On 13 March 2024, the European Parliament adopted the AI Act. Since the EU Commission presented its first draft almost three years ago, the use of AI and general purpose AI models has increased significantly. Hence, the regulatory proposal was (and still is) the subject of hefty debate.

Continue reading the full GT Alert.

Not necessarily. 

Under the GDPR, controllers are required to provide information relating to what personal data they process, and how that processing takes place. 

If the personal data the organization includes in AI prompts has been collected directly from individuals, those individuals should be provided with a copy of the organization’s privacy notice “at the

Under the GDPR, controllers are required to provide individuals with information relating to what personal data is processed, and how that processing takes place. Some supervisory authorities have specifically taken the position that organizations which use personal data to train an artificial intelligence (AI) must draft and publish a privacy notice that provides “data subjects

Please join members of Greenberg Traurig’s Data Privacy & Cybersecurity team for a 1-hour, CLE-eligible webinar “The New EU-U.S. Data Privacy Framework: What You Need to Know and Practical Considerations” Aug. 15 from 12 – 1 p.m. ET.

On July 10, 2023, after years of negotiations between the European Commission and the U.S. government, the

The right of correction (sometimes called the “right of rectification”) refers to a person’s ability to request that a company fix any inaccuracies in the personal data it holds about them.[1] Correction is sometimes referred to as an absolute right in the context of the GDPR, because unlike some other rights conferred by the

Under the GDPR controllers are required to provide information relating to what personal information they process, and how that processing takes place.[1] Data is typically needed to train and fine-tune modern artificial intelligence models. If that training data contains personal information, an organization is required to include a description of that processing in its

On July 10, 2023, the European Commission (EC) adopted its long-awaited adequacy decision for the United States, resulting in the new EU-U.S. Data Privacy Framework (DPF or Framework). For more information, see our European Commission Adopts EU-U.S. Adequacy Decision blog post.

Qualified Adequacy Decision for the United States. Typically, EC

Under the GDPR, controllers are required to provide individuals with information relating to what personal information is processed, and how that processing takes place.[1] Some supervisory authorities have specifically taken the position that companies which use personal information to train an artificial intelligence (AI) must draft and publish a privacy notice that provides “data

On July 10, 2023, the European Commission adopted its long-awaited adequacy decision on the EU-U.S. Data Privacy Framework (the “Framework”) thereby concluding that the United States ensures an adequate level of protection for personal data that are transferred from the European Union to companies in the U.S. that participate in the Framework.

The

Europe’s General Data Protection Regulation (GDPR) allows individuals to request that their information be deleted in the following situations:[1]

  1. Companies must delete data upon request if the data was processed based solely on consent. The GDPR recognizes that companies may process data based on six alternate lawful grounds.[2] One of these is where