fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " guidance "

ICO Blog Post on AI and Solely Automated Decision-Making

The ICO has published a blog post on the role of “meaningful” human reviews in AI systems to prevent them from being categorised as “solely automated decision-making” under Article 22 of the GDPR.

That Article imposes strict conditions on making decisions with legal or similarly significant effects based on personal data where there is no human input, or where there is limited human input (e.g. a decision is merely “rubber-stamped”).

Source: ICO Blog Post on AI and Solely Automated Decision-Making

Pilot promised for new EU ethical guidelines for AI

Businesses in Europe exploring the use of artificial intelligence (AI) will be given a chance this summer to pilot the use of new ethical guidelines for AI, the European Commission has said.

Companies, public administrations and organisations can participate by signing up to the European AI Alliance.

Source: Pilot promised for new EU ethical guidelines for AI

How To Avoid Bias In Data Collection

Data collection is the most crucial part of machine learning models as the working of the model will completely depend on the data which we push as training.

Knowing what you really want to do with your data and more basically its purpose to serve your specific project is a very crucial part. You should develop a clear understanding of the data requirements before you take any further step of collecting data.

Full article: How To Avoid Bias In Data Collection

EDPB Publishes Guidelines on the Contractual Legal Basis for Data Processing of Online Services

On April 12, 2019, the European Data Protection Board (EDPB) published draft guidelines 2/2019 on the processing of personal data in the context of the provision of online services to data subjects.

The Guidelines discuss how the “contract” legal basis applies in the context of online services or “information society services,” defined as “any service normally provided for remuneration, at a distance, by electronic means and at the individual request of a recipient of services.”

Source: EDPB Publishes Guidelines on the Contractual Legal Basis for Data Processing of Online Services

EDPB seeks comments on its Guidelines on the processing of personal data for online services 

The European Data Protection Board welcomes comments on the Guidelines 2/2019 on on the processing of personal data under Article 6(1)(b) GDPR in the context of the provision of online services to data subjects. Such comments should be sent to EDPB by 24/05/2019 at the latest.

More infoemation: Guidelines 2/2019 on the processing of personal data under Article 6(1)(b) GDPR in the context of the provision of online services to data subjects | European Data Protection Board

European Commission Issues Updated Q&A on Interplay between the GDPR and the Clinical Trials Regulation

On April 10, 2019, European Commission Directorate-General for Health and Food Safety issued a revised Q&A analyzing the interplay between the EU Clinical Trials Regulation (“CTR”) and the EU General Data Protection Regulation (“GDPR”).

The revised Q&A takes into account the opinion of the European Data Protection Board (“EDPB”) issued on January 23, 2019, on the same topic.

Full article: European Commission Issues Updated Q&A on Interplay between the GDPR and the Clinical Trials Regulation

Privacy UX: Better Cookie Consent Experiences

With the advent of the EU General Data Protection Regulation (GDPR) in May 2018, the web has turned into a vast exhibition of consent pop-ups, notifications, toolbars, and modals.

While the intent of most cookie-related prompts is the same — to get a user’s consent to keep collecting and evaluating their behavior the same ol’ way they’ve been doing for years — implementations differ significantly, often making it ridiculously difficult or simply impossible for customers to opt out from tracking.

Full article: Privacy UX: Better Cookie Consent Experiences

EU Commission Issues Recommendation on Cybersecurity in the Energy Sector

The European Commission has published a Recommendation on cybersecurity in the energy sector.

The Recommendation builds on recent EU legislation in this area, including the NIS Directive and EU Cybersecurity Act (see our posts here and here ). It sets out guidance to achieve a higher level of cybersecurity taking into account specific characteristics of the energy sector, including the use of legacy technology and interdependent systems across borders.

Source: EU Commission Issues Recommendation on Cybersecurity in the Energy Sector

Franch DPA Issues Standard Regulation For Biometric Systems In The Workplace

CNIL has adopted on 10 January 2019, further to a sectorial consultation with public bodies and private organisations, its first standard regulation that lays down legally binding rules applicable to data controllers subject to French Law, who use biometric systems to control access to premises, devices and applications at work.

The Regulation prescribes specific requirements for the processing, by a public or private employer, of biometric data to control accesses to work premises, to information systems or applications used in the context of business tasks entrusted to data subjects (i.e., employees, agents, interns and contractors).

Given the particular sensitivity of biometric data, the Regulation sets out stringent obligations to data controllers regarding the conditions of processing of such biometric data in the workplace.

Full article: France: The First Cnil Standard Regulation For Biometric Systems In The Workplace

Association of German Supervisory Authorities issues paper on broad consent for research

On April 3, 2019, the Association of German Supervisory Authorities (“Datenschutzkonferenz” or “DSK”) issued a paper  on the interpretation of “broad consent” for scientific research in Recital 33 of the GDPR and the interplay with the definition of consent and the principle of purpose limitation.

According to the DSK, broad consent should only be used in exceptional circumstances when it is not possible to establish at the outset the expected scope of the research. Moreover, the DSK suggests that a broad consent can be fixed at a later stage of the research by narrowing down the scope of the research once that scope is clearer – i.e., deliberately not using the obtained flexibility.

Ful article: Association of German Supervisory Authorities issues paper on broad consent for research

1 2 3 31
>