Privacy Transformation - Issue 259

Curated privacy, security & tech news, insights & resources with a focus on Irish and EU developments.

PRIVACY

Meta could face further squeeze on surveillance ads model in EU

Meta’s tracking ads business could be facing further legal blows in the European Union: An influential adviser to the bloc’s top court affirmed Thursday that the region’s privacy laws limit how long people’s data can be used for targeted advertising. In the non-legally binding opinion, Advocate General Athanasios Rantos said use of personal data for advertising must be limited.

🔗 RELATED:

• CJEU Press Release
• AG Rantos Opinion

What will the European Health Data Space mean for Ireland?

The European Health Data Space will standardise electronic health records across the EU and could benefit Ireland greatly – if the country prepares for its arrival.

Open Letter: Modernised ePrivacy legislation must protect fundamental rights

European Digital Rights (EDRi) and 13 organisations call for robust legislation to complement and particularise the General Data Protection Regulation (GDPR), and call upon the next European Commission to include comprehensive plans for reforming the European Union’s ePrivacy legislation. [Read Letter]

ChatGPT’s ‘hallucination’ problem hit with another privacy complaint in EU

OpenAI is facing another privacy complaint in the European Union. This one, which has been filed by privacy rights nonprofit noyb on behalf of an individual complainant, targets the inability of its AI chatbot ChatGPT to correct misinformation it generates about individuals.

🔗 RELATED: Schrems NGO files GDPR complaint against OpenAI over AI ‘hallucinations’

ENFORCEMENT

Greek DPA: Fine for failure to implement technical and organisational measures resulting in unauthorised access by third parties

Investigation found that the controller did not comply with the required technical and organisational measures and failed to ensure the implementation of the processing security policy.  A fine of 1% of the last available annual turnover was imposed on the data controller on the basis of criteria assessed in accordance with EDPB Guidelines on the calculation of administrative fines.

Czech DPA: Fine of 13.9 million EUR for infringement of Art. 6 and Art. 13 of GDPR

Czech SA found that the controller transferred personal data of the users of its antivirus software and its browser extensions to its sister company without due legal title for such processing.

RESOURCES

📘 French DPA: Annual Report 2023

The CNIL has released its 2023 annual report, setting out its activities carried out during 2023, including increased enforcement under the GDPR.

CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with your fellow privacy practitioners? Please do drop me a note!