AI and GDPR Monthly update

November 12, 2024

Welcome to our AI & GDPR MONTHLY UPDATE, bringing you the latest developments at the intersection of artificial intelligence and data protection. We explore emerging legal frameworks, compliance challenges, and cutting-edge case studies that impact how organizations navigate AI technologies. Stay informed with our AI & GDPR insights.

AI Act & AILD updates

The AI Act foresees a scientific panel of independent experts to assist the AI Office and authorities in implementing and enforcing the AI Act. The European Commission is asking for feedback on the draft implementing act to establish this scientific panel. Read more

The Commission published a brief on Harmonised Standards for the European AI Act that discusses the standards' key characteristics. Once published, the standards will grant a legal presumption of AI Act conformity. EU standardization organizations are in the process of drafting the standards. Read more

AI Guidance and DPA opinions

The ICO (UK DPA) published an audit report on AI tools used in the recruitment process, including key recommendations for AI providers and recruiters. Read more

The German DPA for Baden-Württemberg published a discussion paper on the legal bases for processing personal data in the training and use of AI. Read more (in German only)

The EDPB held a remote stakeholder event on 5 November 2024 that was aimed at collecting input from stakeholders on AI models. The EDPB announced it plans issuing opinion on AI models later this year. Read more

The AI Office plans to publish by May 2025 a General-Purpose AI Code of Practice elaborating the AI Act. The Code will include principles on transparency and copyright as well as rules on risk assessment and mitigation measures. While not legally binding, complying with the code may serve as supporting evidence of compliance with AI Act obligations until the harmonized standard is published. Read more

The Global Privacy Assembly (organization of mainly non-EU data protection and privacy authorities) issued a concluding joint statement on data scraping and the protection of privacy as a follow-up to their initial joint statement issued in 2023. Read more

The European Audiovisual Observatory released a publication on the legal aspects of AI in the audiovisual sector. Read more

AI-IP related updates

Video game cheat devices: The CJEU ruled that the Computer Programs Directive does not allow rightsholders to prohibit marketing by a third party of software that merely changes variables transferred temporarily to a game console's RAM. Read more

A new paper by Martin Sentleben proposes what might be a more equitable way to compensate journalists whose work is used in AI training: output-oriented remuneration. Read more

AI & GDPR case law

Irish DPA fines LinkedIn €310 million for breach of GDPR when processing users' personal data for marketing and analytical purposes. Read more

Market updates

The social network X updated its privacy policy in order to allow third-party collaborators to train their AI models on X data, provided users do not opt out. Read more

The Belgian Data Protection Authority published a report on a "smart cities" study with a focus on mobility. It discusses experiences and best practices for collecting, anonymizing and evaluating data while also preserving privacy. Read more

The Law Faculty of Charles University in Prague issued recommendations for the use of artificial intelligence in academic theses. Our colleague Jana Soukupová from Dentons' Prague office was involved in preparing the recommendations. Read more (in Czech only)

EU adopts new Product Liability Directive!

The new Product Liability Directive (PLD) was adopted and signed on 23 October 2024, completing the ordinary legislative procedure. The PLD now awaits publication in the Official Journal of the EU, which is expected to follow in 4Q 2024. The implementation deadline is expected in 4Q 2026. The new PLD replaces the old one from 1985 and introduces a number of significant changes and updates. Read more

Why is it important? Class Actions! Product liability claims may be one of the key relevant areas.

What to expect from the new Product Liability Directive

• Right to compensation for damage caused by defective products.
• Extended scope of products falling under product liability claims. Software-including AI-now falls under product liability claims.
• Loss and corruption of data is explicitly listed as damage subject to compensation.
• Non-material damage can be newly subject to compensation if the member state's law permits it.
• New obligation to disclose relevant evidence in the proceedings.
• New reputable presumptions-easing the burden of proof for claimants.
• New publicly accessible database of court decisions concerning product liability claims.

GDPR updates

The CJEU ruled that the information a customer enters on an online platform when ordering medicinal products may constitute health data. Such broad interpretation of health data may have a significant practical impact since it may expand the scope of data falling under special category data. Read more

The Irish DPC launched an investigation into Ryanair's handling of their customers' personal data. Ryanair introduced measures against third-party online sales. The Irish DPC is investigating why Ryanair requires passengers booking through third-party sites to undergo additional identity verification. Read more

The EDPB published the updated version of Guidelines on the Technical Scope of Article 5(3) of the ePrivacy Directive. It addresses ambiguities related to emerging online user-tracking tools. Read more

The EDPB issued a report on the first review of the European Commission Implementing Decision on the adequate protection of personal data under the EU-US Data Privacy Framework. Read more

Dentons resources

Checkout our Last issue of AI and GDPR Monthly update
Checkout our Interview with Zdeněk Kučera about emerging trends and challenges in the tech sector
Checkout our LinkedIn page and read the review from ČAP seminar
Checkout our Dentons - AI: Global Solutions Hub
Download the update here