The European Data Protection Board (“EDPB”) released draft guidelines on the interplay between Article 3 GDPR – which sets out the GDPR’s territorial scope – and the provisions in Chapter V of the GDPR, which impose restrictions on international data transfers. In this draft guidance, the EDPB clarifies which (cumulative) criteria must be fulfilled in order to have a transfer of personal data to a third country or to an international organization, under the GDPR. The EDPB also discusses some of the consequences of international data transfers, in terms of making sure that appropriate safeguards are provided when transferring personal data outside of the EU.
OpenAI Fined €15 Million for GDPR Violations in Italy
The Italian Data Protection Authority fined OpenAI €15 million for using personal data without legal grounds and lacking age verification […]