Nov 16
Danish DPA Data Protection Digital Markets Act EU-US cooperation EDPB hits Meta, the EU General Court explains the nature

Spain established the first AI regulatory body in the EU, privacy watchdog in Hamburg published a check-list for the usage of large language model, EDPB provides clarity on tracking techniques covered by the ePrivacy Directive.

Spain established the first AI regulatory body in the EU, privacy watchdog in Hamburg published a check-list for the usage of large language model, EDPB provides clarity on tracking techniques covered by the ePrivacy Directive.

Konstantin Tiazhelnikov Konstantin Tiazhelnikov
  • November 16, 2023 -

In the run-up to the new EU AI Act, Spain has established AESIA – the Spanish Agency for the Supervision of Artificial Intelligence, which appears to be the first AI regulatory body in the EU. AESIA is expected to work in parallel with AEPD (the Spanish data protection authority).

According to the official press release, “the advancement of technology is unquestionable on a global level. Specifically in Spain, digital transformation is a priority in the line of Government action, as reflected in the Digital Agenda 2026. This includes different strategic plans, including National Strategy for the Artificial Intelligence (ENIA), which aims to provide a framework for AI development which is “inclusive, sustainable and focused on citizens”.

***

Data protection authority in Hamburg has published for public consultation a checklist for using LLM-based chatbots. 

According to the official press release, “the fact that the language models are usually operated in a cloud poses various data protection risks. On the one hand, the protection of confidential data is at risk because many companies work with the same LLM model in a cloud-based manner, inputs are used for further training of the models and trade secrets and personal data may therefore be transmitted to them. On the other hand, there is a risk of personal data being improperly processed due to incorrect results, especially in data categories that are particularly worthy of protection”. 

Among checklist rules are such recommendations as:

  • Specify compliance regulations
  • Involve data protection officers
  • Arrange professional chatbot accounts (instead of using private ones)
  • Ensure secure authentication
  • Avoid entry of personal data

15 recommendations were summarised altogether. Click here to find out more.

***

EDPB provides clarity on tracking techniques covered by the ePrivacy Directive. EDPB Chair Anu Talus said: “It is no secret that tracking the activities of users online can seriously harm people’s privacy. The ambiguities regarding the scope of application of Art. 5(3) ePrivacy Directive and the emergence of new techniques, in addition to or as an alternative to traditional cookies, have given rise to new privacy risks. These guidelines discuss solutions, such as tracking links and pixels, local processing, and unique identifiers, to ensure that the consent obligations set out by the article are not circumvented.” Click here to find out more.

See more related posts »

Related blog posts

DP News – Week 17. EDPB released the 2023 annual report, outlined its 2024-2027 strategy and issued an information note on the EU-US Data Privacy Framework redress mechanism, Finnish DPA has decided on retention periods in the recruitment process.
  • April 25, 2024 -

DP News – Week 16. EDPB opinion: Pay-or-Consent models clash with GDPR consent requirements, EU Commission requested a risk assessment from TikTok, ICO launched a privacy notice generator, Catalan Data Protection Authority fines occupational health center for email confidentiality breach, Dutch chipmaker investigates data breach amidst security concerns.
  • April 18, 2024 -

DP News – Week 15. Norwegian DPA imposed a 20 million NOK fine, Denmark’s DPA updated data transfer guidance for third countries, France’s DPA fined retail chain for unsolicited marketing.
  • April 11, 2024 -