Feb 15
Danish DPA Data Protection Digital Markets Act EU-US cooperation EDPB hits Meta, the EU General Court explains the nature

DP News – Week 7. The EU AI Act is adopted by the IMCO and LIBE committees, French supervisory authority (CNIL) highlighted its 2024 focus areas, Italian supervisory authority (Garante) fined a municipality for improper use of AI systems.

DP News – Week 7. The EU AI Act is adopted by the IMCO and LIBE committees, French supervisory authority (CNIL) highlighted its 2024 focus areas, Italian supervisory authority (Garante) fined a municipality for improper use of AI systems.

Konstantin Tiazhelnikov Konstantin Tiazhelnikov
  • February 15, 2024 -

The proposed EU Artificial Intelligence Act was overwhelmingly adopted by the Internal Market and Consumer Protection (‘IMCO’) and the Civil Liberties, Justice and Home Affairs (‘LIBE’) Committees. This marks a significant step forward in its journey towards becoming law. Now, it will undergo final legal and linguistic checks before heading to the European Parliament plenary and formal Council approval, expected in April. Once approved, it will be published in the Official Journal, officially becoming part of EU law. 

***

Last week DPOrganizer reported the 2024 focus areas of the Dutch Data Protection Authority (AP), now those are also announced by the French watchdog (CNIL). 

In 2024, it will focus on minors’ data, files linked to the Olympic and Paralympic Games, electronic receipts and loyalty programs, as well as people’s right of access. Each year, CNIL conducts hundreds of checks (340 in 2023) following complaints, reports of data breaches or related to current events. CNIL also defines priority areas in order to guide its control policy on subjects of high stakes for the public and to assess the compliance in the chosen sectors. Checks falling within the scope of those priority areas represent on average 30% of all checks carried out.

Click here for more details. 

***

Continuing the topic of AI, the Italian supervisory authority – Garante – fined (€50,000) the municipality of Trento for making use of AI systems of surveillance for scientific research in violation of several GDPR provisions.

The municipality (controller) was carrying out processing of personal data relating to criminal conviction and offences under Article 10 of the GDPR. In fact, the algorithms were trained on data collected from the cameras already present in the territory of the municipality with the aim of detecting and documenting criminal activity and might thus include the processing of videos recording criminal activities. Garante also assessed the anonymization techniques in place. The municipality claimed that it adopted anonymization techniques right after collecting the data: the alteration of voice sounds in the voice recordings and the blurring of people’s faces in the videos. The DPA found these techniques to be inadequate as they did not guarantee a full anonymization of the personal data collected. Finally, Garante found that the data was processed contrary to the GDPR principles of lawfulness, fairness and transparency.

Click here for more details.

See more related posts »

Related blog posts

DP News – Week 17. EDPB released the 2023 annual report, outlined its 2024-2027 strategy and issued an information note on the EU-US Data Privacy Framework redress mechanism, Finnish DPA has decided on retention periods in the recruitment process.
  • April 25, 2024 -

DP News – Week 16. EDPB opinion: Pay-or-Consent models clash with GDPR consent requirements, EU Commission requested a risk assessment from TikTok, ICO launched a privacy notice generator, Catalan Data Protection Authority fines occupational health center for email confidentiality breach, Dutch chipmaker investigates data breach amidst security concerns.
  • April 18, 2024 -

DP News – Week 15. Norwegian DPA imposed a 20 million NOK fine, Denmark’s DPA updated data transfer guidance for third countries, France’s DPA fined retail chain for unsolicited marketing.
  • April 11, 2024 -