Can't find what you're looking for? Try the search bar!
Personal data is a relative concept, EU General Court stresses in a new judgment – “it is necessary to put oneself in [the relevant organisation’s] position in order to determine whether the information transmitted to it relates to �identifiable persons�. The judgment reaffirms the conditional findings of the CJEU in its Breyer judgment (which found […]
The news from Italy and its temporary limitation of the processing by OpenAI of personaldata of Italian residents (re chatgpt and more) begs a few questions: 1) Did they just order that without prior contact? 2) Did they consider the OpenAI “privacy policy” – which I can see easily on the login/sign-up screen – was […]
Very good piece by Kristin Johnston on aigovernance and in particular how to start the process. One recommendation – building AI governance on top of existing privacy processes – is very relevant but you have to be careful about how you implement it. The key challenge is making sure it can be sufficiently distinct as […]
Stunned to notice, while re-reading an important Opinion by an Advocate General to advise a client, that when he says “According to the case-law of the Court of Justice [of the European Union]”, he is actually quoting non-binding regulatory opinions (not from the CJEU) and only one CJEU judgment that doesn’t even come close to […]
Objectively indispensable”, that’s how the CJEU describes the threshold for processing of personaldata to be necessary for performance (or conclusion) of a contract under Art. 6(1)(b) GDPR. In its new Meta judgment (case 252/21), the Court of Justice examined many points of law, but it may be useful to other organisations to look at paragraphs […]