Sep 07
Danish DPA Data Protection Digital Markets Act EU-US cooperation EDPB hits Meta, the EU General Court explains the nature

Fitbit faces complaints of illegal data transfers, OpenAI introduces ChatGPT Enterprise amidst a complaint being filed in Poland, the UK’s ICO issues a new guidance on sending bulk email communications.

NOYB has filed complaints against Fitbit in Austria, the Netherlands and Italy as they believe that Fitbit is violating the EU GDPR by requiring new users to agree to the unlawful transfer of their personal data to the United States, where lesser protection is offered to personal data. Also, according to the NOYB’s press release, Fitbit “can also share “data like logs for food, weight, sleep, water, or female health tracking; an alarm; and messages on discussion boards or to your friends on the Services”, which is of highly personal nature. Besides, according to NOYB, Fitbit’s users are not given an opportunity to withdraw their consent in a way other than complete deletion of their accounts.


OpenAI, the maker of the ChatGPT, has announced the launch of the ChatGPT Enterprise that, according to the official press release, “offers enterprise-grade security and privacy, unlimited higher-speed GPT-4 access, longer context windows for processing longer inputs, advanced data analysis capabilities, customization options, and much more”. That “marks another step towards an AI assistant for work that helps with any task, is customized for your organization, and that protects your company data”.

Meanwhile, as the IAPP reports, “a Polish privacy and security researcher filed a complaint against OpenAI with Poland’s data protection authority, the Urząd Ochrony Danych Osobowych, alleging the company violated several articles of the EU General Data Protection Regulation, TechCrunch reports. The complaint alleges the company’s generative artificial intelligence system, ChatGPT, violates the GDPR in terms of “lawful basis, transparency, fairness, data access rights, and privacy by design.”


The Information Commissioners Office (ICO) has issued guidance to help organisations understand the law and good practice when sending bulk emails. This follows a warning the ICO has issued to organizations after a series of errors were made.

According to ICO data, “failure to use BCC correctly is consistently within the top 10 non-cyber breaches, with nearly a thousand reported since 2019. The education sector is the biggest offender for BCC breaches, with health in second, then local government, retail and the charity sector rounding out the top five”.

As the ICO suggests, “organisations that use and share large amounts of data, including sensitive personal information, should consider using other secure means to send communications, such as bulk email services, so information is not shared with people by mistake. Organisations should also consider having appropriate policies in place and training for staff in relation to email communications. For non-sensitive communications, organisations that choose to use BCC should do so carefully to ensure personal email addresses are not shared inappropriately with other customers, clients, or other organisations”.

See more related posts »

Related blog posts