The DPC investigated the extent to which TikTok complies with the GDPR in relation to the processing of children's data. In this context, a number of settings, such as user profiles being public by default and age verification, were scrutinised.
As a result of the investigation, TikTok was fined €345 million and given three months to correct the breaches identified in the decision.
The Dutch Data Protection Authority (AP) is conducting various investigations into the processing of personal data by artificial intelligence, with a particular focus on applications for children. In this context, the AP requested information from a technology company about the operation of a chatbot integrated into applications popular with children.
The AP, which also is a member of the EDPB's ChatGPT Committee, had previously asked OpenAI how it processes personal data for the ChatGPT system.
Datatilsynet, Denmark's data protection authority, has published guidance on preventing unauthorised access to personal data by employees.
The guidance states that employees should only be able to access data if there is a business need, that personal data used by employees should be recorded in order to detect misuse, and that companies should carry out a risk assessment to determine whether they have good practices in place.
Rajeev Chandrasekhar, India's Minister of State for Electronics and Information Technology, has said that organisations will be expected to comply with the Digital Data Protection Act within one year. The Minister also stated that Indian DPA members will be appointed within 30 days and the organisation will be responsible for taking action against breaches of the law.
In addition, he stated that data breaches will accumulate until the board is formed and these breaches will be addressed after the board is formed.
The guidance published by the UK's Information Commissioner's Office (ICO) sets out the issues and examples of good practice that should be considered in relation to the protection of personal data in email communications within organisations. In this context, issues such as the use of CC and BCC, the use of alternative methods that are more secure than BCC in mailings containing sensitive data, and staff training on the subject were included in the guidance.