Responsible use of AI based tools in medical diagnosis and treatment – the AI sandbox

In 2021, the Norwegian Data Processing Authority (DPA) established a regulatory test environment (“sandbox”) for Artificial Intelligence (AI). The purpose of the sandbox is that companies and government agencies can collaborate with the DPA when developing and testing AI ...Mehr lesen

The Panamanian Data Protection Law

The Data Protection Law entered into force in March 2021, two years after its publication on March 29, 2019. This law -although imperfect- was a pending issue that had the Panamanian State in terms of privacy of the information of its citizens. ...Mehr lesen

UK ICO's new approach to publishing details of complaints, breach reports and reprimands

The UK Information Commissioner's Office (ICO) has started routinely publishing information about complaints made against organisations by members of the public, self-reported data breaches and reprimands issued by the ICO. Those subject to UK GDPR should be aware of the ...Mehr lesen

Argentina - Changes in the Classification and Ranking for Infringements to the Personal...

Trough Resolutions No. 240/2022 and 244/2022 the Agency for Access to Public Information through Resolutions No. 240/2022 and 244/2022 amended the classification and amounts provided by Provision No. 7/2005 and E 71/2016 of the Argentine Direction for the Protection of ...Mehr lesen

A new member has joined the INPLP: Boris Kozlevcar (Slovenia)

...Mehr lesen

What information needs to provided when personal information will be processed by Artifical...

If an entity collecting data is not fully transparent about the information that is being collected and how it will be processed and I particular when it is collected by bots or processed by Artificial Intelligence then a data subject is unable to provide the required ...Mehr lesen

Nothing about #SchremsX: What should companies do while EU bodies discuss the draft US...

New US adequacy draft opinion is out. Everyone is talking about #SchremsIII (and IV and X), so I will not. Instead - let's discuss what should US companies involved in EU-US transfers actually be doing now? ...Mehr lesen

Slovenia’s DPA Finds Cloud Computing Provider a (Joint) Controller of Personal Data

Slovenia’s Information Commissioner (IC) ordered a cloud computing provider (a public administration body) to enter into written arrangements with its clients, in accordance with the provisions of Article 26 of GDPR. In its view, the fact that the clients (controllers) ...Mehr lesen

Multiple online pharmacies under investigation for the use of Facebook Pixel

The Swedish Authority for Privacy Protection (“the Swedish DPA”) is currently investigating four online pharmacies in Sweden for their use of Facebook Pixels on their websites which has resulted in the transfer of personal data to Facebook. The investigations were ...Mehr lesen

Analysis of the recent activity of the Portuguese Supervisory Authority - What to expect?

It has been perceived that the sanctioning activity of the Portuguese Supervisory Authority has been fundamentally focused on public entities, which may suggest that for private companies the verification of compliance with GDPR has been less demanding. An example is the ...Mehr lesen