Background AI is a hot topic, not least among the Data Protection Authorities, who have recently been very active developing guidance papers aimed at helping organisations grasp and assess the complexities involved. Examples of such publications include the very recent and open for consultation ICO’s AI auditing framework, or 2018 report from Norwegian DPA on Artificial Intelligence and privacy. These documents look at implications for data protection, and challenges of AI compliance with GDPR. This blog article attempts to present selected considerations and challenges that DPOs should keep in mind when preparing a DPIA for Artificial Intelligence. It does not comprehensively cover all aspects of data protection compliance, rather it
1 “This is not what I signed up for” The tale of Uriah the Hittite tells a story about a soldier that was abandoned by his fellow soldiers. Still he fought valiantly until he eventually had to succumb to the approaching enemy forces. The story resembles the feeling many DPOs today have about their role after the GDPR programs have been shut down. They are expected to manage the demanding role as DPO, while feeling under siege. During my recent talks with DPOs, I have increasingly heard about the challenging conditions that some of them are facing. This notion was
Introduction Since GDPR entered into force a lot has been said and written about the way organisations can collect and then process personal data they have. In my opinion though, not much attention has been devoted to re-using personal data that already are in companies’ databases. Under the GDPR any processing of personal data is possible subject to fulfilment of several principles and conditions. One of them (and in my opinion one of the most important) is the purpose limitation principle. Organisations subject to the GDPR regime are not only required to specify the purpose for which they want to
1. Intro The aim of this post is to discuss if and how the concept of agile can help privacy functions increase organisational buy-in, while freeing up time to do more impactful work and at the same time strengthen the ability to demonstrate accountability. 2. Agile + privacy work = strengthened accountability? To stay competitive and innovative, many executives have recently turned their attention to agile. The high degree of delegation, more independence and less bureaucracy are some of the advantages that executives are striving to attain. All lead to faster development cycles and shorter time to market. With its
When starting with our own webpage we have been struggling with a question: how should we do so in a compliant manner while at the same time being a small company that wants to be: Privacy-friendly User-friendly (and yes that might be a paradox with the one above) Compliant Aware of what users want from its webpage That by itself have proven a challenge. We were not and are not interested in advertising cookies (even if I personally can imagine advertising a leather-bound edition of GDPR), but we would like to integrate with basic plug-ins used (LinkedIn, Google Maps, Google
Notwithstanding the excellent quality of much of the data privacy content available, the availability of information in relation to the practical implementation of data privacy requirements and best practices is limited, and the practical struggles that an organisation faces have received little attention.