses of various sizes and across industries. Businesses are using AI tools to source potential candidates, summarize CVs, as well as score applicants. However,

ePrivacy Directive Article 5(3): Device Tracking and User Consent

Understanding Article 5(3) of the ePrivacy Directive and its Implications on Device Tracking and User Consent   The ePrivacy Directive, specifically Article 5(3), restricts the storage and access of information on users’ devices without their consent, except under specific conditions. This legislation plays a crucial role in protecting users from unauthorized storage and access to

Legitimate interest as a legal basis: Guidance from the EDPB

Controllers must ensure necessary, proportionate, processing which respects the rights of data subjects, ensuring GDPR compliance.   When processing personal data under the General Data Protection Regulation (GDPR), controllers must ensure that their actions are lawful. Specifically, if relying on Article 6(1)(f) of the GDPR, the processing must be based on a legitimate interest. This

Tech giants push for lighter AI regulations in Europe

Tech giants push for lighter AI regulations in Europe amid concerns over fines and transparency.   In a pivotal final effort, the world’s largest technology companies are urging the European Union (EU) to take a more lenient stance on regulating artificial intelligence (AI). Firms like Amazon, Google, and Meta are currently facing the looming possibility

Communication after a data breach: Lessons from the Dutch DPA

The Dutch DPA has emphasised the importance of communication after a data breach, after a 2023 study revealed that many organisations failed to inform victims in a timely manner.   In an age where personal data is often at risk due to cyberattacks and other breaches, individuals affected by data breaches can often feel left

CNIL fined Cegedim Santé €800,000 for unlawful processing of sensitive health data

CNIL imposed a €800,000 fine on Cegedim Santé for the unauthorized and unlawful processing of sensitive health data.   In 2021, Cegedim Santé, a company specializing in management software for general practitioners and health centers, came under scrutiny from the French data protection authority, CNIL. The company provides software to around 25,000 medical practices and

Clearview AI faces a punishment from Dutch DPA for Illegal Facial Recognition Data Collection

Clearview AI faces a punishment of 30.5 million euros from the Dutch DPA for Illegal Facial Recognition Data Collection.   Clearview AI faces a punishment of 30.5 million euros from the Dutch Data Protection Authority (AP) and up to 5 million euros in penalty payments. The US based company provides services using its facial recognition

Hong Kong’s AI model framework: the Personal Data (Privacy) Ordinance

The Hong Kong PCPD’s AI Model Framework provides guidelines for organisations using AI systems that process personal data, emphasising compliance with the PDPO.   On June 11, 2024, the Hong Kong Office of the Privacy Commissioner for Personal Data (PCPD) unveiled its Artificial Intelligence Model Personal Data Protection Framework (Model Framework). This framework serves as

Provisional decision from the ICO to fine a software company following a ransomware attack

Following a ransomware attack, the ICO has made a provisional decision to impose a £6 million fine, and urged organisations to secure external connections.    The Information Commissioner’s Office (ICO) released a statement earlier this month, announcing that they have issued a provisional decision to fine Advanced Computer Software Group Ltd (Advanced), a healthcare technology

High risk AI and the EU AI Act

What AI systems fall under the “high-risk” category and what requirements do they need to comply with under the EU AI Act?    The European Union Artificial Intelligence (AI) Act, officially approved by the Council of Ministers through a voting process in May 2024, is a landmark piece of legislation that will have a profound