The Italian Data Protection Authority (Garante) has imposed a €15 million fine on OpenAI for multiple General Data Protection Regulation (GDPR) violations related to its flagship AI chatbot, ChatGPT.[1] This significant regulatory action, finalized in December 2024, marks one of the…
Data Protection and AI Models – EDPB Opinion, OpenAI Fine and DeepSeek Scrutiny
The European Data Protection Board (EDPB) adopted Opinion 28/2024 on 17 December 2024,[1] addressing key data protection issues that arise from the processing of personal data in the context of artificial intelligence (AI) models. Issued at the request of the Irish…
Adapting Non-Contractual Civil Liability Rules to Artificial Intelligence in the European Union
by Wasim Khraisha Artificial Intelligence (AI) has revolutionized modern life, offering unprecedented opportunities across various domains, from healthcare to autonomous systems. However, the integration of AI into society has also introduced risks, including potential harm to individuals and entities due to…
GDPR in Action: Key CJEU Rulings on Data Minimisation and Health Data Processing
by Luca Farkas In two recent cases, the Court of Justice of the European Union (CJEU) clarified the interpretation and application of the General Data Protection Regulation (GDPR), a cornerstone of EU data privacy law designed to protect individuals’ personal data….
GDPR: Second report published by the European Commission
by Fatma Ceren Morbel The European Union’s General Data Protection Regulation (“GDPR”) applies to all organizations that handle personal information related to citizens and residents of the European Union since 2018. The regulation enhanced the rights of data subjects, redefined the…
‘Track or treat?’ – is Meta’s ‘consent or pay’ model an appropriate way to be compatible with legislation?
by Judit Szalatkay Shall I choose to pay a fee for Meta or shall I continue to use it for “free” and give my consent to personalized advertising? All of us have met this question if we are Facebook or Instagram…
Way-out from the cookie fatigue? – Cookie pledge principles to help consumers to understand tracking and to manage cookies requests through effective choices
by Judit Szalatkay The European Data Privacy Board (EDPB) established a taskforce to set an overview on practices of existing cookie banners. The taskforce published its report[1] in the beginning of the year 2023 in which it identified several deceptive and manipulative…
Take it or leave it – twisted
by Izabella Szoboszlai It is no exaggeration to say that 2023 was a particularly busy year for digital platforms. It seems that the hard work of various legal fields has finally come to fruition, even though we may experience interruptions from…
Meta v. Bundeskartellamt – the landmark decision of the CJEU
by Fatma Ceren Morbel As we have discussed in our previous blogpost, Advocate General Rantos stated in his non-binding opinion on the case that although a competition authority does not have jurisdiction to rule on a violation of GDPR, it may investigate…
Save a life – give DNA samples?
by Mónika Mercz Save a life – give DNA samples? Following my latest post regarding the data protection issues that arise when we give away our DNA samples to DNA testing companies, I felt it necessary to further explore what problems come up…