DPO Consultancy

🚨 𝐂𝐥𝐞𝐚𝐫𝐯𝐢𝐞𝐰 𝐀𝐈 𝐅𝐢𝐧𝐞𝐝 €𝟑𝟎.𝟓 𝐌𝐢𝐥𝐥𝐢𝐨𝐧 𝐛𝐲 𝐭𝐡𝐞 𝐃𝐮𝐭𝐜𝐡 𝐃𝐏𝐀 (𝐚𝐧𝐝 𝐦𝐨𝐫𝐞…) 🚨 The Dutch Data Protection Authority (AP) has fined Clearview AI €30.5 million for building an illegal database with over 50 billion facial images, including those of Dutch citizens. To date, Clearview has repeatedly 𝐯𝐢𝐨𝐥𝐚𝐭𝐞𝐝 𝐭𝐡𝐞 𝐩𝐫𝐢𝐯𝐚𝐜𝐲 𝐫𝐢𝐠𝐡𝐭𝐬 𝐨𝐟 𝐄𝐮𝐫𝐨𝐩𝐞𝐚𝐧 𝐂𝐢𝐭𝐢𝐳𝐞𝐧𝐬 and ignored previous fines. 💰 For these reasons, the AP is considering holding the company's management 𝐩𝐞𝐫𝐬𝐨𝐧𝐚𝐥𝐥𝐲 𝐥𝐢𝐚𝐛𝐥𝐞 for these violations. In the words of Aleid Wolfsen, the AP Chairman, “We want to investigate whether we can prosecute the top executives personally." 🧑⚖️ This is a crucial development in the fight for privacy rights, the consequences of which could be very significant. In a nutshell, 𝐢𝐭 𝐜𝐨𝐮𝐥𝐝 𝐡𝐚𝐩𝐩𝐞𝐧 𝐭𝐡𝐚𝐭 𝐰𝐡𝐞𝐧 𝐭𝐡𝐞 𝐦𝐚𝐧𝐚𝐠𝐞𝐦𝐞𝐧𝐭 𝐨𝐟 𝐂𝐥𝐞𝐚𝐫𝐯𝐢𝐞𝐰 𝐞𝐧𝐭𝐞𝐫𝐬 𝐭𝐡𝐞 𝐄𝐔, 𝐢𝐭 𝐜𝐨𝐮𝐥𝐝 𝐛𝐞 𝐟𝐚𝐜𝐞𝐝 𝐰𝐢𝐭𝐡 𝐬𝐨𝐦𝐞 𝐪𝐮𝐞𝐬𝐭𝐢𝐨𝐧𝐬 𝐛𝐲 𝐭𝐡𝐞 𝐜𝐨𝐦𝐩𝐞𝐭𝐞𝐧𝐭 𝐚𝐮𝐭𝐡𝐨𝐫𝐢𝐭𝐢𝐞𝐬. ⚠️ This sends two strong signals: 1) 𝐓𝐨 𝐃𝐮𝐭𝐜𝐡 𝐨𝐫𝐠𝐚𝐧𝐢𝐳𝐚𝐭𝐢𝐨𝐧𝐬: using Clearview’s technology could lead to 𝐡𝐞𝐟𝐭𝐲 𝐟𝐢𝐧𝐞𝐬 from the Dutch DPA. 2) 𝐓𝐨 𝐔𝐒 𝐜𝐨𝐦𝐩𝐚𝐧𝐢𝐞𝐬 (𝐚𝐧𝐝 𝐨𝐭𝐡𝐞𝐫 𝐧𝐨𝐧-𝐄𝐔 𝐜𝐨𝐦𝐩𝐚𝐧𝐢𝐞𝐬) operating in the EU without an establishment in Europe: 𝐧𝐨𝐧-𝐜𝐨𝐦𝐩𝐥𝐢𝐚𝐧𝐜𝐞 𝐰𝐢𝐭𝐡 𝐄𝐔 𝐩𝐫𝐢𝐯𝐚𝐜𝐲 𝐫𝐞𝐠𝐮𝐥𝐚𝐭𝐢𝐨𝐧𝐬 𝐜𝐚𝐧 𝐥𝐞𝐚𝐝 𝐭𝐨 𝐩𝐞𝐫𝐬𝐨𝐧𝐚𝐥 𝐥𝐢𝐚𝐛𝐢𝐥𝐢𝐭𝐲 𝐟𝐨𝐫 𝐭𝐡𝐞𝐢𝐫 𝐦𝐚𝐧𝐚𝐠𝐞𝐦𝐞𝐧𝐭. 💼 As the AP sharpens its focus on personal liability, 𝐭𝐡𝐞 𝐫𝐢𝐩𝐩𝐥𝐞 𝐞𝐟𝐟𝐞𝐜𝐭𝐬 𝐜𝐨𝐮𝐥𝐝 𝐫𝐞𝐚𝐜𝐡 𝐟𝐚𝐫 𝐛𝐞𝐲𝐨𝐧𝐝 𝐟𝐢𝐧𝐞𝐬. We’ve already seen how similar actions have played out. For example, 𝐓𝐞𝐥𝐞𝐠𝐫𝐚𝐦'𝐬 𝐂𝐄𝐎, 𝐏𝐚𝐯𝐞𝐥 𝐃𝐮𝐫𝐨𝐯, 𝐰𝐚𝐬 𝐫𝐞𝐜𝐞𝐧𝐭𝐥𝐲 𝐚𝐫𝐫𝐞𝐬𝐭𝐞𝐝 𝐢𝐧 𝐅𝐫𝐚𝐧𝐜𝐞 for refusing to cooperate with the law, setting a concerning precedent for executives. Could Clearview's leadership face similar consequences? Time will tell, but 𝐭𝐡𝐞 𝐢𝐦𝐩𝐥𝐢𝐜𝐚𝐭𝐢𝐨𝐧𝐬 𝐟𝐨𝐫 𝐜𝐨𝐦𝐩𝐚𝐧𝐢𝐞𝐬 𝐢𝐠𝐧𝐨𝐫𝐢𝐧𝐠 𝐄𝐔 𝐫𝐞𝐠𝐮𝐥𝐚𝐭𝐢𝐨𝐧𝐬 𝐚𝐫𝐞 𝐛𝐞𝐜𝐨𝐦𝐢𝐧𝐠 𝐢𝐧𝐜𝐫𝐞𝐚𝐬𝐢𝐧𝐠𝐥𝐲 𝐬𝐞𝐫𝐢𝐨𝐮𝐬. 🔍⚖️ For more details: 👉 NPO Radio 1 (interview with Aleid Wolfsen): https://lnkd.in/d8d8u4nf 👉 The Dutch Data Protection Authority (AP): https://lnkd.in/eEwTPCtf #ClearviewAI #GDPRFines #DPOConsultancy #FacialRecognition #DataPrivacy

🚨 Uber slapped with a massive fine from Dutch Data Protection Authority 🚨 ❗ The Dutch Data Protection Authority (AP) has imposed a fine of €290 million on Uber for transferring the personal data of its drivers to the United States (US) without the appropriate safeguards. 🛡️ Uber argued that there was no transfer of personal data to the US because the drivers involved had shared their personal data directly with the American parent company of Uber. The AP did not agree with this. ⚖️ Previously, Uber had relied upon the Standard Contractual Clauses (SCCs) to transfer the personal data but decided this was no longer necessary. The AP found that for a period of almost 2 years, there was no lawful transfer mechanism in place to transfer the personal data. Furthermore, the AP held that Uber could not rely upon the derogations contained in Article 49 GDPR. 🚫 The AP concluded that Uber was in breach of the GDPR and thereby received the fine. Uber has ended the violation of the GDPR and also has indicated that it will appeal this decision of the AP. 🌍 When transferring personal data from the European Economic Area to a third country, such as the US, organizations must ensure that a transfer mechanism in compliance with the GDPR is relied upon prior to the international data transfer occurring. #DataProtection #GDPRFines #DPOConsultancy #DataPrivacy #DutchDPA

🚨 Data Breach Alert: The Risks of Using AI Chatbots at Work 🚨 The Dutch Data Protection Authority (AP) has issued a stark warning: using AI-powered chatbots like ChatGPT or Copilot could lead to serious data breaches. As AI tools become more common in the workplace, helping with tasks like customer service and document summarization, the risks of mishandling sensitive information increase. Employees might unknowingly expose personal data, such as patient records or customer details, by feeding them into these chatbots, giving the companies behind these tools unauthorized access.🚫 Organizations must be proactive: 🔍 Set clear guidelines on AI chatbot usage. 🔐 Ensure sensitive data is protected and off-limits. 📢 Be prepared to report breaches and communicate with those affected. It's crucial to balance the convenience of AI tools with the responsibility of safeguarding personal data. Learn more about how to navigate these challenges in our latest article. 📖👇 https://lnkd.in/e7C6PWsn #DataProtection #AIChatbots #Privacy #Compliance #Cybersecurity #GDPR #DataBreach

On 1 August 2024, the EU AI Act will officially come into force, marking the start of comprehensive AI regulation across Europe. Key dates to watch: 📅 2 Feb 2025: Prohibition on AI systems with unacceptable risks. 📅 2 Aug 2025: Obligations for general-purpose AI models. 📅 2 Aug 2026: Regulations for High-Risk AI systems. 📅 2 Aug 2027: Additional High-Risk AI system obligations. Prepare for these changes and be ready! #EUAIAct #AIRegulation #DPOConsultancy

Our colleagues Henri Garcia Vermeer and Emine Bilsin shared their knowledge about the AI act after visiting the IAPP - International Association of Privacy Professionals Conference in Brussel.

🚨There is a compelling need for more stringent requirements for governments using algorithms. The transparency advocated by Wolfsen is essential not only for preventing issues like discrimination but also for ensuring that the public trusts the decisions made by their government. 🔍Transparency allows for accountability, and accountability ensures that those in power cannot hide behind complex technologies to justify flawed or unfair decisions. Enhancing transparency and judicial vigilance are vital steps toward a more just and equitable use of AI and algorithms in government decisions. https://lnkd.in/eRUHxRx7

🌐 Ensuring AI Compliance with GDPR in 7 Steps Navigating the complexities of GDPR Compliance for AI systems can be challenging. CNIL's latest recommendation simplifies this process with a structured approach. Discover the 7 steps for AI Systems GDPR Compliance and safeguard data privacy. From understanding GDPR requirements and conducting DPIAs to ensuring data minimization, implementing security measures, and maintaining accountability. Stay informed and proactive in your approach to GDPR Compliance and AI. #GDPRCompliance #AICompliance #DataPrivacy #AIGovernance

This week, our data privacy consultants Emine Bilsin & Henri Garcia Vermeer had the pleasure of representing DPO Consultancy at the #IAPP AI Governance Global 2024 in Brussels! The talks and panels were informative and inspiring, opening up discussions and possibilities within DPO Consultancy regarding the combination of Data Privacy and AI. It was a great opportunity to dive deep into AI governance and the EU AI Act, network with like-minded professionals, and bring back valuable insights to enhance our knowledge and skills. A big thank you to IAPP - International Association of Privacy Professionals and all the inspiring speakers! Let’s put this new knowledge to work! #AIGG2024

Wil jij nationale en internationale organisaties ondersteunen op weg naar privacy compliance? Nieuwsgierig naar een interessante baan als privacy consultant? Spreekt een organisatie met een groei ambitie, aandacht voor ontwikkeling en veel kennisuitwisseling je aan? Wij zijn op zoek: zie onze website: https://lnkd.in/gyiBEsVx

📢 Governments and Facebook in the EU: A Complex Relationship 🚨 The Dutch Data Protection Authority (#AP) observes that governments should not rely on online platforms, such as #Facebook due to serious #privacy concerns. This decision comes after a €390 million fine from the Irish DPC to #Meta. With citizens' data privacy at stake, the AP stresses the need for transparency and control over #personaldata and stresses the fact that governments should reconsider using #socialnetworks as a channel for their communications with the citizens. However, a question is not answered: why should EU Governments rely on a foreign private online platform to interact with their citizens? Read more on our blog!