According to a letter to New Democrat MP Brian Masse reviewed by CTV News, Privacy Commissioner of Canada Philippe Dufresne said his office will open an investigation into the social platform X regarding its alleged collection, use and disclosure of personal data to train an AI model.
The Court of Justice of the European Union rendered a preliminary judgment in favor of requiring controllers to provide a data subject with the "procedure and principles" used by an automated decision-making tool.
Spain's data protection authority, the Agencia Española de Protección de Datos, appointed Lorenzo Cotino Hueso as president and Francisco Pérez Bes as deputy president of the AEPD.Full story
Malaysia's Personal Data Protection Commissioner published guidance documents covering requirements for appointing a data protection officer and steps for data breach notification. The DPO guide covers conditions and qualifications for appointments as well as officer independence.Full story
Arkansas Attorney General Tim Griffin sued General Motors and subsidiary OnStar for selling customer data to third-party data brokers, who then sold it to insurance companies. Griffin argued GM's nonconsensual practices "deceived consumers" in violation of Arkansas' Deceptive Trade Practices Act.
The Office of the Privacy Commissioner of Canada is seeking research proposals the next cycle of its Contributions Program which will focus on "exploring smart devices and privacy." Researchers have until 24 March to submit proposals detailing smart devices' collection and use of personal data and the legislative efforts that could be made to better protect individuals' privacy when using these devices. Full story
France's data protection authority, the Commission nationale de l'informatique et des libertés, announced its compliance group that focuses on connected cars will dedicate its enforcement efforts to vehicles' on-board cameras. The CNIL will also look to meet with stakeholders to develop guidance on the use of dashcams as "on-board cameras are likely to infringe on the right to privacy of the persons filmed."Full story
Latvia's Data State Inspectorate issued guidelines for data protection impact assessments. The guide focuses particularly on preassessment considerations, the legal assessment and details around various procedural steps. Full story
The Wall Street Journal reports on how a former Disney employee's downloading of an AI software led to a hack that exposed his credentials and hundreds of communications from the company's Slack account. A lack of two-factor authentication on a password manager helped exacerbate the hack and the employee lost their job after the incident.Full story
Recent developments out of the Trump administration are raising concerns regarding a potential challenge of the EU-U.S. Data Privacy Framework before the Court of Justice of the European Union. Baker McKenzie Partners Brian Hengesbaugh and Lukas Feiler, CIPP/E, discuss potential impacts on the legality of the DPF and practical considerations around EU-U.S. transfers privacy professionals should keep top of mind.Full story