Individuals have the right to receive meaningful information about solely automated decisions with significant effects under the General Data Protection Regulation (GDPR). This includes decisions that will impact an individual’s finances or employment. But how much information are individuals entitled to receive? Should they be given the underlying algorithm, or merely a high-level explanation, or
Proposed State Privacy Law Update: March 10, 2025
Keypoint: Last week, the Utah legislature passed two bills prior to closing while Georgia’s Senate passed a consumer data privacy bill and the Arizona House passed a social media bill.
Below is the ninth weekly update on the status of proposed state privacy legislation in 2025. As always, the contents provided below are time-sensitive and
Privacy Pitfalls in AI: A Closer Look at DeepSeek and Qwen
As AI continues to advance at a rapid pace, two notable foreign players have emerged: DeepSeek and Qwen. These powerful AI models, developed by a Chinese lab and Alibaba, respectively, have garnered attention for their impressive capabilities and potential to disrupt the AI industry. However, alongside their technological prowess comes a host of privacy concerns
Year in Review: 2024 Generative AI Litigation Trends
Generative AI faced significant privacy-related litigation in 2024, with US companies encountering lawsuits and enforcement actions under various state and federal laws.
AI Meets HIPAA Security: Understanding HHS’s Risk Strategies and Proposed Changes
In this final blog post in the Bradley series on the HIPAA Security Rule notice of proposed rulemaking (NPRM), we examine how the U.S. Department of Health and Human Services (HHS) Office for Civil Rights interprets the application of the HIPAA Security Rule to artificial intelligence (AI) and other emerging technologies. While the HIPAA Security
CJEU Clarifies GDPR Rights on Automated Decision-Making and Trade Secrets
On February 27, 2025, the Court of Justice of the European Union (“CJEU”) issued a significant decision on the right of data subjects to request access to their personal data under Article 15 GDPR, specifically as it relates to automated decision-making and striking an appropriate balance between informing data subjects and protecting trade secrets (Case
ISACA 2025 State of Privacy Survey Findings
@media screen and (max-width: 1023px){section[data-id=”block_3419c71089bfb6fbc8906e8484fef569″]{ }}@media screen and (min-width: 1024px) and (max-width: 1365px){section[data-id=”block_3419c71089bfb6fbc8906e8484fef569″]{ }}@media screen and (min-width: 1366px){section[data-id=”block_3419c71089bfb6fbc8906e8484fef569″]{ }}
Niel Harper is a Certified Director and ISACA Board Vice Chair. He is also the Chief Information Security Officer and Data Protection Officer at Doodle. Niel is based in Germany. He has more than 20 years
Could We Ditch the EU AI Act?
Is the EU AI Act a Jenga piece that can easily be removed from the regulatory tower?
Here are some key points from the “AI Regulation – a critical comment” workshop at the Alpine Privacy Days Conference, courtesy of Florent Thouvenin, Professor of Information and Communications Law, The Faculty of Law of the University of
Prohibited practices under the AI Act: Answered and unanswered questions in the Commission’s guidelines
The EU AI Act’s prohibitions came into effect on 2 February 2025 and carry fines of 7% worldwide annual turnover for non-compliance. The prohibitions at Article 5 and accompanying recitals (particularly recitals 28-44) set out a complex set of provisions. The guidelines published by the Commission on 4 February 2025 (the guidelines) were welcome for
Privacy Compliance in 2025: Why Marketing Agencies Can’t Ignore It Anymore
The digital marketing landscape of 2025 looks vastly different from what it was even a few years ago. With comprehensive privacy laws now active across multiple U.S. states, strict AI regulations reshaping digital advertising globally, and tech giants finally being held accountable for data practices, privacy compliance has moved from a legal checkbox to