GDPR – Page 3 – CIO.works

Cross-Border Data Compliance: Navigating Public Security Regulations in a Connected World

Cross-border data compliance is increasingly influenced by national security concerns amid rising cyber threats. Governments are shifting focus from individual privacy to a balance with security needs, resulting in expanded access for law enforcement, data localization policies, and national security exemptions in regulations. The EU's GDPR is pivotal in cross-border data governance, but other regions lack unified frameworks. Data sovereignty, while necessary for national security, can hinder global innovation. Cooperation among nations and nuanced policies are essential for effective compliance and balanced data management.

https://www.tripwire.com/state-of-security/cross-border-data-compliance-navigating-public-security-regulations-connected

ECJ Ruling on Automated Decision-Making and Data Subject Access : Clyde & Co

By CIO / Blog / AI, GDPR

ECJ ruling (C-203/22) on GDPR access rights clarifies companies must provide “meaningful information” on automated decision-making. Key issues include balancing transparency with trade secrets. Data subjects can access pertinent details on decision-making processes while companies may protect sensitive information on a case-by-case basis. The ruling impacts AI-integrated industries, particularly in insurance, where transparency and regulatory compliance are emphasized.

https://www.clydeco.com/en/insights/2025/03/ecj-ruling-on-automated-decision-making-and-data-s

The Evolution of the Concept of Personal Data: Are We Entering the Era of Relative Personal Data?

By CIO / Blog / GDPR, data protection

Evolution of personal data concept: traditional ‘absolute' view faces shifts toward ‘relative' understanding, considering identification costs, tech accessibility. Despite case law changes, high thresholds for defining personal data persist. Recent rulings affirm oversight authority's proof burden, maintaining core accountability principles in data protection. No substantial shift to relative personal data era confirmed.

https://www.twobirds.com/en/insights/2025/finland/the-evolution-of-the-concept-of-personal-data-are-we-entering-the-era-of-relative-personal-data

GDPR Ruling Has Commercial Implications for Credit Reference Agencies

By CIO / Blog / GDPR

GDPR ruling mandates changes for credit reference agencies, compelling them to reassess data processing practices and ensure compliance, including providing disclosures about automated decision-making involved in credit profiles. The Court of Justice of the EU deemed credit scoring as a “decision” under GDPR, requiring transparency about data use. Agencies may need to incorporate human oversight in their assessments, impacting business models significantly.

https://www.pinsentmasons.com/out-law/analysis/gdpr-ruling-commercial-implications-credit-reference-agencies

ChatGPT Hit With Privacy Complaint Over Defamatory Hallucinations

By CIO / Blog / AI, GDPR

Noyb, a privacy rights group, has filed a complaint against OpenAI for ChatGPT's false claims about a Norwegian individual being convicted of child murder. This issue raises concerns under the EU's GDPR about the accuracy of generated personal data and the lack of a correction mechanism. The complaint highlights prior similar incidents and argues that OpenAI's disclaimer does not absolve it of legal responsibility for spreading false information. This case aims to prompt regulators to take action against AI-generated defamation.

https://techcrunch.com/2025/03/19/chatgpt-hit-with-privacy-complaint-over-defamatory-hallucinations/

Gap in the EU’s Rules for AI Requires a Well-Documented Approach

By CIO / Blog / AI, regulation, EU, GDPR

EU AI Act and GDPR create compliance challenges for organizations using sensitive personal data in AI, particularly regarding bias detection. Regulatory gap exists as the AI Act permits processing special data for bias correction but conflicts with GDPR's prohibitions. Organizations must assess risks, ensure dual compliance, and document processes thoroughly until clearer regulatory guidance emerges.

https://news.bloomberglaw.com/us-law-week/gap-in-the-eus-rules-for-ai-requires-a-well-documented-approach

GDPR Services Market to Reach USD 8.754 Billion by 2032

By CIO / Blog / GDPR

GDPR Services Market projected to grow from USD 1.021B in 2022 to USD 8.754B by 2032, driven by rising data privacy needs, compliance demands, and cyber threats. The market features major players like Deloitte and PwC and offers services such as data assessment and DPO outsourcing. Challenges include high costs and a shortage of skilled professionals. Growth opportunities exist through AI integration and expanding global privacy regulations, particularly outside the EU. Europe leads in market share, with North America and Asia-Pacific showing significant growth potential.

https://www.einpresswire.com/article/795169904/gdpr-services-market-to-reach-usd-8-754-billion-by-2032-what-are-gdpr-services-and-why-important

The European Data Protection Board Shares Opinion on How to Use AI in Compliance With GDPR

By CIO / Blog / AI, GDPR

European Data Protection Board issues guidance on AI use under GDPR compliance.

https://www.jdsupra.com/legalnews/the-european-data-protection-board-4087652/

The Future of Transatlantic Digital Collaboration With EU Commissioner Michael McGrath

By CIO / Blog / regulation, EU, GDPR, AI

EU Commissioner Michael McGrath discusses transatlantic digital collaboration and data protection strategies at CSIS event. Key topics included: the role of the EU in lawmaking, GDPR modifications, the importance of the Data Privacy Framework for transatlantic trade, withdrawal of the AI Liability Directive, AI's impact on elections, and the new 28th company regime for ease of business across the EU. McGrath emphasized the need for dialogue amid tariff tensions with the U.S., and the potential for enhanced cooperation on consumer protection and digital regulation.

https://www.csis.org/analysis/future-transatlantic-digital-collaboration-eu-commissioner-michael-mcgrath

The GDPR Opens the Door to Government Surveillance

By CIO / Blog / GDPR, privacy

GDPR risks infringing personal freedoms despite claims of data protection. It allows government overreach under vague exemptions for national security, facilitating potential misuse for surveillance. The regulation's loopholes disproportionately impact small businesses and fail its core objective of safeguarding personal data. While claiming to balance security and privacy, the lack of clear guidelines enables governments to bypass protections, increasing risks of surveillance and eroding democratic rights. The possibility of employing citizens' data for military use further blurs the line between public safety and individual liberties.

https://www.gisreportsonline.com/r/gdpr-data/