Not necessarily. 

Under the GDPR, controllers are required to provide information relating to what personal data they process, and how that processing takes place. 

If the personal data the organization includes in AI prompts has been collected directly from individuals, those individuals should be provided with a copy of the organization’s privacy notice “at the

Under the GDPR, controllers are required to provide individuals with information relating to what personal data is processed, and how that processing takes place. Some supervisory authorities have specifically taken the position that organizations which use personal data to train an artificial intelligence (AI) must draft and publish a privacy notice that provides “data subjects

Data is typically added to an AI to explain a problem, situation, or request (“input data”). Some popular AI models refer to input data by the term “prompt” as the user is prompting the AI to initiate an action, or to create additional information. Prompts can take different forms such as text prompts or image

Data is typically added to an AI to explain a problem, situation, or request (“input data”). Some AI providers, particularly those that provide natural language or large language models, refer to “prompts” as a subset of input data that describes the instructions that have been provided to the AI model (i.e., “please summarize the following

Please join members of Greenberg Traurig’s Data Privacy & Cybersecurity team for a 1-hour, CLE-eligible webinar “The New EU-U.S. Data Privacy Framework: What You Need to Know and Practical Considerations” Aug. 15 from 12 – 1 p.m. ET.

On July 10, 2023, after years of negotiations between the European Commission and the U.S. government, the

On April 17, 2023, the Washington State Legislature passed the “My Health My Data Act” (WMHMDA or the Act).* Unlike other modern state privacy laws that purport to regulate any collection of “personal data,” WMHMDA confers privacy protections only upon “Consumer Health Data.” That term is defined to include data that is linked (or linkable)

On April 17, 2023, the Washington State Legislature passed the “My Health My Data Act” (WMHMDA), which will take effect for most companies March 31, 2024. Unlike other modern state privacy laws that purport to regulate any collection of “personal data,” WMHMDA confers privacy protections only upon “Consumer Health Data.” This term is defined to

Brazil’s Data Protection Agency clarifies what sanctions look like for violations of the country’s General Data Protection Law.[1]

On Feb. 27, 2023, Brazil’s Data Protection Agency (ANPD) issued the Regulation of Dosimetry and Application of Administrative Sanction (Regulation), which details fines and other sanctions for violations of Brazil’s General Data Protection Law (LGPD) by

The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.

  • Background. Company A is an EEA controller that utilizes Company Z, a processor based in Country Q. Company Z does not have a legal presence