EDPO (European Data Protection Office)’s Post

🚨 NIS 2 Directive applies today! Are you ready? 🚨 As of today, 18 October 2024, the NIS 2 Directive is officially applicable. This new EU-wide cybersecurity directive strengthens the security of critical infrastructure and digital services, while expanding its scope to cover more sectors and introducing stricter requirements. The Directive aims to: ✅ Improve incident response and risk management. ✅ Enhance collaboration between EU Member States to combat evolving cyber threats. ✅ Require certain non-EU companies to appoint an EU-based representative if they fall under the Directive’s scope. Non-compliance can lead to significant fines and administrative measures, so it’s critical for companies to ensure they are fully aligned with the new obligations. 🌐 Interested in appointing EDPO as your Representative? Discover how to comply on our website! Link in the comments !

“Most EU member states are set to miss an implementation deadline falling yesterday (17 October) to implement rules to protect critical entities against cyber-attacks and organisations are also concerned about fragmentation of such rules. Euronews reported last week that the European Commission had so far only received confirmations from Belgium and Croatia on transposition of the Network and Information Security Directive (NIS 2). A spokesperson for the Commission said on 16 October that as of this week Italy and Lithuania had also partially implemented rules. Countries including Germany, the Netherlands, Sweden and Czechia have draft laws pending, while others like Ireland, Greece and Spain are further behind in the process.” #Privacy #GDPR #dataprotection #NIS2 #Cybersecurity    Subscribe to EDPO's newsletter here: https://lnkd.in/dwK8sde   *This article was not written by EDPO. The opinions and views of the author(s) do not necessarily represent those of EDPO. https://lnkd.in/eJFk7m5n

“The leading generative artificial intelligence (GenAI) models, including OpenAI, Meta and Anthropic, do not fully comply with Europe’s AI rules, according to a report released on Wednesday. Europe’s AI Act came into force this August with the aim of establishing harmonised rules for AI systems so they do not become a threat to society. However, some technology companies such as Meta and Apple have not rolled out their AI models in Europe as they are cautious about the rules. A new tool and framework to make navigating the EU AI Act more simple for tech companies has been released by research institutes ETH Zurich and Bulgaria's Institute for Computer Science, AI and Technology (INSAIT) as well as the Swiss start-up LatticeFlow AI. It is the first EU AI Act compliance evaluation framework for GenAI.” #Privacy #GDPR #dataprotection #LLMChecker #AICompliance    Subscribe to EDPO's newsletter here: https://lnkd.in/dwK8sde   *This article was not written by EDPO. The opinions and views of the author(s) do not necessarily represent those of EDPO. https://lnkd.in/e--P42PP

The EDBP has just released a guidance focusing on Article 5(3) of the ePrivacy Directive, clarifying what is covered by "storing or accessing information" in cases like: - URL and pixel tracking - Local processing - IP-based tracking - IoT reporting - Unique identifiers Even if these operations fall under Article 5(3), it's still unclear if consent or an exemption is needed. The EDPB hasn’t answered that yet. #Privacy #GDPR #dataprotection #EDBPGuidance #ePrivacy   Subscribe to EDPO's newsletter here: https://lnkd.in/dwK8sde   *This article was not written by EDPO. The opinions and views of the author(s) do not necessarily represent those of EDPO. Source: https://lnkd.in/dM_Vcc5i

“Ireland's restrictive interpretation of the EU's data protection laws is in 'direct conflict' with the development of cancer research trials, according to a new study. The report, released by Cancer Trials Ireland (CTI), shows that Ireland’s approach to the General Data Protection Regulation (GDPR) is overly restrictive and not in line with public opinion. Over 3,500 industry-sponsored clinical trials began across Europe in the first six months of 2024, but only 11 trials included Ireland. The study shows that Ireland’s interpretation of GDPR rules is having a detrimental impact on access to clinical trials, where patient data is shared with researchers and pharmaceutical companies.” #Privacy #GDPR #dataprotection #CancerTrialsIreland #ClinicalTrials   Subscribe to EDPO's newsletter here: https://lnkd.in/dwK8sde   *This article was not written by EDPO. The opinions and views of the author(s) do not necessarily represent those of EDPO. https://lnkd.in/ei9Npb9t

“We’re almost at the end of 2024, a year that will go down as having seen some of the biggest, most damaging data breaches in recent history. And just when you think that some of these hacks can’t get any worse, they do. From huge stores of customers’ personal information getting scraped, stolen and posted online, to reams of medical data covering most people in the United States getting stolen, the worst data breaches of 2024 have surpassed the 1 billion stolen records and rising. These breaches not only affect the individuals whose data was irretrievably exposed, but also embolden the criminals who profit from their malicious cyberattacks.” #Privacy #GDPR #dataprotection #DataBreaches    Subscribe to EDPO's newsletter here: https://lnkd.in/dwK8sde   *This article was not written by EDPO. The opinions and views of the author(s) do not necessarily represent those of EDPO. https://lnkd.in/gNkZquiX

“The US is complying with a key privacy framework required to ensure Europeans’ data isn’t misused when sent overseas, the European Commission concluded in a report published on Wednesday. The EU-US data privacy framework regulates transatlantic data flows for thousands of companies – but privacy advocates worry it’s full of loopholes. ‘The US authorities have put in place the necessary structures and procedures to ensure that the data privacy framework functions effectively,’ the Commission concluded in its review of the deal, specifically praising the set-up of a US oversight authority. Over 2,800 US companies are currently certified under the deal, allowing them to exchange data more easily and cheaply, the report said. […] The framework was introduced in 2023 after the EU’s highest court struck down two previous data-sharing arrangements, known as the privacy shield and safe harbour decisions. #Privacy #GDPR #dataprotection #PrivacyFramework #Datasharing   Subscribe to EDPO's newsletter here: https://lnkd.in/dwK8sde   *This article was not written by EDPO. The opinions and views of the author(s) do not necessarily represent those of EDPO. https://lnkd.in/eJTtJX4J

“During its October 2024 plenary, the European Data Protection Board (EDPB) selected the topic for its fourth Coordinated Enforcement Action (CEF), which will concern the implementation of the right to erasure (‘right to be forgotten’) by controllers. Data Protection Authorities (DPAs) will join this action on a voluntary basis in the coming weeks and the action itself will be launched during the first semester of 2025. The right to erasure (Art.17 GDPR) is one of the most frequently exercised data protection rights and one about which DPAs frequently receive complaints. The aim of this coordinated action will be, among other objectives, to evaluate the implementation of this right in practice.” #Privacy #GDPR #dataprotection #CEF2025   Subscribe to EDPO's newsletter here: https://lnkd.in/dwK8sde   *This article was not written by EDPO. The opinions and views of the author(s) do not necessarily represent those of EDPO. https://lnkd.in/eJDh6kGQ

“The European Commission delivered its first review of the adequacy decision of the EU-U.S. Data Privacy Framework to the European Parliament and Council of Europe after its first year in force, and ultimately concluded that U.S. authorities ‘have put in place the necessary structures and procedures to ensure that the Data Privacy Framework functions effectively.’ […] DigitalEurope Director for Infrastructure, Privacy and Security Policy Alberto Di Felice, CIPP/E, said the fact the European Commission will re-conduct the review in three years was a significant development in and of itself.” #Privacy #GDPR #dataprotection #DataPrivacyFramework #DataTransfers   Subscribe to EDPO's newsletter here: https://lnkd.in/dwK8sde   *This article was not written by EDPO. The opinions and views of the author(s) do not necessarily represent those of EDPO. Source IAPP article: https://lnkd.in/eeTgWBES Source EU announcement: https://lnkd.in/dv42MGiD

"During its latest plenary, the European Data Protection Board (EDPB) adopted an Opinion on certain obligations following from the reliance on processor(s) and sub-processor(s), Guidelines on legitimate interest, a Statement on laying down additional procedural rules for GDPR enforcement and the EDPB work programme 2024-2025."   The Opinion can be found here: https://lnkd.in/eBkCKiJj   The Guidelines can be found here: https://lnkd.in/eMv9dsMq   The Statement can be found here: https://lnkd.in/dUDBesrQ   The work programme can be found here: https://lnkd.in/dS6wmM32   #privacy #GDPR #dataprotection #edpb   Subscribe to EDPO's newsletter here: https://lnkd.in/dwK8sde   *This article was not written by EDPO. The opinions and views of the author(s) do not necessarily represent those of EDPO.   https://lnkd.in/dA585wBs