The Bavarian data protection authority (BayLfD) has announced the release of a guide on joint controllership in accordance with the General Data Protection Regulation (GDPR). This guide offers a detailed explanation of joint controllership, outlining the criteria for joint control, such as making joint decisions on the purposes and methods of data processing, and providing examples of joint controllership scenarios. It also clarifies that Article 26 of the GDPR does not serve as a legal basis for processing activities conducted under joint controllership. Instead, the legality of these processing activities must be derived from an appropriate legal basis. Additionally, the guide emphasizes that the concept of responsibility is interpreted broadly to ensure thorough and effective protection for data subjects.
***
The France’s supervisory authority (CNIL) published recommendations for the use of open data on the internet. The CNIL also clarifies the rules applicable to certain frequent use cases which present particular challenges for individuals. 4 use cases were therefore identified by CNIL:
- the reuse of data for the purposes of disseminating professional directories;
- the reuse of data for the purposes of creating and enriching bases intended for commercial prospecting;
- the reuse of data for scientific research purposes (excluding health);
- the aspiration of data by public authorities as part of their missions.
***
Under the EU AI Act, decisions from high-risk systems are not supposed to be accepted without a human check. In particular, Article 14 requires high-risk systems to be designed so “natural persons can oversee their functioning, ensure that they are used as intended and that in their impacts are addressed over the system’s lifecycle”. But how human oversight will work with a technology with inner workings that are not always clear to their creators and users alike is one of the greater challenges facing AI adopters.
Comments are closed.