Kristof Van Quathem and Laura Somaini of Covington and Burling write: On May 9, 2024, the Italian data protection authority (“Garante”) published a decision identifying the safeguards that controllers must put in place when processing health data for medical research purposes, in cases where data subjects’ consent cannot be obtained for ethical or organizational reasons. The Garante’s…
Category: Non-U.S.
Hong Kong’s Privacy Authorities Ask Worldcoin to Cease Operations
Paigambar Mohan Raj reports: Hong Kong’s Office of the Privacy Commissioner for Personal Data (PCPD) has released the findings from its investigation into Worldcoin (WLD). The investigations began in January 2024 and aimed to uncover if the project breached any privacy laws. According to the report, ‘The PCPD carried out 10 covert visits during the…
Who’s a “potential terrorist or violent extremist threat”? Plans to exchange information about “future” criminals
From Statewatch: EU member states have finalised a set of “non-binding” criteria for assessing when someone may be labelled a potential terrorist or violent extremism threat. The intention is to feed European databases such as the Schengen Information System (SIS) and the Europol Information System (EIS), as well as Europol analysis projects such as “Hydra”…
Dutch DPA issues guidelines on data scraping
Joke Bodewits of Hogan Lovells writes: On 1 May 2024, the Dutch Data Protection Authority (DPA) issued guidelines on data scraping used by private organisations in relation to GDPR principles including ‘lawfulness’. The guidelines could affect the way GenAI business should govern their data scraping processes. However it is questionable whether these guidelines will persevere…