All articles tagged with #gdpr
EU's Data Protection Commission launches a second large-scale GDPR probe into X over Grok's nonconsensual sexual image generation, after reports of millions of generated images—including thousands depicting children—and amid broader Digital Services Act scrutiny.
European data privacy authorities have opened a formal probe into X, Elon Musk’s platform, over sexualised AI-generated imagery and how it is handled under EU privacy rules, potentially leading to enforcement if rules are found to have been violated.
Britain’s Information Commissioner's Office has launched a GDPR inquiry into X and its Grok AI after the tool generated non-consensual, sexually explicit deepfakes, scrutinizing safeguards in Grok’s design and deployment and potential data-protection breaches.
Debian's Data Protection Team has become inactive as all volunteers have stepped down, leaving the project without dedicated personnel to handle GDPR and privacy issues. The Debian Project Leader has called for new volunteers, emphasizing the importance of experience and trust, to help re-establish the team and address data protection concerns.
The EU Commission is drafting a controversial 'Omnibus' reform of the GDPR through a fast-track process, which critics argue would significantly weaken data protection principles, benefit big tech companies, and undermine fundamental rights, especially under the guise of 'simplification' and 'clarification.' The draft includes extensive changes such as narrowing the definition of personal data, limiting user rights, and facilitating AI training with personal data, raising concerns about legal validity and fundamental rights violations.
Meta has started rolling out AI features for its Ray-Ban Meta AR glasses in France, Italy, and Spain, allowing users to interact with Meta's AI assistant in their native languages. However, these features do not include the multimodal capabilities available in other regions. The rollout follows Meta's efforts to comply with European regulations, including the AI Act and GDPR, which have previously led to concerns and adjustments in their data training practices. Meta plans to expand these features to more European countries in the future.
Spain's data protection authority has ordered Worldcoin to temporarily stop collecting and processing personal data in the country due to privacy concerns, using powers contained in the GDPR. The controversial blockchain crypto project, which scans eyeballs to create a unique identifier, has faced scrutiny from European privacy regulators and has been the subject of complaints related to data processing transparency, collection of data from minors, and withdrawal of consent. Worldcoin's regional rollout in several European markets, including Spain, has attracted attention from data protection authorities, with Spain taking unilateral action to protect local users. The company's DPO has accused the AEPD of spreading inaccurate claims and circumventing EU law, while the AEPD has ordered the immediate cessation of data processing to protect individuals' rights and freedoms.
European consumer groups have accused Meta, the owner of Facebook and Instagram, of engaging in "massive" and "illegal" data collection practices, filing complaints with national data protection authorities. They claim that Meta collects excessive user data, infringing on the General Data Protection Regulation (GDPR). Meta disputes the allegations, stating that they comply with GDPR and have overhauled privacy practices. The complaints could lead to further legal action against Meta, which was fined €1.2 billion last year for GDPR violations. Additionally, the company's subscription service for ad-free versions of its platforms is criticized for offering an unfair choice and lack of transparency in data processing.
Meta's controversial "consent or pay" model in the EU, which requires users to agree to be tracked and profiled for ad targeting or pay for an ad-free subscription, has triggered complaints from consumer rights groups. The groups argue that Meta's model violates GDPR principles and is coercive, lacking transparency and a valid legal basis for processing personal data. The complaints could lead to penalties and enforcement action, potentially forcing Meta to reform its business model. The European Commission is also overseeing enforcement of Meta's compliance with newer regulations, and the company's consent choice is facing scrutiny from multiple avenues.
A student at the University of Waterloo in Canada discovered that smart vending machines on campus were equipped with facial recognition technology, prompting the university to announce their removal. The vending machines, owned by Mars, were provided by Adaria Vending Services and manufactured by Invenda Group, both of which claimed that the technology does not store or transmit personal data and is GDPR compliant. This incident adds to the ongoing global tension surrounding the use of facial recognition technology on college campuses, with concerns about privacy and its impact on vulnerable individuals.
Italy's Data Protection Authority has found that OpenAI's ChatGPT chatbot breaches data protection rules by collecting personal data and failing to implement age protections. The regulator is concerned about the mass collection of users' data used to train the algorithm and the potential exposure of younger users to inappropriate content. OpenAI has 30 days to respond, and under EU GDPR law, could face fines of up to 4% of its global turnover. Italy had previously blocked ChatGPT in March 2023, citing privacy concerns, but reinstated it after OpenAI addressed some issues.
Italy's data protection authority has notified OpenAI of suspected violations of EU privacy laws related to its AI chatbot, ChatGPT, following concerns about compliance with the General Data Protection Regulation (GDPR). The authority's draft findings have not been disclosed, but OpenAI has been given 30 days to respond to the allegations. The issues include the lack of a suitable legal basis for data collection and processing, as well as concerns about the AI tool's potential to produce inaccurate information and its impact on child safety. OpenAI faces potential fines and orders to change its data processing practices to comply with EU law.
France's CNIL has fined Amazon $35 million for "excessively intrusive" worker surveillance, citing violations of the EU's GDPR. The commission found Amazon's scanning speed systems, data collection practices, and downtime measurements to be "excessive" and in violation of GDPR articles. Amazon defended its practices as necessary for employee safety and efficiency, but workers in the US have also raised concerns about constant surveillance and productivity monitoring.
France's data privacy watchdog, CNIL, has fined Amazon's logistics subsidiary in France €32 million for implementing an "overly intrusive" surveillance system on warehouse workers, focusing on barcode scanners and data gathering practices. The CNIL found indicators tracking employee scanner inactivity and interruptions to be illegal under GDPR, leading to excessive monitoring. Amazon disagrees with the decision, citing industry norms and the need for load balancing, and has agreed to make adjustments to the system in response to the fine.
Amazon has been fined €32m in France for "excessive" surveillance of its warehouse workers, with the data watchdog finding measures to be illegal under GDPR. The CNIL discovered that Amazon tracked employee activity so precisely that it led to workers potentially having to justify each break, breaching data protection regulations. The watchdog also criticized Amazon for not properly informing workers and external visitors about surveillance and for having insufficient security on its video surveillance. The GMB union representing Amazon's UK warehouse workers described the staff as facing "bruising levels of scrutiny and surveillance."