While the GDPR imposes strict rules on sensitive data processing, gender identity does not automatically fall under this category. Only personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data processed to uniquely identify a natural person, health data, and data concerning a natural person’s sex life or sexual orientation are explicitly protected as sensitive data by the GDPR. Consequently, the European Court of Justice…
GDPR compliance and inclusion: striking the right balance The General Data Protection Regulation (GDPR) generally prohibits the processing of sensitive data relating to, e.g., an individualâs sexual orientation, religious affiliation, health information or ethnic background unless certain prescribed exceptions are met. In practice, this can be an obstacle for inclusion and diversity initiatives. In todayâs challenging labor market, companies are asking themselves how they can become even more attractive to applicants and employees from diverse…
The use of Artificial Intelligence (AI) can, inadvertently, give rise to issues relating to data protection compliance and equality law. However, used properly, it also provides a unique opportunity to combat implicit systematic discrimination. The new EU AI Act supports such an optimistic approach towards AI. Discrimination through non-automated processes In the public discourse on AI and the associated risks of discrimination, it is often overlooked that human decisions could be unconsciously based on non-objective…
In Brief The long-awaited EU AI Act was published in the Official Journal of the European Union today, 12 July 2024. The Act regulates activities across the AI lifecycle, as covered in more detail in our previous post, and the countdown for implementation has now started for companies developing or deploying AI technologies, with the Act entering into force 20 days after its publication on 1 August 2024. The Act as a whole is generally…
The EU AI Act was adopted by the European Parliament today and is expected to enter into force within a few months, with its first substantive provisions taking effect before the end of 2024. The EU AI Act applies across the AI lifecycle – from developers to deployers of AI technologies – and organisations across industries have been watching its progress closely. Now that it is finally approved, we set out below whatâs next, and…
Hot on the heels of the unanimous vote by Ambassadors for the EU Member States (COREPER) Â approving the EU AI Act on 2 February (see our article on that vote here: Is the EU AI Act nearing the finish line? – Connect On Tech, today lawmakers from the EU Parliament have also overwhelmingly voted in favour of the Act as it continues on its legislative journey. The joint internal market and civil liberties committee of…
The UK government has published its long-waited response to the AI White Paper, “A pro-innovation approach to AI regulation” published back in March 2023. Here’s what you need to know. 1. Endorsement of principles-based approach The UK is sticking with its principles-based regulatory framework for AI, continuing to take a very different path to its EU neighbours (as discussed in our previous alert). Unlike the EU there will be no new AI regulator, new legislation…
The new EU regulation on electronic evidence will enable law enforcement authorities from one EU member state to order service providers in other EU member states to surrender digital evidence. Providers who fail to comply within ten days or, in urgent cases, within eight hours, could face fines of up to two percent of their global group turnover. We manage our calendars online, store photos in the cloud, many of us havenât seen the inside…
A key step towards adoption of the EU AI Act was reached last Friday as the draft text received unanimous approval from the European Councilâs main preparatory body. There are further votes to follow before the Act is adopted, but itâs looking likely that the final vote will take place in April and some substantive provisions of the Act could be in force soon after that, possibly by the end of the year. We set…
28 January 2024 is Data Protection Day (or Data Privacy Day outside of Europe), which marks the anniversary of the Council of Europeâs Convention 108. Data Privacy Day encourages the global community to think about the importance of respecting privacy, safeguarding data, and enabling trust. In an increasingly connected and digitized world, where data protection, privacy and cybersecurity regulation are rapidly evolving, the work of the global data community is more vital, and more challenging,…