Scarily powerful – don’t dismiss the risk of deep fakes for your company. With now tools like Deep Live Cam (“real time face swap and one-click video deepfake with only a single image”) making the rounds, it is imperative for you to educate *everyone* in your organisation about good reflexes regarding both cybersecurity and AI. […]
A months-old German court decision on Google Tag Manager has resurfaced here, with many claiming the GDPR applies to every use of GTM or similar tools. A bit of nuance may be useful: – First, that claim that the use of IP addresses and other identifiers = always processing of personal data? Let’s first wait […]
So the Digital Fairness Act consultation process begins, with lofty yet potentially flawed goals. The Commissions wishes to notably: – “[prevent] traders from using dark patterns and other unfair techniques that pressure, deceive and manipulate consumers online – “[address] problematic personalisation practices, including situations where consumer vulnerabilities are targeted for the purposes of personalised advertising […]
My takeaways from the 100+ comment discussion following my post on whether the Crowdstrike incident is a “personal data breach” under the GDPR: 1. There are clearly two camps on this. I didn’t expect this level of opposition between two visions of what is a personal data breach. 2. One camp adheres to the views […]
Glad to see the Hamburg DPA going in a similar direction as what I was suggesting in the post below: tokens should not be viewed as personal data. Even at the level of the output, “the mere presence of plausible personal information in LLM output is not conclusive evidence that personal data has been memorized, […]
Does training of AI systems involve the processing of personal data, and is it permitted under the GDPR? These were the two fundamental questions that I have already looked into in two previous articles: On the date of that second article, the Cologne Higher Regional Court (the Oberlandesgericht Köln – the Cologne HRC) delivered a […]
One to watch. Based on the summary of the hearing, this looks like a continuation of the CNIL’s Orange decision and of the CJEU’s SwTL v eprimo case – if so, I fear we are going down a path of bad legal precedent after bad legal precedent. As I have previously commented, the eprimo judgment […]
Mass rejection of NOYB complaints by Belgian DPA: repeating the cases I have commented before (see notably https://lnkd.in/eMGbdWPh), the Belgian DPA just rejected 16 complaints of NOYB in 5 different cases based on the fact that there was no actual (non-fictional) mandate by data subjects. In its press release (to explain the multiple rejections), the […]
Lots of potential for violations of the rights of defence. My critical analysis: https://lnkd.in/e3xDp82T GDPR data protection privacy
The GDPR Procedural Regulation (GPR) raises practical concerns, based on the text of the provisional agreement of the EU Council & Parliament, notably re the scope of complaints. I was discussing it with Sara Brandstätter @ MLex (who obtained the text) – here are some key concerns of mine: 1) This GPR will likely have […]
