- Consent. A company may process personal information if it collects
Under modern US privacy laws, are companies that utilize personal information to train artificial intelligence (AI) controllers or processors?
Attorneys familiar with the European GDPR are acquainted with the bifurcation of the world into controllers and processors. For purposes of European data privacy, a “controller” refers to a company that either jointly or alone “determines the purposes and means” of how personal data will be processed.[1] A “processor” refers to a company (or
Under the GDPR, what information should an organization put in its record of processing activities if it is processing personal data using an AI (i.e., putting personal information into AI prompts)?
Data is typically added to an AI to explain a problem, situation, or request (“input data”). Some popular AI models refer to input data by the term “prompt” as the user is prompting the AI to initiate an action, or to create additional information. Prompts can take different forms such as text prompts or image
Under the GDPR, what information should a company put in its record of processing if it is using personal information to train an AI?
Data is typically needed to train and fine-tune modern artificial intelligence models. AI can use data – including personal information – in order to recognize patterns and predict results.
Companies that utilize personal information to train an AI may either be acting as a controller or a processor depending on the degree of discretion they
Under the GDPR, what lawful purposes can a company rely upon when using personal information to train an AI?
Data typically is needed to train and fine-tune modern artificial intelligence models. AI can use data – including personal information – in order to recognize patterns and predict results.
The EU’s General Data Protection Regulation (GDPR) permits controllers to process personal information if one (or more) of the following six lawful processing purposes applies:[1]
Increased Global Regulatory Focus on Mobile Apps: What Companies Should Know
Data protection authorities worldwide, including France’s Commission Nationale de l’Informatique et des Libertés (CNIL), the California attorney general (CAG), and the U.S. Federal Trade Commission (FTC), recently have indicated their intention to increase privacy enforcement efforts against mobile apps. As the digital landscape continues to evolve, data protection and privacy concerns remain
Controller A (EEA) → Processor Z (EEA) → Employee of Processor Z (Non-EEA) (on business trip)
The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.
- Background. Company A is an EEA controller that utilizes Company Z, a processor based in Country Q. Company Z does not have a legal presence
Transfers from a European Data Subject: Data Subject→Controller (US)→Controller (non-EEA)
The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.
| Visual | Description and Implications |
 |
|
Transfers from a European Data Subject: Data Subject→Controller (US)→Controller (US)
The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.
| Visual | Description and Implications |
 |
|
Transfers from a European Data Subject – Data Subject→Controller (US)
The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.
| Visual | Description and Implications |
 |
|