The right of correction (sometimes called the “right of rectification”) refers to a person’s ability to request that a company fix any inaccuracies in the personal data it holds about them.[1] Correction is sometimes referred to as an absolute right in the context of the GDPR, because unlike some other rights conferred by the
Under the GDPR controllers are required to provide information relating to what personal information they process, and how that processing takes place.[1] Data is typically needed to train and fine-tune modern artificial intelligence models. If that training data contains personal information, an organization is required to include a description of that processing in its
On July 10, 2023, the European Commission (EC) adopted its long-awaited adequacy decision for the United States, resulting in the new EU-U.S. Data Privacy Framework (DPF or Framework). For more information, see our European Commission Adopts EU-U.S. Adequacy Decision blog post.
Qualified Adequacy Decision for the United States. Typically, EC
Under the GDPR, controllers are required to provide individuals with information relating to what personal information is processed, and how that processing takes place.[1] Some supervisory authorities have specifically taken the position that companies which use personal information to train an artificial intelligence (AI) must draft and publish a privacy notice that provides “data
The term “data minimization” generally refers to two requirements within the GDPR: (1) a company should only collect personal data that is “necessary” in relation to its purpose, and (2) a company should keep data for “no longer than is necessary for [that] purpose[].”[1] Put differently, a company should only collect what it needs
On July 10, 2023, the European Commission adopted its long-awaited adequacy decision on the EU-U.S. Data Privacy Framework (the “Framework”) thereby concluding that the United States ensures an adequate level of protection for personal data that are transferred from the European Union to companies in the U.S. that participate in the Framework.
The
Europe’s General Data Protection Regulation (GDPR) allows individuals to request that their information be deleted in the following situations:[1]
Data typically is needed to train and fine-tune modern artificial intelligence models. AI can use data – including personal information – in order to recognize patterns and predict results.
The EU’s General Data Protection Regulation (GDPR) permits controllers to process personal information if one (or more) of the following six lawful processing purposes applies:[1]
Data typically is needed to train and fine-tune modern artificial intelligence models. AI can use data – including personal information – to recognize patterns and predict results.
Companies that utilize personal information to train an AI may either be acting as a controller or a processor depending on the degree of discretion that they exercise
The EU’s General Data Protection Regulation (GDPR) applies to two types of entities – “controllers” and “processors.”
A “controller” refers to an entity that “determines the purposes and means” of how personal information will be processed.[1] Determining the “means” of processing refers to deciding “how” information will be processed.[2] That does not necessitate