Yesterday, the European Commission, Council and Parliament announced that they had reached an agreement on the text of the Cyber Resilience Act (“CRA”). As a result, the CRA now looks set to finish its journey through the EU legislative process
Inside Privacy
Updates on developments in data privacy and cybersecurity
Blog Authors
Latest from Inside Privacy
CPPA Releases Draft Automated Decisionmaking Technology Regulations
Ahead of its December 8 board meeting, the California Privacy Protection Agency (CPPA) has issued draft “automated decisionmaking technology” (ADMT) regulations. The CPPA has yet to initiate the formal rulemaking process and has stated that it expects to begin…
German Data Protection Authorities Publish Paper on Cloud-Based Digital Health Applications
Digital health apps are increasingly used in practice. They raise various questions under regulatory and data protection and data security laws. On November 6, 2023, the German Conference of the Independent Data Protection Supervisory Authorities (Datenschutzkonferenz, DSK), a national body…
EDPB Issues Draft Guidelines on Technical Scope of ePrivacy Directive Rules for Storage and Access
On November 16, 2023, the European Data Protection Board (“EDPB”) issued draft Guidelines 2/2023 on Technical Scope of Art. 5(3) of ePrivacy Directive (“Guidelines”). Article 5(3) is the provision that requires consent before storing or accessing information on an end…
French CNIL Opens Public Consultation On Guidance On The Creation Of AI Training Databases
On October 11, 2023, the French data protection authority (“CNIL”) issued a set of “how-to” sheets on artificial intelligence (“AI”) training databases. The sheets are open to consultation until December 15, 2023, and all AI stakeholders (including companies, researchers, NGOs)…
EU Advocate General Defines “Identity Theft” And Reaffirms GDPR Compensation Threshold
EU advocate general Collins has reiterated that individuals’ right to claim compensation for harm caused by GDPR breaches requires proof of “actual damage suffered” as a result of the breach, and “clear and precise evidence” of such damage – mere…
New York Department of Financial Services Finalizes Second Amendment to Cybersecurity Regulation
Earlier this month, the New York Department of Financial Services (“NYDFS”) announced that it had finalized the Second Amendment to its “first-in-the-nation” cybersecurity regulation, 23 NYCRR Part 500. This Amendment implements many of the changes that NYDFS originally proposed…
CJEU Holds That GDPR Right of Access Overrules Local Laws
On October 26, 2023, the European Court of Justice (“CJEU”) decided that the GDPR grants a patient the right to obtain a copy of his or her medical record free of charge (case C-307/22, FT v DW). As…
Italian Garante Issues Guidance on the Use of AI in the Context of National Healthcare Services
On October 12, 2023 the Italian Data Protection Authority (“Garante”) published guidance on the use of AI in healthcare services (“Guidance”). The document builds on principles enshrined in the GPDR, national and EU case-law. Although the Guidance focuses on Italian…
From Washington to Brussels: A Comparative Look at the Biden Administration’s Executive Order and the EU’s AI Act
On October 30, 2023, days ahead of government leaders convening in the UK for an international AI Safety Summit, the White House issued an Executive Order (“EO”) outlining an expansive strategy to support the development and deployment of safe and…