Controversial discussion-starter of the day: has any authority or court actually established that LLMs and other such models *do* involve the processing of personal data when they predict what might be a relevant next word/token/string of characters in a sequence, a next pixel in an image, etc.? I would love to see the reasoning. Not […]
Very good piece by Kristin Johnston on aigovernance and in particular how to start the process. One recommendation – building AI governance on top of existing privacy processes – is very relevant but you have to be careful about how you implement it. The key challenge is making sure it can be sufficiently distinct as […]
Very soon higher GDPR fines in Belgium? A recent judgment by the Court of Appeal of Brussels said that the Belgian DPA’s methodology for calculating fines was unclear, but that symbolic victory by one controller may create a significant risk for others… In a judgment in which it *confirmed* the Belgian DPA’s decision on the […]
New Belgian DPA decision, interesting on 3 points: 1. Confirmation of BDPA’s approach re “legal obligation” and “public interest” legal grounds 2. Re retention: the need to assess recidivism does not justify unlimited processing 3. Reference to EDPB’s newly updated GDPR fining guidelines (re factors affecting the amount of the fine) 1. The Order of […]
A must-watch: here is the recording of our fun CPDP2024 panel discussion on the EU data strategy (covering GDPR, DMA, AIAct, fundamental rights, PayOrOK and much more re data protection). The other panel participants were Patricia Vidal Martinez, Luca Bolognini and Rob van Eijk, and it was moderated by Cecilia Alvarez. Really fantastic stuff – […]
A must-watch: here is the recording of our fun CPDP2024 panel discussion on the EU data strategy (covering GDPR, DMA, AI Act, fundamental rights, Pay Or OK and much more re data protection). The other panel participants were Patricia Vidal Martinez, Luca Bolognini and Rob van Eijk, and it was moderated by Cecilia Alvarez. Really […]
A bit more pragmatism regarding user interfaces and “dark patterns”? According to a German court, a colour difference for accept/reject buttons is not (always) a dark pattern that deprives data subjects of agency. It’s not the first time this has been said, but to see it explicitly said in relation to Meta and a “blue” […]
Is your DPO overworked? Do certain requests from authorities fall through the cracks? You could be in breach of the GDPR, says the Belgian DPA in its newest decision. In this particular case, a DPO was working three days per week, and was the only person to have access to a particular e-mail address to […]
Lawyers can both be AI advisors (legal implications) and users of machine learning / generativeai / applied statistics / … systems. Tomorrow we will be helping members of the Flemish Bar Association understand some of the key things to look out for and reflexes to have – both for themselves and for their own clients. […]
Practical checklist: good practices for vendor/supplier risk management inspired by GDPR, NIS2, Data Governance Act and DORA. The underlying question: what good practices do these EU laws highlight and transform into legal obligations in certain cases, and how can we combine them? This checklist is *not* a comprehensive list of best practices, but it should […]